Studentische Arbeiten und Werkstudententätigkeiten

Physical attacks such as fault injection and electromagnetic side-channel attacks have proven to be effective against many cryptographic implementations. Therefore, designs of cryptographic primitives must contain countermeasures against these attacks. However, countermeasures against one type of attack may create vulnerabilities for others. This leads to the design of combined countermeasures against multiple classes of attacks. Moreover, such countermeasures must be implemented efficiently, since additional latency, chip area and/or power consumption is crucial for embedded devices. The goal of this work is to develop and evaluate countermeasures against combined attacks on symmetric ciphers and consists of the following steps:
• Literature research regarding combined countermeasures
• Design of a new or modified countermeasure
• Implementation of the design in hardware
• Evaluation of the implementation (theoretic and/or practical in the laboratory)
An exemplary publication for a combined countermeasure can be obtained from [1, 2, 3].
[1] https://tches.iacr.org/index.php/TCHES/article/view/8547/8112
[2] https://tches.iacr.org/index.php/TCHES/article/view/11257/10799
[3] https://eprint.iacr.org/2014/665.pdf

• Basic knowledge in linear algebra and statistics
• Basic knowledge in cryptography
• Basic knowledge of a hardware description language (e.g. VHDL, Verilog, SystemVerilog)
• Basic knowledge of Python

A Physical Unlonable Function (PUF) evaluates manufacturing fluctuations in a chip and generates an individual secret like a fingerprint. It varies greatly from chip to chip and slightly from measurement to measurement. In order to obtain a cryptographic key from this secret, an error-correcting scheme is necessary to remove these variations.
However, some of these schemes are based on invalid assumptions, and can make the design vulnerable to statistical analysis.

 The aim of this work is to
  • Apply a known flaw to an existing PUF design
  • Evaluate the attack complexity
  • Potentially write an attacker software

 Further reading:

Frisch, C., Wilde, F., Holzner, T. et al. A Practical Approach to Estimate the Min-Entropy in PUFs. J Hardw Syst Secur 7, 138–146 (2023)

Maes, R., Van Herrewege, A., Verbauwhede, I. (2012). PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator. In: Prouff, E., Schaumont, P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2012

  • Background knowledge in statistics and coding theory
  • Familiar with simulation tools (Python/Matlab/...)

Physical Unclonable Functions (PUFs) are methods to measure hard-to-control manufacturing variabilities of electronic devices at runtime. These measurements can be used as device-unique fingerprints, or as a basis for authentication protocols or the storage of secret keys.

The Loop PUF is an established PUF design, which uses intrinsic delays in silicon logic to derive PUF responses by measuring frequencies of purpose-built on-device oscillators. The Loop PUF is easily integrated into FPGAs and more forgiving in its design than other PUFs—though these conservative design choices might leave room for optimisation. The focus of this work is to explore these areas while making sure the resulting PUF still meets its performance specifications.

The aim of this work is to

• gradually modify an existing Loop PUF FPGA design written in VHDL,
• carry out measurements using an existing Python measurement framework,
• evaluate the optimised PUFs performance, and
• summarise the findings in the context of a general Loop PUF.

Necessary: Basic experience with VHDL, FPGAs
Necessary: Experience coding in Python

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
• Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
• In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
• Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a python to use our existing framework
• Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
• Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for designing an interface
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
• Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Physical attacks such as fault injection and electromagnetic side-channel attacks have proven to be effective against many cryptographic implementations. Therefore, designs of cryptographic primitives must contain countermeasures against these attacks. However, countermeasures against one type of attack may create vulnerabilities for others. This leads to the design of combined countermeasures against multiple classes of attacks. Moreover, such countermeasures must be implemented efficiently, since additional latency, chip area and/or power consumption is crucial for embedded devices. The goal of this work is to develop and evaluate countermeasures against combined attacks on symmetric ciphers and consists of the following steps:
• Literature research regarding combined countermeasures
• Design of a new or modified countermeasure
• Implementation of the design in hardware
• Evaluation of the implementation (theoretic and/or practical in the laboratory)
An exemplary publication for a combined countermeasure can be obtained from [1, 2, 3].
[1] https://tches.iacr.org/index.php/TCHES/article/view/8547/8112
[2] https://tches.iacr.org/index.php/TCHES/article/view/11257/10799
[3] https://eprint.iacr.org/2014/665.pdf

• Basic knowledge in linear algebra and statistics
• Basic knowledge in cryptography
• Basic knowledge of a hardware description language (e.g. VHDL, Verilog, SystemVerilog)
• Basic knowledge of Python

