Despite any  theoretical strength a cryptographics algorithm might offer, a real-world application can only be as good as the eventual implementation. For example, side channel leakage is a common problem: unless particular care is taken during the implementation, any computation running on real hardware leaks information about the processed secrets. Common examples include timing side channels, where the execution time depends on secret bits, or power side channels, where e.g. a CPU’s power draw depends on the processed data.

This work is concerned with gathering measurement data from cryptographic algorithms running on embedded hardware before running attacks based on the collected traces. Ultimately, the aim is a quantitative comparison of different operating conditions and side channels, assessing the information content of the emanated signals and the resulting complexity of extracting the processed secrets using a side channel attack.

• Necessary: Experience programming in Python
• Preferrable: Basic understanding of cryptographics algorithms
• Preferrable: Experience programming microcontrollers in C
• Optional: HDL hardware design experience

A Physical Unclonable Function (PUF) is a hardware element which uses subtle manufacturing variabilities to derive a device-unique secret. In the case of a multi-challenge PUF (or ‘strong PUF’), the PUF functions as a device-unqiue function, mapping challenges to PUF responses.

A PUF like this is very useful for authentication scenarios, where e.g. a server provides challenges to a device, which replies with the PUF response the server can now check against an internal model or response database.

Protocols like these, however, suffer from data leaks, allowing an attacker to create a model of a device’s PUF from captured challenge-response pairs. Thjus, the ostensibly unclonable device may be replicated just be eavesdropping on authentication communication.

The aim of this work is to investigate novel approaches for PUF authentication procedures which plug data leaks with simple on-device preprocessing while still allowing for reliable authentication in the presence of measurement noise. A software implementation can then be evaluated e.g. against a more standard implementation in terms of performance, complexity or resistance against a machine learning attack.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

• Necessary: Basic cryptography knowledge; mathematical background; programming skills
• Favourably: Experience with machine learning techniques
• Optionally: Basic knowledge of error-correcting codes, PUFs

Despite any  theoretical strength a cryptographics algorithm might offer, a real-world application can only be as good as the eventual implementation. For example, side channel leakage is a common problem: unless particular care is taken during the implementation, any computation running on real hardware leaks information about the processed secrets. Common examples include timing side channels, where the execution time depends on secret bits, or power side channels, where e.g. a CPU’s power draw depends on the processed data.

This work is concerned with gathering measurement data from cryptographic algorithms running on embedded hardware before running attacks based on the collected traces. Ultimately, the aim is a quantitative comparison of different operating conditions and side channels, assessing the information content of the emanated signals and the resulting complexity of extracting the processed secrets using a side channel attack.

• Necessary: Experience programming in Python
• Preferrable: Basic understanding of cryptographics algorithms
• Preferrable: Experience programming microcontrollers in C
• Optional: HDL hardware design experience

A Physical Unclonable Function (PUF) is a hardware element which uses subtle manufacturing variabilities to derive a device-unique secret. In the case of a multi-challenge PUF (or ‘strong PUF’), the PUF functions as a device-unqiue function, mapping challenges to PUF responses.

A PUF like this is very useful for authentication scenarios, where e.g. a server provides challenges to a device, which replies with the PUF response the server can now check against an internal model or response database.

Protocols like these, however, suffer from data leaks, allowing an attacker to create a model of a device’s PUF from captured challenge-response pairs. Thjus, the ostensibly unclonable device may be replicated just be eavesdropping on authentication communication.

The aim of this work is to investigate novel approaches for PUF authentication procedures which plug data leaks with simple on-device preprocessing while still allowing for reliable authentication in the presence of measurement noise. A software implementation can then be evaluated e.g. against a more standard implementation in terms of performance, complexity or resistance against a machine learning attack.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

• Necessary: Basic cryptography knowledge; mathematical background; programming skills
• Favourably: Experience with machine learning techniques
• Optionally: Basic knowledge of error-correcting codes, PUFs

Physical unclonable functions (PUFs) are gaining traction as a method for the storage of secrets: The security issues of nonvolatile memory for key storage are avoided entirely by using device hardware fingerprints to reconstruct the secrets at run time, keeping them in memory only while they are needed.

Being based on subtle manufacturing tolerances, PUFs are naturally affected by ageing and environmental effects and are thus unreliable on their own. Consequently, using a PUF necessitates employing an error-correction code to compensate these effects and sustain a high availability in spite of noisy PUF measurements.

Different coding schemes have been proposed and analysed for PUFs. Some insight into their properties can already be gained from software simulations, but a more complete security evaluation can only be based on a concrete hardware implementation.

A VHDL decoder implementation, which is adaptable to different parameters via a Python script, already exists, but suffers from high hardware overhead, which hinders FPGA experiments and comparability to other codes.

The aim of this work is the evaluation of more advanced optimisation techniques for this decoder design, with the goal of shrinking it significantly.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

• Necessary: Advanced experience using either VHDL or Verilog.
• Favourably: Basic knowledge of error-correction codes and their implementation.
• Optionally: Background knowledge of physical unclonable functions.

Physical unclonable functions (PUFs) are gaining traction as a method for the storage of secrets: The security issues of nonvolatile memory for key storage are avoided entirely by using device hardware fingerprints to reconstruct the secrets at run time, keeping them in memory only while they are needed.

Being based on subtle manufacturing tolerances, PUFs are naturally affected by ageing and environmental effects and are thus unreliable on their own. Consequently, using a PUF necessitates employing an error-correction code to compensate these effects and sustain a high availability in spite of noisy PUF measurements.

Different coding schemes have been proposed and analysed for PUFs. Some insight into their properties can already be gained from software simulations, but a more complete security evaluation can only be based on a concrete hardware implementation.

A VHDL decoder implementation, which is adaptable to different parameters via a Python script, already exists, but suffers from high hardware overhead, which hinders FPGA experiments and comparability to other codes.

The aim of this work is the evaluation of more advanced optimisation techniques for this decoder design, with the goal of shrinking it significantly.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

• Necessary: Advanced experience using either VHDL or Verilog.
• Favourably: Basic knowledge of error-correction codes and their implementation.
• Optionally: Background knowledge of physical unclonable functions.