Wissenschaftliches Seminar Sicherheit in der Informationstechnik

Vortragende/r (Mitwirkende/r)
Nummer0000004153
ArtHauptseminar
SemesterWintersemester 2023/24
UnterrichtsspracheDeutsch
Stellung in StudienplänenSiehe TUMonline

Teilnahmekriterien

Lernziele

Durch die Teilnahme an den Modulveranstaltungen erhält der Studierende Kenntnisse über aktuelle Probleme und Aufgabenstellungen im Bereich Sicherheit in informationstechnischen Systemen. Der Studierende ist anschließend in der Lage eine Aufgabenstellung aus einem aktuellen Themengebiet der Sicherheit in der Informationstechnik selbstständig auf wissenschaftliche Weise zu bearbeiten, eine schriftliche Ausarbeitung dazu anzufertigen sowie die Qualität von wissenschaftlichen Texten zu bewerten. Darüber hinaus kann der Studierende die von ihm erarbeiteten Erkenntnisse vor einem fachlichen Publikum präsentieren.

Beschreibung

Wechselnde Schwerpunktthemen zur Sicherheit in Informationstechnischen Systemen. Die Modulteilnehmer erarbeiten selbstständig aktuelle wissenschaftliche Beiträge und fertigen eine schriftliche Ausarbeitung. Die Resultate werden anschließend in Form von Vorträgen allen Teilnehmern präsentiert. Es erfolgt eine intensive Behandlung der Thematik in der Diskussion.

Inhaltliche Voraussetzungen

Folgende Module sollten vor der Teilnahme bereits erfolgreich absolviert sein: - Kryptologie oder gleichwertige Grundlagenvorlesung Es wird empfohlen, ergänzend an folgenden Modulen teilzunehmen: - Sichere Implementierung kryptographischer Verfahren - Selected Topics in System Security

Lehr- und Lernmethoden

Jeder Teilnehmer bearbeitet eine individuelle fachliche Aufgabenstellung. Dies geschieht insbesondere in selbstständiger Einzelarbeit des Studierenden. Der Teilnehmer bekommt - abhängig von seinem individuellen Thema - einen eigenen Betreuer zugeordnet. Der Betreuer hilft dem Studierenden insbesondere zu Beginn der Arbeit, indem er in das Fachthema einführt, geeignete Literatur zur Verfügung stellt und hilfreiche Tipps sowohl bei der fachlichen Arbeit als auch bei der Erstellung der schriftlichen Ausarbeitung und des Vortrags gibt. Darüber hinaus wird ein Präsentationstraining zusammen mit ProLehre und eine Einführung in das Schreiben von wissenschaftlichen Arbeiten angeboten.

Studien-, Prüfungsleistung

Modulprüfung mit folgenden Bestandteilen: - Schriftliche Ausarbeitung über vorgegebenes Thema (50%). - ca. 30 minütige Präsentation des vorgegebenen Themas incl. anschließender Diskussion (50%)

Links

Weitere Informationen

Wird im Winter- und Sommersemester angeboten.

Sprache

Arbeitssprache ist Deutsch, Ausarbeitung und Vorträge auch auf Englisch möglich.

Organisatorisches

  • Begrenzung auf 15 Teilnehmer
  • Anwesenheitspflicht
  • im Rahmen des Hauptseminars wird ein Präsentationstraining von ProLehre angeboten
  • das Seminar wird durch die E-Learning Plattform Moodle unterstützt
  • die Ausarbeitung soll den Umfang von 4 Seiten nicht überschreiten und im Stil einer wissenschaftlichen Publikation verfasst werden

Themenwahl

Die Themen werden ca. 2 Wochen vor Semesterbegin online gestellt und können dann gewählt werden. Studierende die auf der Warteliste in TUMonline angemeldet sind, werden entsprechend informiert.

Themenwahl

Bei Interesse an einem der folgenden Themen kontaktieren Sie bitte den jeweiligen Betreuer über den unten stehenden Link. Es besteht auch die Möglichkeit ein eigenes Thema vorzuschlagen.

Verfügbare Themen

Current state of affairs of protected implementations of Crystals-Dilithium

Description

Crystals-Dilithium is one of NISTs to be standardized Post-Quantum Secure Digital Signature Algorithms. As the standardization process continues, several implementations protected against side-channel attacks have been proposed.

The goal of this work is to compare the design goals and achieved performance of currently proposed implementations based on their papers.

 

References:

Paper 1

Paper 2

 

Supervisor:

Jonas Schupp

Low Correlation Codes and possible applications in Side Channel Analysis

Keywords:
Gold Codes, Side Channel Analysis

Description

Telecommunication (CDMA) and satellite navigation (GPS) use the same signal channels or frequencies from different senders. Thus, low correlation codes - Gold codes - are used to increase the SNR. In Side-Channel analysis it is challenging to attack parallel operations due to degrading SNR. This could be solved by applying low correlation inputs, since the cross-correlation between parallel operations may be influenced positively yielding a larger attack surface.

In this work, an overview of existing low correlation codes should be written. Gold codes working principle should be described in detail and compared to other low correlation codes [1]. Cross correlation analysis of the codes should be also taken into consideration [2] since this will be the main challenge for an application at side-channel attack targets.. A special emphasize is laying on outputting multiple bits at the same time in order to feed a side channel attack target with such codes.

[1] M. B. Mollah and M. R. Islam, "Comparative analysis of Gold Codes with PN codes using correlation property in CDMA technology"

[2] T. M. N. Huda and S. F. Islam, "Correlation analysis of the gold codes and walsh codes in CDMA technology"

Supervisor:

Matthias Probst

Probing Models

Description

Masking schemes to protect an implementation against side-channel attacks usually come with security proofs in so-called probing models [1, 2].
There exists different probing models that address different leakage characteristics, such as glitches [3].

The goal is to give insight into different probing models, their characteristics and limitations.


References

[1] Ishai, Y., Sahai, A., Wagner, D. (2003). Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_27

[2] Cassiers, Gaetan & Standaert, François-Xavier. (2020). Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference. IEEE Transactions on Information Forensics and Security. PP. 1-1. 10.1109/TIFS.2020.2971153.

[3] Faust, S., Grosso, V., Merino Del Pozo, S., Paglialonga, C., & Standaert, F.-X. (2018). Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 89–120. https://doi.org/10.13154/tches.v2018.i3.89-120

Contact

Supervisor:

Manuel Brosch

Alternative Post-Quantum Cryptography Standardization Approaches

Description

With the imminent threat of large scale quantum computers, the current established asymmetric cryptography will likely be broken in the future.
In order to mitigate this risk, a shift to other cryptographic algorithms based on mathematical problems that are not vulnerable to such a large scale quantum computer has to be performed.
This topic of post-quantum cryptography is mainly driven by the US NIST in its standardization effort [1].
Although this effort reached an end with the publication of first drafts of algorithms that have been selected for publication [2], other entities follow their own standardization efforts or give different recommendations.
This work should give an overview of the whole standardization process (timeline, actors etc.) with respect to possible standardization entities. Examples include:
- German BSI (https://www.bsi.bund.de/DE/Home/home_node.html)
- Fench ANNSI (https://www.ssi.gouv.fr/en/)
- NIST [1]
- Koera KqpC Competition (https://www.kpqc.or.kr/competition.html)
- China Efforts [3]
- ISO
The paper should include recommended algorithms, possible arguments/reasons why those are chosen, and the an exhaustive literatrue research.

[1] https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
[2] https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography
[3] https://docbox.etsi.org/Workshop/2018/201811_ETSI_IQC_QUANTUMSAFE

/EXECUTIVETRACK/JING_CHINESEACCADEMYOFSCIENCE.pdf

Contact

Supervisor:

Thomas Schamberger

Secure Gadgets for Post-Quantum Cryptography

Description

For real world deployment, cryptographic devices must be protected against physical attacks. Against power-side channels, masking in its different flavors (e.g., Boolean, arithmetic masking) is a common approach. To implement masked cryptographic schemes, secure gadgets that are proven to be secure in certain probing models are typically used.

The first part of this work aims at explaining security notions like non-interference (NI), strong non-interference (SNI) [1], that are used within the context of secure gadgets. Afterwards, the work should investigate and explain some secure gadgets and procedures that are commonly used in post-quantum cryptography, as for example proposed in [2].

 

References

  • [1]: https://dl.acm.org/doi/abs/10.1145/2976749.2978427
  • [2]: https://link.springer.com/chapter/10.1007/978-3-030-21568-2_17

Contact

Supervisor:

Patrick Karl

Survey of Wear Leveling Techniques

Description

The objective of this task is to conduct a comprehensive survey of wear leveling techniques employed in flash memory and/or phase-change memory (PCM) technologies. Wear leveling is crucial for extending the lifespan and maintaining the reliability of these non-volatile memory types. This survey shall provide insights into various wear leveling methods, their advantages, limitations, and applications.

The survey will cover wear leveling techniques used in both flash memory and PCM technology. Flash memory includes NAND and NOR flash, while PCM is a type of emerging non-volatile memory technology. The survey will encompass static and dynamic wear leveling strategies, as well as any innovative approaches used to optimize wear leveling.

A possible starting point is given by the following paper:

  • [1] M. K. Qureshi, J. Karidis, M. Franceschini, V. Srinivasan, L. Lastras, and B. Abali, “Enhancing lifetime and security of PCM-based main memory with start-gap wear leveling,” in MICRO, 2009.
  • [2] N. H. Seong, D. H. Woo, and H.-H. S. Lee, “Security Refresh: Prevent Malicious Wear-out and Increase Durability for Phase-change Memory with Dynamically Randomized Address Mapping,” in ISCA, 2010.
  • [3] F. Huang, D. Feng, W. Xia, W. Zhou, Y. Zhang, M. Fu, C. Jiang, and Y. Zhou, “Security RBSG: Protecting Phase Change Memory with Security-Level Adjustable Dynamic Mapping,” in IPDPS, 2016.

Contact

Supervisor:

Jens Nöpel

AES for Error Correction

Description

Physical Unclonable Function enable different features to be used for security. They therefore exploit fingerprint-like characteristics of a silicon device.
However, this fingerprint is noisy such that some kind of error correction is necessary.

The topic for this thesis is to evaluate the applicabiltiy of [1] to the PUF context.

[1] Cohen, Alejandro, et al. "AES as Error Correction: Cryptosystems for Reliable Communication." IEEE Communications Letters (2023).

Contact

Supervisor:

Christoph Frisch

A Summary of AACS

Description

DRM schemes are by design a never-ending game of cat and mouse revolving around properitary and skechy cryptographic approaches. In this work the cryptographic principles of the Advanced Access Content System (AACS) [1-3] should be evaluated in detail.

The main outcome hereby should be a general introduction to AACS, and an exhaustive list of all threat vectors.

 

[1] https://en.wikipedia.org/wiki/Advanced_Access_Content_System

[2] https://en.wikipedia.org/wiki/Security_of_Advanced_Access_Content_System

[3] https://en.wikipedia.org/wiki/AACS_encryption_key_controversy

Contact

Supervisor:

Michael Gruber

Overview of Formal Verification Tooling

Description

Formal verification is an emerging trend [1-3] to justify the security claims of a cryptographic implementation against SCA and FIA. This work aims to provide an overview of formal verification approaches and tools.

 

[1] https://eprint.iacr.org/2020/634.pdf

[2] https://eprint.iacr.org/2020/1294.pdf

[3] https://eprint.iacr.org/2019/1312.pdf

Contact

Supervisor:

Michael Gruber

Hybrid Memristor-CMOS PUFs?–?Worth the Effort?

Description

Physical Unclonable Functions offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. The most-researched PUF designs are based on typical CMOS manufacturing processes and thus inherit their inexpensiveness.

With memristors slowly becoming a more concretely available technology, PUFs based on memristor memory structures have been proposed. However, also hybrid designs have been proposed, often combining classical CMOS PUF structures with incremental improvements through added memristors (e.g. [1]), which sometimes can also be used for additional functionality (e.g. [2, 3]).

The aim of this work is a comprehensive literature search

  • summarising hybrid memristor-CMOS PUF designs,
  • determining the benefits and drawbacks compared to purely CMOS PUF designs, and
  • evaluating whether the benefits can be worth the manufacturing overhead of combining multiple processes.

[1] https://dl.acm.org/doi/10.1145/2736285
[2] https://ieeexplore.ieee.org/document/9272678
[3] https://ieeexplore.ieee.org/document/9424347

Contact

Supervisor:

Jonas Ruchti

Frequency-Based Differential Side-Channel Attack

Description

Most Side-Channel attacks, like DPA, are executed in the timing domain. As a result, the measurements need to be aligned in order to mount a successfull attack.
Shifting the attack to the frequency domain overcomes the requirement of aligned measurements, and allows also to attack secured implementations.

The goal is to give an insight into the topic of side-channel attacks that operate in the frequency domain. Furthermore, the advantages or disadvantages compared to well known techniques like DPA should be drawn.

References

  • Gebotys, Catherine H., Ho, Simon, Tiu, C. C.. "EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA". Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg. 2005.

  • Y. Lu, K. H. Boey, M. O'Neill, J. V. McCanny and A. Satoh, "Is the differential frequency-based attack effective against random delay insertion?," 2009 IEEE Workshop on Signal Processing Systems, Tampere, 2009.

Contact

Supervisor:

Manuel Brosch

Vergebene Themen

Current state of affairs of attacks on SHA2

Description

There is a recent work proposing a side-channel attack on HMAC-SHA2.

The goal of this work is to give an overview over previous works attacking SHA2 and possibly proposed countermeasures.

 

References:

Paper

 

Supervisor:

Jonas Schupp

Current developments in digital memristive logic

Description

The term ‘memristor’ by now covers a wide range of technologies implementing two-terminal circuit elements with variable resistance. In the domain of non-volatile memory, memristors are expected to enter the mass market at one point or the other. Other applications, such as memristor-based analogue accelerators for neural network inference, are heavily researched as well.

Digital logic can also be built using memristors. Circuits realising logic functions within a memristor crossbar structure have been described for quite some time now (e.g. [1]). Some research focuses on methods to synthesis generic logic functions into memristor circuits (e.g. [2]). Recently, purpose-built memristive circuits for specific applications have also been developed (e.g. [3]).

The aim of this work is to provide an overview of recent work on applications of digital memristive logic. Recent literature can be summarised e.g. regarding

  • applications (e.g. implemented functions),
  • circuit topologies,
  • simulation methods, and
  • memristor technologies.

[1] http://ieeexplore.ieee.org/document/6617731/
[2] https://ieeexplore.ieee.org/abstract/document/8091016
[3] https://ieeexplore.ieee.org/abstract/document/9837685

Contact

Supervisor:

Jonas Ruchti

Overview of Cyber Resilience in Embedded Systems

Description

Cyber resilience, also known as attack resilience, describes the ability of a system to protect itself against malicious, destructive attacks while being able to detect and quickly recover from such attacks. According to the National Institute of Standards and Technology (NIST), achieving three principles, namely protection, attack detection, and recovery, is essential to enhance a complete cyber-resilient system [1].

The aim of this work is to:

  • summarize cyber resilience in embedded systems using defined standards,
  • compare existing research and product solutions (architectures, engines), such as CARE [2] module, for enhancing resilience.

References:

[1] Regenscheid, A. (2018), Platform Firmware Resiliency Guidelines, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD

[2] A. Dave, N. Banerjee and C. Patel, "CARE: Lightweight Attack Resilient Secure Boot Architecture with Onboard Recovery for RISC-V based SOC," 2021 22nd International Symposium on Quality Electronic Design (ISQED), Santa Clara, CA, USA, 2021, pp. 516-521, doi: 10.1109/ISQED51717.2021.9424322.

Contact

Supervisor:

Utku Budak

Side Channel Analysis and Belief Propagation

Keywords:
Side Channel Analysis, DPA, SCA

Description

In recent years, publications use belief propagation techniques to boost the information gain from side-channel analysis. Such attacks can be seen as a merge of divide and conquer differential attacks and algebraic side-channel attacks.

Primas~et~al. for example break latice based encrypten often used in PQC with merely a single trace [1]. They first match templates with the trace and the so aquired results are combined within a belief propagation graph. Lastly, they use the so acquired information in lattice-decoding to get the secret key. Other works, such as [2-4] use similar approaches. The field of such attack combinations is promising for building up very powerful attacks as [1] shows. Countermeasures, that randomize the execution sequence for example, can become ineffective.

Within the Scientific Seminar, a overview of existing work should be gathered. Concretely, the most relevant works of attacks should be summarized shortly. Common SCA countermeasures should be checked in regard of their resistance against such attacks.

[1] Primas, Robert, Peter Pessl, and Stefan Mangard. "Single-trace side-channel attacks on masked lattice-based encryption." Cryptographic Hardware and Embedded Systems–CHES 2017: 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings. Springer International Publishing, 2017.

[2] Hermelink, Julius, et al. "Adapting belief propagation to counter shuffling of NTTs." IACR Transactions on Cryptographic Hardware and Embedded Systems (2023): 60-88.

[3] Le Bouder, Hélène, et al. "A multi-round side channel attack on AES using belief propagation." Foundations and Practice of Security: 9th International Symposium, FPS 2016, Québec City, QC, Canada, October 24-25, 2016, Revised Selected Papers 9. Springer International Publishing, 2017.

[4] Veyrat-Charvillon, Nicolas, Benoît Gérard, and François-Xavier Standaert. "Soft analytical side-channel attacks." Advances in Cryptology–ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, ROC, December 7-11, 2014. Proceedings, Part I 20. Springer Berlin Heidelberg, 2014.

 

Supervisor:

Matthias Probst

Post-Quantum Signatures from MPCitH

Description

Shor's algorithm threathens the security of conventional asymmetric cryptography as soon as a sufficiently large quantum computer is available. As a consequence, alternative cryptographic schemes must be found that withstand quantum-computers. This research area is denoted as Post-Quantum Cryptography (PQC).

Recently, NIST opened an additional call for post-quantum signature schemes to extend their portfolio of standards [1]. Several schemes, that are based on the Multi-Party Computation in the Head (MPCitH) paradigm [2], were submitted to this call.

In the first part of this work, the idea behind the MPCitH paradigm should be explained. The second part should give an overview of the signature schemes (based on MPCitH) in the NIST call. The goal is to provide an overview of the key and signature sizes as well as the performance of the MPCitH schemes.

 

References:

  • [1] : https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures
  • [2]: https://dl.acm.org/doi/abs/10.1145/1250790.1250794

Contact

Supervisor:

Patrick Karl

Neural Network Attribution for Machine Learning-based Side-channel Attacks

Description

Machine learning-based side-channel attacks are getting more and more popular due to the relaxed feature engineering effort in constrast to classical side-channel approaches.
For designers of cryptographic implemenations that include countermeasures for side-channel attacks, it is crucial to understand what side-channel information is exploited by such ML-based attacks.

There are a several methods for Neural Network attribution [1] that have been transfered in the SCA domain.
This work should perfrom an indept literature analysis and give an overview about nowel attribution methods in the machine learning domain (not included in [1], i.e. recent approaches) that have not been applied to side-channel attacks.

[1] Ancona, M., Ceolini, E., Öztireli, C., Gross, M. (2019). Gradient-Based Attribution Methods. In: Samek, W., Montavon, G., Vedaldi, A., Hansen, L., Müller, KR. (eds) Explainable AI: Interpreting, Explaining and Visualizing Deep Learning. Lecture Notes in Computer Science(), vol 11700. Springer, Cham. https://doi-org/10.1007/978-3-030-28954-6_9

Contact

Supervisor:

Thomas Schamberger

Microarchitectural Side-Channel Hardware Mitigations

Description

From a hardware perpective, side-channel leakage can occur due to power consumed by switching gates. Over the years different techniques have been proposed to mitigate this leakage already at a low level.

This works shall give an overview over hardware based countermeasures that minimize the emitted information application independent in hardware.

References:

MIRACLE: MIcRo-ArChitectural Leakage Evaluation

Contact

Supervisor:

Jonas Schupp

Information Theory and Biometric Security

Description

The topic of physical unclonable functions (PUFs) can be seen as a part of biometric security. Biometric security itself is a wide research area which involves various aspects one of which is an information theoretical analysis. The goal of this research is determine how good a system can be in theory.
In [1] the authors target a basic scenario, in which they evaluate the trade-off between privacy (i.e. protecting the biometric data) and security (i.e. roughly speaking how many key bits can be derived).

This seminar topic is supposed to summarize key aspects of such an information-theoretic approach and possibly translate it to the context of PUFs.
It is highly recommended to have some background in either information theory or PUFs.


[1] Lai, Lifeng, Siu-Wai Ho, and H. Vincent Poor. "Privacy–security trade-offs in biometric security systems—Part I: Single use case." IEEE Transactions on Information Forensics and Security 6.1 (2010): 122-139.

Contact

Supervisor:

Christoph Frisch