Wissenschaftliches Seminar Sicherheit in der Informationstechnik

Vortragende/r (Mitwirkende/r)
Nummer0000004153
ArtHauptseminar
SemesterSommersemester 2022
UnterrichtsspracheDeutsch
Stellung in StudienplänenSiehe TUMonline

Teilnahmekriterien

Lernziele

Durch die Teilnahme an den Modulveranstaltungen erhält der Studierende Kenntnisse über aktuelle Probleme und Aufgabenstellungen im Bereich Sicherheit in informationstechnischen Systemen. Der Studierende ist anschließend in der Lage eine Aufgabenstellung aus einem aktuellen Themengebiet der Sicherheit in der Informationstechnik selbstständig auf wissenschaftliche Weise zu bearbeiten, eine schriftliche Ausarbeitung dazu anzufertigen sowie die Qualität von wissenschaftlichen Texten zu bewerten. Darüber hinaus kann der Studierende die von ihm erarbeiteten Erkenntnisse vor einem fachlichen Publikum präsentieren.

Beschreibung

Wechselnde Schwerpunktthemen zur Sicherheit in Informationstechnischen Systemen. Die Modulteilnehmer erarbeiten selbstständig aktuelle wissenschaftliche Beiträge und fertigen eine schriftliche Ausarbeitung an die in einem Peer-Review Verfahren bewertet wird. Die Resultate werden anschließend in Form von Vorträgen allen Teilnehmern präsentiert. Es erfolgt eine intensive Behandlung der Thematik in der Diskussion.

Inhaltliche Voraussetzungen

Folgende Module sollten vor der Teilnahme bereits erfolgreich absolviert sein: - Kryptologie oder gleichwertige Grundlagenvorlesung Es wird empfohlen, ergänzend an folgenden Modulen teilzunehmen: - Sichere Implementierung kryptographischer Verfahren - Selected Topics in System Security

Lehr- und Lernmethoden

Jeder Teilnehmer bearbeitet eine individuelle fachliche Aufgabenstellung. Dies geschieht insbesondere in selbstständiger Einzelarbeit des Studierenden. Der Teilnehmer bekommt - abhängig von seinem individuellen Thema - einen eigenen Betreuer zugeordnet. Der Betreuer hilft dem Studierenden insbesondere zu Beginn der Arbeit, indem er in das Fachthema einführt, geeignete Literatur zur Verfügung stellt und hilfreiche Tipps sowohl bei der fachlichen Arbeit als auch bei der Erstellung der schriftlichen Ausarbeitung und des Vortrags gibt. Darüber hinaus wird ein Präsentationstraining zusammen mit ProLehre und eine Einführung in das Schreiben von wissenschaftlichen Arbeiten angeboten.

Studien-, Prüfungsleistung

Modulprüfung mit folgenden Bestandteilen: - Schriftliche Ausarbeitung über vorgegebenes Thema als Hausarbeit sowie gegenseitige Bewertung in Form von Peer-Reviews (50%). - ca. 30 minütige Präsentation des vorgegebenen Themas incl. anschließender Diskussion (50%) - Studierende könne durch sehr gute Mitarbeit, die sich insbesondere auch in Form von Diskussionsbeiträgen im Rahmen des Seminars zeigt, einen Bonus von 0,3 auf die Gesamtnote für das bestandene Modul erwerben.

Links

Weitere Informationen

Wird im Winter- und Sommersemester angeboten.

Sprache

Arbeitssprache ist Deutsch, Ausarbeitung und Vorträge auch auf Englisch möglich.

Organisatorisches

  • Begrenzung auf 15 Teilnehmer
  • Anwesenheitspflicht
  • im Rahmen des Hauptseminars wird ein Präsentationstraining von ProLehre angeboten
  • das Seminar wird durch die E-Learning Plattform Moodle unterstützt
  • die Ausarbeitung soll den Umfang von 4 Seiten nicht überschreiten und im Stil einer wissenschaftlichen Publikation verfasst werden

Themenwahl

Die Themen werden ca. 2 Wochen vor Semesterbegin online gestellt und können dann gewählt werden. Studierende die auf der Warteliste in TUMonline angemeldet sind, werden entsprechend informiert.

