Studentische Arbeiten und Werkstudententätigkeiten

Auf dieser Seite finden Sie studentische Arbeiten und Werkstudententätigkeiten, die derzeit am Lehrstuhl für Sicherheit in der Informationstechnik und am Fraunhofer AISEC angeboten werden.

Die Arbeiten oder Werkstudententätigkeiten mit dem Zusatz (AISEC) werden am Fraunhofer AISEC in Garching durchgeführt.

Falls Sie sich bezüglich Ihrer Vorkenntnisse unsicher sind, kontaktieren Sie gerne den bei der Auschreibung genannten Kontakt. Sie haben kein Thema gefunden möchten aber trotzdem Ihre Arbeit bei uns schreiben? Kontaktieren Sie bitte einen Mitarbeiter im für Sie interessanten Forschungsbereich. Bitte legen Sie bei Bewerbungen immer einen aktuellen Notenauszug sowie einen kurzen Lebenslauf bei, damit wir Ihre Eignung für das Thema Ihrer Wahl einschätzen können.

Offene Arbeiten und Werkstudententätigkeiten

Bachelorarbeiten

Evaluating Primitives for Hash-based Signatures

Beschreibung

Stateful hash-based signatures are recommended by several entities such as the National Institute of Standards and Technology (NIST) [1]. As already hinted by their name, they are based on secure hash functions and thus, can be instantiated with different (hash) primitives.

This work aims at investigating hash-based signatures. It should be analyzed, how different hash primitives compare when instantiated in a hash-based signature. The work will be conducted on a commonly used microcontroller.

The information about this work is deliberately kept short as it varies depending on the students skills, interests and intended scope. For detailed information don't hesitate to contact me.

 

[1] https://csrc.nist.gov/publications/detail/sp/800-208/final

Voraussetzungen

  • C programming
  • Experience with embedded programming and environment

If interested, please send me a short CV and your latest grade report.

Kontakt

Betreuer:

Patrick Karl

Quantitative Comparison of Different Side Channels

Beschreibung

Despite any  theoretical strength a cryptographics algorithm might offer, a real-world application can only be as good as the eventual implementation. For example, side channel leakage is a common problem: unless particular care is taken during the implementation, any computation running on real hardware leaks information about the processed secrets. Common examples include timing side channels, where the execution time depends on secret bits, or power side channels, where e.g. a CPU’s power draw depends on the processed data.

This work is concerned with gathering measurement data from cryptographic algorithms running on embedded hardware before running attacks based on the collected traces. Ultimately, the aim is a quantitative comparison of different operating conditions and side channels, assessing the information content of the emanated signals and the resulting complexity of extracting the processed secrets using a side channel attack.

Voraussetzungen

  • Necessary: Experience programming in Python
  • Preferrable: Basic understanding of cryptographics algorithms
  • Preferrable: Experience programming microcontrollers in C
  • Optional: HDL hardware design experience

Kontakt

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Betreuer:

Jonas Ruchti, Lars Tebelmann

HDL Leakage Simulation Evaluation

Beschreibung

Within the scope of this work, simulated leakage [1] is to be compared with leakage measured with an oscilloscope.
AES has been selected as a possible target for this work, therefore a DPA on simulated traces and real traces will be performed and compared.

(This work can not be conducted remote only, as it is required to take measurements)


The information on this topic is intentionally brief, as it is an ongoing project.

[1] https://gitlab.lrz.de/tueisec/tofu

Voraussetzungen

  • Python
  • VHDL/Verilog (preferred)
  • Lattice FPGAs (open source flow)

Betreuer:

Michael Gruber

Investigation of ABE for HW/SW Codesign

Beschreibung

Classical public-key cryptography is based on an all-or-nothing approach, i.e. if a user is in possession of a secret key, he can fully decrypt a ciphertext that is encrypted with a corresponding public key. However, it is not possible to decrypt only parts of data. Attribute-Based Encryption (ABE) [1], however, is a branch of Functional Encryption (FE) that allows for such fine grained access control. ABE systems include a trusted authority, which can distribute secret sub-keys. A user can thus authenticate itself towards the trusted authority to obtain a certain secret key. This key is then used to decrypt a corresponding subset of the data depending on the user's permissions.

PALISADE [2] is a library, that implements several Homomorphic Encryption (HE) schemes as well as an ABE scheme. In this work, your goal is to integrate such a scheme on a HW/SW Platform using PALISADE. The next step is then a detailed analysis of performance and cost metrics to estimate the requirements for constrained devices.

 

[1] https://dl.acm.org/doi/10.1145/1180405.1180418

[2] https://palisade-crypto.org/

 

If you are interested in the work and want to get further details, please contact me via email, attach a CV and grading report.

Voraussetzungen

  • C/C++ programming skills
  • Ideally experience using microcontrollers or FPGAs

Kontakt

E-mal: patrick.karl@tum.de

Betreuer:

Patrick Karl

DFA Evaluation Strategies

Beschreibung

Differential Fault Analysis (DFA) is a fault injection analysis technique which compares fault encryptions with correct encryptions and gains knowledge from the differences.

In This work several evaluation strategies should be compared.

The information about the work is deliberately kept short, for detailed information I am personally available at any time.

Voraussetzungen

  • Python
  • Basic Knowledge Fault Injection Analysis

Betreuer:

Michael Gruber

Bringing a RISC-V to Life: Implementation of tooling for a RISC-V CPU

Beschreibung

RISC-V is the upcoming instruction set architecture of the future. We have taped out our own RISC-V chip for security purposes.

Your task is to implement various testing routines for a RISC-V CPU existing at the chair.

Voraussetzungen

This list is not final, rather a guideline for the competences required for successfully completing the project.

  • Sufficient knowledge of C
  • Experience with embedded programming and environment
  • Some knowledge of cmake, as compilation works via cmake
  • Some knowledge of python, as tooling is partially implemented with it.

Betreuer:

Alexander Hepp

Error Correction for PUFs

Stichworte:
Channel Coding, Error Correction, PUF, Security

Beschreibung

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Voraussetzungen

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Betreuer:

Christoph Frisch

Side - channel analysis of error - correcting codes for PUFs

Beschreibung

Physical Unclonable Functions (PUFs) exploit manufacturing process variations to generate unique signatures. PUF and error-correcting codes can be joined together to reliably generate cryptographically strong keys. However, the implementation of error-correcting codes is prone to physical attacks like side-channel attacks. Side-channel attacks exploit the information leaked during the computation of secret intermediate states to recover the secret key. Therefore, the implementation of error-correcting codes must also involve the implementation of proper countermeasures against side-channel attacks.

