Project Offerings

The network security group is always searching for top undergraduate and masters students. By doing your undergraduate or masters project in our group, you'll have the opportunity to influence the design of the SCION future Internet architecture. Projects vary in length and scope, but generally focus on theoretical and practical aspects of SCION or SCION-based systems including (but not limited to) the topics listed below. Please contact us at to discuss thesis, projects, and internship opportunities.

General Topic Areas
Based on students' background and interests, we will create a custom project in one or more of the following areas. All of the following projects have theoretical and practical aspects, and each project can be tweaked to vary the weight of theory and practice.

Securing IoT deployments with network-based defenses. The setting of this project is an IoT-enriched world, where devices may contain security vulnerabilities but cannot be easily patched. In this research direction, we study how we can provide security and privacy properties based on network-level defenses, despite potentially vulnerable or compromised IoT devices.

Design of path selection and path quality prediction algorithms. SCION allows clients to pick path segments to construct end-to-end paths. These paths are currently constructed based on simple metrics such as total path length or segment lifetime. This project will design algorithms to construct paths based on more sophisticated metrics (e.g., path cost, route diversity, latency). As SCION grows, the number of segments will grow, requiring highly efficient algorithms to quickly build paths.

DDoS defense with SIBRA. How would SIBRA's resource allocation be performed? How would an edge router perform flow admission control and resource allocation on a per-domain basis? How would a server make use of SIBRA to defend against a real-world DDoS attack? How could an email provider make use of SIBRA (e.g., ProtonMail), in particular study DDoS defense in heterogeneous environments, with mixed SCION/SIBRA and legacy Internet clients.

High-throughput, low-latency, and highly secure anonymous communication remains an elusive goal. Current systems either compromise on throughput and latency to achieve high security, or they give up on security to achieve efficiency. Thanks to the properties of the SCION network, we can attempt to achieve all the properties. Based on our work on HORNET and TARANET, we are working on a new system that achieves all the properties. The goal of the project is to design and implement an anonymous communication service based on the SCIONLab infrastructure.

Network Pricing with SCION. Identify economic models for Internet Service Providers (ISPs) to deploy a pricing infrastructure. For example, ISPs could offer guaranteed-bandwidth paths with a higher cost than best-effort paths. How can prices be determined? How quickly is pricing information disseminated? How can we avoid oscillations or fluctuations of flows? This multi-faceted problem space offers many interesting practical and theoretical challenges.

Quantum-crypto resilient secure routing. There has been renewed interest to construct secure routing systems based on purely symmetric functions, to avoid using public-key cryptographic systems that would be vulnerable to quantum computers. Given the regularity of the beaconing process and the structure of the routing system, SCION would be quite amenable to such an approach. To prepare to work in this direction, you can take a look at the following papers: BIBA, HORS, SPV, and Efficient Security Mechanisms for Routing Protocols.

Content-centric network architecture. Information-Centric Networking (ICN) or Content-Centric Networking (CCN) architectures optimize the fetching of content objects. Since the majority of traffic on the current Internet is due to downloading of videos, an ICN/CCN architecture would reduce the total network overhead by serving frequently accessed objects from local caches. An interesting research challenge is to study how such an architecture can be efficiently implemented in a future Internet architecture. Content integrity and access privacy are two additional interesting security challenges in this context.


Lukas Widmer. High-speed continuous Bloom filter. Bachelor's thesis, October 2015. Advisors: Chen Chen and Dr. Adrian Perrig.

Michael Kurth. Fast mixing strategy at the network layer. Bachelor's thesis, September 2015. Advisors: Chen Chen and Dr. Adrian Perrig.

Dominik Roos. Implementation of Per-Flow Stateless Monitoring in Future Internet Architectures. Bachelor's thesis, September 2015. Advisors: Cristina Basescu, Yao Zhang, Dr. Pawel Szalachowski, and Dr. Adrian Perrig.

Lukas Limacher. Source meta-information authentication along adaptive network paths for policy enforcement. Masters thesis, August 2015. Advisors: Cristina Basescu and Dr. Adrian Perrig in collaboration with Open Systems AG.

Anton Ovchinnikov. Future Internet Architecture Testbed Management System. Masters thesis, August 2015. Advisors: Dr. Jean-Yves Le Boudec (EPFL), Dr. Pawel Szalachowski, and Dr. Adrian Perrig.

Pragnya Alatur. Implementation of a Stateless SDN Data Plane. Bachelor's thesis, August 2015. Advisors: Tae-Ho Lee, Christos Pappas, and Dr. Adrian Perrig.

Samuel Steffen. A Secure PKI Environment for Private Key Storage. Bachelor's thesis, July 2015. Advisors: Stephanos Matsumoto and Dr. Adrian Perrig.

Daniele E. Asoni. Secure High-Speed Anonymity Systems on Future Internet Architectures. Master's thesis, May 2015. Advisors: Dr. David Barrera and Dr. Adrian Perrig. Awarded the 2015 Information Security Society of Switzerland (ISSS) Excellence Award!

Lionel Bruchez. Highly Available and Reliable Name and Path Lookups in Future Internet Architectures. Master's thesis, April 2015. Advisors: Dr. David Barrera and Dr. Adrian Perrig.

Laurent Chuat. Efficient and Secure Gossip Protocols Based on Network Traffic. Master's thesis, October 2014. Advisors: Dr. Pawel Szalachowski, and Dr. Adrian Perrig.

Lin Chen. Accountable Key Infrastructure - Implementation. Master's thesis, June 2014. Advisors: Dr. Jean-Pierre Hubaux (EPFL), Dr. Pawel Szalachowski, and Dr. Adrian Perrig.

Lorenzo Baesso. Prototype of the Accountable Key Infrastructure. Master's thesis, May 2014. Advisors: Dr. Pawel Szalachowski, and Dr. Adrian Perrig. Awarded the 2014 Information Security Society of Switzerland (ISSS) Excellence Award!