List of thesis topics (updated on 17.10.2025)

In addition to the topics listed below, students are encouraged to propose their own topic ideas.

AI-based grading of homework assignments

Design and implement an AI-powered semi-automated system to grade and provide feedback on assignments for the Applied Cryptography and Web Security courses.

Tags: AI, LLM, automation

Students enrolled in the Applied Cryptography and Web Security courses are required to submit weekly homework through Moodle. The nature of these assignments varies depending on the course:

  • Applied Cryptography: Tasks involve Python programming.
  • Web Security: Assignments may include free-form written answers, webpages demonstrating proof-of-concept attacks, and screenshots illustrating key observations or results.

For the Applied Cryptography course, the correctness of Python solutions can be automatically checked using a test script. Beyond simple functionality, the AI grading system should be capable of analyzing the submitted code and offering feedback when implementations are less than optimal. We have compiled a list of common recommendations and feedback, which can be used to guide the AI's responses.

Your task is to identify and select the best AI tool (using online API or offline LLM) for grading these submissions. Using this tool, design a framework of templates and instructions that enable the AI to assess assignments effectively. You will then validate your solution by benchmarking it against manual grading done on submissions from the previous semesters.

Additionally, your solution should include a mechanism to detect plagiarism and flag submissions that lack originality.

Students involved in this project may receive financial compensation for their contributions.


Security of radio transmission used by smart water meters in Tartu

This project investigates the security of radio transmissions from Kamstrup MULTICAL 21 smart water meters in Tartu, focusing on encryption, transmitted data, and potential privacy risks.

Tags: Wireless M-Bus, IoT security, smart meter, radio protocols

The water utility company Tartu Veevärk AS provides customers in Tartu with smart water meters, specifically the Kamstrup MULTICAL 21 model. These meters are capable of transmitting daily water usage readings remotely using the Wireless M-Bus protocol. Allegedly, transmissions occur once per day during the night and are received by antennas installed on the building at Õpetaja 9, Tartu.

The aim of this research project is to analyze the security and privacy of the radio communication used by these smart water meters.

Project tasks:

  • Investigate the configuration functionality and options exposed via the optical interface.
  • Investigate the cryptographic mechanisms used in the transmission process. Identify the type of encryption (if any) used. Analyze key management and authentication mechanisms.
  • Determine the structure and content of the data transmitted over the radio channel.
  • Assess potential security and privacy risks, including unauthorized access to meter readings. The possibility of spoofing or manipulating transmitted data. Privacy concerns from the ability to infer user behavior.
  • If possible, develop a proof-of-concept system that demonstrates the ability to detect and identify buildings equipped with these meters, and the ability to intercept and decode meter readings transmitted in the vicinity.

For research purposes, a Kamstrup MULTICAL 21 water meter (including the necessary encryption keys) can be legally purchased from Ropka KVH, enabling hands-on analysis of the transmission protocol and cryptographic measures.

Links:
https://tartu.postimees.ee/7196620/miks-ei-ole-tartlaste-elamistes-kaugloetavaid-veearvesteid
https://optimatic.ee/en/products/remote-reading-water-meters/wired-system-m-bus/kamstrup/
https://documentation.kamstrup.com/docs/flowIQ_3100/en-GB/_Overview_/CONT3E7622E6A39642C3B4BD079980432D86/
https://ropka.ee/pood/?v=08a4415e9d59


Security of smart electricity meters used by Elektrilevi

This project investigates the security and privacy risks of Landis+Gyr E450 smart electricity meters used by Elektrilevi, focusing on protocol analysis, potential data leakage and threat scenarios related to meter communication.

Tags: smart meter, PLC, optical port, IEC 62056-21, privacy

This project investigates the security and privacy implications of the Landis+Gyr E450 smart electricity meters, which are widely deployed by Elektrilevi across residential households. These meters transmit consumption data using either power-line communication (PLC) or cellular networks (3G/4G). The primary objective is to analyze the underlying communication protocols and implementations to assess potential risks related to confidentiality, authenticity, and data leakage during transmission.

Project objectives:

  • Optical port analysis: Examine the functionality exposed via the optical interface (IEC 62056-21), including any vendor-specific commands. Note that full access may require utility provider keys.
  • PLC communication assessment: Analyze G3-PLC/IDIS communication, including message structure, addressing schemes, error handling, and the use of encryption and authentication. Investigate whether communications leak beyond the intended endpoints or can be intercepted downstream.
  • Threat modeling: Evaluate potential threats such as unauthorized data access, message spoofing of tampering, jamming attacks and privacy inference.

Testing and measurements should be carried out on a decommissioned or sample meter, which must be either purchased or obtained through cooperation with Elektrilevi.

Given the widespread deployment of the E450 model, prior research may already exist on its security aspects. A review of existing literature will be an essential part of the initial phase of the project.

Links:
https://www.elektrilevi.ee/-/doc/8644141/ettevottest/tutvustus/failid/EM%C3%9C.pdf


User enumeration in messaging apps

This project investigates the feasibility of user enumeration and the countermeasures employed by popular messaging apps such as WhatsApp, Signal, Viber, Telegram, and Line.