Themenwahl

Bei Interesse an einem der folgenden Themen kontaktieren Sie bitte den jeweiligen Betreuer über den unten stehenden Link. Es besteht auch die Möglichkeit ein eigenes Thema vorzuschlagen.

Verfügbare Themen

Hybrid Memristor-CMOS PUFs?–?Worth the Effort?

Beschreibung

Physical Unclonable Functions offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. The most-researched PUF designs are based on typical CMOS manufacturing processes and thus inherit their inexpensiveness.

With memristors slowly becoming a more concretely available technology, PUFs based on memristor memory structures have been proposed. However, also hybrid designs have been proposed, often combining classical CMOS PUF structures with incremental improvements through added memristors (e.g. [1]), which sometimes can also be used for additional functionality (e.g. [2, 3]).

The aim of this work is a comprehensive literature search

  • summarising hybrid memristor-CMOS PUF designs,
  • determining the benefits and drawbacks compared to purely CMOS PUF designs, and
  • evaluating whether the benefits can be worth the manufacturing overhead of combining multiple processes.

[1] https://dl.acm.org/doi/10.1145/2736285
[2] https://ieeexplore.ieee.org/document/9272678
[3] https://ieeexplore.ieee.org/document/9424347

Kontakt

Betreuer:

Jonas Ruchti

State of the Art in Memristor-Based Neuromorphic Computing

Beschreibung

Memristors are an emerging technology and are recently being developed for memory applications, but also in the domain of neuromorphic computing. Memristor-based artificial neural networks are proposed to have many benefits, e.g. in terms of performance or energy efficiency, over current hardware implementations and thus a topic of ongoing research.

Next to theoretical considerations, hardware implementations of memristor-based neural networks recently started to emerge (e.g. [1, 2]). Some works also claimed that inherent weaknesses of memristors in these applications could be security benefits (e.g. [3]).

The aim of this work is a comprehensive literature review summarising

  • the current state of the art of memristor-based neuromorphic computing compared to classical, silicon-based implementations,
  • predominant memristor technologies and network architectures, and
  • security considerations when using memristor neural networks.

[1] https://www.nature.com/articles/s41586-020-1942-4
[2] https://www.mdpi.com/2072-666X/13/3/433
[3] https://ieeexplore.ieee.org/document/7527493

Betreuer:

Jonas Ruchti

Side-Channel Countermeasures for Physical Unclonable Functions

Stichworte:
PUF, SCA, Countermeasures

Beschreibung

 

 

Silicon-based Physical Unclonable Functions (PUFs) are circuits used to derive a secret from unpredictable hardware-intrinsic features thereby providing a cost-efficient way to e.g. store a secure key on a device. However, depending on their design, the physical structures may be prone to Side-Channel Analysis (SCA). SCA exploits information leaked by a device over its timing behavior, power consumption or EM emanations to reveal, e.g., the secret embedded in a PUF or cryptographic key material. In order to mitigate the threat of SCA attacks, a variety of countermeasures exists.

The goal of this topic is to provide an overview of existing countermeasures proposed for PUFs (e.g. [1]) that protect against side-channel attacks.

 

References given:

 

  1. Aghaie, A. & Moradi, A. TI-PUF: Toward Side-Channel Resistant Physical Unclonable Functions IEEE Transactions on Information Forensics and Security, 2020, 15, 3470-3481

 

 

Kontakt

Betreuer:

Lars Tebelmann

Conversions between Boolean and Arithmetic Masking

Beschreibung

Side-Channel Analysis (SCA) describes the approach of measuring and alalyzing physical emanations during computation in order to derive some information on secret data. A common countermeasure against these techniques is masking. Masking means that data is split into multiple random shares such that the power consumption during computation is independent of the secret data.

There exist different ways of masking data. Two commonly used approaches are Boolean masking and arithmetic masking. The preferred choice of masking schemes depends usually on the operations that are conducted during computation. In post-quantum cryptography, it is often required to switch between Boolean masking and arithmetic masking.

