Available theses
We have available theses on different topics within the scope of networking and ICT security.
In particular our topics cover MAC protocols for WiFi, WiFi and short range radios in general, IoT, routing in wired and wireless networks, including wireless meshes and Community Networks, Vehicular networking with particular attention to road safety applications and cooperative/autonomous driving.
Some “ready-to-start” theses are listed below, if you are interested, write a mail to either Gringoli or Lo Cigno to schedule an appointment.
You can also propose us a topic to investigate, especially for BSc theses we are happy to assign general topics on Networking where the candidate has to write a short survey on the state of the art of the selected topic.
Many other possibilities exixt that are not listed: if you are interested in Networking or you want to find a thesis with us contact us.
Reliable V2X communications via multiple communication channels.
| |
|
| Student |
|
| Description |
Reliability is a fundamental requirement for vehicular communications dedicated to safety. Such a reliability cannot be achieved with any single technology. In the ANS lab, within the Veins simulation framework we are exploring the use of multiple technologies to achieve 6-nines reliability, i.e., well beyond what current 5G technology promise. |
| Thesis type |
B.Sc |
| A.Y. |
2019-2020 |
| |
|
LTE fuzzing - exploring vulnerabilities in mobile networks.
| |
|
| Student |
|
| Description |
The security mechanisms deployed in mobile networks including LTE have been formally verified and no critical vulnerabilities have been found so far. Still it is not clear whether each specific implementation is bug-free or not: on the one side, people do not have access to core-network services and manufacturers sell eNodeB equipment only to major telco operators; on the other side, user-equipment run proprietary software on ad-hoc CPUs and flashing non-signed images seems to be not possible: this really limits the possibility to run active attacks and test the security of the core-network. This last issue can be overcome by adopting Software Defined Radio devices at the user side: by using open source implementations like srsUE, hackers can customise the protocol stack and run attacks based on protocol fuzzing. In this thesis students will first assemble and deploy the SDR based user-equipment demonstrating that it can be connected to a real telco network. Later they will modify the SDR software for running novel fuzzing attacks that they should design after having carefully studied the 3GPP standard documentation. |
| Thesis type |
M.Sc. |
| A.Y. |
2019-2020 |
| |
|
CSI-cracker - preserving the privacy of the users by cracking fake CSI data.
| |
|
| Student |
|
| Description |
Channel State Information collected by Wi-Fi sniffers can be used for monitoring physical environments, including people movements and gestures. While several papers investigated the performance achievable in terms of accuracy by such monitoring approaches, nobody has still analyzed how to make them uneffective and restore the privacy of the users. In this work, students will first deploy a CSI based monitoring tool and measure its accuracy; later they will explore novel techniques that can be used for decreasing the measured accuracy, exploiting in particular methods based on the random modification of the physical preamble of the transmitted frames. |
| Thesis type |
M.Sc. |
| A.Y. |
2019-2020 |
| |
|
Active theses
Completed theses
| |
|
| Student |
M. Bashir Qanaa m.qanaa@studenti.unibs.it |
| Description |
The aim of this thesis work is to keep track of the evolution of 5G cellular networks and study which adjustments were made. We will take on a deep dive into the 5G network analyzing its architecture, building blocks, usage scenarios, and the technologies implemented, and eventually report some lab experiments conducted with the aim of building a fully functioning SA-5G network by using Off-The-Shelf Hardware and Open-source software running and processed by a powerful computer. The main goal of such deployment is to study and analyze the new authentication mechanisms, more specifically the SUCI concealment, and validate its benefit when compared to the legacy solution by LTE. Furthermore, we will do tests related to connection stability between our network deployed using Open-Source implementations, and report the achieved data rates with different devices and any compatibility issues. |
| Thesis type |
M.Sc. |
| A.Y. |
2022-2023 |
| Download |
Link |
Simulazione di Guida Cooperativa con Controllori Longitudinali Eterogenei
| |
|
| Student |
Marco Franceschini m.franceschini015@studenti.unibs.it |
| Description |
L’obiettivo della tesi è quello di studiare l’interazione di sistemi di controllo differenti in platoon misti. Partendo dall’unico studio effettuato in merito all’argomento, sono state eseguite delle simulazioni utilizzando tre diversi sistemi di controllo, di cui due ben noti e dall’interazione già studiata, e uno con una topologia di controllo diversa, sviluppato specificatamente per la sua robustezza alla perdita di informazione tra i veicoli e per poter seguire una traiettoria definita da un eventuale sistema globale di ottimizzazione. I risultati presentati, ovviamente preliminari, indicano come la topologia di controllo sia un fattore chiave per la possibile integrazione di diversi controllori all’interno dello stesso platoon. Allo stesso tempo, simulazioni in presenza di forti disturbi di traffico (variazione della velocità del platoon), indicano che la sicurezza dei passeggeri è garantita anche nelle situazioni più critiche, almeno nel caso dei tre controllori presi in considerazione. |