Tags: messaging apps, privacy

Many messaging apps use phone numbers as the primary user identifier, enabling contact discovery. Once a contact is identified, some basic information, such as profile photo and display name, may be accessible.

The objective of this study is to assess the practicality of performing large-scale user enumeration based on extensive lists of phone numbers. It will examine the types of user metadata disclosed by different messaging platforms and evaluate the privacy settings and defensive mechanisms they implement.

The level of complexity of the project can be tailored to focus on a specific app or a subset of apps only.


Residential proxies in Estonia

Analyze and identify residential proxy hosts in Estonia, their networks, device types, and user consent.

Tags: residential proxies, malware analysis

Various services sell access to residential IP proxy servers, allowing network traffic to be routed through residential networks, typically via consumer devices used by everyday internet users.

While providers of residential proxy services claim that proxy hosts join the network voluntarily, there is evidence indicating that proxy functionality may be embedded in malware or other types of software without user consent.

The objective of this project is to determine the number of residential proxy hosts located in Estonia, identify their network locations, the types of devices involved, and the nature of the hosts running the proxy software. Ideally, the project will also assess whether these hosts are operated with the knowledge and consent of their users.

An additional approach is to deploy a residential proxy application on a device and analyze the traffic passing through it, including who is using the proxy and for what purposes.

Links:
https://ieeexplore.ieee.org/document/8835239
https://robins.one/notes/uninstall-the-nightowl-app-now.html
https://iproyal.com/proxies-by-location/europe/estonia/
https://infatica.io/
https://sponsor.ajay.app/emails/


Browser history leaks using :visited links

This project explores how browser history can be leaked by visually encoding visited link colors using the CSS :visited selector, implementing an attack that extracts browsing data from screenshots while studying existing defenses and mitigation techniques.

Tags: browser security, privacy leak

Consider a scenario where a friend asks you to send a screenshot showing how their website appears in your browser. By sharing this screenshot, you might unintentionally reveal sensitive information about your browsing history, specifically, which of the top 1000 websites you have visited.

This type of privacy leak is possible because browsers render links differently based on whether the user has previously visited the linked site, using the CSS :visited selector to change the link color. An attacker can exploit this behavior by embedding links to popular websites and visually encoding the user's visit history through subtle variations in link appearance.

Your task will be to implement this proof-of-concept attack by creating both an encoder and decoder. The encoder should:

  • Select the top X websites to test.
  • Efficiently arrange and encode the link pixels on a webpage to maximize the amount of information leaked about the user's visited sites.
  • Ensure the resulting page appears normal and unsuspicious to casual observers.

You will study various visual encoding strategies that balance stealth and data capacity.

Significant related work exists in this area. For example, Weinberg et al. demonstrated an attack using repaint events to sniff browsing history and described interactive techniques, like CAPTCHAs or analyzing webcam reflections, to infer link colors and extract history data.

Modern browsers are attempting to mitigate these leaks by introducing features such as partitioning the :visited link history.

Your project involves:

  • Reviewing the literature and history of browser history leakage attacks.
  • Analyzing current browser protection mechanisms.
  • Implementing an efficient proof-of-concept exploit as described above.

Links:
https://www.slideshare.net/slideshow/javascript-malware-spi-dynamics/35436#19
https://educatedguesswork.org/posts/web-security-model-side-channels/
https://github.com/explainers-by-googlers/Partitioning-visited-links-history
https://chromestatus.com/feature/5101991698628608
https://chromestatus.com/feature/5101991698628608
https://github.com/explainers-by-googlers/Partitioning-visited-links-history
https://www.usenix.org/sites/default/files/conference/protected-files/woot18_slides_smith.pdf
https://blog.lukaszolejnik.com/fixing-web-browser-history-leaks/


Exploring AI models for feature extraction from facial images

This project researches freely available AI models for extracting facial features like gender, age and emotions, and integrates them into the open-source "ID card face match" solution.

Tags: AI models, gender recognition, age detection, emotion recognition

Various AI models are available that can extract a range of features from facial images, such as gender, age and emotional expression.

The aim of this project is to research freely available AI models capable of extracting different facial features.

The practical component involves integrating these models in to the open-source "ID card face match" solution to enhance its functionality.

Links:
https://github.com/acs-unitartucs/idcard_face_match


Implementing secure blur in GIMP

This project aims to develop a secure blur plugin for GIMP that ensures irreversible image redaction by preventing reconstruction of the original content, unlike traditional blur filters.

Tags: image processing, privacy

Conventional blur filters (such as Gaussian Blur, Pixelize or Motion Blur) are designed primarily for visual obfuscation. However, they do not offer true security. With sufficient time, effort and the aid of advanced tools such as AI-based reconstruction or manual analysis, these filters can sometimes be reversed or partially deblurred, particularly when applied with low intensity.

