Master Thesis - Security, Independence and New Opportunities of IoT Devices
The Internet of Things (IoT) is becoming increasingly common in both homes and businesses. Devices that connect to the internet promise convenience, automation, and efficiency. But behind the scenes, serious concerns emerge: hidden security flaws, data privacy issues, and growing dependency on manufacturers and their infrastructure.
This thesis explores the risks associated with proprietary IoT firmware and investigates the potential of open source firmware as a secure and flexible alternative. It focuses on technical evaluations, including threat modeling, performance benchmarking, and practical deployment scenarios.
A core issue of proprietary firmware lies in its reliance on cloud infrastructure provided by the manufacturer. If this infrastructure fails – due to technical issues, server shutdowns, or discontinued product support – the affected devices may stop functioning entirely. Additionally, users often lack control over firmware content, communication protocols, and update procedures. Default configurations with hardcoded passwords, weak encryption, or insecure update channels are common and pose real threats.
Open source firmware presents a promising alternative. In this study, commercial IoT devices were analyzed, and their original firmware was replaced with community-maintained alternatives. The research includes a technical walkthrough of the firmware flashing process, structured security assessments based on the STRIDE/DREAD models, and performance measurements in controlled environments.
The findings reveal that many of the vulnerabilities found in proprietary systems – such as static encryption keys, unverified firmware updates, and plaintext data transmission – can be mitigated or entirely eliminated with open source firmware. Protocols such as MQTT allow for secure, encrypted, and locally managed communication. This minimizes reliance on third-party servers while enhancing transparency and user autonomy.
A continuous integration and deployment pipeline was also established. This enables automatic building and distribution of firmware updates, a process particularly valuable in enterprise environments with many active devices.
Performance benchmarks showed that firmware replacement impacts response times differently depending on hardware. In some cases, response latency improved; in others, it slightly increased. However, overall system reliability and configurability increased significantly. The importance of tailoring the software configuration to each specific use case is highlighted throughout the work.
An additional component of this research involved developing a custom cloud prototype for central device management. Unlike commercial platforms, this solution is hosted locally and gives users full control without compromising privacy or security. The system supports remote access via port forwarding and can be integrated into existing IT environments with minimal effort.
Overall, this thesis presents a comprehensive framework for regaining control over connected devices. By moving away from opaque vendor ecosystems and embracing open standards, users gain autonomy, increase system longevity, and improve both operational efficiency and cybersecurity posture.
Original title: Austausch proprietärer IoT-Firmware mit Open Source Firmware
The document is only available in German.
The Internet of Things (IoT) is becoming increasingly common in both homes and businesses. Devices that connect to the internet promise convenience, automation, and efficiency. But behind the scenes, serious concerns emerge: hidden security flaws, data privacy issues, and growing dependency on manufacturers and their infrastructure.
This thesis explores the risks associated with proprietary IoT firmware and investigates the potential of open source firmware as a secure and flexible alternative. It focuses on technical evaluations, including threat modeling, performance benchmarking, and practical deployment scenarios.
A core issue of proprietary firmware lies in its reliance on cloud infrastructure provided by the manufacturer. If this infrastructure fails – due to technical issues, server shutdowns, or discontinued product support – the affected devices may stop functioning entirely. Additionally, users often lack control over firmware content, communication protocols, and update procedures. Default configurations with hardcoded passwords, weak encryption, or insecure update channels are common and pose real threats.
Open source firmware presents a promising alternative. In this study, commercial IoT devices were analyzed, and their original firmware was replaced with community-maintained alternatives. The research includes a technical walkthrough of the firmware flashing process, structured security assessments based on the STRIDE/DREAD models, and performance measurements in controlled environments.
The findings reveal that many of the vulnerabilities found in proprietary systems – such as static encryption keys, unverified firmware updates, and plaintext data transmission – can be mitigated or entirely eliminated with open source firmware. Protocols such as MQTT allow for secure, encrypted, and locally managed communication. This minimizes reliance on third-party servers while enhancing transparency and user autonomy.
A continuous integration and deployment pipeline was also established. This enables automatic building and distribution of firmware updates, a process particularly valuable in enterprise environments with many active devices.
Performance benchmarks showed that firmware replacement impacts response times differently depending on hardware. In some cases, response latency improved; in others, it slightly increased. However, overall system reliability and configurability increased significantly. The importance of tailoring the software configuration to each specific use case is highlighted throughout the work.
An additional component of this research involved developing a custom cloud prototype for central device management. Unlike commercial platforms, this solution is hosted locally and gives users full control without compromising privacy or security. The system supports remote access via port forwarding and can be integrated into existing IT environments with minimal effort.
Overall, this thesis presents a comprehensive framework for regaining control over connected devices. By moving away from opaque vendor ecosystems and embracing open standards, users gain autonomy, increase system longevity, and improve both operational efficiency and cybersecurity posture.
Original title: Austausch proprietärer IoT-Firmware mit Open Source Firmware
The document is only available in German.
2nd Bachelor Thesis - Balancing security and efficiency in HTTPS communication
In a digitally connected world, protecting sensitive information during website access is essential. HTTPS encryption is the foundation of secure communication online. However, the cryptographic mechanisms used – known as cipher suites – vary significantly in complexity and can greatly affect system performance.
This study focuses on the real-world impact of widely recommended cipher configurations on both server and client performance. Key configurations from respected sources such as Mozilla, Cipherli.st, and bettercrypto.org are examined in detail. While these configurations prioritize strong security, their performance implications are often overlooked in practical deployments.