Servers Confidential Computing technologies are a promising tool for cloud computing. They aim to protect data while being processed in the cloud by preventing the cloud provider and platform owner from gaining access to it. AMD SEV-SNP and Intel TDX in particular do this by providing confidential virtual machines. Memory of these VMs remains confidential and integrity-protected at all times and the technologies provide remote attestation mechanisms for verification. Extensive work has analyzed, broken and improved upon these technologies. Especially for proof of concept implementations, however, creating, testing and verifying code requires specific server hardware that is not readily available to everyone.
This thesis aims to design and implement emulators for either AMD SEV-SNP or Intel TDX.

Task Description
In this thesis, the focus lies on providing AMD SEV-SNP or Intel TDX remote attestation mechanisms to a VM hosted on conventional hardware. For this, the student researches and evaluates required components needed to emulate these. The student then creates a design and proof of concept implementation that provides the corresponding remote attestation mechanism to the guest VM, e.g., by modifying and extending the virtual machine manager (VMM) QEMU. If possible, guest VM and host kernel shall remain unchanged.

* High motivation and ability to work independently
* Good understanding of virtualization concepts
* Experience with QEMU / KVM and Linux kernels

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
• In the optimum case experience with FPGAs to try the measures in the real world.
• Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

Description: The growing popularity of non-volatile flash memory in various applications, including data storage and embedded systems, has raised significant security concerns. Data stored in these memories can be vulnerable to unauthorized access and tampering. Memory encryption is a vital technique to safeguard sensitive information from potential threats. In this thesis project, you will work on advancing the state-of-the-art in memory encryption techniques for non-volatile flash memory.
Project Overview: Non-volatile flash memory, commonly used in a wide range of electronic devices such as smartphones, tablets, and solid-state drives (SSDs), is susceptible to data breaches if not adequately protected. Memory encryption is a crucial technique to safeguard data from unauthorized access or tampering. This master's thesis project aims to explore, design, and implement memory encryption mechanisms for non-volatile flash memory devices.

Key Tasks:
   1. Literature Review: Conduct a comprehensive review of existing memory encryption techniques
       and their suitability for non-volatile flash memory.
   2. Design and Implementation: Integrate an appropriate encryption algorithm into a non-volatile
       flash memory controler, considering factors such as performance, security, and compatibility.
   3. Performance Analysis: Evaluate the performance overhead of memory encryption,
       including e.g. latency, throughput, and area.

Motivation to learn, or experience with:

   - Strong background in cryptography, computer security, and embedded systems
   - Proficiency in hardware description languages (e.g., Verilog or VHDL) or SystemC
   - Familiarity with Platform Architect is a plus.
   - Excellent problem-solving skills and a passion for cybersecurity research

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
• Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a python to use our existing framework
• Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
• Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.

A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime

References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

• VHDL/Verilog Knowledge
• Sichere Implementierung Kryptographischer Verfahren (SIKA)
• Python Skills

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for designing an interface
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
• Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Identity-based encryption (IBE) [1, 2] is a part of identity-based cryptosystems [3], where the publicly known information (Email, IP-address etc.) is being used as the public key (or as an information for the public key derivation). Due to this fact, IBE cryptosystems do not require public key distribution mechanisms. The latter makes them especially interesting for the Internet-of-Things (IoT) domain. Unfortunately, such a system suffers from inefficiency due to the complexity of several underlying mathematical operations. This is a crucial problem, since IoT device are generally resource-constrained. The goal of this work is to investigate existing hardware or software IBE implementations, define their bottlenecks and propose methods to improve them.
[1] https://link.springer.com/chapter/10.1007/3-540-44647-8_13#preview
[2] https://link.springer.com/chapter/10.1007/978-3-662-45608-8_2
[3] https://link.springer.com/chapter/10.1007/3-540-39568-7_5

• Proficiency in: a hardware description language (VHDL, Verilog, SystemVerilog) or an embedded software programming languages (e.g. C, Rust)
• Basic knowledge of python
• Basic knowledge in elliptic curve cryptography
• Optionally: knowledge of sagemath

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
• Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
• In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

Fuzzing is a powerful and versatile technique to hunt security vulnerabilities. Embedded devices, however, usually lack suitable interfaces to apply established fuzzing-concepts known from software. Tapping side-channel information such as power consumption or electromagnetic radiation, can yield these interfaces and enable conventional grey-box fuzzing of an embedded device.