This work aims to survey different approaches that have been presented for Arithmetic-to-Boolean (A2B) and Boolean-to-Arithmetic (B2A) functions used to switch between the differnent masking schemes. The goal is to have a chronological overview of the evolution of these functions.

References:

  • https://doi.org/10.1007/3-540-44499-8_18
  • https://doi.org/10.1007/3-540-44709-1_2

Kontakt

Betreuer:

Patrick Karl

Trapdoor Samplers for Lattice-based Cryptography

Beschreibung

Lattice-based cryptography is based on problems that are considered secure in the post-quantum era. It allows to realize several applications like Public-Key Encryption (PKE), Key Encapsulation Mechanisms (KEMs), Digital Signatures, but also more sophisticated applications like Homomorphic Encryption (HE) and Functional Encryption (FE). For some of these applications, Trapdoor functions are required that allow to sample secret data on possession of the secret key.

Different samplers have been proposed so far. This work should present an overview of Trapdoor samplers for lattices, explain their menchanism and discuss the different pros and cons.

 

References:

  • https://dl.acm.org/doi/10.1145/1374376.1374407
  • https://falcon-sign.info/falcon.pdf

Kontakt

Betreuer:

Patrick Karl

Metrics for Obfuscation of Sequential Circuits

Beschreibung

Obfuscation of sequential circuits targets the protection of finite state machines. There exist different approaches to achieve this, like modifying the state machine on RTL level or modifying the corresponding flip-flops on gate-level [1].  A metric can be used to evaluate the success of an obfuscation technique and make it comparable to other methods. Due to the wide variety of sequential obfuscation methods, there are no uniform and very few metrics at all.

This seminar work should give an overview of already existing metrics and shortly analyze their applicability to other sequential obfuscation methods.

 

References:

  • [1] Kamali, Hadi Mardani, et al. "Advances in Logic Locking: Past, Present, and Prospects." Cryptology ePrint Archive (2022).
  • R. S. Chakraborty and S. Bhunia, "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493-1502, Oct. 2009, doi: 10.1109/TCAD.2009.2028166.

 

Kontakt

Betreuer:

Michaela Brunner

Dimensionality Reduction Methods for Side-Channel Attacks - A Survey

Beschreibung

 

Even though a cryptographic algorithm is proven to be mathematical secure for the best known attack, its implementation can lead to a so called side-channel. An example for such a channel is the power consumption or the EM emissions of the executing device. With side-channel analysis (SCA) the additional information of a power side-channel can be exploited to extract the secret key and therefore break the cryptosystem.

On challenge during the practical execution of SCA attacks consists in handling the huge amount of measurement data that is often needed in order to execute a successful attack. In order to reduce data complexity and therefore the amount of data that has to be processed for an attack, different dimensionality reduction methods can be used. A prominent example for such a method is the Principal Component Analysis (PCA) and Linear Discriminant Analysis (LDA).

This work should provide a survey of different dimensionality reduction methods in the context of SCA. A focus should lie on PCA and LDA but an extensive literature review should be performed. As a starting point the reference [1] can be used. Advantages and disadvantages as well as the field of application of each method should be discussed.

 

[1] Cagli et al.: “Enhancing Dimensionality Reduction Methodsfor Side-Channel Attacks”, International Conference on Smart Card Research and Advanced Applications (CARDIS), 2015

 

 

Kontakt

Betreuer:

Thomas Schamberger

Word Identification on Gate-level Netlists

Beschreibung

Word identification is an important step during reverse engineering of gate-level netlists. Identified words help to understand the general structure of a circuit and can therefore result in a better comprehension of the overall design functionality. There exist different approaches to identify and trace words within a netlist.

This seminar work should first give an overview of already existing word identification strategies. In a second step, it should compare and evaluate the different approaches.