The research explores how different cipher suites affect CPU usage and response time depending on the underlying hardware – particularly with or without support for AES-NI. The choice of cipher suite can have measurable effects on data throughput, handshake rates, and even battery consumption on mobile devices.
Using a structured evaluation approach, the study applies benchmarking tools and analysis platforms to compare configurations under identical conditions. The performance of each configuration is measured using controlled test environments, simulating real-world usage scenarios and isolating performance metrics.
In addition to a technical deep dive into how cipher suites function and are structured, this work provides practical insights into the trade-offs between security and efficiency. It highlights how older configurations aim for broad compatibility, while modern ones target optimal performance on recent hardware.
This analysis underscores the need to view cipher suite selection not only as a security decision, but also as a performance-critical one. Especially for administrators of security-sensitive web services, the study demonstrates why it's essential to evaluate recommended settings within the context of the target infrastructure – rather than applying them blindly.
Original title: Performanceprobleme bei empfohlenen SSL-Ciphers
The document is only available in German.
In a digitally connected world, protecting sensitive information during website access is essential. HTTPS encryption is the foundation of secure communication online. However, the cryptographic mechanisms used – known as cipher suites – vary significantly in complexity and can greatly affect system performance.
This study focuses on the real-world impact of widely recommended cipher configurations on both server and client performance. Key configurations from respected sources such as Mozilla, Cipherli.st, and bettercrypto.org are examined in detail. While these configurations prioritize strong security, their performance implications are often overlooked in practical deployments.
The research explores how different cipher suites affect CPU usage and response time depending on the underlying hardware – particularly with or without support for AES-NI. The choice of cipher suite can have measurable effects on data throughput, handshake rates, and even battery consumption on mobile devices.
Using a structured evaluation approach, the study applies benchmarking tools and analysis platforms to compare configurations under identical conditions. The performance of each configuration is measured using controlled test environments, simulating real-world usage scenarios and isolating performance metrics.
In addition to a technical deep dive into how cipher suites function and are structured, this work provides practical insights into the trade-offs between security and efficiency. It highlights how older configurations aim for broad compatibility, while modern ones target optimal performance on recent hardware.
This analysis underscores the need to view cipher suite selection not only as a security decision, but also as a performance-critical one. Especially for administrators of security-sensitive web services, the study demonstrates why it's essential to evaluate recommended settings within the context of the target infrastructure – rather than applying them blindly.
Original title: Performanceprobleme bei empfohlenen SSL-Ciphers
The document is only available in German.
1st Bachelor Thesis - A Technical Look Behind the Scenes of Modern Webserver
Websites today are much more than just digital business cards – they are critical interaction points between companies and users. While content and design take center stage, the underlying server technology often remains in the background. Web server software, in particular, is frequently chosen by default, without a strategic evaluation of available alternatives.
This study addresses the fundamental question of which web server technologies dominate the global market and what considerations should inform their selection. Many organizations rely on pre-installed solutions and overlook potentially better-suited options – often due to habit, lack of knowledge, or unclear responsibilities.
When performance issues arise, attention usually turns to the web application or server hardware. Rarely is the web server itself examined as a potential bottleneck. However, studies have shown that even 100 milliseconds of delay can measurably affect user behavior and business revenue.
Using independent market analyses (including W3Techs and Netcraft), this thesis identifies the most widely used web servers – namely Apache, nginx, and Microsoft IIS. These technologies were deployed in a custom virtual test environment and evaluated under full load using a standardized benchmarking tool.
Both static and dynamic content scenarios were simulated to closely reflect real-world usage. The tests measured response times, resource consumption (CPU and RAM), and system stability under stress. Special attention was paid to differences in architecture, such as nginx’s asynchronous event-driven model versus traditional process-based designs.
This analysis highlights how foundational choices in server technology can significantly impact scalability, efficiency, and reliability. In an era where loading times increasingly influence user satisfaction and business success, the findings provide valuable technical insights for system administrators, developers, and IT decision-makers alike.
Original title: Performanceanalyse von Webserver-Technologien
The document is only available in German.
Websites today are much more than just digital business cards – they are critical interaction points between companies and users. While content and design take center stage, the underlying server technology often remains in the background. Web server software, in particular, is frequently chosen by default, without a strategic evaluation of available alternatives.
This study addresses the fundamental question of which web server technologies dominate the global market and what considerations should inform their selection. Many organizations rely on pre-installed solutions and overlook potentially better-suited options – often due to habit, lack of knowledge, or unclear responsibilities.
When performance issues arise, attention usually turns to the web application or server hardware. Rarely is the web server itself examined as a potential bottleneck. However, studies have shown that even 100 milliseconds of delay can measurably affect user behavior and business revenue.
Using independent market analyses (including W3Techs and Netcraft), this thesis identifies the most widely used web servers – namely Apache, nginx, and Microsoft IIS. These technologies were deployed in a custom virtual test environment and evaluated under full load using a standardized benchmarking tool.
Both static and dynamic content scenarios were simulated to closely reflect real-world usage. The tests measured response times, resource consumption (CPU and RAM), and system stability under stress. Special attention was paid to differences in architecture, such as nginx’s asynchronous event-driven model versus traditional process-based designs.
This analysis highlights how foundational choices in server technology can significantly impact scalability, efficiency, and reliability. In an era where loading times increasingly influence user satisfaction and business success, the findings provide valuable technical insights for system administrators, developers, and IT decision-makers alike.
Original title: Performanceanalyse von Webserver-Technologien
The document is only available in German.