Task Description

Our current test set-up is capable of extracting code-coverage information during a fuzzing campaign from the power consumption of a STM32F417IGT microcontroller and feeding it back into our tool, which is based on the popular AFL++ fuzzer. Your task will be to measure the performance of this tool on additional microcontrollers and to increase its effectiveness where applicable. In detail, this entails hooking up a microcontroller to the test set-up, train a machine-learning model to the microcontroller-specific behavior, and measure the performance and effectiveness while fuzzing proof-of-concept and real-world software running on the microcontroller.
As optional task, you can work towards tapping electromagnetic radiation as second side-channel next to power consumption.

• High motivation and ability to work independently
• Good coding skills in python and general understanding of software architecture
• Interest in offensive security and bug-hunting

Die Programmable Services Engine (PSE) der Elkhart Lake Plattform ist ein separater ARM Core zur Ausführung von Applikationen getrennt vom Hauptprozessor. Die Firmware der PSE ist eine Softwarekomponente, die zur Bereitstellung sicherheitskritischer Plattformfunktionalitäten eingesetzt wird. Durch den Einsatz der Programmiersprache C können in dieser Komponente angreifbare Schwachstellen mit weitreichenden Sicherheitsimplikationen vorhanden sein.

Aufgabenbeschreibung
Ziel der Arbeit ist die Erstellung eines funktionierenden Fuzzing-Setups für die PSE Firmware der Elkhart Lake Plattform. Im Rahmen der Arbeit sollen zunächst Aufbau und Schnittstellen der Firmware analysiert werden. Darauf aufbauend sollen für Fuzzing geeignet Schnittstellen identifiziert werden.
Basierend auf diesen Vorarbeiten soll dann ein geeigneter Fuzzer ausgewählt und damit ein lauffähiges Fuzzing-Setup aufgebaut werden. Auch die Identifikation und Umsetzung von ggf. notwendigen Änderungen am ausgewählten Fuzzer sind Teil der Arbeit. Abschließend soll eine Evaluation des implementierten Fuzzers im Hinblick auf Code Coverage, Performance und Reproduzierbarkeit erfolgen.

• Erweiterte Kenntnisse sowie praktische Erfahrung im Bereich Fuzzing
• Vorerfahrung mit Betriebssystemkonzepten und Linux-basierten Betriebssystemen
• Idealerweise Kenntnisse im Bereich Echtzeitbetriebssysteme, insbesondere Zephyr
• Idealerweise Grundkenntnisse im Bereich Rechnerarchitektur

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

openOCD Extension Development:

• Base knowledge in C
• Basic tcl scripting

FPGA Development:

• Base Verilog Knowledge
• You can read schematics and do basic hardware debugging
• Base python knowledge

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

We are currently seeking students to join our research team for a practical experience in the field of
hardware security. This opportunity offers hands-on experience in conducting side-channel analysis
of System-on-Chips (SOCs).
Responsibilities

• Conduct literature research on hardware security and side-channel analysis techniques
• Build and use a measurement setup to collect side-channel data from SOCs
• Analyze the collected data and identify potential vulnerabilities
• Develop and implement potential attacks on the devices

• Currently enrolled as a student in a relevant field (e.g., computer science, electrical engineering)
• Strong interest in hardware security and side-channel analysis
• Basic knowledge of computer architecture and embedded systems
• Proficiency with programming languages, especially Python
• Ability to work independently and in a team

This research practicum provides an excellent opportunity to gain practical experience in the exciting
field of hardware security. If you are passionate about cybersecurity and eager to apply your
knowledge in a real-world context, we encourage you to apply for this position.
To apply, please submit your resume, your transcript of records and a brief statement of interest
highlighting your relevant experience and motivation for joining this research practicum.

Identity-based encryption (IBE) [1, 2] is a part of identity-based cryptosystems [3], where the publicly known information (Email, IP-address etc.) is being used as the public key (or as an information for the public key derivation). Due to this fact, IBE cryptosystems do not require public key distribution mechanisms. The latter makes them especially interesting for the Internet-of-Things (IoT) domain. Unfortunately, such a system suffers from inefficiency due to the complexity of several underlying mathematical operations. This is a crucial problem, since IoT device are generally resource-constrained. The goal of this work is to investigate existing hardware or software IBE implementations, define their bottlenecks and propose methods to improve them.
[1] https://link.springer.com/chapter/10.1007/3-540-44647-8_13#preview
[2] https://link.springer.com/chapter/10.1007/978-3-662-45608-8_2
[3] https://link.springer.com/chapter/10.1007/3-540-39568-7_5

• Proficiency in: a hardware description language (VHDL, Verilog, SystemVerilog) or an embedded software programming languages (e.g. C, Rust)
• Basic knowledge of python
• Basic knowledge in elliptic curve cryptography
• Optionally: knowledge of sagemath

Physical attacks such as fault injection and electromagnetic side-channel attacks have proven to be effective against many cryptographic implementations. Therefore, designs of cryptographic primitives must contain countermeasures against these attacks. However, countermeasures against one type of attack may create vulnerabilities for others. This leads to the design of combined countermeasures against multiple classes of attacks. Moreover, such countermeasures must be implemented efficiently, since additional latency, chip area and/or power consumption is crucial for embedded devices. The goal of this work is to develop and evaluate countermeasures against combined attacks on symmetric ciphers and consists of the following steps:
• Literature research regarding combined countermeasures
• Design of a new or modified countermeasure
• Implementation of the design in hardware
• Evaluation of the implementation (theoretic and/or practical in the laboratory)
An exemplary publication for a combined countermeasure can be obtained from [1, 2, 3].
[1] https://tches.iacr.org/index.php/TCHES/article/view/8547/8112
[2] https://tches.iacr.org/index.php/TCHES/article/view/11257/10799
[3] https://eprint.iacr.org/2014/665.pdf

• Basic knowledge in linear algebra and statistics
• Basic knowledge in cryptography
• Basic knowledge of a hardware description language (e.g. VHDL, Verilog, SystemVerilog)
• Basic knowledge of Python

A Physical Unlonable Function (PUF) evaluates manufacturing fluctuations in a chip and generates an individual secret like a fingerprint. It varies greatly from chip to chip and slightly from measurement to measurement. In order to obtain a cryptographic key from this secret, an error-correcting scheme is necessary to remove these variations.
However, some of these schemes are based on invalid assumptions, and can make the design vulnerable to statistical analysis.

 The aim of this work is to
  • Apply a known flaw to an existing PUF design
  • Evaluate the attack complexity
  • Potentially write an attacker software

 Further reading:

Frisch, C., Wilde, F., Holzner, T. et al. A Practical Approach to Estimate the Min-Entropy in PUFs. J Hardw Syst Secur 7, 138–146 (2023)

Maes, R., Van Herrewege, A., Verbauwhede, I. (2012). PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator. In: Prouff, E., Schaumont, P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2012

  • Background knowledge in statistics and coding theory
  • Familiar with simulation tools (Python/Matlab/...)

Physical Unclonable Functions (PUFs) are methods to measure hard-to-control manufacturing variabilities of electronic devices at runtime. These measurements can be used as device-unique fingerprints, or as a basis for authentication protocols or the storage of secret keys.

The Loop PUF is an established PUF design, which uses intrinsic delays in silicon logic to derive PUF responses by measuring frequencies of purpose-built on-device oscillators. The Loop PUF is easily integrated into FPGAs and more forgiving in its design than other PUFs—though these conservative design choices might leave room for optimisation. The focus of this work is to explore these areas while making sure the resulting PUF still meets its performance specifications.

The aim of this work is to

• gradually modify an existing Loop PUF FPGA design written in VHDL,
• carry out measurements using an existing Python measurement framework,
• evaluate the optimised PUFs performance, and
• summarise the findings in the context of a general Loop PUF.

Necessary: Basic experience with VHDL, FPGAs
Necessary: Experience coding in Python

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
• Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
• In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

RowHammer is a powerful fault injection technique, launched from software, to inject bitfaults into DRAM. Over the last decade, RowHammer was shown to threaten DRAMs. Vendors reacted and deployed countermeasures, which lead to the believe that the problem was solved. However, in the last years, research showed that RowHammer is still threatened by a more sophisticated technique, called Many-sided RowHammer.
In this work, we aim to create bitfaults inside the LPDDR4 of an embedded system by using the Many-Sided RowHammer technique. Therefore, we will port an existing RowHammer tool to our target embedded architecture. We will then evaluate, whether successful Many-sided RowHammer attack is possible on our targetted embedded platform, and which are the necessary parameters. Finally, we want evaluate how an attacker may use the particular achieved fault model.

The following skills are valuable for the execution of the project:
* Good knowledge of programming in C
* Basic experience with assembly programming
* Basic experience with embedded Linux (e.g., Buildroot, Yocto, Raspbian, etc.)
* Basic knowledge about memory hierarchies and DRAM structure

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
• In the optimum case experience with FPGAs to try the measures in the real world.
• Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

Remote Attestation is the process of assessing the trustworthiness of a remote computing platform through verifying the integrity of its software stack. Arm Trusted Firmware-M provides the Initial Attestation Service (IAS) to enable attestation on resource-constraint Arm Cortex-M microcontrollers. However, executing a remote attestation protocol without binding it to the device's communication channel opens up the possibility of Man-in-the-Middle (MitM) attacks: In such a scenario, an attacker uses a rogue device to fetch attestation evidence from a good device and establish communication to an IoT hub or other IoT devices. Therefore, the scope of this work is to design and implement a channel binding mechanism for common IoT protocols such as Constraint Application Protocol (CoAP) to augment the communication channel with an attestation mechanism. This includes the following tasks:
• Survey of existing IoT protocols and attestation mechanisms
• Design of a channel binding mechanism, e.g., for CoAP with OSCORE/EDHOC
• Implement a Proof-of-Concept for the solution
• Evaluate the solution

• High motivation and ability to work independently
• Good Programming skills in C
• At least basic knowledge of cryptographic primitives
• Preferably knowledge about embedded systems and Arm Cortex-M processors

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
• Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a python to use our existing framework
• Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
• Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.

A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime

References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

• VHDL/Verilog Knowledge
• Sichere Implementierung Kryptographischer Verfahren (SIKA)
• Python Skills

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for designing an interface
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
• Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Fraunhofer AISEC and TU Munich are collaborating in designing security chip prototypes for various research projects. You have the opportunity to work with a team of researchers on realizing innovative security solutions on hardware circuits. During your work, you will use state-of-the-art EDA tools, learn valuable skills related to the different stages of chip design and have the opportunity to contribute to cutting edge research. This job is an ideal starting point for a future career in chip design and information security. We also offer Research Internships and Master Thesis positions.

Task Description
Within this work, you will
• Assist implementing and verifying hardware implementations
• Maintain and improve IP cores and tooling
• Document hardware designs
• Evaluate hardware implementations on AMD/Xilinx FPGAs

• First experience in hardware design using VHDL or SystemVerilog
• Basic knowledge about FPGA or ASIC design flow
• Good programming skills in Python
• High motivation to learn more about information security and hardware design

The project AUTOPSY aims to protect the privacy of the data collected and processed in cars and researches on the impact of deploying Privacy Enhancing Techniques (PETs) in an automotive scenario with a focus on platooning in the initial demonstration.
Goal of this work is to build upon an existing demonstrator and further improve it to showcase results in an interesting and interactive way. We are therefore looking for a motivated working student with strong background in embedded systems.
Task description

The tasks cover in particular:
• Developing and improving code for PET implementations, communication and system software
• Deployment of code on automotive embedded systems
• Improvement of visualization and user experience

• Strong background in programming and debugging embedded systems
• Interest in privacy enhancing techniques
• Strong motivation and independent working style
Date: June 2024
Start: any time

Fehlerangriffe auf kryptografische Verfahren sind eine Methode mittels derer ein geheimer Schlüssel aus einem Gerät extrahiert werden kann, indem während der Ausführung mit einer gezielten Störung des Geräts (z.B. durch einen starken elektromagnetischen Puls) eine fehlerhafte Berechnung des kryptografischen Algorithmus erzwungen wird. Abhängig vom kryptografischen Verfahren existieren eine Vielzahl von Angriffen, die auf Basis von fehlerhaften Ausgabewerten den verwendeten Schlüssel ermitteln können.
Aufgabe der hier ausgeschriebenen Stelle ist die Mitarbeit am Aufbau eines Tooling Frameworks für das Hardware Security Labor des Fraunhofer AISEC. Das Tooling soll verschiedene existierende Angriffe implementieren sodass diese für Analysen im Labor genutzt werden können. Folgende Tätigkeiten sind hierfür voraussichtlich durchzuführen:
• Literaturrecherche sowie Lesen und Verstehen von relevanten Publikationen
• Python-Implementierung von kryptografischen Verfahren mit der Möglichkeit Fehlerinjektionen zu simulieren
• Implementierung und Testen ausgewählter Angriffe

• Sehr gute Sprachkenntnisse in Deutsch und/oder Englisch
• Gute Programmierkenntnisse in Python
• Selbstständige Arbeitsweise