 

References:

  • Li, Wenchao, et al. "Wordrev: Finding word-level structures in a sea of bit-level gates." 2013 IEEE international symposium on hardware-oriented security and trust (HOST). IEEE, 2013.
  • Tashjian, Edward, and Azadeh Davoodi. "On using control signals for word-level identification in a gate-level netlist." 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, 2015.
  • Meade, Travis, et al. "The old frontier of reverse engineering: Netlist partitioning." Journal of Hardware and Systems Security 2.3 (2018): 201-213.

Kontakt

Betreuer:

Michaela Brunner

Information Theory and Biometric Security

Beschreibung

The topic of physical unclonable functions (PUFs) can be seen as a part of biometric security. Biometric security itself is a wide research area which involves various aspects one of which is an information theoretical analysis. The goal of this research is determine how good a system can be in theory.
In [1] the authors target a basic scenario, in which they evaluate the trade-off between privacy (i.e. protecting the biometric data) and security (i.e. roughly speaking how many key bits can be derived).

This seminar topic is supposed to summarize key aspects of such an information-theoretic approach and possibly translate it to the context of PUFs.
It is highly recommended to have some background in either information theory or PUFs.


[1] Lai, Lifeng, Siu-Wai Ho, and H. Vincent Poor. "Privacy–security trade-offs in biometric security systems—Part I: Single use case." IEEE Transactions on Information Forensics and Security 6.1 (2010): 122-139.

Kontakt

Betreuer:

Christoph Frisch

Algebraic Side-Channel Analysis

Stichworte:
SCA

Beschreibung

Side-Channel Analysis (SCA) exploits information leaked by a device over its timing behavior, power consumption or EM emanations to reveal, e.g., the secret key of a cryptographic algorithms is retrieved. “Classical” SCA methods such as Differential Power Analysis (DPA) or Correlation Power Analysis (CPA) collect a number of measurements for different input values of the algorithm under attack and combine the leakage of different measurements to conduct the attack.

Instead, Algebraic SCA [1] makes use of the internal state of the attacked algorithm to formulate a SAT problem and thus allows for combining different leakages. Furthermore, attacks on a single measurement are possible, an attacker does not need to know inputs and outputs and even countermeasures such as masking schemes can circumvented.

The goal of this topic is to provide an overview over existing approaches on algebraic side-channel analysis that exceeds the seminal works in [1-2] and to outline current trends and applications ofalgebraic attacks.

 [1] Renauld, M. & Standaert, F.-X.: Algebraic Side-Channel Attacks. Information Security and Cryptology, Springer Berlin Heidelberg, 2010, 393-410
[2] Renauld, M.; Standaert, F.-X. & Veyrat-Charvillon, N.: Algebraic Side-Channel Attacks on the AES: Why Time also Mtters in DPA Cryptographic Hardware and Embedded Systems - CHES 2009, Springer Berlin Heidelberg, 2009, 97-111

Kontakt

Betreuer:

Lars Tebelmann

Frequency-Based Differential Side-Channel Attack

Beschreibung

Most Side-Channel attacks, like DPA, are executed in the timing domain. As a result, the measurements need to be aligned in order to mount a successfull attack.
Shifting the attack to the frequency domain overcomes the requirement of aligned measurements, and allows also to attack secured implementations.

The goal is to give an insight into the topic of side-channel attacks that operate in the frequency domain. Furthermore, the advantages or disadvantages compared to well known techniques like DPA should be drawn.

References

  • Gebotys, Catherine H., Ho, Simon, Tiu, C. C.. "EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA". Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg. 2005.

  • Y. Lu, K. H. Boey, M. O'Neill, J. V. McCanny and A. Satoh, "Is the differential frequency-based attack effective against random delay insertion?," 2009 IEEE Workshop on Signal Processing Systems, Tampere, 2009.

Kontakt

Betreuer:

Manuel Brosch

Differential Computation Analysis

Beschreibung

Differential Computation Analysis (DCA) is the software counterpart of the Differential Power Analysis (DPA) that uses the power consumption of a device to extract secret information.
A DCA can be mounted on white-box implementations of cryptographic algorithms, i.e., an attacker has full access to the internal state and can extract software traces containing the read and write accesses made to memory.

