Studentische Arbeiten und Werkstudententätigkeiten

Auf dieser Seite finden Sie studentische Arbeiten und Werkstudententätigkeiten, die derzeit am Lehrstuhl für Sicherheit in der Informationstechnik und am Fraunhofer AISEC angeboten werden.

Die Arbeiten oder Werkstudententätigkeiten mit dem Zusatz (AISEC) werden am Fraunhofer AISEC in Garching durchgeführt.

Falls Sie sich bezüglich Ihrer Vorkenntnisse unsicher sind, kontaktieren Sie gerne den bei der Auschreibung genannten Kontakt. Sie haben kein Thema gefunden möchten aber trotzdem Ihre Arbeit bei uns schreiben? Kontaktieren Sie bitte einen Mitarbeiter im für Sie interessanten Forschungsbereich. Bitte legen Sie bei Bewerbungen immer einen aktuellen Notenauszug sowie einen kurzen Lebenslauf bei, damit wir Ihre Eignung für das Thema Ihrer Wahl einschätzen können.

Offene Arbeiten und Werkstudententätigkeiten

Bachelorarbeiten

Performant Trace Recording with Streaming Mode

Beschreibung

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Digital Hardware Design and Evaluation

Beschreibung

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Betreuer:

Jens Nöpel

Hardware Development for Security

Stichworte:
hardware development security

Beschreibung

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Betreuer:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Beschreibung

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Voraussetzungen

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Kontakt

Johanna.Baehr@aisec.fraunhofer.de

Betreuer:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Beschreibung

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Voraussetzungen

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Kontakt

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Betreuer:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Needles in Haystacks

Beschreibung

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Entwicklung von Werkzeugen für das Reverse Engineering

Beschreibung

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp

Implementation of Hardware Trojans

Beschreibung

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp

Masterarbeiten

Digital Hardware Design and Evaluation

Beschreibung

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Betreuer:

Jens Nöpel

Hide and Seek

Beschreibung

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
  • In the optimum case experience with FPGAs to try the measures in the real world.
  • Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Memory Encryption of Non-Volatile Flash

Kurzbeschreibung:
This exciting master thesis opportunity focuses on the critical area of memory encryption for non-volatile flash memory, a key aspect of ensuring data security in modern computing systems.

Beschreibung

Description: The growing popularity of non-volatile flash memory in various applications, including data storage and embedded systems, has raised significant security concerns. Data stored in these memories can be vulnerable to unauthorized access and tampering. Memory encryption is a vital technique to safeguard sensitive information from potential threats. In this thesis project, you will work on advancing the state-of-the-art in memory encryption techniques for non-volatile flash memory.
Project Overview: Non-volatile flash memory, commonly used in a wide range of electronic devices such as smartphones, tablets, and solid-state drives (SSDs), is susceptible to data breaches if not adequately protected. Memory encryption is a crucial technique to safeguard data from unauthorized access or tampering. This master's thesis project aims to explore, design, and implement memory encryption mechanisms for non-volatile flash memory devices.

Key Tasks:
   1. Literature Review: Conduct a comprehensive review of existing memory encryption techniques
       and their suitability for non-volatile flash memory.
   2. Design and Implementation: Integrate an appropriate encryption algorithm into a non-volatile
       flash memory controler, considering factors such as performance, security, and compatibility.
   3. Performance Analysis: Evaluate the performance overhead of memory encryption,
       including e.g. latency, throughput, and area.

Voraussetzungen

Motivation to learn, or experience with:

   - Strong background in cryptography, computer security, and embedded systems
   - Proficiency in hardware description languages (e.g., Verilog or VHDL) or SystemC
   - Familiarity with Platform Architect is a plus.
   - Excellent problem-solving skills and a passion for cybersecurity research

Kontakt

Interested candidates are encouraged to submit the following application materials to jens.noepel@tum.de:

   - A cover letter explaining your motivation and qualifications for this research opportunity.
   - Your updated CV/resume.
   - Academic transcripts and relevant certificates.

