Further Information

Side-channel analysis (SCA) still poses a major threat in hardware security chips like smartcards. For software systems, it is quite simple to adapt problematic code while taking real side-channel measurements. However, in hardware primitives this is not possible to solve this in multiple iterations since each sample chip is linked to enormous costs and delay time.

Instead, manufactureres have long tried to identify such leakage already in the design stage. However, the tooling for this still faces many challenges.

[1]  Jasper van Woudenberg et al.: Pre-silicon Side Channel and Fault Analysis

[2] Kazuki Monta et al.: On the Unpredictability of SPICE Simulations for Side-Channel Leakage Verification of Masked Cryptographic Circuits

For power side channel attacks, it is common to capture traces with some kind of oscilloscope. Depeding on the model in use one has several degrees of freedom on the properties of such a measurement. This includes the sampling rate of the scope as well as the resolution of the ADC.

The goal of this seminar topic is to summarize findings on the impact of the sampling rate of an oscilloscope on the resulting side channel attack.

Reference:

For power side channel attacks, it is common to capture traces with some kind of oscilloscope. Depeding on the model in use one has several degrees of freedom on the properties of such a measurement. This includes the sampling rate of the scope as well as the resolution of the ADC.

The goal of this seminar topic is to summarize findings on the impact of the resolution of an oscilloscope on the resulting side channel attack.

Reference:

CPU prefetcher speculatively load data into CPU caches in advance, to prevent CPU stalls due to high memory access latencies. While they are a vital component for performace, they lately got into focus of IT security concerns: As some prefetchers reason about soon to be accessed data by past access patterns, they may leak information similar to cache side-channels.

In this work, we want to give an overview about the different proposed attacks, and what their work principle is. This includes a categorization which kind of prefetcher and which crypto-implementation they target. Finally we give an outlook what future research directions could be interesting.

Reference as a starting point: https://dl.acm.org/doi/10.1145/3575693.3575719

Remark: This topic is supervised by a colleague at Fraunhofer AISEC

Speculative execution attacks like Spectre and Meltdown are dangerous threats to security of modern systems. They exploit flaws in CPU microarchitecture to obtain secret data. Since publication in early 2018 further speculative execution attacks were discovered, like Foreshadow, Zombieload and many more.

In this work, we want to give an overview of some prominent speculative execution attacks and briefly describe their work principle. Most of the attacks were first demonstrated on x86. Hence, we also want to highlight whenever any of the attacks were demonstrated on ARM or RISC-V as well. Finally we also give a brief overview of some of the existing countermeasures. As there are quite a lot of different attacks and variants thereof, we limit ourself to a reasonable scope, covering only some of the exisitng attacks.

Reference as a starting point: https://meltdownattack.com/meltdown.pdf

Remark: This work is supervised by a colleague at Fraunhofer AISEC 

As the development of neural networks requires large amounts of data, expertise, and resources, they are considered valuable intellectual property. This necessitates research into possible attack vectors that could enable the extraction of neural network model parameters. One such attack vector are the memory access patterns of a neural network during inference.

The goal of this seminar is to provide an overview on memory access pattern side channel attacks against neural networks.

[1] X. Hu, L. Liang, S. Li, L. Deng, P. Zuo, Y. Ji, X. Xie, Y. Ding, C. Liu, T. Sherwood, et al. DeepSniffer: A DNN model extraction framework based on learning architectural hints. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2020.

This seminar topic aims to provide an overview of different caching strategies for data stored in DRAM.

A good starting point is:
[1]DRAM Aware Last-Level-Cache Policies

The core of most ciphers and hash functions is a small substitution table, the S-Box, which provides the confusion and diffusion needed for a good cryptographic security. While such table look-ups are trivial in software, the efficient implementation in hordware modules is still and open question. Various heuristics have been proposed to minimize the area and latency of such almost random circuits.

The task of this seminar is to present and compare several such algorithms.

[1] Y. Jeon et al.: Framework for Generating S-Box Circuits with Boyar–Peralta Algorithm-Based Heuristics, https://tches.iacr.org/index.php/TCHES/article/view/11940/11800

In this seminar topic, the student will study the impact of quantum computing on blockchain technology and analyze the role of post-quantum cryptographic primitives in mitigating these threats. Based on the recommended paper “Blockchain in the Quantum Era: Surveying Security Challenges and Post-Quantum Cryptography” [1]  by Ramzan and Cimato, the student will investigate:

• The main vulnerabilities of current blockchain cryptographic components (signatures, hashing, consensus) against quantum algorithms such as Shor’s and Grover’s.

• The requirements and challenges of integrating PQC into blockchain infrastructures, with special attention to performance trade-offs (e.g., transaction size, throughput, decentralization).

• The implications for major platforms (Bitcoin, Ethereum, Monero, Zcash) and potential future designs for quantum-secure blockchains.

The student will summarize findings in a scientific article and presentation. Additional relevant literature beyond the provided paper should be included to build a well-founded perspective.

[1] Muhammad Taha Ramzan and Stelvio Cimato, Blockchain in the Quantum Era: Surveying Security Challenges and Post-Quantum Cryptography, in 2025 IEEE 49th Annual Computers, Software, and Applications Conference (COMPSAC), Toronto, ON, Canada, July 2025. https://ieeexplore.ieee.org/abstract/document/11126739

Physical Unclonable Functions (PUFs) offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. When a use a cryptographic keys is targeted, the quality of this inherent randomness needs to be assessed. A number of metrics and statistical tests specific to PUFs emerged for this purpose.

Randomness tests are no less important in the domain of True Random Number Generators (TRNGs). Here, standardised test suites exist, e.g. NIST SP 800-22, BSI AIS 20, BSI AIS 31. Despite the underlying principles and the key metrics being quite different, many PUF publications simply apply TRNG randomness tests to their data without much consideration for the underlying  assumptions of this methodology.

The aim of this work is a comprehensive literature search regarding

• adaptations of TRNG test frameworks to PUF quality assessment (e.g. [1]) and
• significance of the results when applying standard/adapted TRNG tests to PUFs.

[1] https://github.com/cryptoquantique/TuRiNG-A-PUF-randomness-test-suite

The idea of Chiplets has many benefits, like high modularity and smaller silicon sizes, resulting in better yields. However, what implications does the modularity of chiplets have for their security?

A good starting point is:
[1] On Hardware Security and Trust for Chiplet-Based 2.5D and 3D ICs: Challenges and Innovations
[2] Securing the New Frontier Chiplets & HW Security

An often-cited advantage of key storage with physical unclonable functions (PUFs) is that protection mechanisms for stored cryptographic keys need only be active during runtime. Since the secret only exists while the device is active, expensive secure non-volatile storage is no longer needed.

A comprehensive evaluation of such claims however, needs a clearly defined attacker model. Especially in the domain of memristor-based PUFs, discussions of attacker capabilities have been far from commonplace. Some works (e.g. [1]) discuss measures to harden the PUF primitive against prospecitve attackers, some discuss specific attacks (e.g. [2]), while others use the memristors as non-volatile storage (e.g. [3]).

The aim of this work is a

• literature review of memristor-based PUFs with a
• focus on their explicit and implicit security assumptions,
• summarising the results into predominant categories for attacker models.

[1] https://www.science.org/doi/full/10.1126/sciadv.abn7753
[2] https://arxiv.org/abs/2307.01041
[3] https://ieeexplore.ieee.org/abstract/document/7001345