| Thesis type |
B.Sc. |
| A.Y. |
2021-2022 |
| Download |
Link |
Evoluzione della sicurezza nelle reti cellulari: analisi delle problematiche e possibili soluzioni
| |
|
| Student |
Elena Filippini e.filippini011@studenti.unibs.it |
| Description |
Le reti mobili consentono a un terminale di spostarsi in un territorio esteso collegandosi ai nodi della rete a cui appartiene. I terminali utenti (UE-User Equipment) possono essere di più tipi, ad esempio fisso, portatile (es. antenna cellulare) o mobile (antenna radio su automobile). Nelle reti cellulari i nodi che garantiscono l’accesso alla rete sono le stazioni base. Le stazioni base sono delle antenne che operano su più canali, sia logici che fisici, e possono avere diversi pattern di radiazione in base tipo di copertura specifica. Sono gli eNB o gNB per 4a e 5a generazione. La principale caratteristica delle reti cellulari è la mobilità, che è garantita consentendo a un UE di spostarsi da una BTS a un altra. La zona di copertura viene suddivisa in diverse aree, dette Location Area (LA), ciascuna di esse ha un identificativo univoco (LAI), che viene memorizzato in appositi registri. […] La sicurezza nei sistemi mobili è oggetto di studio in quanto tutti i sistemi complessi ingegnerizzati mostrano sempre vulnerabilità dovute a difetti implementativi non prevedibili, ovvero utilizzo di protocolli ill-designed. |
| Thesis type |
B.Sc. |
| A.Y. |
2021-2022 |
| Download |
Link |
| |
|
| Student |
Elena Tonini e.tonini002@studenti.unibs.it |
| Description |
This thesis is a report on the analysis of Wi-Fi Channel State Information (CSI) aiming at characterizing the wireless channel and providing a mathematical model for it working at the timescale of frame transmission. Channel State Information allows a high-level description of the behaviour of a signal propagating from a transmitter to a receiver. It can be used to perform ambient sensing, a technique that extracts relevant information about the surroundings from the signals received. Ambient sensing can already play an essential role in the development of new wireless networks: for instance, 5G New Radio and Beyond 5G networks use it when performing Joint Communication and Sensing and when optimizing signal propagation through beamforming. Despite the widespread use of ambient sensing, there is still a lack of research about the characterization of wireless channels when it comes to using them for purposes other than communication alone, especially focusing on a timescale longer than the typical signal and symbol analysis. This work analyzes the structure of CSI traces collected in a laboratory and describes their behaviour so as to provide a mathematical interpretation for it that can be used to model the channel at the frame level. The obtained model can help improve the technical aspects of the implementation of Joint Communication and Sensing in future networks so that it will be possible to efficiently take advantage of the properties of the channels to fulfil the goals that upcoming technologies will set. |
| Thesis type |
B.Sc. |
| A.Y. |
2021-2022 |
| Download |
Link |
A holistic approach to Code Reuse Attack techniques
| |
|
| Student |
Daniele Barattieri di San Pietro d.barattieridisanpie@studenti.unibs.it |
| Description |
The main goal of this thesis is to understand how the synergy between different Code Reuse Attacks techniques could lead to better performance if combined, unlike the most of the existing research, which instead focus on the finding of a new “single gadgets type” technique. |
| Thesis type |
B.Sc. |
| A.Y. |
2021-2022 |
| Download |
Link |
Analisi di GlusterFS nell’ambito dei sistemi di storage distribuito e scalabile
| |
|
| Student |
Andrea Penazzi a.penazzi@studenti.unibs.it |
| Description |
TIl Cloud è in continua crescita ed il numero di servizi e di aziende che si appoggiano al cloud sono in continuo aumento. Molto interessante è il cloud storage che porta diversi vantaggi: • High Availability • Gestione dell’infrastruttura da parte di terzi • Scalabilità • Ottimizzazione dei costi • Backup esterno Per iniziare ad approfondire questo settore si può partire dai cloud filesystem e ho deciso di analizzare GlusterFs. |
| Thesis type |
B.Sc. |
| A.Y. |
2021-2022 |
| Download |
Link |
Analysis of attacks and prevention methods in cybersecurity
| |
|
| Student |
Anas Asswad a.asswad@studenti.unibs.it |
| Description |
In this thesis, we will research and measure the usability and efficiency of a platform called Wazuh, which has a wide range of capabilities and features based on methods and services such as Network Traffic Analysis (NTA) which is known for intercepting, recording, and analyzing network traffic communication patterns to detect and respond to security threats by collecting the records of what is happening in the network. |
| Thesis type |
M.Sc. |
| A.Y. |
2021-2022 |
| Download |
Link |
Bluetooth Security Evolution
| |
|
| Student |
Mohamed Yousif Elamin Abdelrahman m.elaminabdelrah@studenti.unibs.it |
| Description |
