- Unable to fetch resource from https://tumanager.ei.tum.de/service.php?mode=open&token=lifecycle_sec_tueilkn with exception
- cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://tumanager.ei.tum.de/service.php?mode=open&token=lifecycle_sec_tueilkn
Formal Security Analysis of the 5G PRINS Protocol using the Tamarin Prover
Description
5G is the latest generation of mobile networks, offering high data rates, ultra-low latency, and support for a wide range of applications. A key component of the 5G Core is the Security Edge Protection Proxy (SEPP), which ensures secure communication between Public Land Mobile Networks (PLMNs) in roaming scenarios.
To secure the control plane traffic between SEPPs, 3GPP defines the N32 interface, which is split into two parts: N32-c (for capability negotiation) and N32-f (for control message forwarding). While N32-c is secured using end-to-end Transport Layer Security (TLS), N32-f can either use TLS or a new protocol called PRotocol for N32 INterconnect Security (PRINS).
PRINS is designed to provide application-layer security using the Javascript Object Signing and Encryption (JOSE) framework, while still allowing intermediate IP Exchange Network (IPX) providers to route messages. This hybrid approach introduces new security challenges, especially in the presence of potentially untrusted intermediaries.
This thesis aims to conduct a formal security analysis of the PRINS protocol using the Tamarin Prover, a state-of-the-art tool for symbolic protocol verification. The goal is to model PRINS, define its security goals (e.g., confidentiality, integrity, authentication), and verify whether these goals are met under realistic threat models.
Objectives:
1. Study the PRINS protocol as defined in 3GPP specifications (e.g.,TS 29.573 and TS 33.501).
2. Model the protocol in Tamarin, including key exchange, message protection, and verification steps.
3. Define formal security properties, such as secrecy, authentication, and replay protection.
4. Analyze the protocol under different attacker models (e.g., compromised IPX, key leakage).
5. Compare PRINS with TLS-based N32-f in terms of formal guarantees.
6. Optionally, extend the model to include protocol variants or optimizations.
Prerequisites
• Basic understanding of 5G architecture, especially the core network and roaming.
– Motivation and willingness to learn are sufficient.
• Interest in security protocols and formal verification.
• Familiarity with logic, formal methods, or cryptography is helpful.
• Experience with Tamarin Prover, ProVerif, or similar tools is a plus (but not required).
• Programming experience (e.g., Python, functional languages) is useful for modeling.
Contact
Supervisor:
Solving 6G in-X Subnetwork Frequency Planning using a GNN
6G, Subnetwork
Description
Within current 6G research, so-called in-X Subnetworks (SNs) are envisioned to constitute a key technology for providing ubiquitous network connectivity. Possible deployment scenarios for these SNs include, e.g., industrial environments, vehicles, or drones to facilitate communication between users in geographically confined areas with high data rates, ultra-low latencies, and high reliability. The use-cases that are envisioned for in-X SNs are, e.g., intra-vehicle sensor-actuator communication, robot control in industrial environments, or in-body networks for health monitoring. SNs can thereby be operated in three different modes: In the standalone mode, the SN runs fully autonomous, while in the semi-autonomous and connected mode, the SN can receive control information from a so-called 6G umbrella network, and the SN Access Point (AP) can act as a gateway to the umbrella network.
Regardless of the operation mode, and despite SNs representing a new type of network, SNs still require frequency bands to provide their services. Therefore, adequate frequency planning mechanisms must be developed to mitigate interference among SNs, especially for SNs enabling high reliability communication services. Due to the deployment of SNs within autonomous vehicles, Unmanned Aerial Vehicles (UAVs), or robots, many of the SNs will be mobile. The mobility of SNs thus makes the problem of frequency planning for SNs a dynamic task. Since frequency spectrum is a limited resource, resource allocation mechanisms must focus on effective spectrum usage while ensuring a certain communication quality.
While there exists related work addressing this problem for mobile SNs, i.e., for varying interference scenarios, and optimizing resource allocation at different time instances, SN reconfigurations, i.e., changing a SN’s allocated frequency spectrum from one time step to the other, have not yet been considered. Due to the signaling overhead, a SN reconfiguration can, however, have significant impact on the service availability within a SN. Thus, in [1], the problem of dynamic frequency subband allocation to mobile in-X SNs with the objectives of minimizing SN reconfigurations and bandwidth usage while guaranteeing interference-free operation of all SNs has been studied and solved using heuristic algorithms.
