Daydream View

For merely EUR 69,- the Google Daydream View is the optimal replacement for my old Google Cardboard. Combined with Google Pixel XL the VR experience can easily be compared to the HTC VIVE – minus the controllers.

The Bluetooth remote control comes with the package and works well within the Daydream App. Unfortunately there is currently no VR Player available, but the standalone VRTV VR Video Player does a good job, supports various 3D formats – and streaming from network shares.

Daydream ViewDaydream ViewDaydream ViewDaydream View

Google Cardboard

Good ol’ Google Cardboard



OpenPCD console

8619867_origThe OpenPCD console is a quick-and-dirty VC++ project for the OpenPCD reader, allowing me to send individual commands (hex code) to an ISO 14443 (RFID) card – in my case a DESFire EV1 from NXP.

Using the MinGW (GCC) Compiler Suite the librfid-tool library (part of librfid) was modified so the console was able to initialize the OpenPCD reader and activate the card (anticollision). I also introduce a new function that serves as communication interface between the PCD and PICC:

extern int exchange_block(char *cmd, unsigned int clen, char *ret, unsigned int *rlen, unsigned int timeout, unsigned int flags);

The function simply forwards the parameters to the internal routines of the librfid library.

Unfortunately I have to confirm the issues with the OpenPCD reader as often discussed (but never solved) on their mailing list. The USB reader needs to be re-plugged (or reset using the debug cable) in order to get a defined state again (even with the unmodified code). The device also seems to suffer from a timing issue, so that the return code (of a valid command) does not always match the actual state. This behavior is very annoying if you depend on a previously received message – i.e. authenticate using a challenge response protocol.

Security Management System for Virtual Organizations

This master thesis in cooperation with Microsoft EMIC explains how to securely manage virtual organizations across domain boundaries using state-of-the-art federation technologies.

Virtual organizations are virtual teams spanning organizational boundaries, where people from different organizations (e.g. companies) collaborate on a particular purpose. The combination of existing products, standards and technologies allows forming a framework that supports the complete lifecycle of a virtual organization.
The infrastructure model of the developed framework relies on the claims-based access model, which is used to authenticate and authorize members within virtual organizations. The communication within the framework complies with common standards and protocols like WS-Transfer and WS-Federation, providing maximum interoperability with other technologies or products, allowing to easily adapt the framework to a company’s environment.
The introduction of naming schemas allows storing virtual organization-related information in the corporate user directory, such as an LDAP directory, avoiding additional resources for dedicated directories or storages. New modules for common products securely synchronize and provision that information across domain boundaries to other organizations based on the WS-Transfer specification. A small service, developed using the Windows Communication Foundation, validates incoming requests and stores the information in a dedicated attribute store, which provides a global view of all members within virtual organizations.
The developed management console, which is one of the main parts of the virtual organization framework, provides the managing capabilities to control the complete lifecycle of virtual organizations and allows administrators to quickly deploy new contracts, and to customize and report existing ones. The abstraction layer of the management console contains a PowerShell module, which provides a virtual organization capable scripting environment and controls the components of the virtual organization framework. A developed Microsoft Management Console snap-in, which implements the abstraction layer, provides a graphical user-experience.

Written 2009 in cooperation with
Microsoft EMIC
Aachen, Germany

Security Analysis of Web 2.0

This study in cooperation with the Federal Office for Information Security in Germany (Bundesamt für Sicherheit in der Informationstechnik, BSI Deutschland) covers the threats and risks as well as possible security methods and techniques, used within Web 2.0.

The study focuses mainly on JavaScript (Ajax) and provides a detailed description on how the trust relationship can be exploited. Attacks like cross-site scripting (XSS), cross-site request forgery (CSRF) or session hijacking against web applications are all covered and analyzed with and without JavaScript at the perspective of an attacker and the user.
The study is available at the official site of the BSI or here: web20_pdf (PDF).

Written 2008 for the
Federal Office for Information Security
Bundesamt für Sicherheit in der IT (BSI)

Bonn, Germany

Load Balancing of Virtual Machines

3513707_orig6749582_origA framework based on the Red Hat Cluster Suite that enables virtualization technologies to load balance virtual machines with zero-downtime (live migration) among physical servers.

The LBVM consists of several scripts that allow to load balance virtual machines (currently preconfigured: Xen and OpenVZ) among physical servers – the algorithm is fully configurable. LBVM uses the Red Hat Cluster Suite to provide high availability and rgmanager (part of the Red Hat Cluster Suite) to perform the actual migration. Developed cluster scripts for Xen and OpenVZ allow the rgmanager to perform live migrations with zero-downtime to provide maximum reliability and uptime. The load balancing algorithm uses preconfigured resources (cpu, mem, load; fully configurable) to decide when and where to move a virtual machine. Reports and migrations are logged and also available in human-readable format.

The project was developed during my time at the University and was honored with the “Best Project Award”. For more information check out the official page (link).

DRBDv8 Regression TestSuite

The “DRBDv8 Regression Testsuite” was designed to enforce rare, but fatal situations in the DRBDv8 pre-release. The testsuite executes and verifies predefined (but fully configurable) testcases by issueing the given commands on two or more nodes of a DRBD cluster. Before each testcase the so-called agents, who process the commands on local nodes, synchronize themselves so that resources can be accessed at the very same time.

The testsuite was developed in Perl in cooperation with Linbit. Two of our first three testcases were able to trigger an unhandled excecption in the DRBDv8 pre-release; and were fixed in the final release, of course.

Security methods of the ePassport

9973822_origThis bachelor thesis in cooperation with NXP, analyzes the Austrian ePassport (MRTD with RFID chip) and outlines security and privacy issues, with corresponding emphasis on the implemented protocol (BAC, EAC).

The new ePassport, which contains a contact less smart card controller with the personal data of the passport holder, has already been issued in the middle of 2006 in several countries. The security methods of those passports are specified by the guidelines of the internationally civil aviation organization (ICAO) and used worldwide.
Several vulnerabilities could be found in the procedures by analyzing the security methods and investigating possible attacks. In particular, the access controls, which were developed for the protection of the personal data, offer a wide range of attacks. Without any optional protocols, it is even possible to gather the personal data of the passport holder while passing by. Even with the implementation of optional access controls and encrypted communication it is still possible to eavesdrop unnoticed from a several meters distance and decode the data within a few hours. In combination with the portrait of the passport holder, which is digitized in a very high quality on the chip and transferred with each passport control, the ePassport makes it possible to gather a new identity easily.
A serious problem is the possibility to uniquely identify an ePassports. Without optional protocols, person profiles and thus personal bombs can be built due to the personal data.
In 2008, the European Union stores further biometric data on the ePassport, which could be abused for certain access controls if the ePassport is stolen. Therefore, the question comes up whether the ePassport actually offers more security or is a huge risk, like renowned technologists state.

Written 2007 in cooperation with
NXP Semiconductors
Gratkorn, Austria