A secure blur aims to go beyond simple visual masking by ensuring that the original content, be it text or imagery, cannot be reconstructed or inferred even with sophisticated techniques. In this sense, secure blur functions more as data redaction rather than mere obfuscation.

The objective of this project is to research common techniques used to reverse traditional blur filters and to explore existing approaches to secure blurring. Based on these insights, the project will involve the development of a secure blur plugin for GIMP, providing users with a reliable tool for irreversible image redaction within the GIMP environment.

Links:
https://reduct.video/blog/secure-blur


Security analysis of digital tachographs

This project analyzes the cryptographic methods used in digital tachographs to understand the security risks they address and the threat models that ensure their protection.

Tags: digital tachograph, smart cards

A digital tachograph is a device installed in a vehicle to digitally record speed, distance and driver activity based on selected modes. Modern digital tachographs utilize smartcards and cryptographic techniques to ensure data integrity and security.

The objective of this project is to study the cryptographic mechanisms employed in digital tachographs, analyze the security risks these systems are designed to mitigate, and evaluate the threat model under which smart tachographs maintain their security.

Links:
https://dtc.jrc.ec.europa.eu/dtc_smart_tachograph.php


Trustworthy signing time for the Estonian digital signature

This thesis aims to enhance the Estonian digital signature scheme by introducing a trustworthy signing time—using timestamps or OCSP responses to provide a verifiable time window for when the signature was created, along with a proof-of-concept implementation.

Tags: digital signature, timestamping, signature metadata

The current Estonian digital signature scheme does not provide a trusted attestation of the exact time when a signature was created; instead, the timestamp only proves that the signature existed at a certain point in time. This limitation affects the precision of signing time verification.

The aim of the project is to enhance the existing digital signature scheme by incorporating a trustworthy signing time, or more precisely, a narrowed signing time window, through the addition of an extra timestamp or equivalent metadata directly under the signatory's signature.

Potential tasks include:

  • Analyzing required changes to the digital signature file format and ensuring compliance with international standards.
  • Investigating Slovakia's approach of using the ContentTimeStamp element for signing time.
  • Evaluating whether including an OCSP response instead of a timestamp can address validation issues caused by certificate suspension, since the OCSP response attests to the certificate's validity at both the beginning and end of the signing period.
  • Designing an algorithm to calculate the signing time or signing time period and proposing how to represent this information in the graphical user interface.
  • Developing a proof-of-concept implementation integrated with the DigiDoc4 client and digidocpp library (https://github.com/open-eid).

Links:
https://cybersec.ee/timesign/
https://twitter.com/sam280/status/1197248646250729472
https://javadoc.iaik.tugraz.at/cpades/iaik/pdf/asn1objects/ContentTimeStamp.html


Surveillance and counter-surveillance technologies

This project aims to analyze the landscape of surveillance technologies and counter-surveillance solutions, examining both monitoring devices and privacy protection methods available in the public and semi-public markets.

Tags: surveillance technologies, privacy protection

The primary objective of this project is to conduct a comprehensive analysis of surveillance technologies, mapping the landscape of both surveillance methods, capabilities and products available in the public and semi-public markets. This will include a detailed exploration of various surveillance tools, such as covert audio-visual devices, tracking systems, and other monitoring technologies that are accessible to individuals, organizations, and government agencies.

In addition, this project will also investigate the range of counter-surveillance solutions designed to detect, mitigate and prevent surveillance activities. These countermeasures, which are aimed at protecting individual privacy and safeguarding against unauthorized surveillance, will include technologies and methods used to identify and block tracking systems, as well as techniques to protect data, communications, and physical spaces from being monitored.


Personal data processing practices in Estonian supermarkets

This thesis investigates the types of personal data collected and processed by major Estonian supermarket chains through loyalty programs, focusing on privacy policies, data collection practices and GDPR compliance.

Tags: GDPR, privacy policy, personal data

Supermarket chains in Estonia, as well as globally, commonly offer loyalty programs that provide discounts and other benefits to participating customers. However, the use of loyalty cards also enable retailers to collect and process significant amounts of personal data, including information on purchased products, payment methods, shopping habits and more.

This project aims to investigate the types of personal data processed by major Estonian supermarket chains, including Coop, Selver, Maxima, Rimi, Prisma, Grossi and Lidl. The study will involve a detailed analysis of the chains' privacy policies, the technical mechanisms used for data collection, and the submission of GDPR data access requests to obtain real-world examples of the data held about customers.

Links:
https://themarkup.org/privacy/2023/02/16/forget-milk-and-eggs-supermarkets-are-having-a-fire-sale-on-data-about-you
https://majandus.postimees.ee/8234753/suur-ulevaade-milliseid-soodustusi-poodide-kliendikaardid-pakuvad
https://www.maxima.ee/en/terms-and-conditions-of-the-maxima-aitaeh-loyalty-programme-vers2


Personal data processed in Estonian state registers

The project aims to create an overview of Estonian state-managed databases containing personal data, classify them by significance, and develop a tool to help individuals generate GDPR access requests for databases lacking web-based access or full data transparency.

