Studentische Arbeiten und Werkstudententätigkeiten

The student will analyze timing behavior of PQC signature algorithms and investigate potential side-channel leakage.

Possible directions include:

• Rejection sampling: measuring attempt counts and runtime variations.

• Coefficient bound checks: identifying early-exit patterns that depend on secret-derived values.

• Encoding steps: analyzing data-dependent runtime in signature encoding.

Tasks include:

1. Reviewing prior loop-abort timing attacks (e.g., on BLISS [1]).

2. Instrumenting PQC implementations to measure per-signature timing.

3. Collecting large datasets of timing traces under different inputs.

4. Applying statistical methods to correlate timing clusters with secret-dependent events. 

[1] Thomas Espitau, Pierre-Alain Fouque, Benoît Gérard, and Mehdi Tibouchi. 2017. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). Association for Computing Machinery, New York, NY, USA, 1857–1874. https://doi.org/10.1145/3133956.3134028

Voraussetzungen

Students interested in proposing their own research idea are welcome to do so within the broad areas of cryptography and security. Possible directions include Post-Quantum Cryptography, implementation security (e.g. side-channel and fault attacks, countermeasures), cryptographic system integration, and security at the system or network level.

Proposals should outline motivation, goals, relevant background, and a rough plan of the intended work. We will help refine and scope the idea to fit a seminar, bachelor thesis, IDP or FP.

With the transition to Post-Quantum Cryptography and the number of new algorithms proposed, there is an increasing need to evaluate the physical security of these algorithms as well as their implementability in Hardware as well as in Software.

Possible topics in this area inlcude:

• New Side-Channel Attacks on PQC
• Innovative implementation approaches in Hardware
• Acceleration of a PQC algorithm in Software using either optimized assembly or hardware accelerators
• Innovative Countermeasures against SCA

Voraussetzungen

Cryptographic implementations in high-level languages like C often suffer from compiler induced side-channel issue which allow e.g. to extract a secret key via the timing behaviour of the implementation. Implemeting in assembly is on the other hand error prone and laboursome. This topic is therefore about implementing and/or verifying certain aspects of a Post-Quantum Cryptographic algorithm in Jasmin [1]. Jasmin allows for exact control of the underlying hardware while providing more abstraction and support than pure assembly. It furthermore allows for formal proofs of the implemented algorithm.

[1]: https://github.com/jasmin-lang/jasmin

Voraussetzungen

I am looking for students who are interested in HW implementations and have knowledge of an HDL language. You would be a suitable candidate if you are also interested in cryptography and its applications.

Possible implementation tasks are the
  - Extension/implementation of symmetric ciphers
  - Extension/implementation of message authentication codes
  - Extension/implementation of error correction codes/functionality

The implementation will be analyzed for its suitability for memory encryption and integrity verification of memory contents. This assessment will measure and evaluate typical performance metrics on an FPGA.

If any topics interest you, please email me to discuss the details and your interests. Your application will benefit if you attach your current grade report and CV.

Tätigkeitsbeschreibung
Die ARM TrustZone bietet eine bew¨ahrte Ausf ¨uhrungsumgebung (Trusted Execution Environment,
TEE), um sicherheitskritische Anwendungen getrennt vom prim¨aren Betriebssystem
(OS) in eine kontrollierte Umgebung auszulagern. In diesem Zusammenhang
findet die Ausf ¨uhrung komplexer Programme in der Regel in der “normalen Welt” statt,
w¨ahrend minimale und hochgradig vertrauensw¨urdige Programme in der “sicheren Welt”
isoliert werden. In einer Vielzahl von Ver¨ offentlichungen wurde bereits nachgewiesen,
dass diese Trennung zur U¨ berwachung der normalen Welt genutzt werden kann. Typische
Ansa¨ tze implementieren eine Art von U¨ berwachung, indem das prima¨ re Betriebssystem
w¨ahrend der Laufzeit aus der sicheren Welt heraus analysiert wird. Ein weitl ¨aufiges Problem
dabei ist, dass diese Ans¨ atze durch die Ressourcen der sicheren Welt begrenzt sind
und k¨onnen w¨ahrend der Laufzeit keine Beweise f ¨ ur Folgeuntersuchungen liefern.
Ein neuartiger Ansatz best¨unde darin, die Privilegien der sicheren Welt in der ARM
TrustZone zu nutzen, um die normale Welt effektiv einzufrieren und einen forensischen
Schnappschuss des potenziell kompromittierten Systems zu erstellen. Dies erfordert
einen Mechanismus, um die normale Welt von der weiteren Ausf ¨uhrung von Programmen
abzuhalten, und zus¨ atzlich die Entwicklung eines Mechanismus zur sicheren Speicherung
oder U¨ bertragung des forensischen Schnappschusses des Arbeitsspeichers.
Die Aufgaben f ¨ ur die Abschlussarbeit umfassen:
• Analyse von verwandten Arbeiten zur Anfertigung von Speicherabbildungen innerhalb
der sicheren Welt.
• Erarbeitung eines Konzeptes zur sicheren U¨ bertragung bzw. Ablage des Schnappschusses
ohne die Verwendung von Ressourcen aus der normalen Welt.
• Bedrohungsmodellierung des entworfenen Designs anhand verschiedener Angriffspfade.
• Implementierung einer Trusted Application (TA) f ¨ ur OP-Tee zum Anhalten der normalen
Welt und Anfertigung von Schnappsch¨ussen des Arbeitsspeichers.
Anforderungen
• Hohe Motivation sowie selbstst ¨andige und zielorientierte Arbeitsweise
• Gute Programmierkenntnisse in C/C++ oder Grundlagen in Rust
• Praxiserfahrung im Umgang mit Linux-basierten Betriebssystemen
• Grundkenntnisse zu Trusted Execution Environments wie OP-TEE
Der Prototyp soll f ¨ ur die ARM Fixed Virtual Platforms (FVPs) entwickelt werden, sodass
keine direkte Hardware-Abh¨angigkeit besteht und auch remote bearbeitet werden kann.

With the transition to Post-Quantum Cryptography and the number of new algorithms proposed, there is an increasing need to evaluate the physical security of these algorithms as well as their implementability in Hardware as well as in Software.

Possible topics in this area inlcude:

• New Side-Channel Attacks on PQC
• Innovative implementation approaches in Hardware
• Acceleration of a PQC algorithm in Software using either optimized assembly or hardware accelerators
• Innovative Countermeasures against SCA

Voraussetzungen

Cryptographic implementations in high-level languages like C often suffer from compiler induced side-channel issue which allow e.g. to extract a secret key via the timing behaviour of the implementation. Implemeting in assembly is on the other hand error prone and laboursome. This topic is therefore about implementing and/or verifying certain aspects of a Post-Quantum Cryptographic algorithm in Jasmin [1]. Jasmin allows for exact control of the underlying hardware while providing more abstraction and support than pure assembly. It furthermore allows for formal proofs of the implemented algorithm.

[1]: https://github.com/jasmin-lang/jasmin

Voraussetzungen

I am looking for students who are interested in HW implementations and have knowledge of an HDL language. You would be a suitable candidate if you are also interested in cryptography and its applications.

Possible implementation tasks are the
  - Extension/implementation of symmetric ciphers
  - Extension/implementation of message authentication codes
  - Extension/implementation of error correction codes/functionality

The implementation will be analyzed for its suitability for memory encryption and integrity verification of memory contents. This assessment will measure and evaluate typical performance metrics on an FPGA.

If any topics interest you, please email me to discuss the details and your interests. Your application will benefit if you attach your current grade report and CV.

Students interested in proposing their own research idea are welcome to do so within the broad areas of cryptography and security. Possible directions include Post-Quantum Cryptography, implementation security (e.g. side-channel and fault attacks, countermeasures), cryptographic system integration, and security at the system or network level.

Proposals should outline motivation, goals, relevant background, and a rough plan of the intended work. We will help refine and scope the idea to fit a seminar, bachelor thesis, IDP or FP.

With the transition to Post-Quantum Cryptography and the number of new algorithms proposed, there is an increasing need to evaluate the physical security of these algorithms as well as their implementability in Hardware as well as in Software.

Possible topics in this area inlcude:

• New Side-Channel Attacks on PQC
• Innovative implementation approaches in Hardware
• Acceleration of a PQC algorithm in Software using either optimized assembly or hardware accelerators
• Innovative Countermeasures against SCA

Voraussetzungen

Cryptographic implementations in high-level languages like C often suffer from compiler induced side-channel issue which allow e.g. to extract a secret key via the timing behaviour of the implementation. Implemeting in assembly is on the other hand error prone and laboursome. This topic is therefore about implementing and/or verifying certain aspects of a Post-Quantum Cryptographic algorithm in Jasmin [1]. Jasmin allows for exact control of the underlying hardware while providing more abstraction and support than pure assembly. It furthermore allows for formal proofs of the implemented algorithm.