Bluetooth is a popular wireless technology that comprises two different standards, Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (BLE). Bluetooth BR/EDR remains the effective connectivity technology for applications requiring high data rates, such as audio voice calling and streaming. On the other hand, BLE had remarkable success thanks to its low power requirements and its ubiquitous availability. BLE also enabled many new product types. Devices such as smartwatches and healthcare appliances would not be possible without such technology. Bluetooth 5.3 is the most recent version of the specification, a work resulting from various revisions, each one improving the available features and adding new characteristics and abilities, including more secure and robust pairing methods, like Secure Connection Pairing. Security was considered from the birth of Bluetooth and is being improved with each specification version. In this thesis, we aim to extend the current body of knowledge regarding Bluetooth security. We first present a quick overview of both BR and BLE. Then, we present a more comprehensive description of BR and BLE security and privacy properties. We discuss several known vulnerabilities and attacks to both Bluetooth technologies. Finally, we validate a Man-in-the-Middle attack by experimenting with a Micro:bit-based sniffer that can monitor real-time BLE traffic. We show that, despite the limited funcionality, even a low-cost sniffer can easily detect active BLE sessions and infer their properties, including Access Addresses, CRC values, and hopping sequences. |
| Thesis type |
M.Sc. |
| A.Y. |
2021-2022 |
| Download |
Link |
| |
|
| Student |
Mauro Pozza m.pozza001@studenti.unibs.it |
| Description |
Con l’evoluzione degli standard Wi-Fi 802.11, sono state gradualmente introdotte una serie di funzionalità e ottimizzazioni con lo scopo di efficientare l’uso dello spettro elettromagnetico e migliorare la trasmissione di informazioni. In questa tesi, è stata sviluppata una metodologia che permette all’utente di riconfigurare il Beamforming, una delle innovazioni inizialmente introdotte nello standard IEEE 802.11n, utilizzando esclusivamente dispositivi commerciali. Il sistema permette infatti la completa costruzione di un beamforming report, ed il suo invio tramite un dispositivo in grado di operare come Beamformee, come un raspberry, un access point o ancora uno smartphone android, al fine di modificare il pattern di radiazione di un trasmettitore qualsiasi. Il software utilizzato per la costruzione dei report è Matlab. Per attivare la trasmissione dei report iniettati dall’utente, è necessario modificare il firmware del beamformee. Per questo scopo, è stato utilizzato il framework Nexmon in grado di gestire i chip radio usati in tutti i dispositivi testati. Non è invece necessaria alcuna modifica al dispositivo usato come trasmettitore, il quale accetta ed utilizza i report in arrivo come se fossero legittimi. |
| Thesis type |
M.Sc. |
| A.Y. |
2020-2021 |
| Download |
Link |
EvilRoam: analysis and deployment of evil-twins-based attacks to Eduroam network users’ security
| |
|
| Student |
Gabriele Bellicini g.bellicini003@studenti.unibs.it |
| Description |
Our main goal was to study, develop and test various attacks to eduroam users by means of an evil-twin. An evil-twin is a fully operational device which replicates the behaviours of another one, but with malicious intentions. In our case, the evil-twin had to replicate an eduroam access point, thus letting users authenticate against itself to then perform attacks to users’ privacy, stealing various kind of data. Moreover, we deeply concentrated on understanding under which conditions an attack can succeed or is forced to fail. One of the most important part of our work consisted in deploying three evil-twins inside our university to attack real-world users. In order to do so, we set up three different evil-twins and, after receiving permissions from the ICT team of our university, we installed them in three different places. We then let them run for several days, catching as much data as they could, in order to have better understanding of how many users are in danger under different point of views. The results of the experiment can be seen in a dedicated chapter. |
| Thesis type |
M.Sc. |
| A.Y. |
2020-2021 |
| Download |
Link |
| |
|
| Student |
Oldanay Moldagaliyeva |
| Description |
Practical experimentation with cellular networks has been historically reserved exclusively to operators, primarily due to equipment costs and licensing constraints. The state of play is changing with the advent of open-source cellular stacks based on increasingly more affordable software defined radio (SDR) systems. Comprehensive understanding of the performance, limitations, and interoperability of these tools however lacks especially when considering upcoming specifications of the 5-th generation mobile systems architecture. In this thesis students will first assemble and deploy a SDR based point-to-point 5G channel building on the OpenAirInterface software framework. They will then use the deployed network for understanding the maximum performance achievable with software-only approach in terms of throughput and latency under different conditions of noise and fading. |
| Thesis type |
M.Sc. |
| A.Y. |
2019-2020 |
| |
|
| |
|
| Student |
Pietro Bonardi p.bonardi002@studenti.unibs.it |
| Description |
In the ANS lab we are developing a framework for sniffing Bluetooth Low Energy 5 sessions using cheap USB dongles manufactured by Nordic. To this end we are replacing the proprietary softdevice kernel with a low level code that we developed from scratch for sniffing connection requests on advertisement channels and start hopping as soon as a connection indication frame is received. |
| Thesis type |
B.Sc |
| A.Y. |
2019-2020 |
| |
|