Tags: GDPR, personal data, data access, state information systems

The Estonian state operates numerous information systems, including registers and databases, which process personal data. These systems vary in terms of the volume, sensitivity and significance of the data they store. For example, the Estonian Population Register is a central database that holds information about every Estonian resident and is intricately linked with other, less significant databases. In contrast, some other registers contain little to no personal data.

The primary goal of this project is to provide a comprehensive overview of all state-managed databases in Estonia that contain personal information. This overview will classify the databases based on their significance and volume of the personal data they process, while also offering a detailed description of their contents.

The project will involve studying relevant legal frameworks governing the contents of these databases, as well as generating synthetic data that reflects the types of information these databases are likely to contain. While certain state information systems, such as the Population Register, offer residents access to verify their personal data through a web portal, other registries (e.g., POLIS, MIGIS, ABIS, KAIRI, PIKO, SIS2) do not provide similar access to individuals. In these cases, a GDPR data access request can be used to obtain real-world examples of the data held by these registries.

For the practical part of the project, the objective is to develop a tool that allows individuals to easily generate GDPR data access requests for databases that do not offer web-based access or do not disclose all the personal data through their web portals. The tool will facilitate the sending of these requests, and the responses, along with the response times for various government agencies will be documented and analyzed.

Links:
https://www.riha.ee/Infos%C3%BCsteemid?systemStatus=IN_USE&sort=meta.update_timestamp&dir=DESC


Automatic number-plate recognition (ANPR) system usage in Estonia

The thesis examines the legal, privacy and security implications of Automatic Number-Plate Recognition (ANPR) systems in Estonia, focusing on their deployment by both public and private sectors, data handling practices and potential technical vulnerabilities.

Tags: ANPR, computer vision, GDPR, privacy

The use of Automatic Number-Plate Recognition (ANPR) systems has increased significantly in both the public and private sectors in Estonia. This project investigates the legal, privacy and practical implications of ANPR deployment, focusing on transparency, data practices and potential security concerns.

Project tasks:

  • Public sector analysis: Conduct a comprehensive review of publicly available information on the history, legal framework and current deployment of state-operated ANPR systems. Particular attention will be paid to transparency issues and public concerns regarding data use. If necessary, submit GDPR data access requests to better understand what data is collected and where the collection points are located.
  • Private sector deployment: Examine how ANPR systems are used in the private sector, such as in parking facilities, automatic fueling stations and vehicle onboarding for ferries. Analyze what data is collected, how it is processed and the legal basis for such practices.
  • Technical analysis: Where feasible, perform a technical assessment of ANPR algorithms to evaluate their susceptibility to spoofing and impersonation. Conduct threat modeling to identify security risks associated with these systems.

Links:
https://news.err.ee/1609672379/over-200-devices-added-to-estonian-police-s-license-plate-detection-network
https://www.err.ee/1609763226/vooglaid-soovib-teada-kas-ppa-raagib-numbrikaamerate-kohta-tott
https://snabb.xyz/en/blogi/sikupilli-shopping-centre-introduces-license-plate-recognition-parking/
https://investinestonia.com/port-of-tallinn-to-begin-rolling-out-gateway-plate-recognition-this-year/
https://www.circlek.ee/numbrimakse
https://news.err.ee/1609693040/two-new-driver-behavior-monitoring-projects-launch-in-tallinn


Personal data retention by telecommunications operators

This thesis investigates the types of personal data stored by Estonian telecom operators by analyzing GDPR data access responses and examining the legal frameworks governing data retention and law enforcement access.

Tags: Privacy, data retention, GDPR, telecommunications

The objective of this project is to investigate the types of personal data stored by telecommunications operators in the course of providing mobile phone and internet services. While it is generally known that mobile operators retain location data and internet serice providers (ISPs) log connection metadata, the exact nature, scope and format of the stored data can vary significantly between providers.

The primary task of the project is to submit GDPR data access requests to Estonian mobile network operators and ISPs and to analyze the responses received. This includes identifying the categories of personal data retained, the structure and format of the data, and any notable differences across providers.

As a secondary objective, the project will examine the legal framework governing data retention in Estonia and the European Union. This includes identifying which laws and regulations mandata data storage, the duration for which data must be retained, and the legal procedures that law enforcement agencies must follow to access such personal data.

Links:
https://news.err.ee/1609552348/companies-required-to-collect-telecoms-data-for-foreseeable-future
https://news.err.ee/1609488571/attorney-state-must-not-treat-all-citizens-as-potential-criminals


Metadata leaks in public procurement, court decisions and document registries

This thesis analyzes metadata leaks in publicly accessible documents by examining a specific registry to assess privacy risks, legal implications, and preventive measures.

Tags: privacy, metadata

This thesis explores the often-overlooked issue of metadata leaks in publicly accessible documents related to public procurement, judicial decisions, and official document registries. While transparency and open access are essential pillars of modern governance and the rule of law, the improper handling of metadata in published documents can lead to unintended disclosures of sensitive or personal information.