The goal of this thesis is to evaluate the side-channel resistance of a secure implementation of error-correcting codes for PUFs on FPGA. The thesis consists of the following steps:

  • Get familiar with currently available implementations of error-correcting codes for PUFs
  • Adapt and improve current implementations (VHDL)
  • Develop a measurement setup for side-channel analysis (Matlab/Python)
  • Perform side-channel analysis using the state-of-the-art EMF measurement equipment in our lab (Oscilloscope knowledge + Matlab/Python required)

Voraussetzungen

 The ideal candidate should have:

  • Previous experience in field of digital design (VHDL/Vivado/Xilinx FPGA)
  • Basic knowledge on using lab equipment (e.g Oscilloscope,...)
  • Basic knowledge in statistics
  • Good programming skills in Matlab/Python
  • Attendance at the lecture “Secure Implementation of Cryptographic Algorithms” is advantageous

 

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Michael Pehl, Lars Tebelmann

Further Topics on Physical Unclonable Functions

Beschreibung

Silicon based Physical Unclonable Functions (PUFs) are security primitives which can be used to derive device unique identities. Such identities can be used to identify a device or to derive a secret key.

You are interested in research in the field of Physical Unclonable Functions but you think that the topics which are listed on our page do not fit your previous knowledge or think there is no perfect match to what you are interested in? No problem! Please contact me at any time for advice regarding your thesis/student job. I can offer to

  • help you with your decision for/against some topic.
  • suggest probably further topics which are not advertised, yet.
  • bring you into contact with other members of our chair or at Fraunhofer AISEC.

Voraussetzungen

Plese send me an email which exhaustively describes your previous knowledge (e.g. your last grading sheet and a short CV) to allow me to prepare and to give you reasonable advice. Also, please provide 3-5 dates, which fit to your schedule, for a meeting.

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Masterarbeiten

Attacking Software-based Countermeasures (AISEC)

Beschreibung

Fault attacks pose a serious threat to embedded systems and their applications. Due to the powerful nature of fault attacks, it may allow to fully compromise a target device.
Most Common-Off-The-Shelf Hardware do not contain any viable hardware features against fault attacks. Thus, a viable approach, for such hardware, is to apply Software-based Countermeasures. In the simplest approach this could be duplication of calculation and checks. Thus, requiring the attacker to inject multiple faults to compromise the device. More complex Software-based countermeasures split the existing registers into primary and shadow registers to effectively detect more possible faults. Despite, the countermeasures being more complex, they all assume certain capabilities of an attacker.
In this thesis, the goal is to stress these arbitrary limits by working in our hardware lab with the existing setup for Electro-Magnetic Fault Injection (EMFI). Thus, this work consists of working hands-on in the laboratory, writing test firmware and test routines, analyzing observed faults and deriving fault models.

The work is designed for a master thesis, but can also be carried out in a limited form within an research or engineering internship.

Voraussetzungen

•    Experience with Python
•    Experience with C and Assembly
•    Experience working with embedded devices, oscilloscopes or debuggers is beneficial
•    Experience in Fault Injection is beneficial, but optional

Kontakt

Please send an email with a short CV, your last grading sheet and provide 3-5 dates, which fit to your schedule, for a meeting.

Alexander Wagner, alexander.wagner@aisec.fraunhofer.de

Michael Gruber, m.gruber@tum.de

Betreuer:

Georg Sigl - Alexander Wagner (Fraunhofer AISEC)

DFA Evaluation Strategies

Beschreibung

Differential Fault Analysis (DFA) is a fault injection analysis technique which compares fault encryptions with correct encryptions and gains knowledge from the differences.

In This work several evaluation strategies should be compared.

The information about the work is deliberately kept short, for detailed information I am personally available at any time.

Voraussetzungen

  • Python
  • Basic Knowledge Fault Injection Analysis

Betreuer:

Michael Gruber

HW implementations for Post-Quantum Cryptography

Beschreibung

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Voraussetzungen

Ideally, you should have knowledge of the following:

  • A hardware description language like VHDL/Verilog/SystemVerilog
  • Experience running simulations using ModelSim
  • Basic C programming skills

Kontakt

patrick.karl@tum.de

Betreuer:

Patrick Karl

Machine Learning Resistant PUF Authentication Schemes

Beschreibung

A Physical Unclonable Function (PUF) is a hardware element which uses subtle manufacturing variabilities to derive a device-unique secret. In the case of a multi-challenge PUF (or ‘strong PUF’), the PUF functions as a device-unqiue function, mapping challenges to PUF responses.

A PUF like this is very useful for authentication scenarios, where e.g. a server provides challenges to a device, which replies with the PUF response the server can now check against an internal model or response database.

Protocols like these, however, suffer from data leaks, allowing an attacker to create a model of a device’s PUF from captured challenge-response pairs. Thjus, the ostensibly unclonable device may be replicated just be eavesdropping on authentication communication.

The aim of this work is to investigate novel approaches for PUF authentication procedures which plug data leaks with simple on-device preprocessing while still allowing for reliable authentication in the presence of measurement noise. A software implementation can then be evaluated e.g. against a more standard implementation in terms of performance, complexity or resistance against a machine learning attack.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

Voraussetzungen

  • Necessary: Basic cryptography knowledge; mathematical background; programming skills
  • Favourably: Experience with machine learning techniques
  • Optionally: Basic knowledge of error-correcting codes, PUFs

Kontakt

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

Betreuer:

Jonas Ruchti

SCA of Neural Network HW-Implementations

Stichworte:
SCA, Neural Networks, Hardware, FPGA
Kurzbeschreibung:
FPGA Implementations should be analyzed in regard of their Side-Channel Properties

Beschreibung

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANNs is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A Side-Channel attack can extract the network parameters such as number of type of layers as well as weights and bias values to build up his own copy of the network. Since neural networks are also very integrated in edge devices an attack often has physical access to the network. This means that Side Channel Attacks (SCA) are possible and must be considered as a thread.


