Our Empirical Information Security (EIS) group is part of the Institute of IT-Security (previously Institute of Practical Computer Science) and offers thesis supervision for (computer science) students of the Leibniz University Hannover.
Logo, Empirical Information Security

We are interested in topics concerning IT security and privacy with an emphasis on human factors and empirical approaches. For more general (usable) security topics, you might want to contact Prof. Dürmuth’s Usable Security and Privacy group.

Feel free to take a look at our recent publications for an overview over our groups’s research direction.

Thesis Contact

We do not offer a pre-compiled list of thesis topics, but prefer to find an individual thesis topic based on your interest and skills.

As a foundation for discussing possible thesis topics matching your skills and interests, please include the following information in your email:

  • Your experiences in IT security with relevance for a thesis such as attended lectures, previous (programming) projects, or private hobbies related to IT security.
    • Please do not include a transcript of your grades for privacy reasons.
  • Your programming background (Programming languages you could comfortably use in your thesis).
  • Your general idea of your thesis direction, e.g., more theory focused such as a review of existing literature, more study focused such as a tool comparison, or more programming focused such as a software implementation.

Contact: You can contact us via email at

  • The LUH requires us to only accept emails from your LUH address (, see “Verkündungsblatt 10|2021”).
  • We do accept theses (and emails) in English or German.

Please note: It might take some time to hear back from us, as we receive a large amount of thesis-related emails. If you really want to write a thesis with us, feel free to send a reminder email after a week or so to bump your request back to the top of our stack.

Completed Theses


Jacques Suray (MSc)
How Does the Future Work for SOUPS? Evaluating Usable Security and Privacy Future Work Statements
Nico Milius (BSc)
Don’t Crash Just Run: Investigating Game Engines’ Behavior with Security (Mis-)Implementations
Nils Langius (MSc)
Exploring Fuzzing Techniques for Bootloader Security


Hans Gast (MSc)
Do Code Secret Scanners Prevent You from Leaking Secrets? Development of a Code Secret Scanner Benchmark
Thore Edeler (BSc)
Analyzing Trends in Usable Security and Privacy Publications at Top Tier Conferences
Jihen Stambouli (MSc)
Detecting Typosquatting in Package Managers: Creating a Dataset and Evaluation Framework at the Example of PyPI
Jan-Ulrich Holtgrave (MSc)
Passwordless Authentication in Local Administrations: Exploring Perceptions and Barriers in German Public Authorities
Klemens Wohlfarth (BSc)
MPAS: A Modular Passwordless Authentication Server to Enable Usable and Secure Authentication for Web Developers
Nidhal Khalfallah (MSc)
A Security and Usability Evaluation of AI-Based Coding Assistants


Friederike Seyderhelm (MSc)
Code Secret Scanner Analyse: Erfahrungen und Erwartungen von Entwickler:innen
Yannick Evers (MSc)
Helfen APIs? Interaktionsprobleme für Passwort-Manager auf mobilen Plattformen
Mindy Tran (MSc)
New Kid on the Block - Webauthn versus previous 2FA Approaches
Jacques Suray (BSc)
RAT-ikale Sicherheit: Betrachtung von Sicherheitsaspekten in Remote Administration Tools


Marvin Sextro (BSc)
Rust: Usability for a Lifetime? An Empirical Approach
Juliane Schmüser (MSc)
Who is in Charge? - Investigating (In)Security Responsibilities in Machine Learning Pipelines
Caroline Berger (BSc)
Controlling Personal Data on End-User-Devices: The Usability of Privacy Settings across multiple Operating Systems
Katharina Schick (BSc)
Exploring Authentication on the Web: Crawling Login Websites to Determine their Password Manager Compatibility
David Glogaza (BSc)
Implementierung einer Chrome-Extension zur Erkennung von Interaktionsproblemen zwischen Password-Managern und Webseiten
Saroj Tripathi (BSc)
Identifying Security Issues in Projects Including Machine Learning
Timo Balke (BSc)
Improving Malware Detection: Utilizing Deep Learning, Function Call Graphs, Instruction Sequence Similarity and Binary Data Visualization
Nils Langius (BSc)
A Security Analysis of Mobile Car Apps for Android
Alexander Krause (MSc)
Helping Researchers Conduct Developer Studies during COVID-19 - A Usable API and Interface for Remote Study Tooling
Tim Hollmann (BSc)
Investigation of Security and Misconfiguration for Linux Container Engines
Tunahan Agca (BSc)
Über die Sicherheit und Angriffsvektoren von Bluetooth Low Energy Implementierungen
Simon Stork (MSc)
An Android App Developer Study on the Use of Privacy-Enhancing Technologies
Christoph Becker (BSc)
Framework zur Sicherheitsanalyse von mobilen MQTT-Applikationen
Noah Kornelius Wöhler (MSc)
An ACME Broker for Automated Certificate Acquisition in University Environments
Alexander Haenel (BSc)
Praktische Evaluierung der verhaltensbasierten Benutzerauthentifizierung anhand von Tastaturinteraktionen
Florian Liermann (BSc)
Right to Access: Designing and Piloting a Survey on the Usability of GDPR Data Requests
Till Deeke (BSc)
Sichere Paketverwaltung mit Composer? - Eine Analyse der Abhängigkeit populärer PHP-Anwendungen auf GitHub
Jakob Kühl (BSc)
Comparison of Tools for Docker Security


Johanna Schrader (BSc)
Usable Network Security Configuration for Android Developers
Kai Leßmeiser (BSc)
Analysing Github Commits Based on Security Benchmarks
Dominik Langhorst (BSc)
Konzeption und Evaluation eines automatisierten Abgabesystems im Rahmen der universitären Lehre
Jan Knittel (BSc)
BrokenWrt: Vulnerable Router Firmware for Practical Network Attacks
Florian Langenhagen (BSc)
CookieBANner: Implementierung und Evaluation einer Browsererweiterung für automatisierte Cookie-Banner-Interaktion
Nadine Sinner (BSc)
Privacy and Web Server Logs: An Interview Study on Web Server Log Configurations under Consideration of the GDPR
Jan Klemmer (MSc)
The Effect of PSD2 on the German Android Banking App Ecosystem
Arwin Mavaji (BSc)
Examining the Privacy and Security of Online Meme Generators: A Parameterized Website Analysis
Hannah Deters (BSc)
SSID Snooper: Ein Framework zum Identifizieren datenschutzbezogener Informationen in SSIDs
Jasper Houben (BSc)
Analyse des Einsatzes von Anti Ad-Block Ansätzen mittels bildbasierter Verfahren
Miriam Schierding (BSc)
An Examination of Security Software Developers’ Usability Decisions
Simon Stork (BSc)
Design einer Nutzerstudie zur DSGVO-Compliance von Websites
Jan Krägenbring (BSc)
CTFronted: Management Interface for CTF-Challenges in Security Teaching
Christian Thoms (MSc)
Virtualisation-based Infrastructe for Practical IT-Security Exercises


Alexander Krause (BSc)
wh173 h47 h4ck1n6: Eine disziplinübergreifende CTF-Challenge zu Lehrzwecken
Mindy Tran (BSc)
Zur Sicherheit und Benutzerfreundlichkeit von Zwei-Faktor-Authentifizierung bei bildbasierten One-Time Authentifizierungscides auf mobilen Endgeräten
Jannik Meinecke (BSc)
Automatisches Framework zur Unterstützung von Forschern bei der Durchführung von Mturk Studien
Fabian Johannsen (BSc)
An Empirical Study of Alexa Skills Metadata in the Amazon Store
Florian Gruhlke (BSc)
A Feasibility Study of Classifying Security Advice for Developers
Jascha Schütte (BSc)
Plattform zur Visualisierung von TLS Parametern
Konstantin Fischer (MSc @RUB)
'So I found your Password in this breach...' - Towards Measuring the Effectiveness of Data Driven Password Nudges
Anna Lena Rothaler (BSc @RUB)
An Interview Study to Identify Challenges on Operating Platforms for Investigative Journalism


David Wischnjak (BSc)
Eine Sicherheitsanalyse mobiler Krankenkassenapplikationen
Marcel Jahnke (BSc)
Stärkung mentaler Modelle mit Animationen: Eine Fallstudie für Secure Messaging
Daniel Klamt (BSc)
Traffic Analysis in Home Networks for Botnet Detection
Gerald Wiese (BSc)
Erkennen von Botnet-Infektionen im Kontext von Local Area Networks
Michael Gunder (BSc)
Integration von Zertifikaten für Sicherheitskritische Web-Entwicklung
Bjoern Noetel (BSc)
Crypto-Bot: Anwendungsfall getriebene Generierung sicherer und gut benutzbarer Kryptografischer Code Snippets
Philip Ostendorf (BSc)
Identifying Insecure Internet of Things Devices in a Local Area Network
Niklas Busch (MSc)
Design, Implementierung und Evaluation eines Werkzeuges zur benutzerfreundlichen Systemhärtung