[1]: https://github.com/jasmin-lang/jasmin

Voraussetzungen

The student will study the fault attack surface of PQC signature implementations. Possible targets include:

• Randomness seeding: inducing reuse of sampling seeds across signatures

• Attempt counters: preventing incrementation, leading to repeated randomness

• Rejection checks: skipping norm or bounds checks, leaking biased outputs

Tasks include:

1. Literature review of fault attacks against lattice-based signatures

2. Identification of fault-sensitive components in reference implementations

3. Implementation of software-based fault models (e.g., instruction skip, register freeze)

4. Collection and analysis of faulty signatures to explore possible key recovery

Voraussetzungen

The student will analyze timing behavior of PQC signature algorithms and investigate potential side-channel leakage.

Possible directions include:

• Rejection sampling: measuring attempt counts and runtime variations.

• Coefficient bound checks: identifying early-exit patterns that depend on secret-derived values.

• Encoding steps: analyzing data-dependent runtime in signature encoding.

Tasks include:

1. Reviewing prior loop-abort timing attacks (e.g., on BLISS [1]).

2. Instrumenting PQC implementations to measure per-signature timing.

3. Collecting large datasets of timing traces under different inputs.

4. Applying statistical methods to correlate timing clusters with secret-dependent events. 

[1] Thomas Espitau, Pierre-Alain Fouque, Benoît Gérard, and Mehdi Tibouchi. 2017. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). Association for Computing Machinery, New York, NY, USA, 1857–1874. https://doi.org/10.1145/3133956.3134028

Voraussetzungen

BIKE (Bit Flipping Key Encapsulation) is a post-quantum key exchange scheme based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes. Security relies on the hardness of decoding random linear codes, where an attacker only knows the public matrix H, the syndrome s, and the exact weight of the error vector.

In this project the student will generate large datasets of BIKE ciphertexts and corresponding error vectors, and design experiments to analyze whether the weight (or distribution) of the error vector can be predicted directly from the syndrome and the parity-check matrix.

This includes:

• Implementing dataset generation with fixed public keys and varying error vectors

• Designing statistical or machine-learning based approaches to estimate error weights

• Evaluating how predictable the error structure is and whether such predictability could weaken BIKE’s assumed hardness

Voraussetzungen

Students interested in proposing their own research idea are welcome to do so within the broad areas of cryptography and security. Possible directions include Post-Quantum Cryptography, implementation security (e.g. side-channel and fault attacks, countermeasures), cryptographic system integration, and security at the system or network level.

Proposals should outline motivation, goals, relevant background, and a rough plan of the intended work. We will help refine and scope the idea to fit a seminar, bachelor thesis, IDP or FP.

With the transition to Post-Quantum Cryptography and the number of new algorithms proposed, there is an increasing need to evaluate the physical security of these algorithms as well as their implementability in Hardware as well as in Software.

Possible topics in this area inlcude:

• New Side-Channel Attacks on PQC
• Innovative implementation approaches in Hardware
• Acceleration of a PQC algorithm in Software using either optimized assembly or hardware accelerators
• Innovative Countermeasures against SCA

Voraussetzungen

Cryptographic implementations in high-level languages like C often suffer from compiler induced side-channel issue which allow e.g. to extract a secret key via the timing behaviour of the implementation. Implemeting in assembly is on the other hand error prone and laboursome. This topic is therefore about implementing and/or verifying certain aspects of a Post-Quantum Cryptographic algorithm in Jasmin [1]. Jasmin allows for exact control of the underlying hardware while providing more abstraction and support than pure assembly. It furthermore allows for formal proofs of the implemented algorithm.

[1]: https://github.com/jasmin-lang/jasmin

Voraussetzungen

I am looking for students who are interested in HW implementations and have knowledge of an HDL language. You would be a suitable candidate if you are also interested in cryptography and its applications.

Possible implementation tasks are the
  - Extension/implementation of symmetric ciphers
  - Extension/implementation of message authentication codes
  - Extension/implementation of error correction codes/functionality

The implementation will be analyzed for its suitability for memory encryption and integrity verification of memory contents. This assessment will measure and evaluate typical performance metrics on an FPGA.

If any topics interest you, please email me to discuss the details and your interests. Your application will benefit if you attach your current grade report and CV.

BIKE (Bit Flipping Key Encapsulation) is a post-quantum key exchange scheme based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes. Security relies on the hardness of decoding random linear codes, where an attacker only knows the public matrix H, the syndrome s, and the exact weight of the error vector.

In this project the student will generate large datasets of BIKE ciphertexts and corresponding error vectors, and design experiments to analyze whether the weight (or distribution) of the error vector can be predicted directly from the syndrome and the parity-check matrix.

This includes:

• Implementing dataset generation with fixed public keys and varying error vectors

• Designing statistical or machine-learning based approaches to estimate error weights

• Evaluating how predictable the error structure is and whether such predictability could weaken BIKE’s assumed hardness

Voraussetzungen

Es gibt einen Praktikumsteil zur Vorlesung, in dem verschiedene
Aspekte der IT-Sicherheit mithilfe eines eigenen Linux-Systems
und verschiedener Server-VMs praktisch geübt werden.

Deine Hauptaufgabe als Tutor*in sollte es sein, die
Studierenden während der Tutorstunden (2× wöchtentlich
à 1½ h) vor Ort bei der Bearbeitung dieser Aufgaben zu
unterstützen.

Daneben kannst du an der Wartung und Weiterentwicklung
der Aufgaben mitwirken und diese kreativ mitgestalten. Es gibt
stets Verbesserungspotential, was Verlässlichkeit und Inhalte
angeht!

Du solltest solide Linux-Kenntnisse mitbringen, da du häufig
Studierende, die vor der Vorlesung noch keinen Kontakt mit
Linux hatten, bei der Fehlersuche unterstützen wirst. Ein Besuch
der Vorlesung ist von Vorteil, aber keine zwingende
Voraussetzung.

Die Anstellung beläuft sich auf 6 h/Woche während der Vorlesungszeit im Wintersemester.

Task Description:

Side-channel analysis is an established research field which exploits unintended signal emanations of hardware that processes secret information. An attacker may be able to gain access to processed secrets by observing the electromagnetic (EM) field of a microcontroller that executes a cryptographic algorithm. In this work you will perform side-channel leakage analysis on an FPGA target in one of our state of the art hardware security laboratories. You will assist in all steps from experiment design, firmware development, measurements and finally data analysis.

Within this work, you will:

• implement FPGA firmware for the experiments

 • evaluate side-channel leakage behavior.

• perform measurements of the EM side channel in our state-of-the art hardware security lab.

•evaluate the measurements

• write code to integrate the FPGA target into our automated measurement framework.

Voraussetzungen

With the transition to Post-Quantum Cryptography and the number of new algorithms proposed, there is an increasing need to evaluate the physical security of these algorithms as well as their implementability in Hardware as well as in Software.

Possible topics in this area inlcude:

• New Side-Channel Attacks on PQC
• Innovative implementation approaches in Hardware
• Acceleration of a PQC algorithm in Software using either optimized assembly or hardware accelerators
• Innovative Countermeasures against SCA

Voraussetzungen

The smart card lab is a laboratory tailored for master students who want to expand their theoretical knowledge in side-channel analysis. Using the lessons learned in SIKA (Secure Implementation of Cryptographic Algorithms), students explore first-hand how to perform a correlation power analysis and break cryptographic implementations themselves. Howevel, the lab, is not only limited to just breaking implementations, but also covers a variety of approaches to secure implementations.

Given the broad scope of this lab, I am looking for a tutor (6-8 hours per week) to support my students, while working together with me to develop new ideas and refine existing exercises.

To give you a glimpse into potential tasks, on the hardware side you can

• assemble new smart cards, logic analyzers and debug adapter PCBs
• repair existing hardware if a malfunction can be seen
• drive the development of a new hardware revision

But you are not limited to the hardware aspects, we also strive to

• improve the existing smart card firmware to make it even more secure
• experiment with new ways to make the exercises more exciting. For example to give the students the opportunity to compete in a CTF-like scenario
• create a solution to automatically test and evaluate the code submitted by the students

If you are interested in embedded systems and hardware-software co-design, this could be the student job for you. I do not have the prerequesite of you having taken the course already.

Voraussetzungen

I am looking for students who are interested in HW implementations and have knowledge of an HDL language. You would be a suitable candidate if you are also interested in cryptography and its applications.

Possible implementation tasks are the
  - Extension/implementation of symmetric ciphers
  - Extension/implementation of message authentication codes
  - Extension/implementation of error correction codes/functionality

The implementation will be analyzed for its suitability for memory encryption and integrity verification of memory contents. This assessment will measure and evaluate typical performance metrics on an FPGA.

If any topics interest you, please email me to discuss the details and your interests. Your application will benefit if you attach your current grade report and CV.