Studentische Arbeiten und Werkstudententätigkeiten

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
• Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for designing an interface
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
• Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
• In the optimum case experience with FPGAs to try the measures in the real world.
• Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

Servers and Internet of Things (IoT) devices usually expose a number of ports, use different protocols, such as HTTP, MQTT, SSH or SMTP, and run multiple network services. Vulnerabilities in the protocol stacks or the services and applications on the platform can lead to compromise. Even vulnerabilities in small libraries, such as for logging HTTP requests can lead to remote code execution on the affected server. Securing all parts of the software stack is a difficult task.  
Therefore, a more promising approach might be to limit the connectivity of devices processing sensitive data. Utilizing a Trusted Execution Environment (TEE), access to physical network interfaces can be restricted. The TEE only hosts a minimal network stack and lightweight WireGuard VPN tunnel. Network applications and services in the Rich Execution Environment (REE) can be used without modifications, but can only communicate to trusted peers via the VPN tunnel. This reduces the attack surface of the device from potentially many exposed ports and services to a single port protected by the WireGuard VPN.
This work shall implement parts of above described setup on an ARM Cortex-A embedded device as a PoC:
• Configure the ARM TrustZone to restrict the physical network interface to the secure world
• Implement a driver for accessing the physical network interface
• Implement or port a small network stack for being used within the TEE

• High motivation and ability to work independently
• Good Programming skills in C
• Experience with the Linux kernel
• At least basic knowledge of network stacks

Description: The growing popularity of non-volatile flash memory in various applications, including data storage and embedded systems, has raised significant security concerns. Data stored in these memories can be vulnerable to unauthorized access and tampering. Memory encryption is a vital technique to safeguard sensitive information from potential threats. In this thesis project, you will work on advancing the state-of-the-art in memory encryption techniques for non-volatile flash memory.
Project Overview: Non-volatile flash memory, commonly used in a wide range of electronic devices such as smartphones, tablets, and solid-state drives (SSDs), is susceptible to data breaches if not adequately protected. Memory encryption is a crucial technique to safeguard data from unauthorized access or tampering. This master's thesis project aims to explore, design, and implement memory encryption mechanisms for non-volatile flash memory devices.

Key Tasks:
   1. Literature Review: Conduct a comprehensive review of existing memory encryption techniques
       and their suitability for non-volatile flash memory.
   2. Design and Implementation: Integrate an appropriate encryption algorithm into a non-volatile
       flash memory controler, considering factors such as performance, security, and compatibility.
   3. Performance Analysis: Evaluate the performance overhead of memory encryption,
       including e.g. latency, throughput, and area.

Motivation to learn, or experience with:

   - Strong background in cryptography, computer security, and embedded systems
   - Proficiency in hardware description languages (e.g., Verilog or VHDL) or SystemC
   - Familiarity with Platform Architect is a plus.
   - Excellent problem-solving skills and a passion for cybersecurity research

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
• Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Ideally, you should have knowledge of the following:

• A hardware description language like VHDL/Verilog/SystemVerilog
• Experience running simulations using ModelSim
• Basic C programming skills
• Basic knowledge of post-quantum cryptography as taught as e.g. in Quantum Computers and Quantum Secure Communications

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.

A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime

References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

• VHDL/Verilog Knowledge
• Sichere Implementierung Kryptographischer Verfahren (SIKA)
• Python Skills

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for designing an interface
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
• Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Fuzzing is a powerful and versatile technique to hunt security vulnerabilities. Embedded devices, however, usually lack suitable interfaces to apply established fuzzing-concepts known from software. Tapping side-channel information such as power consumption or electromagnetic radiation, can yield these interfaces and enable conventional grey-box fuzzing of an embedded device.

Task Description

Our current test set-up is capable of extracting code-coverage information during a fuzzing campaign from the power consumption of a STM32F417IGT microcontroller and feeding it back into our tool, which is based on the popular AFL++ fuzzer. Your task will be to measure the performance of this tool on additional microcontrollers and to increase its effectiveness where applicable. In detail, this entails hooking up a microcontroller to the test set-up, train a machine-learning model to the microcontroller-specific behavior, and measure the performance and effectiveness while fuzzing proof-of-concept and real-world software running on the microcontroller.
As optional task, you can work towards tapping electromagnetic radiation as second side-channel next to power consumption.

• High motivation and ability to work independently
• Good coding skills in python and general understanding of software architecture
• Interest in offensive security and bug-hunting

Die Programmable Services Engine (PSE) der Elkhart Lake Plattform ist ein separater ARM Core zur Ausführung von Applikationen getrennt vom Hauptprozessor. Die Firmware der PSE ist eine Softwarekomponente, die zur Bereitstellung sicherheitskritischer Plattformfunktionalitäten eingesetzt wird. Durch den Einsatz der Programmiersprache C können in dieser Komponente angreifbare Schwachstellen mit weitreichenden Sicherheitsimplikationen vorhanden sein.

