The increasing deployment of unmanned aerial vehicles (UAVs) and electric vertical take-off and landing (eVTOL) vehicles places stringent reliability and low-latency demands on aeronautical data communications for safety-critical functions. While heterogeneous multi-link architectures with erasure coding are theoretically promising, a practical evaluation is needed to verify their real-world performance benefits against individual public and private networks. This thesis evaluates how a heterogeneous communication architecture, combining a dedicated Air-to-Ground (A2G) network, a public 5G and a geostationary (GEO) satellite link via a fixed-rate erasure coding scheme, can improve communication reliability for representative UAV and eVTOL use cases. The evaluation combines an extensive in-flight measurement campaign using a helicopter on realistic eVTOL flight trajectories with a subsequent, validated simulation-based analysis to explore architectural optimizations. The in-flight measurements demonstrate that the dedicated A2G network provides a significantly more stable baseline than the volatile public 5G link, and their combination enhances reliability by up to 40 percent compared to single-link operation. Nevertheless, the stringent reliability requirements were not met, with simulations indicating that the integration of a Low-Earth Orbit (LEO) satellite link is a key enabler for filling terrestrial coverage gaps and further boosting performance. The primary conclusion is that while software-based optimizations like erasure coding provide scheduling benefits, the number and diversity of integrated physical links are the most critical factors in achieving the high levels of reliability required for future aerial connectivity. This suggests that future efforts should focus on deploying dedicated aerial networks and integrating diverse technologies, particularly LEO satellite systems, to ensure robust connectivity. A limitation of the study is the assumption for the single- vs. multi-link performance comparison, that the fragmentation of an IP packet into two smaller packets at the source has no effect on its delay and loss once reassembled at the destination.

Despite the Tor network's strong anonymity guarantees, some onion services unintentionally leak operational metadata through misconfigurations. This thesis explores one such leakage: Apache's mod_status diagnostic endpoint, which exposes real-time server information not intended for public access.

The root cause of this exposure lies in how Tor relays traffic. Requests sent to an onion address appear to originate from localhost, causing Apache to grant access to debugging pages intended to be private inadvertently. While this behavior is recognized in operational security communities as a known misconfiguration, its potential for attribution has received limited attention, remaining largely unexplored in academic literature.

To study this problem systematically, we analyzed over 210,000 server-status snapshots from more than 12,500 onion services, collected between 2019 and 2025 through continuous crawling of the Tor network. We began by developing a custom parser to extract the full contents of these pages, providing structured access to metadata such as public IP addresses, virtual hostnames (VHost), and client request logs. We then applied two attribution techniques: direct attribution via exposed infrastructure details and indirect attribution based on recurring VHost values and configuration similarities, such as shared version strings or runtime behavior. The latter was modeled as a graph to investigate clusters of likely co-hosted services.

The results show that server-status exposure is both widespread and persistent. In many cases, the leaked data enabled reliable deanonymization or revealed backend infrastructure shared across multiple services. In total, we identified 378 clusters linking 7,681 domains, over 61% of all onion services with a server-status page. Of these, 31 clusters included public IP addresses, covering 1,404 services, offering rare but unambiguous evidence for attribution.

This thesis serves as a feasibility study, demonstrating that attribution can be achieved systematically without exploiting Tor or undermining its anonymity mechanisms. We demonstrate that this unintentional exposure offers an opportunistic, passive, and scalable source of investigative insight. It highlights the untapped potential of server-status pages as a practical, low-cost technique for uncovering otherwise hidden dark web infrastructure. This method can be easily integrated into existing investigative workflows.

IPv6 fragmentation remains a subtle yet impactful security concern in modern high-throughput, low-latency networks, where packet inspection is constrained by performance requirements and out-of-path monitoring architectures. This thesis investigates how discrepancies in IPv6 fragment reassembly behaviour between passive Intrusion Detection Systems (IDS) and endpoint hosts can lead to detection gaps, misinterpretation, and even exploitable evasion opportunities. Using a permutation-based testing model inspired by prior work, the study evaluates 720 overlapping fragment sequences across multiple operating systems and analyses the detection behaviour of Suricata deployed inside a 5G-simulated User Plane Function. The results reveal inconsistencies in reassembly policies, particularly under retransmission conditions, and demonstrate that alerts are not always semantically aligned with the payload seen by the host. A proof-of-concept exfiltration attack further illustrates how timing-based fragment delivery can bypass IDS inspection while reconstructing sensitive data at an attacker-controlled receiver. To mitigate these risks, the thesis proposes temporal IP ID tracking, overlap enforcement, and targeted traffic normalisation, especially in programmable or inline network functions. These findings highlight fragmentation as a persistent and under-addressed attack surface and call for more context-aware, timing-resilient detection strategies in next-generation networks.

This thesis presents an analysis-by-synthesis approach for single-microphone indoor localization that inverts Neural Acoustic Fields (NAFs) by comparing synthesized and measured room impulse responses. Inspired by Neural Radiance Fields (NeRFs), NAFs model room impulse responses (RIRs) as continuous functions of spatial coordinates, enabling localization through spectral loss minimization over candidate listener positions. To mitigate computational overhead, we introduce Standard Deviation-Weighted Sampling (SDWS), focusing on informative time-frequency bins. Further, we evaluate regularization effects on loss landscapes. Evaluated on SoundSpaces (simulated, binaural) and RAF (real-world, monaural) datasets, the method shows complementary behavior across datasets. While it outperforms direct regression baselines (ResNet-10, NAF-Direct) in sparse-data regimes on RAF, achieving up to 32% lower mean localization error (on RAF at 10% data), performance is lower on SoundSpaces, likely due to the high acoustic similarity between different locations in the simulated environments. PSO reduces runtime by 75% over grid search while improving accuracy by 14%, and SDWS cuts computation by 40× with only 22% error increase. The approach demonstrates NAF’s potential for localization but highlights trade-offs between inference time (5-200 s per query) and performance. Future work could extend the method to jointly estimate listener position and orientation, or to incorporate a hybrid search algorithm for more efficient exploration of the loss space.