Some attacks were already published. In [3] they completely retrieve an ANN executed on an ARM Cortex microcontroller. Since it is more common to execute an ANN on a more parallel HW to increase performance attacking FPGA implementations is also worthwhile. Dubey et al. published an attack on a binary neural network (BNN) implemented on a FPGA and furthermore masked the network in order to counter their network [4,5].

In this work, the Side-Channel properties of different model implementations should be analyzed and compared.

Start of Thesis: Jan 2022 or later


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Maskednet: A pathway for secure inference against power side-channel attacks,” arXiv preprint arXiv:1910.13063, 2019.
[5] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Voraussetzungen

VHDL/Verilog Knowledge, Sichere Implementierung Kryptographischer Verfahren (SIKA), Python Skills

Betreuer:

Matthias Probst, Manuel Brosch

Error Correction for PUFs

Stichworte:
Channel Coding, Error Correction, PUF, Security

Beschreibung

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Voraussetzungen

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Betreuer:

Christoph Frisch

Side - channel analysis of error - correcting codes for PUFs

Beschreibung

Physical Unclonable Functions (PUFs) exploit manufacturing process variations to generate unique signatures. PUF and error-correcting codes can be joined together to reliably generate cryptographically strong keys. However, the implementation of error-correcting codes is prone to physical attacks like side-channel attacks. Side-channel attacks exploit the information leaked during the computation of secret intermediate states to recover the secret key. Therefore, the implementation of error-correcting codes must also involve the implementation of proper countermeasures against side-channel attacks.

The goal of this thesis is to evaluate the side-channel resistance of a secure implementation of error-correcting codes for PUFs on FPGA. The thesis consists of the following steps:

  • Get familiar with currently available implementations of error-correcting codes for PUFs
  • Adapt and improve current implementations (VHDL)
  • Develop a measurement setup for side-channel analysis (Matlab/Python)
  • Perform side-channel analysis using the state-of-the-art EMF measurement equipment in our lab (Oscilloscope knowledge + Matlab/Python required)

Voraussetzungen

 The ideal candidate should have:

  • Previous experience in field of digital design (VHDL/Vivado/Xilinx FPGA)
  • Basic knowledge on using lab equipment (e.g Oscilloscope,...)
  • Basic knowledge in statistics
  • Good programming skills in Matlab/Python
  • Attendance at the lecture “Secure Implementation of Cryptographic Algorithms” is advantageous

 

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Michael Pehl, Lars Tebelmann

Further Topics on Physical Unclonable Functions

Beschreibung

Silicon based Physical Unclonable Functions (PUFs) are security primitives which can be used to derive device unique identities. Such identities can be used to identify a device or to derive a secret key.

You are interested in research in the field of Physical Unclonable Functions but you think that the topics which are listed on our page do not fit your previous knowledge or think there is no perfect match to what you are interested in? No problem! Please contact me at any time for advice regarding your thesis/student job. I can offer to

  • help you with your decision for/against some topic.
  • suggest probably further topics which are not advertised, yet.
  • bring you into contact with other members of our chair or at Fraunhofer AISEC.

Voraussetzungen

Plese send me an email which exhaustively describes your previous knowledge (e.g. your last grading sheet and a short CV) to allow me to prepare and to give you reasonable advice. Also, please provide 3-5 dates, which fit to your schedule, for a meeting.

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Interdisziplinäre Projekte

Evaluating Primitives for Hash-based Signatures

Beschreibung

Stateful hash-based signatures are recommended by several entities such as the National Institute of Standards and Technology (NIST) [1]. As already hinted by their name, they are based on secure hash functions and thus, can be instantiated with different (hash) primitives.

This work aims at investigating hash-based signatures. It should be analyzed, how different hash primitives compare when instantiated in a hash-based signature. The work will be conducted on a commonly used microcontroller.

The information about this work is deliberately kept short as it varies depending on the students skills, interests and intended scope. For detailed information don't hesitate to contact me.

 

[1] https://csrc.nist.gov/publications/detail/sp/800-208/final

Voraussetzungen

  • C programming
  • Experience with embedded programming and environment

If interested, please send me a short CV and your latest grade report.

Kontakt

Betreuer:

Patrick Karl

Automotive radio analysis framework (AISEC)

Beschreibung

Modern cars use besides well known wireless standards like WLAN or Bluetooth, a plethora of proprietary radio communication protocols. For example, current tire pressure is transmitted via Ultrahigh Frequency (UHF) to a controller in the car. Radio Data System (RDS) is also still used to embed information like traffic messages, title names or sender logos into FM radio broadcasting. As a final example, radio keys use Low Frequency (LF) as well as UHF to implement different functions to unlock and start the car. Especially Remote Keyless Entry (RKE) is highly popular although implementing little security.
This work shall develop a framework to test automotive wireless services. The main focus should lie with vehicle keys and immobilizers. First of all, devices to analyse LF as well as UHF should be integrated and as necessary expanded. Based on this, tests shall be conceived, like testing RKE for replay or relay vulnerabilities. Finally, these tests may be optimized, e.g. by tuning antenna or other hardware to increase distance.

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about:
• Experience with radio communication basics (Modulation, Encoding, ...)
• Experience in programming for embedded devices
• Ability to work self-directed and systematically
Please attach a current grade sheet and a short CV to your application so that we can assess your qualification for the topic of your choice.

Kontakt

Nikolai Puch
Sebastian Peters
Phone:    +49 89 322-9986-142
Phone:    +49 89 322-9986-1037
E-mail:    nikolai.puch@aisec.fraunhofer.de
E-mail:    sebastian.peters@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Betreuer:

Georg Sigl - Nicolai Puch, Sebastian Peters (Fraunhofer AISEC)

Attacking Software-based Countermeasures (AISEC)

Beschreibung

Fault attacks pose a serious threat to embedded systems and their applications. Due to the powerful nature of fault attacks, it may allow to fully compromise a target device.
Most Common-Off-The-Shelf Hardware do not contain any viable hardware features against fault attacks. Thus, a viable approach, for such hardware, is to apply Software-based Countermeasures. In the simplest approach this could be duplication of calculation and checks. Thus, requiring the attacker to inject multiple faults to compromise the device. More complex Software-based countermeasures split the existing registers into primary and shadow registers to effectively detect more possible faults. Despite, the countermeasures being more complex, they all assume certain capabilities of an attacker.
In this thesis, the goal is to stress these arbitrary limits by working in our hardware lab with the existing setup for Electro-Magnetic Fault Injection (EMFI). Thus, this work consists of working hands-on in the laboratory, writing test firmware and test routines, analyzing observed faults and deriving fault models.

The work is designed for a master thesis, but can also be carried out in a limited form within an research or engineering internship.

Voraussetzungen

•    Experience with Python
•    Experience with C and Assembly
•    Experience working with embedded devices, oscilloscopes or debuggers is beneficial
•    Experience in Fault Injection is beneficial, but optional

Kontakt

Please send an email with a short CV, your last grading sheet and provide 3-5 dates, which fit to your schedule, for a meeting.

Alexander Wagner, alexander.wagner@aisec.fraunhofer.de

Michael Gruber, m.gruber@tum.de

Betreuer:

Georg Sigl - Alexander Wagner (Fraunhofer AISEC)

Error Correction for PUFs

Stichworte:
Channel Coding, Error Correction, PUF, Security

Beschreibung

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Voraussetzungen

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Betreuer:

Christoph Frisch

Side - channel analysis of error - correcting codes for PUFs

Beschreibung

Physical Unclonable Functions (PUFs) exploit manufacturing process variations to generate unique signatures. PUF and error-correcting codes can be joined together to reliably generate cryptographically strong keys. However, the implementation of error-correcting codes is prone to physical attacks like side-channel attacks. Side-channel attacks exploit the information leaked during the computation of secret intermediate states to recover the secret key. Therefore, the implementation of error-correcting codes must also involve the implementation of proper countermeasures against side-channel attacks.

The goal of this thesis is to evaluate the side-channel resistance of a secure implementation of error-correcting codes for PUFs on FPGA. The thesis consists of the following steps:

  • Get familiar with currently available implementations of error-correcting codes for PUFs
  • Adapt and improve current implementations (VHDL)
  • Develop a measurement setup for side-channel analysis (Matlab/Python)
  • Perform side-channel analysis using the state-of-the-art EMF measurement equipment in our lab (Oscilloscope knowledge + Matlab/Python required)

Voraussetzungen

 The ideal candidate should have:

  • Previous experience in field of digital design (VHDL/Vivado/Xilinx FPGA)
  • Basic knowledge on using lab equipment (e.g Oscilloscope,...)
  • Basic knowledge in statistics
  • Good programming skills in Matlab/Python
  • Attendance at the lecture “Secure Implementation of Cryptographic Algorithms” is advantageous

 

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Michael Pehl, Lars Tebelmann

Further Topics on Physical Unclonable Functions

Beschreibung

Silicon based Physical Unclonable Functions (PUFs) are security primitives which can be used to derive device unique identities. Such identities can be used to identify a device or to derive a secret key.

You are interested in research in the field of Physical Unclonable Functions but you think that the topics which are listed on our page do not fit your previous knowledge or think there is no perfect match to what you are interested in? No problem! Please contact me at any time for advice regarding your thesis/student job. I can offer to

  • help you with your decision for/against some topic.
  • suggest probably further topics which are not advertised, yet.
  • bring you into contact with other members of our chair or at Fraunhofer AISEC.

Voraussetzungen

Plese send me an email which exhaustively describes your previous knowledge (e.g. your last grading sheet and a short CV) to allow me to prepare and to give you reasonable advice. Also, please provide 3-5 dates, which fit to your schedule, for a meeting.

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Forschungspraxis (Research Internships)

Evaluating Primitives for Hash-based Signatures

Beschreibung

Stateful hash-based signatures are recommended by several entities such as the National Institute of Standards and Technology (NIST) [1]. As already hinted by their name, they are based on secure hash functions and thus, can be instantiated with different (hash) primitives.

This work aims at investigating hash-based signatures. It should be analyzed, how different hash primitives compare when instantiated in a hash-based signature. The work will be conducted on a commonly used microcontroller.

The information about this work is deliberately kept short as it varies depending on the students skills, interests and intended scope. For detailed information don't hesitate to contact me.

 

[1] https://csrc.nist.gov/publications/detail/sp/800-208/final

Voraussetzungen

  • C programming
  • Experience with embedded programming and environment

If interested, please send me a short CV and your latest grade report.

Kontakt

Betreuer:

Patrick Karl

Quantitative Comparison of Different Side Channels

Beschreibung

Despite any  theoretical strength a cryptographics algorithm might offer, a real-world application can only be as good as the eventual implementation. For example, side channel leakage is a common problem: unless particular care is taken during the implementation, any computation running on real hardware leaks information about the processed secrets. Common examples include timing side channels, where the execution time depends on secret bits, or power side channels, where e.g. a CPU’s power draw depends on the processed data.

This work is concerned with gathering measurement data from cryptographic algorithms running on embedded hardware before running attacks based on the collected traces. Ultimately, the aim is a quantitative comparison of different operating conditions and side channels, assessing the information content of the emanated signals and the resulting complexity of extracting the processed secrets using a side channel attack.

Voraussetzungen

  • Necessary: Experience programming in Python
  • Preferrable: Basic understanding of cryptographics algorithms
  • Preferrable: Experience programming microcontrollers in C
  • Optional: HDL hardware design experience

Kontakt

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Betreuer:

Jonas Ruchti, Lars Tebelmann

IP Risk Through Satisfiability Checking Tools

Beschreibung

Due to long production and supply chains, circuit designs are prone to theft and manipulation. Logic locking inserts a locking key into the circuit netlist to secure them against these risks. However, so called SAT-based attacks, which check the satisfiability of netlists, were developed to extract the locking keys again.

This work should create a better understanding of sequential SAT-based attacks and extend them towards further applications.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • Subramanyan, P.; Ray, S. & Malik, S. Evaluating the security of logic encryption algorithms 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2015, 137-143
  • El Massad, M.; Garg, S. & Tripunitara, M. Reverse engineering camouflaged sequential circuits without scan access 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2017, 33-40

 

Kontakt

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Betreuer:

Michaela Brunner

One Right Solution To Implement A State Machine?

Beschreibung

A finite state machine can be represented in several different ways. There is no one right solution. Designers make use of this fact to optimize power, area, or performance.

This work should first create a better understanding of what the limits of the representation of state machines are. Second, these findings should be interpreted in relation to various context.

Please contact me to get more information about the topic and the aim of this work.

 

 

References:

  • Hartmanis, J. Symbolic analysis of a decomposition of information processing machines Information and Control, Elsevier, 1960, 3, 154-178
  • Shelar, R. S.; Desai, M. P. & Narayanan, H. Decomposition of finite state machines for area, delay minimization Proceedings 1999 IEEE International Conference on Computer Design: VLSI in Computers and Processors (Cat. No. 99CB37040), 1999, 620-625

 

 

Kontakt

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

Betreuer:

Michaela Brunner

Hardware Supply Chain Security (AISEC)

Beschreibung

Most customers put trust in their hardware vendors and the corresponding supply chain. No matter how well secured these customers’ own infrastructures are, this trust has the potential to devolve the weaknesses of their vendors (and even the vendors’ vendors etc.) into the customers’ own environment, constituting a blind spot in their overall security architecture.
Proposals to address this multi-dimensional problem on the one hand include organizational measures as, for example, establishing Cyber Supply Chain Risk Management (C-SCRM) or demanding third-party certifications, which confirm conformance with standards such as the ISA/IEC 62443 series. On the other hand, technology-based approaches as, for example, physical unclonable functions or IDevID certificates can also help to decrease the amount of trust which has to be put into the hardware supply chain.

Topic
The overall goal of this guided research is to compile a comprehensive overview of the hardware supply chain security landscape including challenges and potential solutions/countermeasures. The focus should lie on but not solely be limited to industrial automation and control systems (IACS).
The first part is to investigate both real-world incidents and academic approaches exploiting the hardware supply chain. Based on this preliminary research and reasoning, a holistic paradigm of trust relationships and corresponding problems in the hardware supply chain has to be derived and consolidated.
In the second part, suitable countermeasures have to be investigated and mapped to this paradigm. These countermeasures should in turn be categorized based on their maturity (ready-to-use, academic PoC, proposal etc.).

Voraussetzungen

  • Self-initiative and the ability to work in a self-directed way
  • Knowledge in the field of IT/IACS security
  • First experiences with hardware security would be ideal

Please attach a current grade sheet and a short CV to your application.

Kontakt

Michael Heinl
Nikolai Puch
Phone:    +49 89 322-9986-125
Phone:    +49 89 322-9986-142
E-mail:    michael.heinl@aisec.fraunhofer.de
E-mail:    nikolai.puch@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Betreuer:

Georg Sigl - Michael Heinl und Nikolai Puch (Fraunhofer AISEC)

Automotive radio analysis framework (AISEC)

Beschreibung

Modern cars use besides well known wireless standards like WLAN or Bluetooth, a plethora of proprietary radio communication protocols. For example, current tire pressure is transmitted via Ultrahigh Frequency (UHF) to a controller in the car. Radio Data System (RDS) is also still used to embed information like traffic messages, title names or sender logos into FM radio broadcasting. As a final example, radio keys use Low Frequency (LF) as well as UHF to implement different functions to unlock and start the car. Especially Remote Keyless Entry (RKE) is highly popular although implementing little security.
This work shall develop a framework to test automotive wireless services. The main focus should lie with vehicle keys and immobilizers. First of all, devices to analyse LF as well as UHF should be integrated and as necessary expanded. Based on this, tests shall be conceived, like testing RKE for replay or relay vulnerabilities. Finally, these tests may be optimized, e.g. by tuning antenna or other hardware to increase distance.

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about:
• Experience with radio communication basics (Modulation, Encoding, ...)
• Experience in programming for embedded devices
• Ability to work self-directed and systematically
Please attach a current grade sheet and a short CV to your application so that we can assess your qualification for the topic of your choice.

Kontakt

Nikolai Puch
Sebastian Peters
Phone:    +49 89 322-9986-142
Phone:    +49 89 322-9986-1037
E-mail:    nikolai.puch@aisec.fraunhofer.de
E-mail:    sebastian.peters@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Betreuer:

Georg Sigl - Nicolai Puch, Sebastian Peters (Fraunhofer AISEC)

HDL Leakage Simulation Evaluation

Beschreibung

Within the scope of this work, simulated leakage [1] is to be compared with leakage measured with an oscilloscope.
AES has been selected as a possible target for this work, therefore a DPA on simulated traces and real traces will be performed and compared.

(This work can not be conducted remote only, as it is required to take measurements)


The information on this topic is intentionally brief, as it is an ongoing project.

[1] https://gitlab.lrz.de/tueisec/tofu

Voraussetzungen

  • Python
  • VHDL/Verilog (preferred)
  • Lattice FPGAs (open source flow)

Betreuer:

Michael Gruber

Attacking Software-based Countermeasures (AISEC)

Beschreibung

Fault attacks pose a serious threat to embedded systems and their applications. Due to the powerful nature of fault attacks, it may allow to fully compromise a target device.
Most Common-Off-The-Shelf Hardware do not contain any viable hardware features against fault attacks. Thus, a viable approach, for such hardware, is to apply Software-based Countermeasures. In the simplest approach this could be duplication of calculation and checks. Thus, requiring the attacker to inject multiple faults to compromise the device. More complex Software-based countermeasures split the existing registers into primary and shadow registers to effectively detect more possible faults. Despite, the countermeasures being more complex, they all assume certain capabilities of an attacker.
In this thesis, the goal is to stress these arbitrary limits by working in our hardware lab with the existing setup for Electro-Magnetic Fault Injection (EMFI). Thus, this work consists of working hands-on in the laboratory, writing test firmware and test routines, analyzing observed faults and deriving fault models.

The work is designed for a master thesis, but can also be carried out in a limited form within an research or engineering internship.

Voraussetzungen

•    Experience with Python
•    Experience with C and Assembly
•    Experience working with embedded devices, oscilloscopes or debuggers is beneficial
•    Experience in Fault Injection is beneficial, but optional

Kontakt

Please send an email with a short CV, your last grading sheet and provide 3-5 dates, which fit to your schedule, for a meeting.

Alexander Wagner, alexander.wagner@aisec.fraunhofer.de

Michael Gruber, m.gruber@tum.de

Betreuer:

Georg Sigl - Alexander Wagner (Fraunhofer AISEC)

Investigation of ABE for HW/SW Codesign

Beschreibung

Classical public-key cryptography is based on an all-or-nothing approach, i.e. if a user is in possession of a secret key, he can fully decrypt a ciphertext that is encrypted with a corresponding public key. However, it is not possible to decrypt only parts of data. Attribute-Based Encryption (ABE) [1], however, is a branch of Functional Encryption (FE) that allows for such fine grained access control. ABE systems include a trusted authority, which can distribute secret sub-keys. A user can thus authenticate itself towards the trusted authority to obtain a certain secret key. This key is then used to decrypt a corresponding subset of the data depending on the user's permissions.

PALISADE [2] is a library, that implements several Homomorphic Encryption (HE) schemes as well as an ABE scheme. In this work, your goal is to integrate such a scheme on a HW/SW Platform using PALISADE. The next step is then a detailed analysis of performance and cost metrics to estimate the requirements for constrained devices.

 

[1] https://dl.acm.org/doi/10.1145/1180405.1180418

[2] https://palisade-crypto.org/

 

If you are interested in the work and want to get further details, please contact me via email, attach a CV and grading report.

Voraussetzungen

  • C/C++ programming skills
  • Ideally experience using microcontrollers or FPGAs

Kontakt

E-mal: patrick.karl@tum.de

Betreuer:

Patrick Karl

DFA Evaluation Strategies

Beschreibung

Differential Fault Analysis (DFA) is a fault injection analysis technique which compares fault encryptions with correct encryptions and gains knowledge from the differences.

In This work several evaluation strategies should be compared.

The information about the work is deliberately kept short, for detailed information I am personally available at any time.

Voraussetzungen

  • Python
  • Basic Knowledge Fault Injection Analysis

Betreuer:

Michael Gruber

HW implementations for Post-Quantum Cryptography

Beschreibung

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Voraussetzungen

Ideally, you should have knowledge of the following:

  • A hardware description language like VHDL/Verilog/SystemVerilog
  • Experience running simulations using ModelSim
  • Basic C programming skills

Kontakt

patrick.karl@tum.de

Betreuer:

Patrick Karl

SystemC modeling of Cryptographic Functions

Beschreibung

SystemC [1] is a C++ extension that facilitates system modeling and architecture exploration. Hardware models can be abstracted and design options can be evaluated in a higher abstraction level compared to HDL languages.

The goal of this work is to model cryptographic building blocks and evaluate the performance for different design options.

[1] https://systemc.org/

Voraussetzungen

  • Good knowledge of C/C++
  • Basic knowledge of SystemC

 

Upon application, please attach a short CV and list your experience using C/C++/SystemC

Kontakt

patrick.karl@tum.de

Betreuer:

Patrick Karl

Machine Learning Resistant PUF Authentication Schemes

Beschreibung

A Physical Unclonable Function (PUF) is a hardware element which uses subtle manufacturing variabilities to derive a device-unique secret. In the case of a multi-challenge PUF (or ‘strong PUF’), the PUF functions as a device-unqiue function, mapping challenges to PUF responses.

A PUF like this is very useful for authentication scenarios, where e.g. a server provides challenges to a device, which replies with the PUF response the server can now check against an internal model or response database.

Protocols like these, however, suffer from data leaks, allowing an attacker to create a model of a device’s PUF from captured challenge-response pairs. Thjus, the ostensibly unclonable device may be replicated just be eavesdropping on authentication communication.

The aim of this work is to investigate novel approaches for PUF authentication procedures which plug data leaks with simple on-device preprocessing while still allowing for reliable authentication in the presence of measurement noise. A software implementation can then be evaluated e.g. against a more standard implementation in terms of performance, complexity or resistance against a machine learning attack.

This work can either be conducted in German or in English.

I am happy to provide more details and answer your questions upon request.

Voraussetzungen

  • Necessary: Basic cryptography knowledge; mathematical background; programming skills
  • Favourably: Experience with machine learning techniques
  • Optionally: Basic knowledge of error-correcting codes, PUFs

Kontakt

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

Betreuer:

Jonas Ruchti

SCA of Neural Network HW-Implementations

Stichworte:
SCA, Neural Networks, Hardware, FPGA
Kurzbeschreibung:
FPGA Implementations should be analyzed in regard of their Side-Channel Properties

Beschreibung

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANNs is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A Side-Channel attack can extract the network parameters such as number of type of layers as well as weights and bias values to build up his own copy of the network. Since neural networks are also very integrated in edge devices an attack often has physical access to the network. This means that Side Channel Attacks (SCA) are possible and must be considered as a thread.


Some attacks were already published. In [3] they completely retrieve an ANN executed on an ARM Cortex microcontroller. Since it is more common to execute an ANN on a more parallel HW to increase performance attacking FPGA implementations is also worthwhile. Dubey et al. published an attack on a binary neural network (BNN) implemented on a FPGA and furthermore masked the network in order to counter their network [4,5].

In this work, the Side-Channel properties of different model implementations should be analyzed and compared.

Start of Thesis: Jan 2022 or later


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Maskednet: A pathway for secure inference against power side-channel attacks,” arXiv preprint arXiv:1910.13063, 2019.
[5] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Voraussetzungen

VHDL/Verilog Knowledge, Sichere Implementierung Kryptographischer Verfahren (SIKA), Python Skills

Betreuer:

Matthias Probst, Manuel Brosch

Error Correction for PUFs

Stichworte:
Channel Coding, Error Correction, PUF, Security

Beschreibung

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Voraussetzungen

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Betreuer:

Christoph Frisch

Side - channel analysis of error - correcting codes for PUFs

Beschreibung

Physical Unclonable Functions (PUFs) exploit manufacturing process variations to generate unique signatures. PUF and error-correcting codes can be joined together to reliably generate cryptographically strong keys. However, the implementation of error-correcting codes is prone to physical attacks like side-channel attacks. Side-channel attacks exploit the information leaked during the computation of secret intermediate states to recover the secret key. Therefore, the implementation of error-correcting codes must also involve the implementation of proper countermeasures against side-channel attacks.

The goal of this thesis is to evaluate the side-channel resistance of a secure implementation of error-correcting codes for PUFs on FPGA. The thesis consists of the following steps:

  • Get familiar with currently available implementations of error-correcting codes for PUFs
  • Adapt and improve current implementations (VHDL)
  • Develop a measurement setup for side-channel analysis (Matlab/Python)
  • Perform side-channel analysis using the state-of-the-art EMF measurement equipment in our lab (Oscilloscope knowledge + Matlab/Python required)

Voraussetzungen

 The ideal candidate should have:

  • Previous experience in field of digital design (VHDL/Vivado/Xilinx FPGA)
  • Basic knowledge on using lab equipment (e.g Oscilloscope,...)
  • Basic knowledge in statistics
  • Good programming skills in Matlab/Python
  • Attendance at the lecture “Secure Implementation of Cryptographic Algorithms” is advantageous

 

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Michael Pehl, Lars Tebelmann

Further Topics on Physical Unclonable Functions

Beschreibung

Silicon based Physical Unclonable Functions (PUFs) are security primitives which can be used to derive device unique identities. Such identities can be used to identify a device or to derive a secret key.

You are interested in research in the field of Physical Unclonable Functions but you think that the topics which are listed on our page do not fit your previous knowledge or think there is no perfect match to what you are interested in? No problem! Please contact me at any time for advice regarding your thesis/student job. I can offer to

  • help you with your decision for/against some topic.
  • suggest probably further topics which are not advertised, yet.
  • bring you into contact with other members of our chair or at Fraunhofer AISEC.

Voraussetzungen

Plese send me an email which exhaustively describes your previous knowledge (e.g. your last grading sheet and a short CV) to allow me to prepare and to give you reasonable advice. Also, please provide 3-5 dates, which fit to your schedule, for a meeting.

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Ingenieurpraxis

HDL Leakage Simulation Evaluation

Beschreibung

Within the scope of this work, simulated leakage [1] is to be compared with leakage measured with an oscilloscope.
AES has been selected as a possible target for this work, therefore a DPA on simulated traces and real traces will be performed and compared.

(This work can not be conducted remote only, as it is required to take measurements)


The information on this topic is intentionally brief, as it is an ongoing project.

[1] https://gitlab.lrz.de/tueisec/tofu

Voraussetzungen

  • Python
  • VHDL/Verilog (preferred)
  • Lattice FPGAs (open source flow)

Betreuer:

Michael Gruber

Bringing a RISC-V to Life: Implementation of tooling for a RISC-V CPU

Beschreibung

RISC-V is the upcoming instruction set architecture of the future. We have taped out our own RISC-V chip for security purposes.

Your task is to implement various testing routines for a RISC-V CPU existing at the chair.

Voraussetzungen

This list is not final, rather a guideline for the competences required for successfully completing the project.

  • Sufficient knowledge of C
  • Experience with embedded programming and environment
  • Some knowledge of cmake, as compilation works via cmake
  • Some knowledge of python, as tooling is partially implemented with it.

Betreuer:

Alexander Hepp

Error Correction for PUFs

Stichworte:
Channel Coding, Error Correction, PUF, Security

Beschreibung

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Voraussetzungen

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Betreuer:

Christoph Frisch

Further Topics on Physical Unclonable Functions

Beschreibung

Silicon based Physical Unclonable Functions (PUFs) are security primitives which can be used to derive device unique identities. Such identities can be used to identify a device or to derive a secret key.

You are interested in research in the field of Physical Unclonable Functions but you think that the topics which are listed on our page do not fit your previous knowledge or think there is no perfect match to what you are interested in? No problem! Please contact me at any time for advice regarding your thesis/student job. I can offer to

  • help you with your decision for/against some topic.
  • suggest probably further topics which are not advertised, yet.
  • bring you into contact with other members of our chair or at Fraunhofer AISEC.

Voraussetzungen

Plese send me an email which exhaustively describes your previous knowledge (e.g. your last grading sheet and a short CV) to allow me to prepare and to give you reasonable advice. Also, please provide 3-5 dates, which fit to your schedule, for a meeting.

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer:

Studentische Hilfskräfte

Unterstützung im Auf- und Ausbau der Labore (AISEC)

Kurzbeschreibung:
Die Abteilung PIN verfügt über vier Labore, die sich über die Bereiche Automotive, Elektronik bis Industrie erstrecken. Diese beinhalten Ausrüstung wie einen Rollenprüfstand mit Hebebühne, 3D Drucker, eine Platinenfräse oder Lötarbeitsplätze. Aktuell sind diese Arbeitsplätze aber noch nicht final eingerichtet und konnten weiter optimiert und ergänzt werden. Im Rahmen der Arbeit am AISEC sollen die Arbeitsprozesse und Ausstattung der Labore und Werkstatten optimiert werden. Beispielsweise können dabei Methoden und Ideen aus dem Toyota/Lean Produktionssystem angewendet werden. Aber auch Unterstützung bei Aufbauten für das Tagesgeschäft ist möglich. Aufgaben sind beispielsweise:

Beschreibung

Testen der Werkstattausstattung, um Lücken oder Ineffizienzen zu identifizieren

  •     Seiton & Seiketsu: Erstellen von Ordnungsstrukturen in den Laboren
  •     Design, Einrichten und Optimieren von Arbeitsplätzen
  •     Aufbau von Versuchsträgern
  •     Dokumentation

Voraussetzungen


    
    
Die folgende Auflistung der Voraussetzungen ist weder vollständig noch verbindlich, soll Ihnen aber einen Eindruck vermitteln worauf es bei der Arbeit ankommt:

  •     Praktische Erfahrung mit elektronischen / mechanischen Aufbauten
  •     Maker-Spirit, Kreativität und Lösungsdenken
  •     Optimalerweise Berufserfahrung, Ausbildung oder Erfahrung mit praktischer Arbeit in Laboren
  •     Fertigkeit zum selbstständigen und systematischen Arbeiten


Bitte beachte, dass durch die Art der Arbeit i.d.R. Anwesenheit am Institut in Garching nötig ist.
Bitte legen Sie bei Bewerbungen immer einen aktuellen Notenauszug sowie einen kurzen Lebenslauf bei, damit wir Ihre Eignung für das Thema einschätzen können.

Kontakt

Dr. Sven Plaga
Nikolai Puch
Phone:    +49 89 322-9986-117
Phone:    +49 89 322-9986-142
E-mail:    sven.plaga@aisec.fraunhofer.de
E-mail:    nikolai.puch@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Betreuer:

Georg Sigl - Sven Plaga und Nicolai Puch (Fraunhofer AISEC)

HIWI: Advanced Cryptographic Implementations

Beschreibung

The course Advanced Cryptographic Implementation (ACI) provides an introduction to advanced implementation techniques to optimize state-of-the-art cryptographic algorithms on embedded systems, including advanced countermeasures to secure cryptographic implementations against side-channel and fault attacks.
The course relies on a practical hands-on project. During the project students are asked to implement and optimize cryptographic algorithms on a RISC-V based microcontroller using both C and assembly.
As a HIWI you will help improving the current RISC-V based evaluation framework and tooling, and improve the current solutions of the project by implementing and/or optimizing portions of current cryptographic implementations.  
Timeline and working hours:
From 01.04.2022 until 31.08.2022 with a total of 160 hours. Flexible working hours and flexible working period are possible.

Voraussetzungen

* Basic knowledge of cryptography
* Hands-on experience with C/ASM programming and microcontrollers
* Self-motivated and independent working style
* Previous knowledge of RISC-V and attendance to the course are desirable, but not required

Kontakt

Betreuer:

Fabrizio De Santis - Fabrizio De Santis ()

Tutor/in: Advanced Cryptographic Implementations

Beschreibung

The course Advanced Cryptographic Implementation (ACI) provides an introduction to advanced implementation techniques to optimize state-of-the-art cryptographic algorithms on embedded systems, including advanced countermeasures to secure cryptography implementations against side-channel and fault attacks.
The exercise part of the course relies on a practical hands-on project. During the project students will be asked to implement and optimize cryptographic algorithms on a RISC-V based microcontroller using both C and assembly.
As a tutor you will provide technical support to students during the project period in form of (virtual) meetings or remote supervision (e.g., chat or mail) and help with the organization of the project (preparation).
Timeline and working hours:
From 01.04.2022 until 29.07.2022 with a total of 84 hours. Flexible working hours and flexible working period are possible.

Voraussetzungen

* Basic knowledge of cryptography
* Hands-on experience with C/ASM programming and microcontrollers
* Self-motivated and independent working style
* Previous knowledge of RISC-V and attendance to the course are desirable, but not required

Kontakt

Fabrizio De Santis

fabrizio.desantis@siemens.com

Betreuer:

Fabrizio De Santis - Fabrizio De Santis ()

HDL Leakage Simulation Evaluation

Beschreibung

Within the scope of this work, simulated leakage [1] is to be compared with leakage measured with an oscilloscope.
AES has been selected as a possible target for this work, therefore a DPA on simulated traces and real traces will be performed and compared.

(This work can not be conducted remote only, as it is required to take measurements)


The information on this topic is intentionally brief, as it is an ongoing project.

[1] https://gitlab.lrz.de/tueisec/tofu

Voraussetzungen

  • Python
  • VHDL/Verilog (preferred)
  • Lattice FPGAs (open source flow)

Betreuer:

Michael Gruber

Measurement Setup Validation Framework

Stichworte:
SCA, Measurements, Microcontroller, FPGA

Beschreibung

Our chair has a Side Channel Analysis (SCA) group analysing the side channel properties of mainly cryptographic implementations. Implementations are realized either on a microcontroller or FPGA based target. Since measurements often require similar setups on different lab desktops, ensuring a correctly working measurement setup is crucial. Thus, validation tests to verify the correctness of the newly build up measurement setup are required. Those tests perform SCA on a known target configuration before switching the target to a new crypto-implementation under test.

Within this position, you should implement a test methology for both microcontroller and FPGA. The test crypto-function as well as the framework for both is already present. Also measurements can be taken automatically. Thus, concretely you put all those parts together in a script for easy validation.

Voraussetzungen

  • Interest in side channel analysis
  • Interest in hands-on development of SCA-tools
  • Microcontroller Programming in C
  • VHDL
  • Python 3 knowledge
  • Fluency in German or English

    The position is not strictly limited to a number of weakly working hours.

Betreuer:

Matthias Probst

Tutor: Project Laboratory Secure SoC for the Internet-of-Things (IOT-LAB)

Beschreibung

The Project Laboratory Secure SoC for the Internet-of-Things (IOT-LAB) relies heavily on practical lab work. In order to support the students with their practical work a tutor position is available.
During the lab several IOT sensor nodes (Texas Instruments Sensortag) are used in combination with their open source operating system “contiki-ng” written in C. The students have to solve several tasks including:

  •     Capture and evaluate existing communication with Wireshark
  •     Utilize several hardware peripherals of the used microcontroller
  •     Use the MQTT and COAP protocols to achieve certain tasks
        (e.g. active LEDs or send current sensor values)
  •     Secure the MQTT and Coap communication with either authenticated encryption
        (AES-GCM) or (D)TLS

The tasks of the tutor would be to provide support to the students in the form of weekly meetings or remote supervision (e.g. in a chat tool or via remote meetings) and help with the organization (preparation of the lab equipment etc.).

Timeline and working hours

From 01.05.2022 until the 15.07.2022 with a total of 6 hours weekly.

Voraussetzungen

  • Profound knowledge of the C programming language
  • Knowledge about computer networks and the usage of Wireshark
  • Microcontroller programming
  • Ideally the lab was already completed in a previous semester
  • Self organized work during the semester

Kontakt

Technical University of Munich
Chair of Security in Information Technology
Thomas Schamberger
Theresienstr. 90, N1010
Email: t.schamberger@tum.de

 

Betreuer:

Thomas Schamberger

Further Topics on Physical Unclonable Functions

Beschreibung

Silicon based Physical Unclonable Functions (PUFs) are security primitives which can be used to derive device unique identities. Such identities can be used to identify a device or to derive a secret key.

You are interested in research in the field of Physical Unclonable Functions but you think that the topics which are listed on our page do not fit your previous knowledge or think there is no perfect match to what you are interested in? No problem! Please contact me at any time for advice regarding your thesis/student job. I can offer to

  • help you with your decision for/against some topic.
  • suggest probably further topics which are not advertised, yet.
  • bring you into contact with other members of our chair or at Fraunhofer AISEC.

Voraussetzungen

Plese send me an email which exhaustively describes your previous knowledge (e.g. your last grading sheet and a short CV) to allow me to prepare and to give you reasonable advice. Also, please provide 3-5 dates, which fit to your schedule, for a meeting.

Kontakt

Dr.-Ing. Michael Pehl
Chair for Security in Information Technology
Head: Prof. Dr.-Ing. Georg Sigl
Technical University of Munich
Arcisstr. 21, 80333 Munich (Germany)

Email: m.pehl@tum.de

Betreuer: