As quantum computers will be able to break conventional public-key cryptography, there is a need for quantum-secure alternatives. Recognizing this, NIST recently started a new call for additional post-quantum secure signatures.

LESS [1] is a signature scheme that is based on the hardness of the Linear Equivalence Problem (LEP). It has been submitted to the NIST call for additional post-quantum secure signature schemes. Recently, there has been an improvement/reformulation of LEP [2] which significantly reduces the signature sizes of LESS.

This work aims at understanding and explaining how LESS [1] works in general. Then, the reformulation of LEP [2] shall be explained to provide some understanding where the savigs in signature size come from.

References:

• [1] https://www.less-project.com/home.html
• [2] https://link.springer.com/chapter/10.1007/978-981-99-8739-9_12

Telecommunication (CDMA) and satellite navigation (GPS) use the same signal channels or frequencies from different senders. Thus, low correlation codes - Gold codes - are used to increase the SNR. In Side-Channel analysis it is challenging to attack parallel operations due to degrading SNR. This could be solved by applying low correlation inputs, since the cross-correlation between parallel operations may be influenced positively yielding a larger attack surface.

In this work, an overview of existing low correlation codes should be written. Gold codes working principle should be described in detail and compared to other low correlation codes [1]. Cross correlation analysis of the codes should be also taken into consideration [2] since this will be the main challenge for an application at side-channel attack targets.. A special emphasize is laying on outputting multiple bits at the same time in order to feed a side channel attack target with such codes.

[1] M. B. Mollah and M. R. Islam, "Comparative analysis of Gold Codes with PN codes using correlation property in CDMA technology"

[2] T. M. N. Huda and S. F. Islam, "Correlation analysis of the gold codes and walsh codes in CDMA technology"

The objective of this task is to conduct a comprehensive survey of wear leveling techniques employed in flash memory and/or phase-change memory (PCM) technologies. Wear leveling is crucial for extending the lifespan and maintaining the reliability of these non-volatile memory types. This survey shall provide insights into various wear leveling methods, their advantages, limitations, and applications.

The survey will cover wear leveling techniques used in both flash memory and PCM technology. Flash memory includes NAND and NOR flash, while PCM is a type of emerging non-volatile memory technology. The survey will encompass static and dynamic wear leveling strategies, as well as any innovative approaches used to optimize wear leveling.

A possible starting point is given by the following paper:

• [1] M. K. Qureshi, J. Karidis, M. Franceschini, V. Srinivasan, L. Lastras, and B. Abali, “Enhancing lifetime and security of PCM-based main memory with start-gap wear leveling,” in MICRO, 2009.
• [2] N. H. Seong, D. H. Woo, and H.-H. S. Lee, “Security Refresh: Prevent Malicious Wear-out and Increase Durability for Phase-change Memory with Dynamically Randomized Address Mapping,” in ISCA, 2010.
• [3] F. Huang, D. Feng, W. Xia, W. Zhou, Y. Zhang, M. Fu, C. Jiang, and Y. Zhou, “Security RBSG: Protecting Phase Change Memory with Security-Level Adjustable Dynamic Mapping,” in IPDPS, 2016.

Ring oscillators, that is a odd number of inverters in a loop, are used in many different application scenarios. One important use is as a test device for assessing silicon performance and manucaturability. However, regarding ring oscillators as test-only underestimates their versatility.

In this seminar topic, either a structured overview of the possible use of ring oscillators, their proper construction and usage can be given, or a detailed analysis of one use-case for ring-oscillators, such as TRNGs, temperature sensors, clock-generators or an exceptional case such as the pneumatic ring oscilllator [1] or the printed ring oscillator [2]

[1] Preston, Daniel J., et al. "A soft ring oscillator." Science Robotics 4.31 (2019). DOI: 10.1126/scirobotics.aaw5496

[2] Huebler et al.. Ring oscillator fabricated completely by means of mass-printing technologies, Organic Electronics, DOI: 10.1016/j.orgel.2007.02.009.

Physical Unclonable Functions offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. The most-researched PUF designs are based on typical CMOS manufacturing processes and thus inherit their inexpensiveness.

With memristors slowly becoming a more concretely available technology, PUFs based on memristor memory structures have been proposed. However, also hybrid designs have been proposed, often combining classical CMOS PUF structures with incremental improvements through added memristors (e.g. [1]), which sometimes can also be used for additional functionality (e.g. [2, 3]).

The aim of this work is a comprehensive literature search

• summarising hybrid memristor-CMOS PUF designs,
• determining the benefits and drawbacks compared to purely CMOS PUF designs, and
• evaluating whether the benefits can be worth the manufacturing overhead of combining multiple processes.

[1] https://dl.acm.org/doi/10.1145/2736285
[2] https://ieeexplore.ieee.org/document/9272678
[3] https://ieeexplore.ieee.org/document/9424347

Attacks with external USB devices.

A Trusted Execution Environment (TEE) [1] is a technology, which aims to create an isolated execution environment, in which critical operations can be executed and secrets can be securely stored. Some example TEEs are MultiZone [2] security and Keystone [3] on RISC-V.

The aim of this work is to:

• conduct a literature review for MultiZone and Keystone,
• list the advantages and disadvantages,
• and to compare with each other.

References:

[1] Global Platform. (May 2018.) Introduction to Trusted Execution Environments.

[2] Pinto, S., & Garlati, C. (2020, February). MultiZone security for arm cortex-m devices. In Embedded World Conference (Vol. 2020).

[3] Lee, D., Kohlbrenner, D., Shinde, S., Asanovi ?c, K., & Song, D. (2020, April). Keystone: An open framework for architecting trusted execution environments. In Proceedings of the Fifteenth European Conference on Computer Systems (pp. 1-16).

A Trusted Execution Environment (TEE) [1] is a technology, which aims to create an isolated execution environment, in which critical operations can be executed and secrets can be securely stored. An example TEE implementation is TrustZone [2] on ARM.

The aim of this work is to:

• conduct a literature review for ARM TrustZone for different ARM processors (ARMv7, ARMv8),
• list the advantages and disadvantages,
• and to compare with each other.

References:

[1] Global Platform. (May 2018.) Introduction to Trusted Execution Environments.

[2] ARM. (June 2016). ARM Security Technology - Build a Secure System using TrustZone

Technology.

Memristors are an emerging technology and are recently being developed for memory applications, but also in the domain of neuromorphic computing. Memristor-based artificial neural networks are proposed to have many benefits, e.g. in terms of performance or energy efficiency, over current hardware implementations and thus a topic of ongoing research.

Next to theoretical considerations, hardware implementations of memristor-based neural networks recently started to emerge (e.g. [1, 2]). Some works also claimed that inherent weaknesses of memristors in these applications could be security benefits (e.g. [3]).

The aim of this work is a comprehensive literature review summarising

• the current state of the art of memristor-based neuromorphic computing compared to classical, silicon-based implementations,
• predominant memristor technologies and network architectures, and
• security considerations when using memristor neural networks.

[1] https://www.nature.com/articles/s41586-020-1942-4
[2] https://www.mdpi.com/2072-666X/13/3/433
[3] https://ieeexplore.ieee.org/document/7527493

Fully Homomorphic Encryption (FHE) is a promising technology that enables calculations to be performed on encrypted data. It has the potential to significantly alter privacy considerations in cloud computing, but its widespread adoption is hindered by high computational and memory requirements. Significant advancements in algorithmic and mathematical optimizations have greatly improved the performance of FHE schemes. However, computations on encrypted data are still several orders of magnitude slower than equivalent computations on plaintext data when performed purely in software.  Therefore, it is crucial to develop hardware accelerators for FHE to bridge this performance gap and make the usage of FHE more practical.
In recent years, several hardware accelerators for different schemes have been proposed. Most hardware accelerators are tailored for a specific scheme and parameter set. Typically, in order to achieve flexibility, one has to sacrifice performance.
This work shall provide a survey of methodologies and techniques for designing both flexible and high-performance accelerators. It should give an overview of existing hardware accelerators and their underlying architectural features, which enable high performance and flexibility. References [1] and [2] can be used as a starting point for literature research.

[1] https://doi.org/10.46586/tches.v2023.i1.463-500
[2] https://doi.org/10.1145/3466752.3480070

Please note: This work is supervised at Fraunhofer AISEC. As a consequence, the availability of the supervisor at the inner city campus of TUM will be limited.

Radio-frequency identification (RFID) and Near Field Communication (NFC) are increasingly popular technologies. They are used in a wide range of application from payment to car keys and might replace barcodes in the future. Unlike classical Smartcards, where an attacker would need to get inside the card terminal, the radio signals allow for attacks over a wide distance [1]. To counter such attacks, the industy has developed extensions to the communication protocol, for example Secure Unique Messaging (SUN) by NXP [2].

Aim of this seminar is to research and evaluate proven attack vectors on the physical or protocol layer, or to present the countermeasures in full detail.

[1] https://www.researchgate.net/publication/
      263314494_Access_Without_Permission_A_Practical_RFID_Relay_Attack
[2] https://www.nxp.com/docs/en/data-sheet/NT4H1321.pdf

Crystals-Dilithium ist einer der Post-Quanten Signaturalgorithmen die von der NIST zur Standardisierung ausgwählt wurden. Entsprechend besteht starkes Interesse an gegen Seitenkanalangriffe geschützten Implementierungen des Algorithmus.

Im Rahmen dieses Themas sollen aktuell vorgeschlagene geschützte Implementierungen hinsitichlich Kosten und Performanz anhand ihrer Paper verglichen werden.

Referenzen:

Paper 1

Paper 2

Masking schemes to protect an implementation against side-channel attacks usually come with security proofs in so-called probing models [1, 2].
There exists different probing models that address different leakage characteristics, such as glitches [3].

The goal is to give insight into different probing models, their characteristics and limitations.

References

[1] Ishai, Y., Sahai, A., Wagner, D. (2003). Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_27

[2] Cassiers, Gaetan & Standaert, François-Xavier. (2020). Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference. IEEE Transactions on Information Forensics and Security. PP. 1-1. 10.1109/TIFS.2020.2971153.

[3] Faust, S., Grosso, V., Merino Del Pozo, S., Paglialonga, C., & Standaert, F.-X. (2018). Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 89–120. https://doi.org/10.13154/tches.v2018.i3.89-120

For real world deployment, cryptographic devices must be protected against physical attacks. Against power-side channels, masking in its different flavors (e.g., Boolean, arithmetic masking) is a common approach. To implement masked cryptographic schemes, secure gadgets that are proven to be secure in certain probing models are typically used.

The first part of this work aims at explaining security notions like non-interference (NI), strong non-interference (SNI) [1], that are used within the context of secure gadgets. Afterwards, the work should investigate and explain some secure gadgets and procedures that are commonly used in post-quantum cryptography, as for example proposed in [2].

References

• [1]: https://dl.acm.org/doi/abs/10.1145/2976749.2978427
• [2]: https://link.springer.com/chapter/10.1007/978-3-030-21568-2_17

This task deals with the different DRAM technologies, how they differ and how they are accessed. You should do a survey, digging into sdr to ddr5, their bus and timing parameters.

A good starting point is following paper:

[1] NXP DDR Memories
[2] Micron DDR5

Most Side-Channel attacks, like DPA, are executed in the timing domain. As a result, the measurements need to be aligned in order to mount a successfull attack.
Shifting the attack to the frequency domain overcomes the requirement of aligned measurements, and allows also to attack secured implementations.

The goal is to give an insight into the topic of side-channel attacks that operate in the frequency domain. Furthermore, the advantages or disadvantages compared to well known techniques like DPA should be drawn.

References

• Gebotys, Catherine H., Ho, Simon, Tiu, C. C.. "EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA". Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg. 2005.
  
  
• Y. Lu, K. H. Boey, M. O'Neill, J. V. McCanny and A. Satoh, "Is the differential frequency-based attack effective against random delay insertion?," 2009 IEEE Workshop on Signal Processing Systems, Tampere, 2009.

Hardware Trojans are an emerging threat for application specific integrated circuits (ASICs) and field programmable gate arrays (FPGAs), as they affect all security principles, such as confidentiality, integrity and availability.

Hardware Trojans can be inserted at various levels of detail during the design of integrated circuits. The level of parametric variations in the silicon doping (so called Physical Level) is especially challenging, as the injected variations are below the threshold for most detection methods.

In this work, a well-structured overview of the approaches for parametric hardware Trojans (e.g. [1]) as well as available detection methods shall be given.

• [1] Becker G.T., Regazzoni F., Paar C., Burleson W.P. (2013) Stealthy Dopant-Level Hardware Trojans. In: Bertoni G., Coron JS. (eds) Cryptographic Hardware and Embedded Systems - CHES 2013. CHES 2013. Lecture Notes in Computer Science, vol 8086. Springer, Berlin, Heidelberg