You can also contact me for inquiries or more information about the position. I would be happy to discuss the details or other related topics with you.

Join us in making advancements in memory encryption technology and contribute to enhancing the security of non-volatile flash memory devices. We look forward to welcoming a motivated and talented student.

Betreuer:

Jens Nöpel

Hardware Development for Security

Stichworte:
hardware development security

Beschreibung

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Betreuer:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Beschreibung

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Voraussetzungen

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Kontakt

Johanna.Baehr@aisec.fraunhofer.de

Betreuer:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Beschreibung

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Voraussetzungen

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Kontakt

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Betreuer:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Needles in Haystacks

Beschreibung

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

SCA of AI Hardware Accelerator

Stichworte:
SCA, Neural Networks, Hardware, FPGA

Beschreibung

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Voraussetzungen

  • VHDL/Verilog Knowledge
  • Sichere Implementierung Kryptographischer Verfahren (SIKA)
  • Python Skills

Kontakt

manuel.brosch@tum.de or matthias.probst@tum.de

Betreuer:

Matthias Probst, Manuel Brosch

Implementation of Hardware Trojans

Beschreibung

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp

Interdisziplinäre Projekte

Security Analysis of a Safety Controller (AISEC)

Beschreibung

Initially, safety controllers were relatively simple relays, which could cut the power to a system if, for example, an emergency shut-off is pressed. While still responsible for the same critical operations to prevent harm to humans, nowadays, programmable safety controllers are seamlessly integrated into production plants using Industrial Ethernet and bus systems. While this is great for productivity and flexibility, it also enlarges the attack surface. And in fact, safety controllers have already been targeted by attackers in the wild [1].

 

In this project the security of a modern interconnected safety controller should be analysed. Initially, a mock-up of a real production system based on the safety controller, actors, and safety sensors has to be built. Afterwards, this setup can serve as a test bed to explore the attack surface. For example, features like web servers hosted by the controller should be checked for vulnerabilities. Additionally, the Industrial Ethernet or ASi Safety traffic should be monitored and checked for security weaknesses. The focus of the security vulnerability analysis should be on functionalities for programming and configuring the controller due to their high impact if compromised. Depending on time and previous results, some more invasive tests may be conducted.

 

Voraussetzungen

The list of prerequisites is neither complete nor binding, but gives you an idea of the topic:

 

•   Interest in industrial components and protocols

 

•   Pentesting experience (e.g. binary exploitation at the Chair of IT Security)

 

•   Ability to work self-directed and systematically

 

Please attach a current grade sheet and a short CV to your application.

 

Kontakt

Nikolai Puch

Ferdinand Jarisch

Phone:      +49 89 322-9986-142

Phone:      +49 89 322-9986-166

E-mail:       nikolai.puch@aisec.fraunhofer.de

E-mail:          ferdinand.jarisch@aisec.fraunhofer.de

 

Fraunhofer Research Institute for Applied and Integrated Security AISEC

 

Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

References

 

[1]                                                        Triton. MITRE ATT&CK®, Mar. 2019. URL: https://attack.mitre.org/software/S1009/.

 

 

Betreuer:

Georg Sigl - Nikolai Puch + Ferdinand Jarisch (Fraunhofer AISEC)

Performant Trace Recording with Streaming Mode

Beschreibung

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Static and dynamic security testing of an embedded device actively used in industry (AISEC)

Beschreibung

Nowadays, many security vulnerabilities in software are found either via static application security testing (SAST) or via dynamic methods such as fuzzing. Depending on the target, however, both methods have limitations and require different amount of effort to be set up.
Your task will be to set up a SAST-tool developed at AISEC and an established opensource fuzzing-tool on an embedded device actively used in industry that handles network traffic. This device is running a common Linux kernel with custom extensions written in C/C++. For fuzzing purposes, suitable interfaces for virtualization are provided.
Once set up, the results of both security testing methods should be analyzed and harmonized.

Voraussetzungen

• Basic programming experience (C/C++)
• Ability to work self-directed and systematically
• Experience and knowledge in security testing is an asset
• Experience with Linux is an asset
If you are interested and would like to know more, please refer to the persons mentioned below. Please send your application with current CV and transcript of records to:

Kontakt

Hannah Schmid
Ferdinand Jarisch
Tel.:    +49 89 322-9986-130
Tel.:    +49 89 322-9986-166
E-mail: hannah.schmid@aisec.fraunhofer.de
E-mail: ferdinand.jarisch@aisec.fraunhofer.de

Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security
Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Betreuer:

Georg Sigl - Hannah Schmid, Ferdinand Jarisch (Fraunhofer AISEC)

Fuzzing Embedded Devices using Feedback from Side-Channel Analysis (AISEC)

Beschreibung

Fuzzing is a powerful and versatile technique to hunt security vulnerabilities. Embedded devices, however, usually lack suitable interfaces to apply established fuzzing-concepts known from software. Tapping side-channel information such as power consumption or electromagnetic radiation, can yield these interfaces and enable conventional grey-box fuzzing of an embedded device.

Task Description

Our current test set-up is capable of extracting code-coverage information during a fuzzing campaign from the power consumption of a STM32F417IGT microcontroller and feeding it back into our tool, which is based on the popular AFL++ fuzzer. Your task will be to measure the performance of this tool on additional microcontrollers and to increase its effectiveness where applicable. In detail, this entails hooking up a microcontroller to the test set-up, train a machine-learning model to the microcontroller-specific behavior, and measure the performance and effectiveness while fuzzing proof-of-concept and real-world software running on the microcontroller.
As optional task, you can work towards tapping electromagnetic radiation as second side-channel next to power consumption.

Voraussetzungen

• High motivation and ability to work independently
• Good coding skills in python and general understanding of software architecture
• Interest in offensive security and bug-hunting

Kontakt

Please send your application with current CV and transcript of records to:
Ferdinand Jarisch
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Product Protection and Industrial Security
Lichtenbergstr. 11, 85748 Garching near Munich
Mail: ferdinand.jarisch@aisec.fraunhofer.de
Phone: +49 89 322 9986-166
Publication Date: 21.11.2023

Betreuer:

Georg Sigl - Ferdinand Jarisch (Fraunhofer AISEC)

Fuzzing the Elkhart Lake PSE (AISEC)

Beschreibung

Die Programmable Services Engine (PSE) der Elkhart Lake Plattform ist ein separater ARM Core zur Ausführung von Applikationen getrennt vom Hauptprozessor. Die Firmware der PSE ist eine Softwarekomponente, die zur Bereitstellung sicherheitskritischer Plattformfunktionalitäten eingesetzt wird. Durch den Einsatz der Programmiersprache C können in dieser Komponente angreifbare Schwachstellen mit weitreichenden Sicherheitsimplikationen vorhanden sein.

Aufgabenbeschreibung
Ziel der Arbeit ist die Erstellung eines funktionierenden Fuzzing-Setups für die PSE Firmware der Elkhart Lake Plattform. Im Rahmen der Arbeit sollen zunächst Aufbau und Schnittstellen der Firmware analysiert werden. Darauf aufbauend sollen für Fuzzing geeignet Schnittstellen identifiziert werden.
Basierend auf diesen Vorarbeiten soll dann ein geeigneter Fuzzer ausgewählt und damit ein lauffähiges Fuzzing-Setup aufgebaut werden. Auch die Identifikation und Umsetzung von ggf. notwendigen Änderungen am ausgewählten Fuzzer sind Teil der Arbeit. Abschließend soll eine Evaluation des implementierten Fuzzers im Hinblick auf Code Coverage, Performance und Reproduzierbarkeit erfolgen.

Voraussetzungen

• Erweiterte Kenntnisse sowie praktische Erfahrung im Bereich Fuzzing
• Vorerfahrung mit Betriebssystemkonzepten und Linux-basierten Betriebssystemen
• Idealerweise Kenntnisse im Bereich Echtzeitbetriebssysteme, insbesondere Zephyr
• Idealerweise Grundkenntnisse im Bereich Rechnerarchitektur

Kontakt

Bitte senden Sie Ihre Bewerbung mit aktuellem Lebenslauf und Leistungsnachweis an:
Vincent Ahlrichs                    
Secure Operating Systems  
Mail: vincent.ahlrichs@aisec.fraunhofer.de   
Tel.: +49 89 322 9986-114   

Felix Wruck
Secure Operating Systems
Mail: felix.wruck@aisec.fraunhofer.de
Tel.: +49 89 322 9986-129

Fraunhofer Institut für Angewandte und Integrierte Sicherheit (AISEC)
Lichtenbergstr. 11, 85748 Garching b. München

Betreuer:

Georg Sigl - Vincent Ahlrichs, Felix Wruck (Fraunhofer AISEC)

Hardware Verification and FPGA Development for Experimental Setups

Stichworte:
FPGA development hardware

Beschreibung

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

Voraussetzungen

openOCD Extension Development:

  • Base knowledge in C
  • Basic tcl scripting

FPGA Development:

  • Base Verilog Knowledge
  • You can read schematics and do basic hardware debugging
  • Base python knowledge

 

Betreuer:

Tim Music

Hardware Development for Security

Stichworte:
hardware development security

Beschreibung

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Betreuer:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Beschreibung

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Voraussetzungen

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Kontakt

Johanna.Baehr@aisec.fraunhofer.de

Betreuer:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Entwicklung von Werkzeugen für das Reverse Engineering

Beschreibung

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp

Forschungspraxis (Research Internships)

Performant Trace Recording with Streaming Mode

Beschreibung

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Digital Hardware Design and Evaluation

Beschreibung

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Betreuer:

Jens Nöpel

Practical evaluation of RowHammer on an Embedded System (AISEC)

Beschreibung

RowHammer is a powerful fault injection technique, launched from software, to inject bitfaults into DRAM. Over the last decade, RowHammer was shown to threaten DRAMs. Vendors reacted and deployed countermeasures, which lead to the believe that the problem was solved. However, in the last years, research showed that RowHammer is still threatened by a more sophisticated technique, called Many-sided RowHammer.
In this work, we aim to create bitfaults inside the LPDDR4 of an embedded system by using the Many-Sided RowHammer technique. Therefore, we will port an existing RowHammer tool to our target embedded architecture. We will then evaluate, whether successful Many-sided RowHammer attack is possible on our targetted embedded platform, and which are the necessary parameters. Finally, we want evaluate how an attacker may use the particular achieved fault model.

Voraussetzungen

The following skills are valuable for the execution of the project:
* Good knowledge of programming in C
* Basic experience with assembly programming
* Basic experience with embedded Linux (e.g., Buildroot, Yocto, Raspbian, etc.)
* Basic knowledge about memory hierarchies and DRAM structure

Kontakt

If you are interested in this particular HiWi position, please send an email with
* a short CV,
* a short cover letter, and
* your last grading sheet.

Kilian Zinnecker, kilian.zinnecker@aisec.fraunhofer.de

Betreuer:

Georg Sigl - Kilian Zinnecker (Fraunhofer AISEC)

Hide and Seek

Beschreibung

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
  • In the optimum case experience with FPGAs to try the measures in the real world.
  • Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Trusted Channels for IoT Devices (AISEC)

Beschreibung

Remote Attestation is the process of assessing the trustworthiness of a remote computing platform through verifying the integrity of its software stack. Arm Trusted Firmware-M provides the Initial Attestation Service (IAS) to enable attestation on resource-constraint Arm Cortex-M microcontrollers. However, executing a remote attestation protocol without binding it to the device's communication channel opens up the possibility of Man-in-the-Middle (MitM) attacks: In such a scenario, an attacker uses a rogue device to fetch attestation evidence from a good device and establish communication to an IoT hub or other IoT devices. Therefore, the scope of this work is to design and implement a channel binding mechanism for common IoT protocols such as Constraint Application Protocol (CoAP) to augment the communication channel with an attestation mechanism. This includes the following tasks:
• Survey of existing IoT protocols and attestation mechanisms
• Design of a channel binding mechanism, e.g., for CoAP with OSCORE/EDHOC
• Implement a Proof-of-Concept for the solution
• Evaluate the solution

Voraussetzungen

• High motivation and ability to work independently
• Good Programming skills in C
• At least basic knowledge of cryptographic primitives
• Preferably knowledge about embedded systems and Arm Cortex-M processors

Kontakt

Simon Ott
Telefon: +49 89 322-9986-143
E-Mail: simon.ott@aisec.fraunhofer.de

Betreuer:

Georg Sigl - Simon Ott (Fraunhofer AISEC)

Hardware Development for Security

Stichworte:
hardware development security

Beschreibung

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Betreuer:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Beschreibung

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Voraussetzungen

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Kontakt

Johanna.Baehr@aisec.fraunhofer.de

Betreuer:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Beschreibung

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Voraussetzungen

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Kontakt

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Betreuer:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Needles in Haystacks

Beschreibung

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

SCA of AI Hardware Accelerator

Stichworte:
SCA, Neural Networks, Hardware, FPGA

Beschreibung

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Voraussetzungen

  • VHDL/Verilog Knowledge
  • Sichere Implementierung Kryptographischer Verfahren (SIKA)
  • Python Skills

Kontakt

manuel.brosch@tum.de or matthias.probst@tum.de

Betreuer:

Matthias Probst, Manuel Brosch

Implementation of Hardware Trojans

Beschreibung

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp

Ingenieurpraxis

Secure boot vulnerability demonstrator (AISEC)

Beschreibung

Secure boot is a fundamental building block to build secure embedded systems. Key element of a secure boot in embedded systems is the hardware root of trust: An immutable ROM code that uses a public key to verify the first stage boot loader, starting the chain of trust. However, if the SoC’s ROM code itself suffers from vulnerabilities, the whole secure boot may be broken beyond any repair, as the silicon’s ROM code is unpatchable. In this work we will setup a demonstrator to show a known secure boot vulnerability in a ROM boot code of a real world SoC.

Voraussetzungen

The following skills are valuable for the execution of the project:
* Experience with embedded Linux
* Basic knowledge of programming in C
* Knowledge about embedded security, e.g., from a lecture
* Experience in using Git
* Structured was of working and being able to work independently

Kontakt

If you are interested in this position, please send an email with
* a short CV,
* a short cover letter, and
* your last grading sheet.

Kilian Zinnecker, kilian.zinnecker@aisec.fraunhofer.de


Betreuer:

Georg Sigl - Kilian Zinnecker (Fraunhofer AISEC)

Hardware Development for Security

Stichworte:
hardware development security

Beschreibung

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Betreuer:

Tim Music

Studentische Hilfskräfte

Performant Trace Recording with Streaming Mode

Beschreibung

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Digital Hardware Design and Evaluation

Beschreibung

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Betreuer:

Jens Nöpel

Secure boot vulnerability demonstrator (AISEC)

Beschreibung

Secure boot is a fundamental building block to build secure embedded systems. Key element of a secure boot in embedded systems is the hardware root of trust: An immutable ROM code that uses a public key to verify the first stage boot loader, starting the chain of trust. However, if the SoC’s ROM code itself suffers from vulnerabilities, the whole secure boot may be broken beyond any repair, as the silicon’s ROM code is unpatchable. In this work we will setup a demonstrator to show a known secure boot vulnerability in a ROM boot code of a real world SoC.

Voraussetzungen

The following skills are valuable for the execution of the project:
* Experience with embedded Linux
* Basic knowledge of programming in C
* Knowledge about embedded security, e.g., from a lecture
* Experience in using Git
* Structured was of working and being able to work independently

Kontakt

If you are interested in this position, please send an email with
* a short CV,
* a short cover letter, and
* your last grading sheet.

Kilian Zinnecker, kilian.zinnecker@aisec.fraunhofer.de


Betreuer:

Georg Sigl - Kilian Zinnecker (Fraunhofer AISEC)

Hardware Verification and FPGA Development for Experimental Setups

Stichworte:
FPGA development hardware

Beschreibung

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

Voraussetzungen

openOCD Extension Development:

  • Base knowledge in C
  • Basic tcl scripting

FPGA Development:

  • Base Verilog Knowledge
  • You can read schematics and do basic hardware debugging
  • Base python knowledge

 

Betreuer:

Tim Music

Hardware Development for Security

Stichworte:
hardware development security

Beschreibung

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Betreuer:

Tim Music

Practical Cache Side-Channel on Embedded SoC Platforms (AISEC)

Beschreibung

Caches are indispensable hardware components of powerful, modern processors. However, their timing characteristics form a challenge to the implementation of secure systems: As they are used concurrently by different processes, they form a side-channel, leaking information about memory access patterns. In addition, misusing cache timings as a deliberate covert-channel between two malicious processes can threaten security, too.
The threat of cache based side-channel attacks has been known and demonstrated for many years. With the increasing performance and complexity of processors throughout all domains, they become more relevant in the domain of embedded SoCs. We want to gain deeper insight in the practical feasibility of cache side-channel attacks on embedded SoCs.
The aim of this work is to help us set up a cache based covert-channel on a modern embedded SoC platform. Therefore we will develop software, which uses the cache to form a covert-channel. Afterwards we will determine the characteristics and reliability of the covert-channel.

Voraussetzungen

The following skills are valuable for the execution of the project:
* Proficiency in programming in C
* Basic experience with assembly programming (preferably ARM)
* Basic knowledge about cache architectures (e.g., from a university lecture)
* Basic experience with embedded Linux (e.g., Raspberry Pi, BeagleBone, buildroot)
* Basic experience with git
* Basic knowledge in programming in Python3

Kontakt

If you are interested in this particular HiWi position, please send an email with
* a short CV,
* a short cover letter, and
* your last grading sheet.
If you are interested in working on cache side-channels in some other way, e.g., as research internship ("Forschungspraxis"), please feel free to contact me via email as well.

Kilian Zinnecker, kilian.zinnecker@aisec.fraunhofer.de

Betreuer:

Georg Sigl - Kilian Zinnecker (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Beschreibung

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Voraussetzungen

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Kontakt

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Betreuer:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Veranschaulichung von Sicherheitslücken in Fahrzeugen (AISEC)

Beschreibung

Die zunehmende Vernetzung von Fahrzeugen erlaubt Angreifern weitgreifende Manipulationen durchzuführen [1]. Zur Veranschaulichung von Sicherheitslücken in Fahrzeugen und zur Demonstration möglicher Gegenmaßnahmen soll daher ein realitätsnaher Demonstrator eines Fahrzeuginnenraums (Armaturenbrett, Tachometer, Lenkrad mit Force-Feedback) erstellt werden. Konkret werden reale Angriffe über die On-Board-Diagnose (OBD) Schnittstelle, direkten Zugriff auf Fahrzeugbusse oder über drahtlose Schnittstellen nachgestellt, z.B. auf die Kommunikation zwischen Fahrzeug und Schlüssel.

Neben der Ausarbeitung von Angriffsszenarien aus der jüngeren Vergangenheit gehört die Umsetzung und Darstellung in einem Demonstrator zu deinem Aufgabenspektrum. Konkret entwickelst du Software zum Ansteuern des Lenkrads und Tachometers über einen CAN-Bus und erstellst aus den einzelnen Komponenten einen Gesamtaufbau.

Im Zuge deiner Tätigkeit gewinnst du Erfahrungen über aktuelle E/E-Fahrzeugarchitekturen, über drahtlose Kommunikation und Kommunikation auf CAN-Bussen, über Schutzmaßnahmen und über konkrete Angriffe aus dem Bereich Cybersecurity.

[1] https://www.youtube.com/watch?v=MK0SrxBC1xs

Voraussetzungen

•   Praktische Erfahrung mit elektronischen/mechanischen Aufbauten; handwerkliches Geschick

•   Programmierkenntnisse und -erfahrung

•   Fähigkeit zur selbstständigen und zielorientierten Arbeit

•   Interesse im Bereich Automotive Security

Bitte beachte, dass durch die Art der Arbeit Anwesenheit am Institut in Garching nötig ist. Bewerben kannst du dich mit einem aktuellen Notenauszug sowie einem Lebenslauf bei den untenstehenden Personen.

Kontakt

Ferdinand Jarisch                                                             

Tel.:           +49 89 322-9986-166                                         ferdinand.jarisch@aisec.fraunhofer.de                     

Nikolai Puch

Tel.:+49 89 322-9986-142

nikolai.puch@aisec.fraunhofer.de

Fraunhofer Research Institute for Applied and Integrated Security AISEC

Department Product Protection and Industrial Security, Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Betreuer:

Georg Sigl - Ferdinand Jarisch (Fraunhofer AISEC)

Tutor/in: Advanced Cryptographic Implementations (SS2024)

Beschreibung

The course "Advanced Cryptographic Implementation" is focuses on advanced techniques for engineering state-of-the-art cryptographic implementations for embedded systems. It offers a comprehensive exploration of efficient methods for implementing cryptographic algorithms, along with countermeasures to safeguard these implementations against side-channel and fault attacks.

During the course, students will have the opportunity to engage in a practical, hands-on project that will enable them to acquire the necessary skills to implement cryptographic algorithms on a microcontroller.   

As a tutor you will provide technical support to students during the summer semester in form of meetings and/or supervision (e.g., chat or mail).

Timeline and working hours:

From 15.04.2024 until 31.07.2024 with a total of 84 hours. Flexible working hours and working period are possible. 

Voraussetzungen

    • Self-motivated and independent working style.

    • Hands-on experience with programming and microcontrollers.

    • Previous knowledge of ARM and/or RISC-V platforms is desirable but not required.

    • Previous attendance to the course is desirable, but not required.

Kontakt

 

Fabrizio De Santis

fabrizio.desantis@siemens.com

 

Betreuer:

Fabrizio De Santis

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Tutor: Messsysteme und Sensortechnik

Beschreibung

Begleitend zur Bachelorvorlesung Messsysteme und Sensortechnik, findet ein Laborversuch statt. Bei diesem müssen die Studierenden den geheimen Schlüssel eines RSA Signaturalgorithmus herausfinden, der auf einem Microcontroller ausgeführt wird. Hierzu wird der Stromverbrauch des Microcontrollers gemessen und anhand des gemessenen Stromverbrauchs kann der Schlüssel abgeleitet werden.

Die Tutorenstelle umfasst das Betreuen der Studierenden während der Versuchsdurchführung, in einem zeitlichen Rahmen von 3 Stunden pro Woche (oder mehr). Arbeitsbeginn ist zum 15. April oder später möglich.

 

Voraussetzungen

  • Python Grundkenntnisse

 

Kontakt

Technical University of Munich
Chair of Security in Information Technology
Manuel Brosch
Theresienstr. 90, N1007
Email: manuel.brosch@tum.de

Betreuer:

Manuel Brosch

Entwicklung von Werkzeugen für das Reverse Engineering

Beschreibung

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp