Theses and Internships

Motivation and Task

V2X, or C-ITS (Cooperative Intelligent Transport Systems), is becoming increasingly prevalent in the EU. C-ITS refers to a network of systems that enable vehicles, infrastructure, and other road users to communicate and cooperate with each other in real-time. The primary goal of C-ITS is to improve road safety, traffic efficiency, and overall mobility by sharing information about traffic conditions, hazards, and other relevant data. With the increasing connectivity of vehicles and the associated data transmissions, it is essential to implement robust security mechanisms to protect user privacy and ensure the integrity of transportation systems. To test these security mechanisms, efficient testing frameworks are required.

C-ITS is based on the wireless standard IEEE 802.11p to send CAM and DENM messages via BTP and GeoNet, which are secured using IEEE 1609.2. Previous work has already provided a vertical slice through the layers to send and receive messages. The goal of this thesis is to extend the previous work to allow efficient testing of vehicles and roadside units. This includes defining suitable test cases as well as extending the capabilities of the testing framework. For example, the stack could be extended with capabilities to craft custom valid messages. Potential test cases range from fuzzing the message encoding to injecting manipulated messages into the communication. Results may be evaluated on a real-world electric vehicle.

Prerequisites

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Servers Confidential Computing technologies are a promising tool for cloud computing. They aim to protect data while being processed in the cloud by preventing the cloud provider and platform owner from gaining access to it. AMD SEV-SNP and Intel TDX in particular do this by providing confidential virtual machines. Memory of these VMs remains confidential and integrity-protected at all times and the technologies provide remote attestation mechanisms for verification. Extensive work has analyzed, broken and improved upon these technologies. Especially for proof of concept implementations, however, creating, testing and verifying code requires specific server hardware that is not readily available to everyone.
This thesis aims to design and implement emulators for either AMD SEV-SNP or Intel TDX.

Task Description
In this thesis, the focus lies on providing AMD SEV-SNP or Intel TDX remote attestation mechanisms to a VM hosted on conventional hardware. For this, the student researches and evaluates required components needed to emulate these. The student then creates a design and proof of concept implementation that provides the corresponding remote attestation mechanism to the guest VM, e.g., by modifying and extending the virtual machine manager (VMM) QEMU. If possible, guest VM and host kernel shall remain unchanged.

Prerequisites

Motivation and Task

V2X, or C-ITS (Cooperative Intelligent Transport Systems), is becoming increasingly prevalent in the EU. C-ITS refers to a network of systems that enable vehicles, infrastructure, and other road users to communicate and cooperate with each other in real-time. The primary goal of C-ITS is to improve road safety, traffic efficiency, and overall mobility by sharing information about traffic conditions, hazards, and other relevant data. With the increasing connectivity of vehicles and the associated data transmissions, it is essential to implement robust security mechanisms to protect user privacy and ensure the integrity of transportation systems. To test these security mechanisms, efficient testing frameworks are required.

C-ITS is based on the wireless standard IEEE 802.11p to send CAM and DENM messages via BTP and GeoNet, which are secured using IEEE 1609.2. Previous work has already provided a vertical slice through the layers to send and receive messages. The goal of this thesis is to extend the previous work to allow efficient testing of vehicles and roadside units. This includes defining suitable test cases as well as extending the capabilities of the testing framework. For example, the stack could be extended with capabilities to craft custom valid messages. Potential test cases range from fuzzing the message encoding to injecting manipulated messages into the communication. Results may be evaluated on a real-world electric vehicle.

