Working Student for TSN 5G Testbed
Beschreibung
Deterministic, low-latency communication for time-sensitive data is a critical challenge in industrial and automotive networks. IEEE introduced the Ethernet standards Time-Sensitive Networking (TSN) to address these requirements. Using traffic prioritization and scheduling, TSN enables deterministic, reliable, and low-latency communication. However, industry 4.0 has intensified the need for mobility, such as using Automated Guided Vehicles (AGVs). To meet these demands, 5G must be integrated into TSN systems.
Your role will involve enhancing and further developing a TSN-5G testbed. A baseline testbed integrating 5G into TSN is already in place. The next phase of development focuses on integrating reliability mechanisms. Your specific tasks will include:
- Measuring and analyzing end-to-end delays.
- Integrating additional components into the testbed.
- Adapting the network controller to support additional mechanisms.
What you’ll gain:
- Experience with networking hardware.
- Expertise in hardware measurements.
- Practical experience in system implementation.
Depending on your availability, your working hours per week can be between 10 and 20. If this opportunity interests you, please send us a brief introduction about yourself along with your CV and transcript of records. We look forward to meeting you!
Voraussetzungen
- Familiarity with 5G, (TSN)
- C, Python
- Optional: OpenAirInterface
Betreuer:
Investigating Roaming User-Plane Security in a 4G/5G Combo-Core
5G, 4G, Roaming, Combo-Core, User Plane, Security
Beschreibung
Mobile networks have evolved significantly over the years—from older generations like 2G, 3G, and 4G to the latest 5G technology. Each generation brings new features and changes in how data is handled and secured.
In older networks (2.5G to 4G), a special type of firewall called a GTP-Firewall was used to protect both the control signals (which manage the connection) and the actual user data (like videos or messages). These firewalls could see and filter all the traffic because it was sent in a readable format.
With 5G, things are changing. The control signals now use a different protocol (HTTP/2), and the user data might be encrypted using IPSec. This makes it harder for traditional firewalls to inspect and secure the traffic in the same way.
To address this, a new function called IPUPS was introduced in the 5G standard. It helps secure user data but works differently—it doesnot allow the same kind of visibility as the old firewalls. This is fine in a pure 5G network, but it becomes tricky when 4G and 5G are combined in one system, especially when users move between the two (a process called handover).
This research internship will explore how to combine the old and new approaches to security in a way that works smoothly in a mixed 4G/5G network. The goal is to understand the challenges and propose solutions that ensure both security and performance.
Objectives
1. Analyze the architectural and security differences between legacy GTP-Firewalls and the 5G IPUPS function.
2. Investigate the implications of HTTP/2-based CP and IPSec-protected UP on traffic inspection and security enforcement.
3. Design a hybrid model that enables secure and efficient CP and UP handling in a 4G/5G Combo Core.
4. Evaluate the model in terms of:
• Handover performance (4G <-> 5G)
• Security (visibility, integrity, confidentiality)
• Operability and maintainability
5. Compare the hybrid modes with standalone 5G and legacy 4G implementations.
Voraussetzungen
• Interest in mobile network security and interworking between generations.
• Motivation to explore and analyze complex network functions. Additional points that are beneficial but not required:
• Basic understanding of mobile core networks, especially GTP, UPF, and 5G Core architecture.
• Familiarity with network protocols such as HTTP/2.
Further Information
This research internship is done in an open collaboration with Deutsche Telekom Technik GmbH and a follow-up Master Thesis is encouraged.
Kontakt
Oliver Zeidler oliver.zeidler@tum.de
Betreuer:
Formal Security Analysis of the 5G PRINS Protocol using the Tamarin Prover
Beschreibung
5G is the latest generation of mobile networks, offering high data rates, ultra-low latency, and support for a wide range of applications. A key component of the 5G Core is the Security Edge Protection Proxy (SEPP), which ensures secure communication between Public Land Mobile Networks (PLMNs) in roaming scenarios.