To narrow the scope of the task, a particular registry only will be analyzed. This focused approach will allow for a more in-depth examination of metadata handling practices within one system, including how documents are generated, anonymized, and published, and what types of metadata may still be exposed in the process.

The thesis will also assess the technical mechanisms behind metadata generation and extraction, the legal and ethical implications of inadvertent disclosures, and the extent to which current data protection regulations and best practices address these risks.

Links:
https://news.err.ee/1117589/justice-ministry-glitch-leaks-legal-aid-personal-data-online
https://news.err.ee/1147941/data-protection-inspectorate-local-governments-cover-for-officials


Sniffing the SATA bus of self-encrypting hard drives

The project aims to analyze the data transmission between self-encrypting hard drives and operating systems, and explore the potential for sniffing sensitive information over the SATA bus.

Tags: self-encrypting drives, bus sniffing

Modern hard drives often feature self-encrypting drives (SED), where data encryption is handled by the drive itself rather than by the host operating system.

The objective of this project is to explore the self-encrypting mode of hard drives by reviewing related research and publicly available standards. This will provide an understanding of the types of sensitive data transmitted between the operating system and the drive. Additionally, the project will investigate the feasibility of physically sniffing the data transmitted over the SATA bus to capture sensitive data.

Links:
https://ieeexplore.ieee.org/document/8835339
https://ieeexplore.ieee.org/document/6951337
https://www1.informatik.uni-erlangen.de/filepool/projects/sed/seds-at-risks.pdf


Web tracking practices of Estonian news portals

This thesis investigates how popular Estonian news portals track user activity, what data they collect and how transparently they communicate these practices.

Tags: web tracking, privacy, behavioral analysis, ad networks

The aim of this thesis is to investigate the extent and nature of web tracking implemented by the most popular Estonian news portals. The study will analyze the tracking technologies employed, the type of data collected, and the transparency of privacy practices.

Research questions:

  • Do Estonian news portals track their visitors?
  • What tracking techniques are used and what types of user data are collected?
  • Is there any evidence of mouse movement or behavioral analysis on these websites?
  • With which advertising or third-party networks is this data shared?
  • Do the websites' privacy policies and cookie banners accurately reflect their actual data collection and processing practices?

Links:
https://www.nytimes.com/2019/09/18/opinion/data-privacy-tracking.html
https://timlibert.me/pdf/LIBERT_BINNS-2019-GOOD_NEWS.pdf


Typosquatting and look-alike domains in Estonian websites

This project investigates the prevalence of typosquatting and IDN homograph look-alike domains targeting Estonian websites, and evaluates detection methods tailored to the .ee ccTLD.

Tags: phishing, typosquatting, IDN, .ee

Typosquatting and IDN look-alike domains are commonly used in phishing attacks to deceive users into believing they are visiting legitimate websites. This project aims to quantify the extent of such domains targeting Estonian online services (both public and private), and assess the effectiveness of existing detection techniques for the .ee top-level domain (TLD), proposing .ee-specific improvements where applicable.

Project tasks:

  • Review detection methods: Study current typosquatting and look-alike domain detection techniques, including methods based on edit distance, keyboard adjacency, Unicode confusable, etc., and identify potential improvements specific to the Estonian .ee TLD.
  • Create a baseline dataset: Compile a list of legitimate Estonian domains, focusing on government, banking and other popular websites.
  • Domain identification: Apply detection methods to identify typosquatted and look-alike domains targeting Estonian websites.
  • Analysis of domain use: If possible, investigate the purposes behind the use of typosquatted domains (e.g., phishing, ad distribution).
  • Document policies and reporting: Review existing policies and reporting mechanisms for handling typosquatting, such as those by CERT-EE and the Estonian Internet Foundation, and evaluate their effectiveness.

Links:
https://seclab.nu/static/publications/homographs-cns2019.pdf
https://securitee.org/files/typosquatting_ndss2015.pdf
https://github.com/anroots/ee-domains


Research topics in web security

A collection of focused research ideas related to web security. Some of these topics may be particularly suitable for the Research Seminar in Cryptography and Cyber Security (MTAT.07.022).

Tags: web security

Proposed topics:

  • Compliance with the Accept-Language header on Estonian websites. Investigate whether Estonian websites honor the Accept-Language HTTP header to serve content in the user's preferred language.
  • Verification of the Host header by Estonian Websites. Analyze how Estonian websites handle the Host header and identify public websites potentially vulnerable to DNS rebinding attacks.
  • Adoption of SameSite=Strict session cookies in Estonian websites. Examine how widely the SameSite=Strict cookie attribute is used to prevent CSRF and other session-related attacks.
  • Feasibility of network port scanning by malicious websites. Explore whether modern browsers can be exploited to perform port scanning of internal networks through browser-based techniques.
  • Analysis of WebauthN integration in University of Tartu services. Study how WebAuthn could be implemented accros University of Tartu services, evaluating usability, security and conformance to best practices.
  • ZIP decompression vulnerabilities in common libraries. Analyze whether popular ZIP decompression libraries are susceptible to attacks that fake uncompressed file size metadata.
  • Web fingerprinting of the Estonian population. Investigate how uniquely Estonian users can be identified based on browser fingerprinting techniques.
  • Dark mode vs light mode popularity in Estonia. Conduct a statistical study on the usage preferences of dark and light themes among Estonian web users.
  • An analysis of private browsing modes in modern browsers. Assess the effectiveness and limitations of private/incognito modes in current browsers. Related work from 2017: https://www.sciencedirect.com/science/article/pii/S0167404817300597
  • Security evaluation of the University of Tartu's shared hosting (kodu.ut.ee). Analyze the security posture of the shared PHP hosting environment provided to UT account holders. Evaluate session handling, PHP privileges and common shared hosting vulnerabilities.
  • Single authentication abuse potential in GovSSO authentication system. Investigate potential abuse scenarios in Estonia's GovSSO single sign-on system. Reference: https://e-gov.github.io/GOVSSO/
  • Electric car charging in Estonia. Analyze the protocols used for authentication and billing in EV charging infrastructure and assess potential security and privacy concerns.
  • Open-source implementation of Estonian Internet voting application. Develop an independent open-source version of the Estonian i-voting application, collecting all necessary documentation and insights used in the process.

Analyzing Ransomware Attacks

This project investigates the evolution of ransomware, focusing on attack vectors, payment models and victim targeting strategies.

Tags: Ransomware, Threat Analysis, Phising, Social Engineering, Malware analysis

Over the last decade, ransomware has evolved from a relatively unsophisticated cybercrime tactic into one of the most significant global cybersecurity threats. Initially focused on encrypting personal files for small ransoms, ransomware campaigns have now grown into highly organized operations targeting individuals, businesses, governments, and critical infrastructure. The rise of Ransomware-as-a-Service (RaaS) platforms, anonymous cryptocurrency payments, and double- or triple-extortion techniques has significantly increased both the frequency and severity of attacks.

The aim of this research is to understand the causes, mechanisms, and countermeasures associated with the recent escalation of ransomware activity.

Project tasks may include:

  • Lit Review - Summarize the evolution of ransomware families, ransomware groups and their attack techniques
  • How have attack methods and delivery vectors evolved over time?
  • What strategies are currently used for detection, prevention, and response - and how effective are they?
  • Case Studies - Analyze recent ransomware attacks (e.g., WannaCry, Ryuk, Conti, LockBit) and compare infection vectors.
  • Detection Experiment - Implement a simple anomaly detection system
  • Ransomware Behavior Analysis - Perform static and dynamic malware analysis to identify unique signatures.
  • Awareness and Prevention - Design a user-focused awareness training module (phishing email detection, safe backups).

Links:
https://www.bbc.com/news/articles/c3w5n903447o
https://edition.cnn.com/2025/09/26/uk/british-nursery-hack-gbr-intl
https://www.cyfirma.com/research/investigation-report-on-jaguar-land-rover-cyberattack/
https://doi.org/10.1049/iet-net.2017.0207
https://doi.org/10.1016/j.cose.2021.102490


Rogue Mobile Phone Base Station

Design a rogue base station that can execute basic 2G/GSM attacks

Tags: SDR, rogue base station

There are many examples of cellular base stations being made with equipment such as a raspberry Pi and even with the BladeRF SDR either in areas with poor connectivity or simply to send 'anonymous' messages. The task of the student would be to investigate the various hardware and software available that can be used to make a Rogue Base Station. The applications and attacks that can be executed within the limits of the setup should be investigated. Various ways to minimize the interference with local networks should also be explored.

Various aspects of the topic include:

  • Create a functional base station
  • Should be able to send text messages for example between mobile phones
  • Use the base station as:
  • An ISMI catcher (proof of concept)
  • Investigate the emergency broadcast protocol and create a setup that can replicate sending messages

Links:
https://thesis.cs.ut.ee/be54ca51-4b6c-4224-8c24-bdd13b50fbeb
https://news.err.ee/1609766379/estonia-adopts-new-cell-broadcast-emergency-alert-system


Wi-Fi Positioning, Detection and Tracking

This thesis explores the technical underpinnings, applications, and ethical considerations of Wi-Fi positioning, detection, and tracking

Tags: Wi-Fi, Positioning system, location tracking, privacy, fingerprinting

Most modern mobile devices rely on GPS modules to determine their geographic location. While GPS provides accurate global positioning, it has its limitations. To address these limitations, modern systems often use Wi-Fi–based positioning technologies as a complementary or alternative solution. Wi-Fi positioning leverages the unique "fingerprints" created by wireless access points (APs) in a given area. By recording the signal strengths, and AP identifiers a location can be estimated much faster than with GPS alone. Beyond improving positioning accuracy and speed, Wi-Fi fingerprinting also has significant implications for security and surveillance.

The goal of this thesis would be to create a database of the Wi-Fi routers located in the Tartu/Tallinn/Estonia or use publicly available databases to:

  • Create a positioning system based on Wi-Fi data [TAKEN]
  • Assess security levels of networks in a region (e.g., prevalence of weak encryption standards)
  • Detect and track movement patterns of individuals or groups across a city (e.g. Tartu) or even a country
  • Support threat intelligence by identifying rogue or spoofed access points

Links:
https://thesis.cs.ut.ee/60634a15-1406-4096-973b-96fb639292cb
https://thesis.cs.ut.ee/d33f79fd-8d94-48d0-aa7c-94ddf8c17cd0
https://thesis.cs.ut.ee/ea4411c5-1784-45b9-958e-dce3505e9719


Wireless radio protocol reverse engineering

Create an application that can be analysis the protocol used by a device using proprietary protocols

Tags: reverse engineering, wireless protocols, SDR

Several wireless devices use 'unknown' protocols for device communications. The task of the student would be to create a manual that would show a reader the steps and tools both hardware and software that can be used to reverse engineer the protocol (ie create a possible methodology).

Various aspects of the topic:

  • Create a how to (or steps to) reverse engineering manual
  • Find a device with an unknown RF protocol and reverse engineer it
  • Find the transmission frequency, commands that are sent, any device identifier, transmission rate, bandwidth, any security etc
  • Find a device that uses some form of RF security
  • Try replay attacks or find other ways to circumvent the security

Links:
https://thesis.cs.ut.ee/14dcf367-3f0c-4cb2-b4be-8767e36b8a26
https://thesis.cs.ut.ee/70b4e52f-f412-4a44-a0b2-006b3f2a9f9f
https://thesis.cs.ut.ee/3e4b437e-8c93-41eb-be94-09b6b24eba26
https://thesis.cs.ut.ee/2fed59cd-84d4-4ff8-a830-3cb2bd08a5c9
https://thesis.cs.ut.ee/b6fe9e26-fb13-47a0-b9d7-6bb22e6f4084
https://leonjza.github.io/blog/2016/10/02/reverse-engineering-static-key-remotes-with-gnuradio-and-rfcat/
https://pandwarf.com/news/reverse-engineering-a-wireless-home-alarm/


Reverse engineering of Prana recuperator control app

This task involves reverse engineering the Prana recuperator's mobile app and communication protocols to analyze its security and privacy and create an open-source alternative for remote control.

Tags: IoT, privacy, reverse engineering, mobile app

Prana is a compact, wall-mounted heat recovery ventilation unit. Besides infrared-based remote control, the unit can be controlled via a mobile app that uses Bluetooth communication. However, this mobile app requires precise geolocation permission to operate and lacks transparency regarding the data it transmits to the app developer. Additionally, the unit contains a Wi-Fi module that allows monitoring and control over the Internet through a vendor-provided backend.

The primary goal of this project is to analyze the security and privacy aspects of this IoT device and develop a transparent, open source reimplementation of its remote control functionality.

Objectives:

  • Reverse engineer the Android app to identify what data is transmitted to third parties.
  • Reverse engineer and document the Bluetooth communication protocol used to control the device.
  • Develop a basic open-source Android app for device control.
  • Reverse engineer and document the usage of the Wi-Fi module.

Access to the Prana 150 Premium Plus model will be provided for this task. Partial reverse engineering and documentation of the Bluetooth communication protocol have alredy been completed.

Links:
https://play.google.com/store/apps/details?id=ua.com.prana_online
https://github.com/corvis/prana_rc
https://github.com/corvis/prana_rc/discussions/17
https://github.com/alextud/ha-prana
https://github.com/esphome/feature-requests/issues/1441
https://prana.sensesaytech.com/auth
https://ecostream.org.uk/wp-content/uploads/2023/05/KPK.pdf


[taken] Using a mobile device as an NFC card reader for a desktop computer

Implement a solution that allows a smartphone to function as a contactless smart card reader for a desktop computer (NFC phone 2 PC).

Tags: NFC, smart card, mobile app, relay service

Most modern smartphones (both Android and iOS) include built-in NFC (Near Field Communication) capabilities. However, using NFC with a desktop computer requires a dedicated and often expensive external USB NFC card reader.

The project aims to eliminate the need for such hardware by enabling a desktop computer to use a mobile device's NFC functionality as if a physical NFC reader were connected. To achieve this, a communication channel must be established between the desktop and the mobile device, effectively emulating a virtual smart card reader on the desktop.

A basic prototype of this solution has already been developed. It includes:

  • An Android app that runs on an NFC-capable smartphone.
  • A virtual smart card device driver called "vpcd", which runs on the desktop computer.
  • The vpcd service listens on localhost:35963 for incoming connections from the mobile app.

The prototype suffers from key architectural limitations: both devices must be on the same local netwok; and communication between the devices is unencrypted. The main goal is to redesign the system architecture to support secure, end-to-end encrypted communication over the Internet, using a mediation (relay) service.

Tasks:

  • Develop a lightweight mediation (relay) service, hosted on a server with a publicly accessible IP address. This service will securely relay encrypted messages between the desktop and mobile devices.
  • Implement a desktop wrapper service to interface between the "vpcd" serice and the mediation service. Alternatively, integrate this functionality directly into the "vpcd" service.
  • Extend the Android app to support communication via the mediation service.
  • Develop an iOS app that replicates the functionality of the Android app.
  • Write basic documentation, including an overview of the solution's architecture and a description of the secure communication protocol (e.g., AES-GCM encryption).

The source code of the current prototype is available and the final solution also should be open-source.

Links:
https://frankmorgner.github.io/vsmartcard/remote-reader/README.html
https://f-droid.org/packages/com.vsmartcard.remotesmartcardreader.app/
https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html
https://github.com/frankmorgner/vsmartcard


[taken] Analyzing the security of Estoinian ID card PIN envelopes

This project investigates the security of Estonian ID card PIN envelopes by analyzing their design and testing whether modern image processing and machine learning techniques can reveal the PIN codes without opening the envelope.

Tags: image processing, security envelopes

The Estonian ID card is distributed with a sealed security envelope that contains the PIN codes required to authorize cryptographic operations. These envelopes are intended to protect the confidentiality of the PIN codes until first use by the cardholder.

Over the two decades since the introduction of the Estonian ID card, there have been at least two documented incidents where the envelopes failed to meet basic security requirements - specifically, it was possible to read the PIN codes by illuminating the unopened envelope with a strong light source.

While the most recent mitigation involved printing the PIN codes in a lighter color, the obfuscation pattern used in the envelope design remains deterministic. This raises concerns that modern image processing techniques and machine learning models could still be used to reveal the PIN codes without opening the envelope.

The goal of this project is to:

  • Investigate best practices in design and printing of secure PIN envelopes;
  • Analyze the current security envelopes used with the Estonian ID card;
  • Experiment with advanced image processing and machine learning techniques to assess the risk of PIN code exposure.

Links:
https://cybersec.ee/storage/phd_idcard.pdf#page=151


[taken] Digital signature validation vulnerability CVE-2025-??? in Estonian ID-Software

Reverse engineering and analysis of a recently fixed vulnerability in Estonian ID-Software v25.8.

Tags: digital signature validation, software vulnerability

On August 20, 2025, the Information System Authority (RIA) released version 25.8 of the Estonian ID-software. According to the release notes, the update includes improvements to the validation of digital signatures.

However, no further technical details were provided about the nature of the issue or the vulnerability that was addressed.

The goal of this task is to identify and analyze the vulnerability that was silently fixed in version 25.8, using available source code changes and related artifacts.

Student tasks:

  • Review and compare the source code of ID-software version 25.8 with the previous version to identify changes related to digital signature validation.
  • Reverse engineer the fixed vulnerability based on these changes.
  • Analyze the root cause, when and how the vulnerability was introduced.
  • Analyze the potential impact of the vulnerability in practical scenarios.
  • Implement a proof-of-concept attack that demonstrates how the vulnerability could have been exploited prior to the fix.
  • Obtain a CVE record for the vulnerability.
  • Document possible mitigations and recommendations to prevent similar issues in the future.

Links:
https://www.id.ee/en/article/ria-soovitab-kasutajatel-uuendada-id-tarkvara-eng/
https://www.id.ee/en/article/id-software-versions-info-release-notes/
https://github.com/open-eid/libdigidocpp/pull/690


[taken] State-imposed website blocking practices in Estonia

This research investigates how Estonian ISPs implement website blocking requests from authorities, examining the legal framework, blocked sites, communication methods, technical enforcement and the effectiveness of these measures.

Tags: Internet censorship, website blocking

The Consumer Protection and Technical Regulatory Authority (TTJA) in Estonia holds the authority to request Internet Service Providers (ISPs) to block customer access to specific websites.

This research project aims to investigate how Estonian ISPs implement these website blocking requests.

Research questions include:

  • Which institutions in Estonia are authorized to request website blocking?
  • What websites are currently blocked in Estonia and what trends or historical data exist regarding these blocks?
  • How is information about the websites to be blocked communicated between the relevant authorities and ISPs?
  • What technical methods do Estonian ISPs use to enforce website blocking? This question will be explored through experiments conducted across different ISP networks in Estonia.
  • How effective are the blocking measures and how difficult would it be for users to circumvent them?

Links:
https://news.err.ee/1608533494/estonian-tech-regulator-to-restrict-access-to-seven-russian-websites
https://news.err.ee/1608534691/technical-authority-still-deciding-russian-site-bans-on-case-by-case-basis
https://news.err.ee/1608536719/ttja-barring-of-russian-websites-in-estonia-raises-several-legal-questions
https://torrentfreak.com/estonian-government-considers-a-pirate-site-blocking-regime-230105/
https://news.err.ee/1609210951/amendment-would-allow-watchdog-to-block-access-to-websites-in-estonia
https://p6drad-teel.net/~p6der/ttja/
https://isoc.ee/netivabadus-blokinimekirjad/