Prerequisites

In scope of this work, you will
- Study and extend SGen for lattice-based cryptography
- Conduct design space exploration to evaluate different trade-offs
- Implement and evaluate a hardware accelerator on a Xilinx FPGA

Prerequisites

We are currently seeking students to join our research team for a practical experience in the field of
hardware security. This opportunity offers hands-on experience in conducting side-channel analysis
of System-on-Chips (SOCs).
Responsibilities

• Conduct literature research on hardware security and side-channel analysis techniques
• Build and use a measurement setup to collect side-channel data from SOCs
• Analyze the collected data and identify potential vulnerabilities
• Develop and implement potential attacks on the devices

Prerequisites

The smart card lab is a laboratory tailored for master students who want to expand their theoretical knowledge in side-channel analysis. Using the lessons learned in SIKA (Secure Implementation of Cryptographic Algorithms), students explore first-hand how to perform a correlation power analysis and break cryptographic implementations themselves. Howevel, the lab, is not only limited to just breaking implementations, but also covers a variety of approaches to secure implementations.

Given the broad scope of this lab, I am looking for a tutor (6-8 hours per week) to support my students, while working together with me to develop new ideas and refine existing exercises.

To give you a glimpse into potential tasks, on the hardware side you can

• assemble new smart cards, logic analyzers and debug adapter PCBs
• repair existing hardware if a malfunction can be seen
• drive the development of a new hardware revision

But you are not limited to the hardware aspects, we also strive to

• improve the existing smart card firmware to make it even more secure
• experiment with new ways to make the exercises more exciting. For example to give the students the opportunity to compete in a CTF-like scenario
• create a solution to automatically test and evaluate the code submitted by the students

If you are interested in embedded systems and hardware-software co-design, this could be the student job for you. I do not have the prerequesite of you having taken the course already.

Prerequisites

Fraunhofer AISEC and TU Munich are collaborating in designing security chip prototypes for various research projects. You have the opportunity to work with a team of researchers on realizing innovative security solutions on hardware circuits. During your work, you will use state-of-the-art EDA tools, learn valuable skills related to the different stages of chip design and have the opportunity to contribute to cutting edge research. This job is an ideal starting point for a future career in chip design and information security. We also offer Research Internships and Master Thesis positions.

Task Description
Within this work, you will
• Assist implementing and verifying hardware implementations
• Maintain and improve IP cores and tooling
• Document hardware designs
• Evaluate hardware implementations on AMD/Xilinx FPGAs

Prerequisites

The project AUTOPSY aims to protect the privacy of the data collected and processed in cars and researches on the impact of deploying Privacy Enhancing Techniques (PETs) in an automotive scenario with a focus on platooning in the initial demonstration.
Goal of this work is to build upon an existing demonstrator and further improve it to showcase results in an interesting and interactive way. We are therefore looking for a motivated working student with strong background in embedded systems.
Task description

The tasks cover in particular:
• Developing and improving code for PET implementations, communication and system software
• Deployment of code on automotive embedded systems
• Improvement of visualization and user experience

Prerequisites

Fehlerangriffe auf kryptografische Verfahren sind eine Methode mittels derer ein geheimer Schlüssel aus einem Gerät extrahiert werden kann, indem während der Ausführung mit einer gezielten Störung des Geräts (z.B. durch einen starken elektromagnetischen Puls) eine fehlerhafte Berechnung des kryptografischen Algorithmus erzwungen wird. Abhängig vom kryptografischen Verfahren existieren eine Vielzahl von Angriffen, die auf Basis von fehlerhaften Ausgabewerten den verwendeten Schlüssel ermitteln können.
Aufgabe der hier ausgeschriebenen Stelle ist die Mitarbeit am Aufbau eines Tooling Frameworks für das Hardware Security Labor des Fraunhofer AISEC. Das Tooling soll verschiedene existierende Angriffe implementieren sodass diese für Analysen im Labor genutzt werden können. Folgende Tätigkeiten sind hierfür voraussichtlich durchzuführen:
• Literaturrecherche sowie Lesen und Verstehen von relevanten Publikationen
• Python-Implementierung von kryptografischen Verfahren mit der Möglichkeit Fehlerinjektionen zu simulieren
• Implementierung und Testen ausgewählter Angriffe

Prerequisites