To complement this work, this thesis should investigate different solution approaches based on Machine Learning (ML) to solve the problem presented in [1]. Specifically, in the case of a research internship, the student should implement a Graph Neural Network (GNN) to solve the optimization problem. In the case of a master thesis, it is also possible to change the system model and problem setting. Depending on the quality of the work, the results of the thesis can lead to a scientific publication.
[1] V. T. Haider, R. Pries, W. Kellerer, and F. Mehmeti, “Dynamic frequency planning for autonomous mobile 6G in-X subnetworks,” in NOMS 2025-2025 IEEE/IFIP Network Operations and Management Symposium, To Appear, 2025.
Contact
Valentin Haider (valentin.haider@tum.de)
Supervisor:
Topology generation for studying the interdependence of communication networks and electrical networks
topology, communication network, electrical grid
Description
The interdependence of communication networks and electrical power grids is a topic of discussion in recent times. Though researchers try to map the interdependence, there are no topology-level frameworks that have data on both communication networks and electrical power grids. This work aims to generate such topology-level frameworks to publish as open-source to encourage research along this direction.
Prerequisites
Python: NetworkX
Basics of graph theory.
Contact
shakthivelu.janardhanan@tum.de
Supervisor:
Investigating minimal cut set centrality
minimal cut set, centrality, metric
Description
A cut set of a flow is a set of components when removed, cause the flow to fail. A cut set is minimal if it cannot be further reduced. Based on minimal cut sets for flows, this work aims to investigate a potential centrality metric to determine the importance of particular nodes in the network.
Prerequisites
Tools: Python, Good to know Networkx and igraph
Helpful Courses: Kommunikationsnetze, Data Networking, Communication Network Reliability
Contact
shakthivelu.janardhanan@tum.de
Supervisor:
Evaluating the Necessity of an Orchestration Tool in Kubernetes-Based CNF Deployments: A Design Science Approach
Kubernetes, Cloud Orchestration, 5G Core Network, Cloud-Native Network Functions
Description
In the ongoing digital transformation, telecommunications companies are shifting from Virtual Network Functions (VNFs) to Cloud-Native Network Functions (CNFs) to meet the demand for agile, scalable, and resilient services. Deutsche Telekom is at the forefront of this transition, moving its network services onto a self-hosted bare-metal cloud infrastructure using Kubernetes as the core platform for container orchestration.
Kubernetes, widely recognized for its robust orchestration capabilities, is the foundation of Deutsche Telekom's cloud-native strategy. However, as network services are usually complex software solutions, deploying and provisioning CNFs pose several orchestration challenges that may require additional tooling. Various tools on the market are designed to manage these orchestration complexities, but the necessity and efficiency of such tools in a Kubernetes-based environment remain an open question.
This thesis seeks to answer the following question: "Is an additional orchestration tool necessary for managing CNF deployments in Kubernetes, or can a custom Kubernetes operator effectively address these orchestration needs?". The purpose of this master's thesis is to evaluate whether a dedicated orchestration tool is needed when deploying and managing CNFs in a Kubernetes setup, where Kubernetes already acts as an orchestrator. This thesis will also explore the design and development of a Kubernetes operator as a potential alternative to using an external orchestration tool.
For more details, please check the PDF with the thesis description
Prerequisites
We’re looking for motivated and technically skilled individuals to undertake a challenging and rewarding thesis project. To ensure success, the following prerequisites are essential:
- Strong Technical Acumen: A solid understanding of technical concepts and the ability to quickly adapt to and adopt new technologies.
- Programming Expertise: Proficiency in programming, ideally with experience in Go.
- Containerization Knowledge: Familiarity with container technologies for software deployment (e.g., Docker).
- (Kubernetes Experience): Prior exposure to Kubernetes is a plus but not mandatory.
Contact
- Dr. Patrick Derckx (patrick.derckx@telekom.de)
- Razvan-Mihai Ursu (razvan.ursu@tum.de)
Supervisor:
Master's Thesis/Research Internship/Working Student Position: Mobility Management in 5G/6G Networks
Description
Mobility management is challenging in 5G networks due to the use of higher frequencies and dense deployments. To address these challenges, we use simulations to evaluate new ideas and validate advanced mobility algorithms.
You will contribute to the development of our Python-based simulator for 5G and 6G networks. Your tasks will include implementing mobility-related functions such as:
- Developing and testing new handover algorithms, including algorithms that use deep reinforcement learning
- Implementing a new 6G channel model
- Designing beam selection algorithms
You will get hands-on experience with cutting-edge mobile network technologies and an opportunity to work on real-world mobility management challenges.
Prerequisites
- Strong Python programming skills
- Interest in 5G/6G networks and mobility management
- Ability to work independently and learn new concepts
If you are interested in gaining practical experience in 5G/6G mobility research, send an email to anna.prado@tum.de.
Supervisor:
Experimental Evaluation of xApp-related Vulnerabilities in FlexRIC
Description
Description
In previous mobile network generations, Radio Access Networks (RAN) have been treated as a proprietary, closed network segment that is specific to every operator. To accelerate development and innovation, new initiatives such as the O-RAN ALLIANCE were born, aiming to split the RAN into different components and standardize the open interfaces that connect them.
Fundamentally, O-RAN leverages the concept of Software Defined RAN (SD-RAN) by decoupling the RAN data plane from the control plane and introducing several new RAN-controlling components. One of the central components is the near real-time RAN Intelligent Controller (nearRT-RIC), which manages the RAN (network slices, handovers, etc). The nearRT-RIC is designed to allow both the use of traditional, rule-based policies and Machine Learning or data-driven ones to optimize the RAN operation. The logic of these policies is encapsulated in applications called xApps that run on the nearRT-RIC platform and can read and modify different parameters of the RAN.
Among open-source implementations of the nearRT-RIC, OpenAirInterface FlexRIC is one of the most prominent, providing a flexible platform to experiment with custom RIC functionality [1].
While providing opportunities for efficient resource management, the nearRT-RIC is also a prospective target for attackers, because of its control power over the RAN. Specifically, an attack vector is a malicious xApp that can interfere with other legitimate xApps running on the nearRT-RIC.
Near-RT RIC implementations are still in their infancy and exhibit various bugs and security vulnerabilities, particularly at the E2 interface [2].
To investigate the broader impact of such issues, we intend to examine whether known vulnerabilities - originally identified in other nearRT-RIC platforms[3, 4] - can be reproduced in the OpenAirInterface FlexRIC [1]. Specifically, we analyze the extent to which crafted messages from malicious xApps can disrupt FlexRIC’s operation through the E2 interface. Understanding the susceptibility of FlexRIC to these types of attacks is essential for evaluating its robustness and for hardening open-source RIC implementations more generally. This will help discover if specific implementations cause the vulnerabilities or if they are common problems in the design of nearRT-RIC systems.
Objectives
The goal of this Student Work is to reproduce the attacks of the OSC RIC discussed in [2] and [4] for the OpenAirInterface FlexRIC. Additionally, after reproducing the existing attacks and understanding the FlexRIC Platform, the student is expected to explore new attack attempts with the same goal of disrupting nearRT-RIC. Special focus will be put on the critical interfaces of the system, such as the E2 Interface, and the E42 Interface.
[1] R. Schmidt, M. Irazabal, and N. Nikaein, “Flexric: an sdk for next-generation sd-rans,” in Proceedings of the 17th International Conference on Emerging Networking EXperiments and Technologies, ser. CoNEXT ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 411–425. [Online]. Available: https://doi.org/10.1145/3485983.3494870
[2] C.-F. Hung, Y.-R. Chen, C.-H. Tseng, and S.-M. Cheng, “Security Threats to xApps Access Control and E2 Interface in O-RAN,” IEEE Open Journal of the Communications Society, vol. 5, pp. 1197–1203, 2024.
[3] “O-RAN SC Projects,” https://docs.o-ran-sc.org/en/latest/projects.html#near-realtime-ran-intelligent-controller-ric, accessed: 2025-03-01.
[4] “Opening Critical Infrastructure: The Current State of Open RAN Security,” https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html, accessed: 2025-03-01.
Prerequisites
- Interest in network security and hands-on approach
- Experience with C/C++ or Python; familiarity with Linux-based development
- Basic knowledge of mobile networks and software-defined networking (SDN)
Contact
- R?zvan-Mihai Ursu (razvan.ursu@tum.de)
Supervisor:
Identifying Challenges in Reliability and Security of Multi-Domain QKD Networks
Description
This research internship focuses on investigating the state-of-the-art reliability and security mechanisms in multi-domain Quantum Key Distribution (QKD) networks. The first objective is to gain a deep understanding of multi-domain networks and how QKD is applied in this concept. Then, the goal is to explore existing architectures, key management protocols, and inter-domain coordination strategies to understand how QKD networks ensure secure key exchange across multiple administrative domains. A key objective is to identify challenges and open research questions related to key relay trust models, authentication between domains, error correction, and resilience against failures or attacks. The study will also assess the impact of network heterogeneity, policy conflicts, and potential attack vectors, such as man-in-the-middle threats in QKD link handovers. The findings will contribute to a structured gap analysis, providing insights into future research directions to enhance the scalability, robustness, and trustworthiness of multi-domain QKD networks.
Prerequisites
- Strong networking background (knowledge on QKD is a plus)
- Research motivation and critical thinking
Supervisor:
Student Assistant for Programmable Communication Networks Lab Winter Semester 2025/2026
Description
PCN lab offers the opportunity to familiarize with Openflow and P4 for computer networks. For the next semester, a position is available to assist the participants during labs and the project phase. The lab is planned to be held on-site every Wednesday from 13:00 to 17:00.
Prerequisites
- Knowledge of communication networks.
- Solid programming skills: Python.
- Linux knowledge.
Contact
kaan.aykurt@tum.de
nicolai.kroeger@tum.de
Supervisor:
Most energy efficient Core on a private Telco Cloud: Energy optimized redundancy model for telco applications
Kubernetes, Energy Efficiency, 5G Core Network
Description
Motivation:
Deutsche Telekom is operating and constantly developing and improving its own cloud to operate internet and telephony services. The Kubernetes Cloud and the Telco applications are combined to form a TaaP – Telco as a Platform. The TaaP are thousands of servers and hundreds of applications. The energy efficiency of the TaaP is a key success criterion in order to optimize costs, energy consumption, and carbon emissions. Hence the concept of Full Stack Energy Management is established. The focus is to optimize hardware, software and services towards energy efficiency without affecting service availability and robustness.
Problem & Challenge:
In the Telco industry, so far, HW redundancy has been the baseline for service robustness and resilience. The introduction of virtualization and containerization concepts resulted in an additional redundancy level above the hardware. Classical redundancy models don’t apply to this multi-layer redundancy any longer. Moreover, there is no mathematical model that calculates the service availability for such a case.
Specific Problem Formulation:
On a TaaP there are multiple layers of redundancy in Hardware and Software. On the one hand, there are multiple site deployments, where each site has multiple hundreds of servers. On the other hand, on each site, each server has multiple redundant hardware parts like power supply. Moreover, a Kubernetes Cluster, which is homed on one site, hosts multiple microservices, each with a different redundancy concept like active/passive, n+1, n+m, etc. This setup of mixed HW and SW redundancy causes inefficiency and is not easy to calculate or simulate in terms of overall service, network, site, redundancy, and energy consumption.
Solution Approach:
There are multiple different parameters in HW and SW that impact the service availability and energy consumption. Firstly, a comprehensive list of these parameters is required, including modeling of dependencies. Secondly, a model needs to be set up to consider all of these parameters into “one equation”.
Expected Outcome:
A simulation and mathematical model should be developed that considers software and hardware redundancy across multiple sites and SW layers in order to calculate the network-wide service availability. Moreover, the model should allow the optimization of the following parameters: least required HW based on predefined service availability, least energy consumption, and best redundancy.
Prerequisites
- Familiarity with tools such as GitLab and Wiki platforms.
- Proficiency in English. The project language is English and the team spans across four EU countries.
- Basic Kubenetes Knowhow.
- High level of self-engagement and motivation.
Contact
- Manuel Keipert (manuel.keipert@telekom.de)
- Valentin Haider (valentin.haider@tum.de)
- Razvan-Mihai Ursu (razvan.ursu@tum.de)
Supervisor:
Early Warning Model (EWM) for Anomalies in Deutsche Telekom Streaming Data
Description
Through its nationwide communication infrastructure, Deutsche Telekom operates a large variety of services targeted at the needs of customers and their devices. With technological advances reaching many industries, the set of such networked daily-use devices includes not only phones but TV attachments and many more. Naturally, this combination of a high number of users plus the variety of services and devices produces a large amount of heterogeneous data. Unexpected events and anomalous behavior can easily cause service disruptions and even downtime for the system.Therefore, it is important to identify points within the streaming data that indicate deviations from normal system operation. In this context, the thesis aims to evaluate the ability to flag such anomalies early on or even predict them in advance, essentially creating an early warning model (EWM).
Prerequisites
- Knowledge in python programming.
- Familiarity with supervised learning, sensitivity analysis and timeseries.
- Skills in working with data (especially elastic and pandas)
- willingness to self-teach and strong problem-solving skills :)
Supervisor:
Advancing Kubernetes Simulations: Modeling Multi-Tier Services with Shadow
Kubernetes, software-in-the-loop, simulations
Description
Shadow [1] is a discrete-event network simulator that directly executes real application code by co-opting native Linux processes into a high-performance network simulation. It achieves this by intercepting system calls and emulating necessary functionalities, allowing applications to operate within a simulated network environment without modification. While initially developed to model large-scale Tor networks, Shadow can also be adapted to simulate other complex systems.
The primary goal of this master’s thesis is to explore the feasibility and methodology of simulating multi-tier Kubernetes-based cloud deployments using the Shadow simulator. This involves setting up and extending Shadow to accurately represent the components and operations of a Kubernetes cluster and evaluating the performance and accuracy of this simulation approach.
[1] Jansen, R., et al. (2022). Co-opting Linux Processes for High-Performance Network Simulation. 2022 USENIX Annual Technical Conference (USENIX ATC ’22). USENIX Association. Retrieved from (https://www.usenix.org/system/files/atc22-jansen.pdf)
Prerequisites
- Strong background in computer networks and distributed systems.
- Proficiency in Linux systems and experience with simulation/emulation tools.
- Familiarity with Kubernetes architecture and operations.
- Programming skills in languages such as C, Python, and Rust.
Contact
- Razvan-Mihai Ursu (razvan.ursu@tum.de)
Supervisor:
Automated Configuration of Complex Networks Using AI-Driven Intent-Based Networking
Networks, Artificial Intelligence, Intent-Based Networking, Large Language Models
Description
In today’s business landscape, the demand for highly available, secure, and scalable networks is continuously increasing, particularly for large enterprises.
Conventional network management faces challenges such as complexity, with manual configurations being error-prone and time-consuming. It also struggles with scalability issues due to slow adaptation to changing needs and limited automation, which requires deep expertise. Modern solutions like SDN, NFV, and AI-driven automation address these problems by enabling dynamic, scalable, and policy-driven network management.
The traditional network management approach relies on manual implementation, requiring expertise in routing, Quality of Service (QoS), and encryption mechanisms. This results in high operational costs and makes the network prone to misconfigurations. Intent-Based Network Configuration Management is a modern approach to managing and automating networks, where the operator defines "what they want the network to do" (the intent) rather than specifying "how to configure the network" (manual steps). The system interprets these high-level intents and automates the necessary configurations and adjustments to achieve the desired outcome.
Prerequisites
• Knowledge in Network Automation and Network Orchestration
• AI and Machine Learning Fundamentals
• Proficiency in programming and scripting, with a strong focus on Python and knowledge in libraries such as TensorFlow and PyTorch
• High level of self-motivation, independence, and problem-solving capability
Contact
kaan.aykurt@tum.de
philip.ulrich@telekom.de
klaus.scheepers@telekom.de