Aufgabenbeschreibung
Ziel der Arbeit ist die Erstellung eines funktionierenden Fuzzing-Setups für die PSE Firmware der Elkhart Lake Plattform. Im Rahmen der Arbeit sollen zunächst Aufbau und Schnittstellen der Firmware analysiert werden. Darauf aufbauend sollen für Fuzzing geeignet Schnittstellen identifiziert werden.
Basierend auf diesen Vorarbeiten soll dann ein geeigneter Fuzzer ausgewählt und damit ein lauffähiges Fuzzing-Setup aufgebaut werden. Auch die Identifikation und Umsetzung von ggf. notwendigen Änderungen am ausgewählten Fuzzer sind Teil der Arbeit. Abschließend soll eine Evaluation des implementierten Fuzzers im Hinblick auf Code Coverage, Performance und Reproduzierbarkeit erfolgen.

• Erweiterte Kenntnisse sowie praktische Erfahrung im Bereich Fuzzing
• Vorerfahrung mit Betriebssystemkonzepten und Linux-basierten Betriebssystemen
• Idealerweise Kenntnisse im Bereich Echtzeitbetriebssysteme, insbesondere Zephyr
• Idealerweise Grundkenntnisse im Bereich Rechnerarchitektur

Cache-based side-channel attacks on cryptographic implementations are very powerful and dangerous throughout different processor domains. The feasibility of cache attacks has been demonstrated on various platforms with different CPU architectures, including the embedded domain. In this work, we want to evaluate the use of an existing data-based trace emulator to evaluate cache attacks on different architectures.
Therefore, we set up the emulator for our target architecture and create a test software using a cryptographic implementation. We run the emulation and generate the data-based traces. Finally, we show that it is possible to recover parts of the secret key using the data-based traces for a cache attack.

The following skills are valuable for the execution of the project:
* Good knowledge of programming in Python
* Basic knowledge of programming in C
* Basic experience with assembly programming
* Basic experience with Linux

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

openOCD Extension Development:

• Base knowledge in C
• Basic tcl scripting

FPGA Development:

• Base Verilog Knowledge
• You can read schematics and do basic hardware debugging
• Base python knowledge

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Cache-based side-channel attacks on cryptographic implementations are very powerful and dangerous throughout different processor domains. The feasibility of cache attacks has been demonstrated on various platforms with different CPU architectures, including the embedded domain. In this work, we want to evaluate the use of an existing data-based trace emulator to evaluate cache attacks on different architectures.
Therefore, we set up the emulator for our target architecture and create a test software using a cryptographic implementation. We run the emulation and generate the data-based traces. Finally, we show that it is possible to recover parts of the secret key using the data-based traces for a cache attack.

The following skills are valuable for the execution of the project:
* Good knowledge of programming in Python
* Basic knowledge of programming in C
* Basic experience with assembly programming
* Basic experience with Linux

RowHammer is a powerful fault injection technique, launched from software, to inject bitfaults into DRAM. Over the last decade, RowHammer was shown to threaten DRAMs. Vendors reacted and deployed countermeasures, which lead to the believe that the problem was solved. However, in the last years, research showed that RowHammer is still threatened by a more sophisticated technique, called Many-sided RowHammer.
In this work, we aim to create bitfaults inside the LPDDR4 of an embedded system by using the Many-Sided RowHammer technique. Therefore, we will port an existing RowHammer tool to our target embedded architecture. We will then evaluate, whether successful Many-sided RowHammer attack is possible on our targetted embedded platform, and which are the necessary parameters. Finally, we want evaluate how an attacker may use the particular achieved fault model.

The following skills are valuable for the execution of the project:
* Good knowledge of programming in C
* Basic experience with assembly programming
* Basic experience with embedded Linux (e.g., Buildroot, Yocto, Raspbian, etc.)
* Basic knowledge about memory hierarchies and DRAM structure

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
• In the optimum case experience with FPGAs to try the measures in the real world.
• Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

Remote Attestation is the process of assessing the trustworthiness of a remote computing platform through verifying the integrity of its software stack. Arm Trusted Firmware-M provides the Initial Attestation Service (IAS) to enable attestation on resource-constraint Arm Cortex-M microcontrollers. However, executing a remote attestation protocol without binding it to the device's communication channel opens up the possibility of Man-in-the-Middle (MitM) attacks: In such a scenario, an attacker uses a rogue device to fetch attestation evidence from a good device and establish communication to an IoT hub or other IoT devices. Therefore, the scope of this work is to design and implement a channel binding mechanism for common IoT protocols such as Constraint Application Protocol (CoAP) to augment the communication channel with an attestation mechanism. This includes the following tasks:
• Survey of existing IoT protocols and attestation mechanisms
• Design of a channel binding mechanism, e.g., for CoAP with OSCORE/EDHOC
• Implement a Proof-of-Concept for the solution
• Evaluate the solution

• High motivation and ability to work independently
• Good Programming skills in C
• At least basic knowledge of cryptographic primitives
• Preferably knowledge about embedded systems and Arm Cortex-M processors

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
• Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Ideally, you should have knowledge of the following:

• A hardware description language like VHDL/Verilog/SystemVerilog
• Experience running simulations using ModelSim
• Basic C programming skills
• Basic knowledge of post-quantum cryptography as taught as e.g. in Quantum Computers and Quantum Secure Communications

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.

A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime

References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

• VHDL/Verilog Knowledge
• Sichere Implementierung Kryptographischer Verfahren (SIKA)
• Python Skills

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

• Sufficient knowledge in a High-Level Programming language such as python for designing an interface
• Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
• Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Secure boot is a fundamental building block to build secure embedded systems. Key element of a secure boot in embedded systems is the hardware root of trust: An immutable ROM code that uses a public key to verify the first stage boot loader, starting the chain of trust. However, if the SoC’s ROM code itself suffers from vulnerabilities, the whole secure boot may be broken beyond any repair, as the silicon’s ROM code is unpatchable. In this work we will setup a demonstrator to show a known secure boot vulnerability in a ROM boot code of a real world SoC.

The following skills are valuable for the execution of the project:
* Experience with embedded Linux
* Basic knowledge of programming in C
* Knowledge about embedded security, e.g., from a lecture
* Experience in using Git
* Structured was of working and being able to work independently

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Secure boot is a fundamental building block to build secure embedded systems. Key element of a secure boot in embedded systems is the hardware root of trust: An immutable ROM code that uses a public key to verify the first stage boot loader, starting the chain of trust. However, if the SoC’s ROM code itself suffers from vulnerabilities, the whole secure boot may be broken beyond any repair, as the silicon’s ROM code is unpatchable. In this work we will setup a demonstrator to show a known secure boot vulnerability in a ROM boot code of a real world SoC.

The following skills are valuable for the execution of the project:
* Experience with embedded Linux
* Basic knowledge of programming in C
* Knowledge about embedded security, e.g., from a lecture
* Experience in using Git
* Structured was of working and being able to work independently

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

openOCD Extension Development:

• Base knowledge in C
• Basic tcl scripting

FPGA Development:

• Base Verilog Knowledge
• You can read schematics and do basic hardware debugging
• Base python knowledge

Do you have hardware experience? We are looking for you!

• You are looking for a thesis, research internship or student assistant position?
• You know how to draw an orderly schematic?
• You know a thing or two about electronic component selection?
• You know op-amps not just from textbooks?
• You have laid out your own PCBs before?
• You are no stranger to soldering?
• You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
• You prefer to talk to microcontrollers (at the register level)?
• You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Caches are indispensable hardware components of powerful, modern processors. However, their timing characteristics form a challenge to the implementation of secure systems: As they are used concurrently by different processes, they form a side-channel, leaking information about memory access patterns. In addition, misusing cache timings as a deliberate covert-channel between two malicious processes can threaten security, too.
The threat of cache based side-channel attacks has been known and demonstrated for many years. With the increasing performance and complexity of processors throughout all domains, they become more relevant in the domain of embedded SoCs. We want to gain deeper insight in the practical feasibility of cache side-channel attacks on embedded SoCs.
The aim of this work is to help us set up a cache based covert-channel on a modern embedded SoC platform. Therefore we will develop software, which uses the cache to form a covert-channel. Afterwards we will determine the characteristics and reliability of the covert-channel.

The following skills are valuable for the execution of the project:
* Proficiency in programming in C
* Basic experience with assembly programming (preferably ARM)
* Basic knowledge about cache architectures (e.g., from a university lecture)
* Basic experience with embedded Linux (e.g., Raspberry Pi, BeagleBone, buildroot)
* Basic experience with git
* Basic knowledge in programming in Python3

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Die zunehmende Vernetzung von Fahrzeugen erlaubt Angreifern weitgreifende Manipulationen durchzuführen [1]. Zur Veranschaulichung von Sicherheitslücken in Fahrzeugen und zur Demonstration möglicher Gegenmaßnahmen soll daher ein realitätsnaher Demonstrator eines Fahrzeuginnenraums (Armaturenbrett, Tachometer, Lenkrad mit Force-Feedback) erstellt werden. Konkret werden reale Angriffe über die On-Board-Diagnose (OBD) Schnittstelle, direkten Zugriff auf Fahrzeugbusse oder über drahtlose Schnittstellen nachgestellt, z.B. auf die Kommunikation zwischen Fahrzeug und Schlüssel.

Neben der Ausarbeitung von Angriffsszenarien aus der jüngeren Vergangenheit gehört die Umsetzung und Darstellung in einem Demonstrator zu deinem Aufgabenspektrum. Konkret entwickelst du Software zum Ansteuern des Lenkrads und Tachometers über einen CAN-Bus und erstellst aus den einzelnen Komponenten einen Gesamtaufbau.

Im Zuge deiner Tätigkeit gewinnst du Erfahrungen über aktuelle E/E-Fahrzeugarchitekturen, über drahtlose Kommunikation und Kommunikation auf CAN-Bussen, über Schutzmaßnahmen und über konkrete Angriffe aus dem Bereich Cybersecurity.

[1] https://www.youtube.com/watch?v=MK0SrxBC1xs

•   Praktische Erfahrung mit elektronischen/mechanischen Aufbauten; handwerkliches Geschick

•   Programmierkenntnisse und -erfahrung

•   Fähigkeit zur selbstständigen und zielorientierten Arbeit

•   Interesse im Bereich Automotive Security

Bitte beachte, dass durch die Art der Arbeit Anwesenheit am Institut in Garching nötig ist. Bewerben kannst du dich mit einem aktuellen Notenauszug sowie einem Lebenslauf bei den untenstehenden Personen.

The course “Advanced Cryptographic Implementation” teaches advanced techniques for implementing state-of-the-art cryptographic algorithms on embedded systems, including advanced countermeasures to secure cryptographic implementations against side-channel and fault attacks.

As part of the course, students undertake a practical, hands-on project that involves implementing and optimizing cryptographic algorithms on a RISC-V based microcontroller using C and assembly code.

As a tutor you will provide technical support to students during the summer semester in form of (virtual) meetings and/or remote supervision (e.g., chat or mail).

Timeline and working hours:

From 15.04.2023 until 31.07.2023 with a total of 84 hours. Flexible working hours and flexible working period are possible.

·       Basic knowledge of cryptography

·       Hands-on experience with C/ASM programming and microcontrollers

·       Self-motivated and independent working style

·       Previous knowledge of RISC-V and attendance to the course are desirable, but not required

At Fraunhofer AISEC, we research and develop software for embedded systems. This usually involves
usage of CI Pipelines to run unit and integration tests. However, for some functionalities, e.g. SoC specific security functions, there has not been any suitable automated test setup so far.
The goal of this student job is to extend existing CI functionality with a mechanism to integrate several physical devices. Currently, our setup for testing these devices requires manually setting hardware jumpers, and flashing the board over a USB connection. This process, i.e. setting jumpers, resetting and flashing boards, should be automated and made accessible over the network.

Area of Work
You will get in touch with:
• ARM Toolchain / Yocto
• NXP Universal Updater (UUU)
• Hardware Boards/ Raspberry Pi / PI KVM
• potentially Jenkins for CI/CD integration

• Scripting Languages (e.g. Python)
• Previous experience in Embedded Development (e.g. with Cortex-A, Cortex-M . . . ) and its interfaces (USB, UART, GPIO) is advantageous

Physical Unclonable Functions (PUFs) exploit manufacturing process variations to generate unique signatures. PUF and error-correcting codes can be joined together to reliably generate cryptographically strong keys. However, the implementation of error-correcting codes is prone to physical attacks like side-channel attacks. Side-channel attacks exploit the information leaked during the computation of secret intermediate states to recover the secret key. Therefore, the implementation of error-correcting codes must also involve the implementation of proper countermeasures against side-channel attacks.

The goal of this thesis is to evaluate the side-channel resistance of a secure implementation of error-correcting codes for PUFs on FPGA. The thesis consists of the following steps:

• Get familiar with currently available implementations of error-correcting codes for PUFs
• Adapt and improve current implementations (VHDL)
• Develop a measurement setup for side-channel analysis (Matlab/Python)
• Perform side-channel analysis using the state-of-the-art EMF measurement equipment in our lab (Oscilloscope knowledge + Matlab/Python required)

 The ideal candidate should have:

• Previous experience in field of digital design (VHDL/Vivado/Xilinx FPGA)
• Basic knowledge on using lab equipment (e.g Oscilloscope,...)
• Basic knowledge in statistics
• Good programming skills in Matlab/Python
• Attendance at the lecture “Secure Implementation of Cryptographic Algorithms” is advantageous