Over the past years, the trend in hardware development has gone towards third party IP Cores and commercial off-the-shelf ICs, with more and more high-level design being outsourced, and fabrication often taking place in external foundries. This gives way to a number of security threats, such as insertion of Hardware Trojans, IP Theft or IP Counterfeitung through illegal reverse engineering. Reverse engineering can provide a convenient tool to facilitate identification of malicious code entities, by creating a better understanding of the unknown circuit, on the other hand it can also be used to identfiy possible insertion points. Furthemore, the illegal reverse engineering of IP causes a significant financial cost to the hardware industry. Particularly in the field of cryptology, reverse engineering can severely impact the security of encryption and decryption algorithms, by helping in the identification of new attack vectors on cryptographic implementations. To protect the integrity of the design, hardware obfuscation, both on a physical and netlist level, is becoming more and more prevalent. Understanding the process behind reverse engineering can provide insights into future possibilities for obfuscation or other countermeasures.
Lippmann, Bernhard and Hatsch, Joel and Seidl, Stefan and Houdeau, Detlef and Subrahmanyam, Niranjana Papagudi and Schneider, Daniel and Safieh, Malek and Passarelli, Anne and Maftun, Aliza and Brunner, Michaela and Music, Tim and Pehl, Michael and Siddiqui, Tauseef and Brederlow, Ralf and Schlichtmann, Ulf and Driemeyer, Bjoern and Ortmanns, Maurits and Hesselbarth, Robert and Hiller, Matthias: VE-FIDES: Designing Trustworthy Supply Chains Using Innovative Fingerprinting Implementations. 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE), 2023 more…
2022
Aksoy, Levent and Hepp, Alexander and Baehr, Johanna and Pagliarini, Samuel: Hardware Obfuscation of Digital FIR Filters. 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems, IEEE, 2022Prague, Czech Republic, 68-73 more…
Baehr, Johanna and Hepp, Alexander and Brunner, Michaela and Malenko, Maja and Sigl, Georg: Open Source Hardware Design and Hardware Reverse Engineering: A Security Analysis. Euromicro Conference on Digital System Design DSD, 2022Maspalomas, Gran Canarias, Spainmore…
Brunner, Michaela and Hepp, Alexander and Baehr, Johanna and Sigl, Georg: Toward a Human-Readable State Machine Extraction. ACM Trans. Des. Autom. Electron. Syst. 27 (6), 2022 more…
Brunner, Michaela; Ibrahimpasic, Tarik; Li, Bing; Zhang, Grace Li; Schlichtmann, Ulf; Sigl, Georg: Timing Camouflage Enabled State Machine Obfuscation. 2022 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2022Huntsville, USAmore…
Hepp, Alexander and Baehr, Johanna and Sigl, Georg: Golden Model-Free Hardware Trojan Detection by Classification of Netlist Module Graphs. Design, Automation and Test in Europe Conference, IEEE, 2022Antwerp, Belgium, 1317-1322 more…
Hepp, Alexander and Perez, Tiago and Pagliarini, Samuel and Sigl, Georg: A Pragmatic Methodology for Blind Hardware Trojan Insertion in Finalized Layouts. Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design ICCAD (ICCAD '22), Association for Computing Machinery, 2022 more…
Lippmann, Bernhard and Ludwig, Matthias and Mutter, Johannes and Bette, Ann-Christin and Hepp, Alexander and Baehr, Johanna and Rasche, Martin and Kellermann, Oliver and Gieser, Horst and Zweifel, Tobias and Kovac, Nicola: Physical and Functional Reverse Engineering Challenges for Advanced Semiconductor Solutions. 2022 Design, Automation & Test in Europe Conference & Exhibition DATE, IEEE, 2022Antwerp, Belgiummore…
Weber, Selina and Baehr, Johanna and Hepp, Alexander and Sigl, Georg: Analysis of Graph-based Partitioning Algorithms and Partitioning Metrics for Hardware Reverse Engineering. 11th International Workshop on Security Proofs for Embedded Systems (PROOFS), 2022Leuven, Belgiummore…
2021
Hepp, Alexander and Sigl, Georg: Tapeout of a RISC-V Crypto Chip with Hardware Trojans: A Case-Study on Trojan Design and Pre-Silicon Detectability. Proceedings of the 18th ACM International Conference on Computing Frontiers (CF '21), Association for Computing Machinery, 2021Virtual: Catania, Italymore…
Ludwig, Matthias and Hepp, Alexander and Brunner, Michaela and Baehr, Johanna: CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering. 2021 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2021Washington DC, USmore…
Brunner, M. and Gruber, M. and Tempelmeier, M. and Sigl, G.: Logic Locking Induced Fault Attacks. 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2020Limassol, CYPRUSmore…
Zhang, G. L. and Li, B. and Li, M. and Yu, B. and Pan, D. Z. and Brunner, M. and Sigl, G. and Schlichtmann, U.: TimingCamouflage+: Netlist Security Enhancement with Unconventional Timing. IEEE Transactions on Computer-Aided Design of Integrated
Circuits and Systemsde
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
, 2020, 1-1 more…
Zhang, G. L. and Brunner, M. and Li, B. and Sigl, G.and Schlichtmann, U.: Timing Resilience for Efficient and Secure Circuits. 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), 2020Beijing, China, 623-628 more…
2019
Baehr, Johanna; Bernardini, Alessandro; Sigl, Georg; Schlichtmann, Ulf: Machine Learning and Structural Characteristics for Reverse Engineering. 24th Asia and South Pacific Design Automation Conference Conference (ASPDAC’19), 2019Tokyo, Japanmore…
Brunner, M. and Baehr, J. and Sigl, G.: Improving on State Register Identification in Sequential Hardware Reverse Engineering. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2019Washington, D.C., USAmore…
2018
Werner, M.; Lippmann, B.; Baehr, J.; Gräb, H.: Reverse Engineering of Cryptographic Cores by Structural Interpretation Through Graph Analysis. 2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018Platja d’Aro, Costa Brava, Spain, 13-18 more…
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.
During this thesis, you will implement and improve an existing hardware trojan detection method.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
Basic knowledge in design/architecture of hardware design to understand trojan location and insertion.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.
For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.
In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
A very basic knowledge of chip design in order to know what data you are dealing with
Creativity and interest for details in oder to create a good concept of the tool you want to implement
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.
During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for designing an interface
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.
Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.
In this thesis, you will try and compare different methods of in-depth protection.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
In the optimum case experience with FPGAs to try the measures in the real world.
Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.
During this thesis, you will implement and improve an existing hardware trojan detection method.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
Basic knowledge in design/architecture of hardware design to understand trojan location and insertion.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.
During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for designing an interface
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.
For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.
In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
A very basic knowledge of chip design in order to know what data you are dealing with
Creativity and interest for details in oder to create a good concept of the tool you want to implement
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.
Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.
In this thesis, you will try and compare different methods of in-depth protection.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
In the optimum case experience with FPGAs to try the measures in the real world.
Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.
During this thesis, you will implement and improve an existing hardware trojan detection method.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
Basic knowledge in design/architecture of hardware design to understand trojan location and insertion.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.
In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.
During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a High-Level Programming language such as python for designing an interface
Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s
In this thesis, you will continue development of a skeleton application for this task, written in Rust
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.
One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.
In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in a python to use our existing framework
Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.
For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.
In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.
Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.
Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
A very basic knowledge of chip design in order to know what data you are dealing with
Creativity and interest for details in oder to create a good concept of the tool you want to implement
Contact
If you are interested in this topic, don't hesitate to ask for an appointment via