Identity-based encryption (IBE) [1, 2] is a part of identity-based cryptosystems [3], where the publicly known information (Email, IP-address etc.) is being used as the public key (or as an information for the public key derivation). Due to this fact, IBE cryptosystems do not require public key distribution mechanisms. The latter makes them especially interesting for the Internet-of-Things (IoT) domain. Unfortunately, such a system suffers from inefficiency due to the complexity of several underlying mathematical operations. This is a crucial problem, since IoT device are generally resource-constrained. The goal of this work is to investigate existing hardware or software IBE implementations, define their bottlenecks and propose methods to improve them.
[1] https://link.springer.com/chapter/10.1007/3-540-44647-8_13#preview
[2] https://link.springer.com/chapter/10.1007/978-3-662-45608-8_2
[3] https://link.springer.com/chapter/10.1007/3-540-39568-7_5

• Proficiency in: a hardware description language (VHDL, Verilog, SystemVerilog) or an embedded software programming languages (e.g. C, Rust)
• Basic knowledge of python
• Basic knowledge in elliptic curve cryptography
• Optionally: knowledge of sagemath

Physical attacks such as fault injection and electromagnetic side-channel attacks have proven to be effective against many cryptographic implementations. Therefore, designs of cryptographic primitives must contain countermeasures against these attacks. However, countermeasures against one type of attack may create vulnerabilities for others. This leads to the design of combined countermeasures against multiple classes of attacks. Moreover, such countermeasures must be implemented efficiently, since additional latency, chip area and/or power consumption is crucial for embedded devices. The goal of this work is to develop and evaluate countermeasures against combined attacks on symmetric ciphers and consists of the following steps:
• Literature research regarding combined countermeasures
• Design of a new or modified countermeasure
• Implementation of the design in hardware
• Evaluation of the implementation (theoretic and/or practical in the laboratory)
An exemplary publication for a combined countermeasure can be obtained from [1, 2, 3].
[1] https://tches.iacr.org/index.php/TCHES/article/view/8547/8112
[2] https://tches.iacr.org/index.php/TCHES/article/view/11257/10799
[3] https://eprint.iacr.org/2014/665.pdf

• Basic knowledge in linear algebra and statistics
• Basic knowledge in cryptography
• Basic knowledge of a hardware description language (e.g. VHDL, Verilog, SystemVerilog)
• Basic knowledge of Python

Physical Unclonable Functions (PUFs) are methods to measure hard-to-control manufacturing variabilities of electronic devices at runtime. These measurements can be used as device-unique fingerprints, or as a basis for authentication protocols or the storage of secret keys.

The Loop PUF is an established PUF design, which uses intrinsic delays in silicon logic to derive PUF responses by measuring frequencies of purpose-built on-device oscillators. The Loop PUF is easily integrated into FPGAs and more forgiving in its design than other PUFs—though these conservative design choices might leave room for optimisation. The focus of this work is to explore these areas while making sure the resulting PUF still meets its performance specifications.

The aim of this work is to

• gradually modify an existing Loop PUF FPGA design written in VHDL,
• carry out measurements using an existing Python measurement framework,
• evaluate the optimised PUFs performance, and
• summarise the findings in the context of a general Loop PUF.

Necessary: Basic experience with VHDL, FPGAs
Necessary: Experience coding in Python

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

The course "Advanced Cryptographic Implementation" is focuses on advanced techniques for engineering state-of-the-art cryptographic implementations for embedded systems. It offers a comprehensive exploration of efficient methods for implementing cryptographic algorithms, along with countermeasures to safeguard these implementations against side-channel and fault attacks.

During the course, students will have the opportunity to engage in a practical, hands-on project that will enable them to acquire the necessary skills to implement cryptographic algorithms on a microcontroller.   

As a tutor you will provide technical support to students during the summer semester in form of meetings and/or supervision (e.g., chat or mail).

Timeline and working hours:

From 15.04.2024 until 31.07.2024 with a total of 84 hours. Flexible working hours and working period are possible.

    • Self-motivated and independent working style.

    • Hands-on experience with programming and microcontrollers.

    • Previous knowledge of ARM and/or RISC-V platforms is desirable but not required.

    • Previous attendance to the course is desirable, but not required.

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
• Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
• In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

openOCD Extension Development:

• Base knowledge in C
• Basic tcl scripting

FPGA Development:

• Base Verilog Knowledge
• You can read schematics and do basic hardware debugging
• Base python knowledge

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a python to use our existing framework
• Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
• Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.