Despite any  theoretical strength a cryptographics algorithm might offer, a real-world application can only be as good as the eventual implementation. For example, side channel leakage is a common problem: unless particular care is taken during the implementation, any computation running on real hardware leaks information about the processed secrets. Common examples include timing side channels, where the execution time depends on secret bits, or power side channels, where e.g. a CPU’s power draw depends on the processed data.

This work is concerned with gathering measurement data from cryptographic algorithms running on embedded hardware before running attacks based on the collected traces. Ultimately, the aim is a quantitative comparison of different operating conditions and side channels, assessing the information content of the emanated signals and the resulting complexity of extracting the processed secrets using a side channel attack.

• Necessary: Experience programming in Python
• Preferrable: Basic understanding of cryptographics algorithms
• Preferrable: Experience programming microcontrollers in C
• Optional: HDL hardware design experience

A Physical Unclonable Function (PUF) is a hardware element which uses subtle manufacturing variabilities to derive a device-unique secret. In the case of a multi-challenge PUF (or ‘strong PUF’), the PUF functions as a device-unqiue function, mapping challenges to PUF responses.

A PUF like this is very useful for authentication scenarios, where e.g. a server provides challenges to a device, which replies with the PUF response the server can now check against an internal model or response database.

Protocols like these, however, suffer from data leaks, allowing an attacker to create a model of a device’s PUF from captured challenge-response pairs. Thjus, the ostensibly unclonable device may be replicated just be eavesdropping on authentication communication.

The aim of this work is to investigate novel approaches for PUF authentication procedures which plug data leaks with simple on-device preprocessing while still allowing for reliable authentication in the presence of measurement noise. A software implementation can then be evaluated e.g. against a more standard implementation in terms of performance, complexity or resistance against a machine learning attack.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

• Necessary: Basic cryptography knowledge; mathematical background; programming skills
• Favourably: Experience with machine learning techniques
• Optionally: Basic knowledge of error-correcting codes, PUFs

Despite any  theoretical strength a cryptographics algorithm might offer, a real-world application can only be as good as the eventual implementation. For example, side channel leakage is a common problem: unless particular care is taken during the implementation, any computation running on real hardware leaks information about the processed secrets. Common examples include timing side channels, where the execution time depends on secret bits, or power side channels, where e.g. a CPU’s power draw depends on the processed data.

This work is concerned with gathering measurement data from cryptographic algorithms running on embedded hardware before running attacks based on the collected traces. Ultimately, the aim is a quantitative comparison of different operating conditions and side channels, assessing the information content of the emanated signals and the resulting complexity of extracting the processed secrets using a side channel attack.

• Necessary: Experience programming in Python
• Preferrable: Basic understanding of cryptographics algorithms
• Preferrable: Experience programming microcontrollers in C
• Optional: HDL hardware design experience

A Physical Unclonable Function (PUF) is a hardware element which uses subtle manufacturing variabilities to derive a device-unique secret. In the case of a multi-challenge PUF (or ‘strong PUF’), the PUF functions as a device-unqiue function, mapping challenges to PUF responses.

A PUF like this is very useful for authentication scenarios, where e.g. a server provides challenges to a device, which replies with the PUF response the server can now check against an internal model or response database.

Protocols like these, however, suffer from data leaks, allowing an attacker to create a model of a device’s PUF from captured challenge-response pairs. Thjus, the ostensibly unclonable device may be replicated just be eavesdropping on authentication communication.

The aim of this work is to investigate novel approaches for PUF authentication procedures which plug data leaks with simple on-device preprocessing while still allowing for reliable authentication in the presence of measurement noise. A software implementation can then be evaluated e.g. against a more standard implementation in terms of performance, complexity or resistance against a machine learning attack.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

• Necessary: Basic cryptography knowledge; mathematical background; programming skills
• Favourably: Experience with machine learning techniques
• Optionally: Basic knowledge of error-correcting codes, PUFs