Further Information

As computing systems become increasingly complex, ensuring the security and integrity of code execution has become a fundamental challenge. Software-based protection mechanisms alone are often insufficient against sophisticated attacks that exploit vulnerabilities in operating systems, firmware, or applications. To address these threats, hardware isolation technologies have become crucial for a trusted system design.

Hardware isolation mechanisms create secure boundaries at the hardware level, enabling sensitive operations to be executed in protected environments isolated from potentially compromised components. Several approaches have been developed to achieve this goal, including Trusted Execution Environments (TEEs), Memory Protection Units (MPUs), Trusted Platform Modules (TPMs), Secure Elements (SEs), etc.

The aim of this work is a:

• literature review of state-of-the-art hardware isolation technologies,
• with a focus on their advantages and disadvantages,
• and summarizing the key findings.

References

[1] C. Lesjak, D. Hein and J. Winter, "Hardware-security technologies for industrial IoT: TrustZone and security controller," IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society, Yokohama, Japan, 2015, pp. 002589-002595, doi: 10.1109/IECON.2015.7392493.

[2] M. Grisafi, M. Ammar and B. Crispo, "On the (in)security of Memory Protection Units : A Cautionary Note," 2022 IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece, 2022, pp. 157-162, doi: 10.1109/CSR54599.2022.9850322.

The Device Identifier Composition Engine (DICE) is a security architecture proposed by the Trusted Computing Group (TCG), primarily intended for resource-constrained devices. The DICE architecture serves as a basic Root of Trust (RoT) by providing a boot time measurement to generate a unique cryptographic device identity, only leveraging minimal hardware requirements and software techniques. The generated identity can then be used for various purposes, e.g., in a remote attestation process to prove the identity and integrity of the device. A DICE Protection Environment (DPE) protects DICE-related secrets and helps enforce DICE-related policies.

The aim of this work is a:

• literature review of state-of-the-art DICE and DPE implementations,
• with a focus on the DPE,
• and summarizing the key findings.

References

[1] https://trustedcomputinggroup.org/wp-content/uploads/DICE-Layering-Architecture-r19_pub.pdf

[2] https://trustedcomputinggroup.org/wp-content/uploads/DICE-Protection-Environment-Version-1.0_pub.pdf

With the growing complexity of embedded systems, traditional software-based attack detection approaches face challenges in terms of latency, visibility, and resilience against low-level attacks. Hardware-assisted monitoring, such as using Hardware Performance Counters (HPCs), offers a promising complement. These sources can reveal subtle anomalies and attack traces at the microarchitectural or physical level.

However, the diversity of proposed detection mechanisms (machine-learning-based, threshold-based, hybrid firmware-hardware schemes, etc.) and the wide range of targeted attack types (e.g., side-channel, control-flow hijack, fault injection, denial-of-service) make it difficult to systematically compare and evaluate these techniques. A structured analysis of this research landscape is therefore essential.

The aim of this work is a:

• literature review of hardware-assisted attack detection mechanisms,
• with a focus on the HPCs,
• analysing the detection methodologies,
• and summarizing the key findings.

References:

[1] Foreman, James Christopher. "A survey of cyber security countermeasures using hardware performance counters." arXiv preprint arXiv:1807.10868 (2018).

[2] C. Li and J. -L. Gaudiot, "Detecting Malicious Attacks Exploiting Hardware Vulnerabilities Using Performance Counters," 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 2019, pp. 588-597, doi: 10.1109/COMPSAC.2019.00090.

Threshold Computationin-the-Head [1] is a relatively new zero-knowledge proof technique that is built upon the MPC-in-the-Head concept. Using this technique, post-quantum secure signatures can be obtained.

In this work, the student should get an overview of the TCitH framework and explain it's basic concepts. Further, a systematic sutdy should analyse, which of the signature schemes in the on-ramp NIST competition [2] is built on that paradigm. 

References:

• [1] https://link.springer.com/article/10.1007/s00145-025-09543-8
• [2] https://csrc.nist.gov/Projects/pqc-dig-sig/round-2-additional-signatures

VOLE-in-the-Head [1] is a relatively new zero-knowledge proof technique that is built upon the MPC-in-the-Head concept. Using this technique, post-quantum secure signatures can be obtained. In the recently started on-ramp signature call by NIST, FAEST [2] is one candidate that uses the VOLE-in-the-Head concept.

In this work, the student should get an overview of the VOLE-in-the-Head framework and explain it's basic concepts and how the signature scheme FAEST is constructed from it.

References:

• [1] https://link.springer.com/chapter/10.1007/978-3-031-38554-4_19
• [2] https://faest.info/resources.html

Side-channel analysis (SCA) still poses a major threat in hardware security chips like smartcards. For software systems, it is quite simple to adapt problematic code while taking real side-channel measurements. However, in hardware primitives this is not possible to solve this in multiple iterations since each sample chip is linked to enormous costs and delay time.

Instead, manufactureres have long tried to identify such leakage already in the design stage. However, the tooling for this still faces many challenges.

[1]  Jasper van Woudenberg et al.: Pre-silicon Side Channel and Fault Analysis

[2] Kazuki Monta et al.: On the Unpredictability of SPICE Simulations for Side-Channel Leakage Verification of Masked Cryptographic Circuits

For power side channel attacks, it is common to capture traces with some kind of oscilloscope. Depeding on the model in use one has several degrees of freedom on the properties of such a measurement. This includes the sampling rate of the scope as well as the resolution of the ADC.

The goal of this seminar topic is to summarize findings on the impact of the resolution of an oscilloscope on the resulting side channel attack.

Reference:

CPU prefetcher speculatively load data into CPU caches in advance, to prevent CPU stalls due to high memory access latencies. While they are a vital component for performace, they lately got into focus of IT security concerns: As some prefetchers reason about soon to be accessed data by past access patterns, they may leak information similar to cache side-channels.

In this work, we want to give an overview about the different proposed attacks, and what their work principle is. This includes a categorization which kind of prefetcher and which crypto-implementation they target. Finally we give an outlook what future research directions could be interesting.

Reference as a starting point: https://dl.acm.org/doi/10.1145/3575693.3575719

Remark: This topic is supervised by a colleague at Fraunhofer AISEC

The core of most ciphers and hash functions is a small substitution table, the S-Box, which provides the confusion and diffusion needed for a good cryptographic security. While such table look-ups are trivial in software, the efficient implementation in hordware modules is still and open question. Various heuristics have been proposed to minimize the area and latency of such almost random circuits.

The task of this seminar is to present and compare several such algorithms.

[1] Y. Jeon et al.: Framework for Generating S-Box Circuits with Boyar–Peralta Algorithm-Based Heuristics, https://tches.iacr.org/index.php/TCHES/article/view/11940/11800

Physical Unclonable Functions (PUFs) offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. When a use a cryptographic keys is targeted, the quality of this inherent randomness needs to be assessed. A number of metrics and statistical tests specific to PUFs emerged for this purpose.

Randomness tests are no less important in the domain of True Random Number Generators (TRNGs). Here, standardised test suites exist, e.g. NIST SP 800-22, BSI AIS 20, BSI AIS 31. Despite the underlying principles and the key metrics being quite different, many PUF publications simply apply TRNG randomness tests to their data without much consideration for the underlying  assumptions of this methodology.

The aim of this work is a comprehensive literature search regarding

• adaptations of TRNG test frameworks to PUF quality assessment (e.g. [1]) and
• significance of the results when applying standard/adapted TRNG tests to PUFs.

[1] https://github.com/cryptoquantique/TuRiNG-A-PUF-randomness-test-suite

An often-cited advantage of key storage with physical unclonable functions (PUFs) is that protection mechanisms for stored cryptographic keys need only be active during runtime. Since the secret only exists while the device is active, expensive secure non-volatile storage is no longer needed.

A comprehensive evaluation of such claims however, needs a clearly defined attacker model. Especially in the domain of memristor-based PUFs, discussions of attacker capabilities have been far from commonplace. Some works (e.g. [1]) discuss measures to harden the PUF primitive against prospecitve attackers, some discuss specific attacks (e.g. [2]), while others use the memristors as non-volatile storage (e.g. [3]).

The aim of this work is a

• literature review of memristor-based PUFs with a
• focus on their explicit and implicit security assumptions,
• summarising the results into predominant categories for attacker models.

[1] https://www.science.org/doi/full/10.1126/sciadv.abn7753
[2] https://arxiv.org/abs/2307.01041
[3] https://ieeexplore.ieee.org/abstract/document/7001345

Masking schemes to protect an implementation against side-channel attacks usually come with security proofs in so-called probing models [1, 2].
There exists different probing models that address different leakage characteristics, such as glitches [3].

The goal is to give insight into different probing models, their characteristics and limitations.

References

[1] Ishai, Y., Sahai, A., Wagner, D. (2003). Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_27

[2] Cassiers, Gaetan & Standaert, François-Xavier. (2020). Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference. IEEE Transactions on Information Forensics and Security. PP. 1-1. 10.1109/TIFS.2020.2971153.

[3] Faust, S., Grosso, V., Merino Del Pozo, S., Paglialonga, C., & Standaert, F.-X. (2018). Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 89–120. https://doi.org/10.13154/tches.v2018.i3.89-120

In principle, an artificial neural network (ANN) can be trained to approximate any function. Progress in the domain of machine learning (ML) has shown that this universal approximation of functions has not only theoretical, but also practical relevance.

Error correction codes (ECCs) map information to a larger space, adding redunandancy so that the original information can be recovered despite erroneous data transmission. To decode a received data word and correct transmission errors, typically bespoke classical algorithms are used.

Prior research, beginning with [1], has shown that using an ANN in place off an ECC decoder is indeed possible. The goal of this work is a thorough literature review of such research.

[1] https://ieeexplore.ieee.org/abstract/document/7926071

Hybrid schemes combine classical and post-quantum algorithms to ensure security against both conventional and quantum adversaries during the transition to PQC. Typically, a hybrid key exchange merges ECDH with a PQC KEM (e.g., ML-KEM), or a hybrid signature merges ECDSA with a PQC signature (e.g., Dilithium).

This approach allows gradual migration while preserving interoperability with existing systems such as TLS and SSH. Current challenges include defining robust combiners, preventing downgrade attacks, optimizing performance, and establishing unified standards across implementations and protocols.

This seminar topic aims to provide an overview of current hybrid post-quantum cryptography approaches, highlighting their design principles, deployment in real-world protocols, and the challenges in securely transitioning from classical to quantum-resistant systems.

Suggested readings: (Just example. Own Research necessary!)

[1] Giron, A. A., Custódio, R., & Rodríguez-Henríquez, F. (2023). Post-quantum hybrid key exchange: a systematic mapping study. Journal of Cryptographic Engineering, 13(1), 71-88.

[2] Rizvi, E. R., & Khurram, S. (2025). Hybrid Post-Quantum Cryptographic Approaches for Secure Communication. Annual Methodological Archive Research Review, 3(6), 48-74.

[3] Ricci, S., Dobias, P., Malina, L., Hajny, J., & Jedlicka, P. (2024). Hybrid keys in practice: Combining classical, quantum and post-quantum cryptography. IEEE Access, 12, 23206-23219.

For power side channel attacks, it is common to capture traces with some kind of oscilloscope. Depeding on the model in use one has several degrees of freedom on the properties of such a measurement. This includes the sampling rate of the scope as well as the resolution of the ADC.

The goal of this seminar topic is to summarize findings on the impact of the sampling rate of an oscilloscope on the resulting side channel attack.

Reference:

Speculative execution attacks like Spectre and Meltdown are dangerous threats to security of modern systems. They exploit flaws in CPU microarchitecture to obtain secret data. Since publication in early 2018 further speculative execution attacks were discovered, like Foreshadow, Zombieload and many more.

In this work, we want to give an overview of some prominent speculative execution attacks and briefly describe their work principle. Most of the attacks were first demonstrated on x86. Hence, we also want to highlight whenever any of the attacks were demonstrated on ARM or RISC-V as well. Finally we also give a brief overview of some of the existing countermeasures. As there are quite a lot of different attacks and variants thereof, we limit ourself to a reasonable scope, covering only some of the exisitng attacks.

Reference as a starting point: https://meltdownattack.com/meltdown.pdf

Remark: This work is supervised by a colleague at Fraunhofer AISEC 

As the development of neural networks requires large amounts of data, expertise, and resources, they are considered valuable intellectual property. This necessitates research into possible attack vectors that could enable the extraction of neural network model parameters. One such attack vector are the memory access patterns of a neural network during inference.

The goal of this seminar is to provide an overview on memory access pattern side channel attacks against neural networks.

[1] X. Hu, L. Liang, S. Li, L. Deng, P. Zuo, Y. Ji, X. Xie, Y. Ding, C. Liu, T. Sherwood, et al. DeepSniffer: A DNN model extraction framework based on learning architectural hints. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2020.

This seminar topic aims to provide an overview of different caching strategies for data stored in DRAM.

A good starting point is:
[1]DRAM Aware Last-Level-Cache Policies

In this seminar topic, the student will study the impact of quantum computing on blockchain technology and analyze the role of post-quantum cryptographic primitives in mitigating these threats. Based on the recommended paper “Blockchain in the Quantum Era: Surveying Security Challenges and Post-Quantum Cryptography” [1]  by Ramzan and Cimato, the student will investigate:

• The main vulnerabilities of current blockchain cryptographic components (signatures, hashing, consensus) against quantum algorithms such as Shor’s and Grover’s.

• The requirements and challenges of integrating PQC into blockchain infrastructures, with special attention to performance trade-offs (e.g., transaction size, throughput, decentralization).

• The implications for major platforms (Bitcoin, Ethereum, Monero, Zcash) and potential future designs for quantum-secure blockchains.

The student will summarize findings in a scientific article and presentation. Additional relevant literature beyond the provided paper should be included to build a well-founded perspective.

[1] Muhammad Taha Ramzan and Stelvio Cimato, Blockchain in the Quantum Era: Surveying Security Challenges and Post-Quantum Cryptography, in 2025 IEEE 49th Annual Computers, Software, and Applications Conference (COMPSAC), Toronto, ON, Canada, July 2025. https://ieeexplore.ieee.org/abstract/document/11126739

The idea of Chiplets has many benefits, like high modularity and smaller silicon sizes, resulting in better yields. However, what implications does the modularity of chiplets have for their security?

A good starting point is:
[1] On Hardware Security and Trust for Chiplet-Based 2.5D and 3D ICs: Challenges and Innovations
[2] Securing the New Frontier Chiplets & HW Security