To secure the control plane traffic between SEPPs, 3GPP defines the N32 interface, which is split into two parts: N32-c (for capability negotiation) and N32-f (for control message forwarding). While N32-c is secured using end-to-end Transport Layer Security (TLS), N32-f can either use TLS or a new protocol called PRotocol for N32 INterconnect Security (PRINS).
PRINS is designed to provide application-layer security using the Javascript Object Signing and Encryption (JOSE) framework, while still allowing intermediate IP Exchange Network (IPX) providers to route messages. This hybrid approach introduces new security challenges, especially in the presence of potentially untrusted intermediaries.
This thesis aims to conduct a formal security analysis of the PRINS protocol using the Tamarin Prover, a state-of-the-art tool for symbolic protocol verification. The goal is to model PRINS, define its security goals (e.g., confidentiality, integrity, authentication), and verify whether these goals are met under realistic threat models.
Objectives:
1. Study the PRINS protocol as defined in 3GPP specifications (e.g.,TS 29.573 and TS 33.501).
2. Model the protocol in Tamarin, including key exchange, message protection, and verification steps.
3. Define formal security properties, such as secrecy, authentication, and replay protection.
4. Analyze the protocol under different attacker models (e.g., compromised IPX, key leakage).
5. Compare PRINS with TLS-based N32-f in terms of formal guarantees.
6. Optionally, extend the model to include protocol variants or optimizations.
Voraussetzungen
• Basic understanding of 5G architecture, especially the core network and roaming.
– Motivation and willingness to learn are sufficient.
• Interest in security protocols and formal verification.
• Familiarity with logic, formal methods, or cryptography is helpful.
• Experience with Tamarin Prover, ProVerif, or similar tools is a plus (but not required).
• Programming experience (e.g., Python, functional languages) is useful for modeling.
Kontakt
Oliver Zeidler oliver.zeidler@tum.de
Betreuer:
Evaluating the Necessity of an Orchestration Tool in Kubernetes-Based CNF Deployments: A Design Science Approach
Kubernetes, Cloud Orchestration, 5G Core Network, Cloud-Native Network Functions
Beschreibung
In the ongoing digital transformation, telecommunications companies are shifting from Virtual Network Functions (VNFs) to Cloud-Native Network Functions (CNFs) to meet the demand for agile, scalable, and resilient services. Deutsche Telekom is at the forefront of this transition, moving its network services onto a self-hosted bare-metal cloud infrastructure using Kubernetes as the core platform for container orchestration.
Kubernetes, widely recognized for its robust orchestration capabilities, is the foundation of Deutsche Telekom's cloud-native strategy. However, as network services are usually complex software solutions, deploying and provisioning CNFs pose several orchestration challenges that may require additional tooling. Various tools on the market are designed to manage these orchestration complexities, but the necessity and efficiency of such tools in a Kubernetes-based environment remain an open question.
This thesis seeks to answer the following question: "Is an additional orchestration tool necessary for managing CNF deployments in Kubernetes, or can a custom Kubernetes operator effectively address these orchestration needs?". The purpose of this master's thesis is to evaluate whether a dedicated orchestration tool is needed when deploying and managing CNFs in a Kubernetes setup, where Kubernetes already acts as an orchestrator. This thesis will also explore the design and development of a Kubernetes operator as a potential alternative to using an external orchestration tool.
For more details, please check the PDF with the thesis description
Voraussetzungen
We’re looking for motivated and technically skilled individuals to undertake a challenging and rewarding thesis project. To ensure success, the following prerequisites are essential:
- Strong Technical Acumen: A solid understanding of technical concepts and the ability to quickly adapt to and adopt new technologies.
- Programming Expertise: Proficiency in programming, ideally with experience in Go.
- Containerization Knowledge: Familiarity with container technologies for software deployment (e.g., Docker).
- (Kubernetes Experience): Prior exposure to Kubernetes is a plus but not mandatory.
Kontakt
- Dr. Patrick Derckx (patrick.derckx@telekom.de)
- Razvan-Mihai Ursu (razvan.ursu@tum.de)
Betreuer:
Master's Thesis/Research Internship/Working Student Position: Mobility Management in 5G/6G Networks
Beschreibung
Mobility management is challenging in 5G networks due to the use of higher frequencies and dense deployments. To address these challenges, we use simulations to evaluate new ideas and validate advanced mobility algorithms.
You will contribute to the development of our Python-based simulator for 5G and 6G networks. Your tasks will include implementing mobility-related functions such as:
- Developing and testing new handover algorithms, including algorithms that use deep reinforcement learning
- Implementing a new 6G channel model
- Designing beam selection algorithms
You will get hands-on experience with cutting-edge mobile network technologies and an opportunity to work on real-world mobility management challenges.
Voraussetzungen
- Strong Python programming skills
- Interest in 5G/6G networks and mobility management
- Ability to work independently and learn new concepts
If you are interested in gaining practical experience in 5G/6G mobility research, send an email to anna.prado@tum.de.
Betreuer:
Student Assistant for Programmable Communication Networks Lab Winter Semester 2025/2026
Beschreibung
PCN lab offers the opportunity to familiarize with Openflow and P4 for computer networks. For the next semester, a position is available to assist the participants during labs and the project phase. The lab is planned to be held on-site every Wednesday from 13:00 to 17:00.
Voraussetzungen
- Knowledge of communication networks.
- Solid programming skills: Python.
- Linux knowledge.
Kontakt
kaan.aykurt@tum.de
nicolai.kroeger@tum.de
Betreuer:
Most energy efficient Core on a private Telco Cloud: Energy optimized redundancy model for telco applications
Kubernetes, Energy Efficiency, 5G Core Network
Beschreibung
Motivation:
Deutsche Telekom is operating and constantly developing and improving its own cloud to operate internet and telephony services. The Kubernetes Cloud and the Telco applications are combined to form a TaaP – Telco as a Platform. The TaaP are thousands of servers and hundreds of applications. The energy efficiency of the TaaP is a key success criterion in order to optimize costs, energy consumption, and carbon emissions. Hence the concept of Full Stack Energy Management is established. The focus is to optimize hardware, software and services towards energy efficiency without affecting service availability and robustness.
Problem & Challenge:
In the Telco industry, so far, HW redundancy has been the baseline for service robustness and resilience. The introduction of virtualization and containerization concepts resulted in an additional redundancy level above the hardware. Classical redundancy models don’t apply to this multi-layer redundancy any longer. Moreover, there is no mathematical model that calculates the service availability for such a case.
Specific Problem Formulation:
On a TaaP there are multiple layers of redundancy in Hardware and Software. On the one hand, there are multiple site deployments, where each site has multiple hundreds of servers. On the other hand, on each site, each server has multiple redundant hardware parts like power supply. Moreover, a Kubernetes Cluster, which is homed on one site, hosts multiple microservices, each with a different redundancy concept like active/passive, n+1, n+m, etc. This setup of mixed HW and SW redundancy causes inefficiency and is not easy to calculate or simulate in terms of overall service, network, site, redundancy, and energy consumption.
Solution Approach:
There are multiple different parameters in HW and SW that impact the service availability and energy consumption. Firstly, a comprehensive list of these parameters is required, including modeling of dependencies. Secondly, a model needs to be set up to consider all of these parameters into “one equation”.
Expected Outcome:
A simulation and mathematical model should be developed that considers software and hardware redundancy across multiple sites and SW layers in order to calculate the network-wide service availability. Moreover, the model should allow the optimization of the following parameters: least required HW based on predefined service availability, least energy consumption, and best redundancy.
Voraussetzungen
- Familiarity with tools such as GitLab and Wiki platforms.
- Proficiency in English. The project language is English and the team spans across four EU countries.
- Basic Kubenetes Knowhow.
- High level of self-engagement and motivation.
Kontakt
- Manuel Keipert (manuel.keipert@telekom.de)
- Valentin Haider (valentin.haider@tum.de)
- Razvan-Mihai Ursu (razvan.ursu@tum.de)
Betreuer:
Early Warning Model (EWM) for Anomalies in Deutsche Telekom Streaming Data
Beschreibung
Through its nationwide communication infrastructure, Deutsche Telekom operates a large variety of services targeted at the needs of customers and their devices. With technological advances reaching many industries, the set of such networked daily-use devices includes not only phones but TV attachments and many more. Naturally, this combination of a high number of users plus the variety of services and devices produces a large amount of heterogeneous data. Unexpected events and anomalous behavior can easily cause service disruptions and even downtime for the system.Therefore, it is important to identify points within the streaming data that indicate deviations from normal system operation. In this context, the thesis aims to evaluate the ability to flag such anomalies early on or even predict them in advance, essentially creating an early warning model (EWM).
Voraussetzungen
- Knowledge in python programming.
- Familiarity with supervised learning, sensitivity analysis and timeseries.
- Skills in working with data (especially elastic and pandas)
- willingness to self-teach and strong problem-solving skills :)
Betreuer:
Advancing Kubernetes Simulations: Modeling Multi-Tier Services with Shadow
Kubernetes, software-in-the-loop, simulations
Beschreibung
Shadow [1] is a discrete-event network simulator that directly executes real application code by co-opting native Linux processes into a high-performance network simulation. It achieves this by intercepting system calls and emulating necessary functionalities, allowing applications to operate within a simulated network environment without modification. While initially developed to model large-scale Tor networks, Shadow can also be adapted to simulate other complex systems.
The primary goal of this master’s thesis is to explore the feasibility and methodology of simulating multi-tier Kubernetes-based cloud deployments using the Shadow simulator. This involves setting up and extending Shadow to accurately represent the components and operations of a Kubernetes cluster and evaluating the performance and accuracy of this simulation approach.
[1] Jansen, R., et al. (2022). Co-opting Linux Processes for High-Performance Network Simulation. 2022 USENIX Annual Technical Conference (USENIX ATC ’22). USENIX Association. Retrieved from (https://www.usenix.org/system/files/atc22-jansen.pdf)
Voraussetzungen
- Strong background in computer networks and distributed systems.
- Proficiency in Linux systems and experience with simulation/emulation tools.
- Familiarity with Kubernetes architecture and operations.
- Programming skills in languages such as C, Python, and Rust.
Kontakt
- Razvan-Mihai Ursu (razvan.ursu@tum.de)
Betreuer:
Automated Configuration of Complex Networks Using AI-Driven Intent-Based Networking
Networks, Artificial Intelligence, Intent-Based Networking, Large Language Models
Beschreibung
In today’s business landscape, the demand for highly available, secure, and scalable networks is continuously increasing, particularly for large enterprises.
Conventional network management faces challenges such as complexity, with manual configurations being error-prone and time-consuming. It also struggles with scalability issues due to slow adaptation to changing needs and limited automation, which requires deep expertise. Modern solutions like SDN, NFV, and AI-driven automation address these problems by enabling dynamic, scalable, and policy-driven network management.
The traditional network management approach relies on manual implementation, requiring expertise in routing, Quality of Service (QoS), and encryption mechanisms. This results in high operational costs and makes the network prone to misconfigurations. Intent-Based Network Configuration Management is a modern approach to managing and automating networks, where the operator defines "what they want the network to do" (the intent) rather than specifying "how to configure the network" (manual steps). The system interprets these high-level intents and automates the necessary configurations and adjustments to achieve the desired outcome.
Voraussetzungen
• Knowledge in Network Automation and Network Orchestration
• AI and Machine Learning Fundamentals
• Proficiency in programming and scripting, with a strong focus on Python and knowledge in libraries such as TensorFlow and PyTorch
• High level of self-motivation, independence, and problem-solving capability
Kontakt
kaan.aykurt@tum.de
philip.ulrich@telekom.de
klaus.scheepers@telekom.de