Over the past years, the trend in hardware development has gone towards third party IP Cores and commercial off-the-shelf ICs, with more and more high-level design being outsourced, and fabrication often taking place in external foundries. This gives way to a number of security threats, such as insertion of Hardware Trojans, IP Theft or IP Counterfeitung through illegal reverse engineering. Reverse engineering can provide a convenient tool to facilitate identification of malicious code entities, by creating a better understanding of the unknown circuit, on the other hand it can also be used to identfiy possible insertion points. Furthemore, the illegal reverse engineering of IP causes a significant financial cost to the hardware industry. Particularly in the field of cryptology, reverse engineering can severely impact the security of encryption and decryption algorithms, by helping in the identification of new attack vectors on cryptographic implementations. To protect the integrity of the design, hardware obfuscation, both on a physical and netlist level, is becoming more and more prevalent. Understanding the process behind reverse engineering can provide insights into future possibilities for obfuscation or other countermeasures.
Lippmann, Bernhard and Hatsch, Joel and Seidl, Stefan and Houdeau, Detlef and Subrahmanyam, Niranjana Papagudi and Schneider, Daniel and Safieh, Malek and Passarelli, Anne and Maftun, Aliza and Brunner, Michaela and Music, Tim and Pehl, Michael and Siddiqui, Tauseef and Brederlow, Ralf and Schlichtmann, Ulf and Driemeyer, Bjoern and Ortmanns, Maurits and Hesselbarth, Robert and Hiller, Matthias: VE-FIDES: Designing Trustworthy Supply Chains Using Innovative Fingerprinting Implementations. 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2023 mehr…
2022
Aksoy, Levent and Hepp, Alexander and Baehr, Johanna and Pagliarini, Samuel: Hardware Obfuscation of Digital FIR Filters. 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems, IEEE, 2022Prague, Czech Republic, 68-73 mehr…
Baehr, Johanna and Hepp, Alexander and Brunner, Michaela and Malenko, Maja and Sigl, Georg: Open Source Hardware Design and Hardware Reverse Engineering: A Security Analysis. Euromicro Conference on Digital System Design DSD, 2022Maspalomas, Gran Canarias, Spainmehr…
Brunner, Michaela and Hepp, Alexander and Baehr, Johanna and Sigl, Georg: Toward a Human-Readable State Machine Extraction. ACM Trans. Des. Autom. Electron. Syst. 27 (6), 2022 mehr…
Brunner, Michaela; Ibrahimpasic, Tarik; Li, Bing; Zhang, Grace Li; Schlichtmann, Ulf; Sigl, Georg: Timing Camouflage Enabled State Machine Obfuscation. 2022 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2022Huntsville, USAmehr…
Hepp, Alexander and Baehr, Johanna and Sigl, Georg: Golden Model-Free Hardware Trojan Detection by Classification of Netlist Module Graphs. Design, Automation and Test in Europe Conference, IEEE, 2022Antwerp, Belgium, 1317-1322 mehr…
Hepp, Alexander and Perez, Tiago and Pagliarini, Samuel and Sigl, Georg: A Pragmatic Methodology for Blind Hardware Trojan Insertion in Finalized Layouts. Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design ICCAD (ICCAD '22), Association for Computing Machinery, 2022 mehr…
Lippmann, Bernhard and Ludwig, Matthias and Mutter, Johannes and Bette, Ann-Christin and Hepp, Alexander and Baehr, Johanna and Rasche, Martin and Kellermann, Oliver and Gieser, Horst and Zweifel, Tobias and Kovac, Nicola: Physical and Functional Reverse Engineering Challenges for Advanced Semiconductor Solutions. 2022 Design, Automation & Test in Europe Conference & Exhibition DATE, IEEE, 2022Antwerp, Belgiummehr…
Weber, Selina and Baehr, Johanna and Hepp, Alexander and Sigl, Georg: Analysis of Graph-based Partitioning Algorithms and Partitioning Metrics for Hardware Reverse Engineering. 11th International Workshop on Security Proofs for Embedded Systems (PROOFS), 2022Leuven, Belgiummehr…
2021
Hepp, Alexander and Sigl, Georg: Tapeout of a RISC-V Crypto Chip with Hardware Trojans: A Case-Study on Trojan Design and Pre-Silicon Detectability. Proceedings of the 18th ACM International Conference on Computing Frontiers (CF '21), Association for Computing Machinery, 2021Virtual: Catania, Italymehr…
Ludwig, Matthias and Hepp, Alexander and Brunner, Michaela and Baehr, Johanna: CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering. 2021 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2021Washington DC, USmehr…
Brunner, M. and Gruber, M. and Tempelmeier, M. and Sigl, G.: Logic Locking Induced Fault Attacks. 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2020Limassol, CYPRUSmehr…
Zhang, G. L. and Li, B. and Li, M. and Yu, B. and Pan, D. Z. and Brunner, M. and Sigl, G. and Schlichtmann, U.: TimingCamouflage+: Netlist Security Enhancement with Unconventional Timing. IEEE Transactions on Computer-Aided Design of Integrated
Circuits and Systemsde
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
, 2020, 1-1 mehr…
Zhang, G. L. and Brunner, M. and Li, B. and Sigl, G.and Schlichtmann, U.: Timing Resilience for Efficient and Secure Circuits. 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), 2020Beijing, China, 623-628 mehr…
2019
Baehr, Johanna; Bernardini, Alessandro; Sigl, Georg; Schlichtmann, Ulf: Machine Learning and Structural Characteristics for Reverse Engineering. 24th Asia and South Pacific Design Automation Conference Conference (ASPDAC’19), 2019Tokyo, Japanmehr…
Brunner, M. and Baehr, J. and Sigl, G.: Improving on State Register Identification in Sequential Hardware Reverse Engineering. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2019Washington, D.C., USAmehr…
2018
Werner, M.; Lippmann, B.; Baehr, J.; Gräb, H.: Reverse Engineering of Cryptographic Cores by Structural Interpretation Through Graph Analysis. 2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018Platja d’Aro, Costa Brava, Spain, 13-18 mehr…
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.
During this thesis, you will implement and improve an existing hardware trojan detection method.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
Basic knowledge in design/architecture of hardware design to understand trojan location and insertion.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Entwicklung von Werkzeugen für das Reverse Engineering
Beschreibung
Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.
Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.
In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.
During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for designing an interface
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.
Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.
In this thesis, you will try and compare different methods of in-depth protection.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
In the optimum case experience with FPGAs to try the measures in the real world.
Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.
During this thesis, you will implement and improve an existing hardware trojan detection method.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
Basic knowledge in design/architecture of hardware design to understand trojan location and insertion.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.
During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for designing an interface
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Entwicklung von Werkzeugen für das Reverse Engineering
Beschreibung
Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.
Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.
In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.
Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.
In this thesis, you will try and compare different methods of in-depth protection.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
In the optimum case experience with FPGAs to try the measures in the real world.
Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.
During this thesis, you will implement and improve an existing hardware trojan detection method.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
Basic knowledge in design/architecture of hardware design to understand trojan location and insertion.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.
During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for designing an interface
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Voraussetzungen
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via
Entwicklung von Werkzeugen für das Reverse Engineering
Beschreibung
Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.
Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.
In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.
Kontakt
If you are interested in this topic, don't hesitate to ask for an appointment via