This work should give an insight into DCA. Moreover, the limitations of DCA should be discussed as well as possible countermeasures.

References

  • Bos, Joppe W., Hubain, Charles, Michiels, Wil, Teuwen, Philippe. 'Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough'. Cryptographic Hardware and Embedded Systems -- CHES 2016. Springer Berlin Heidelberg. 2016.

Kontakt

Betreuer:

Manuel Brosch

Overview of partitioning algorithms used in Layout Synthesis

Stichworte:
Synthesis, Hardware Design, ASIC, Partitioning, EDA

Beschreibung

Synthesis, where a RTL Design is translated into a netlist and later into a layout, provides the best result when wire lengths are optimised and critical paths are taken into account. The problem of partitioning for hardware design has been of interest to the EDA community for many years. A good partitioning of parts of the design allows for an efficient layout, which allows for a faster and more efficient chip. Nowadays, partitioning algorithms are inbuilt into every design flow tool.

However, the underlying algorithms become important when considering reverse engineering. Netlist partitioning of an unknown netlist is much easier when the method to originally partition the design during synthesis is known. This paper should provide an overview of commonly used partitioning methods for synthesis, and consider the different effects these algorithms have on the structure of the design.

A. C. H. Wu and D. D. Gajski, "Partitioning algorithms for layout synthesis from register-transfer netlists," 1990 IEEE International Conference on Computer-Aided Design. Digest of Technical Papers, Santa Clara, CA, USA, 1990, pp. 144-147.

Β. W. Kernighan S. Lin "An Efficient Heuristic Procedure for Partitioning Graphs" Bell System Technical Journal vol. 49 no. 2 pp. 291-308 1970.

D. R. Brasen and G. Saucier, "Using cone structures for circuit partitioning into FPGA packages," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 17, no. 7, pp. 592-600, July 1998.

Kontakt

Betreuer:

Johanna Baehr

Overview of the Approximate Computing and related Security Problems

Beschreibung

Approximate computing describe a new methodology of circuit design, which allows a trade off between functional correctness and perfomance abd size. However, this leads to new problems regarding the security of the design. This work should give a short overview of approximate computing, including the common use cases. Furthermore, it should give an overview of the new security challanges introduced.

Regazzoni, Francesco, Cesare Alippi, and Ilia Polian. ‘Security: The Dark Side of Approximate Computing?’ In 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 1–6, 2018. https://doi.org/10.1145/3240765.3243497. Taneja, Shubbhi, Yi Zhou, Ajit Chavan, and Xiao Qin. ‘Improving Energy Efficiency of Hadoop Clusters Using Approximate Computing’. In 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), 206–11, 2019. https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2019.00048. Yellu, Pruthvy, Zhiming Zhang, Mohammad Mezanur Rahman Monjur, Ranuli Abeysinghe, and Qiaoyan Yu. ‘Emerging Applications of 3D Integration and Approximate Computing in High-Performance Computing Systems: Unique Security Vulnerabilities’. In 2019 IEEE High Performance Extreme Computing Conference (HPEC), 1–7, 2019. https://doi.org/10.1109/HPEC.2019.8916503. De, S., J. Huisken, and H. Corporaal. ‘An Automated Approximation Methodology for Arithmetic Circuits’. In 2019 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED), 1–6, 2019. https://doi.org/10.1109/ISLPED.2019.8824974.

Kontakt

Betreuer:

Johanna Baehr

How to Build a TRNG Model

Beschreibung

High quality true random number generators are crucial for the security of many cryptographic protocols. The BMBF provides in the AIS 31 quality criteria for the certification of TRNGs. In this context it is required to provide a model the TRNG.
For this seminar topic, the methodology for building a statistical TRNG model that fulfills the requirements of the AIS 31 should be summarized and examples for such a model building should be provided. The student might start research with the references below.

References:

  • https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf
  • W. Killmann and W. Schindler; A Design for A Physical RNG with Robust Entropy Estimators; CHES 2008

 

 

 

Kontakt

Betreuer: