Theses and Internships

On this page you can find theses and internship positions currently offered at the Chair of Security in Information Technoloty and at the Fraunhofer AISEC. If you are uncertain about your previous knowledge for a topic, please feel free to contact the person specified in the offer. You have not found a topic but still want to do your thesis with us? Please contact a staff member from the research area of your ​​interest. Please attach a current grade sheet and a short CV to your application so that we can assess your qualification for the topic of your choice.

Open Theses and Internships

Bachelor's Theses

Breaking a fuzzy extractor PUF

Description

A Physical Unlonable Function (PUF) evaluates manufacturing fluctuations in a chip and generates an individual secret like a fingerprint. It varies greatly from chip to chip and slightly from measurement to measurement. In order to obtain a cryptographic key from this secret, an error-correcting scheme is necessary to remove these variations.
However, some of these schemes are based on invalid assumptions, and can make the design vulnerable to statistical analysis.

 The aim of this work is to
  • Apply a known flaw to an existing PUF design
  • Evaluate the attack complexity
  • Potentially write an attacker software

 Further reading:

Frisch, C., Wilde, F., Holzner, T. et al. A Practical Approach to Estimate the Min-Entropy in PUFs. J Hardw Syst Secur 7, 138–146 (2023)

Maes, R., Van Herrewege, A., Verbauwhede, I. (2012). PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator. In: Prouff, E., Schaumont, P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2012

Prerequisites

  • Background knowledge in statistics and coding theory
  • Familiar with simulation tools (Python/Matlab/...)

Contact

Supervisor:

Niklas Stein

Optimising the Loop PUF

Description

Physical Unclonable Functions (PUFs) are methods to measure hard-to-control manufacturing variabilities of electronic devices at runtime. These measurements can be used as device-unique fingerprints, or as a basis for authentication protocols or the storage of secret keys.

The Loop PUF is an established PUF design, which uses intrinsic delays in silicon logic to derive PUF responses by measuring frequencies of purpose-built on-device oscillators. The Loop PUF is easily integrated into FPGAs and more forgiving in its design than other PUFs—though these conservative design choices might leave room for optimisation. The focus of this work is to explore these areas while making sure the resulting PUF still meets its performance specifications.

The aim of this work is to

  • gradually modify an existing Loop PUF FPGA design written in VHDL,
  • carry out measurements using an existing Python measurement framework,
  • evaluate the optimised PUFs performance, and
  • summarise the findings in the context of a general Loop PUF.

Prerequisites

Necessary: Basic experience with VHDL, FPGAs
Necessary:
Experience coding in Python

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

 

Contact

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Supervisor:

Jonas Ruchti

Performant Trace Recording with Streaming Mode

Description

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Digital Hardware Design and Evaluation

Description

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Supervisor:

Jens Nöpel

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Needles in Haystacks

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Developing tools for chip reverse engineering

Description

In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.

For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.

In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
  • A very basic knowledge of chip design in order to know what data you are dealing with
  • Creativity and interest for details in oder to create a good concept of the tool you want to implement

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Implementation of Hardware Trojans

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Master's Theses

Emulation of Confidential Computing Hardware: AMD SEV-SNP / Intel TDX (AISEC)

Description

Servers Confidential Computing technologies are a promising tool for cloud computing. They aim to protect data while being processed in the cloud by preventing the cloud provider and platform owner from gaining access to it. AMD SEV-SNP and Intel TDX in particular do this by providing confidential virtual machines. Memory of these VMs remains confidential and integrity-protected at all times and the technologies provide remote attestation mechanisms for verification. Extensive work has analyzed, broken and improved upon these technologies. Especially for proof of concept implementations, however, creating, testing and verifying code requires specific server hardware that is not readily available to everyone.
This thesis aims to design and implement emulators for either AMD SEV-SNP or Intel TDX.

Task Description
In this thesis, the focus lies on providing AMD SEV-SNP or Intel TDX remote attestation mechanisms to a VM hosted on conventional hardware. For this, the student researches and evaluates required components needed to emulate these. The student then creates a design and proof of concept implementation that provides the corresponding remote attestation mechanism to the guest VM, e.g., by modifying and extending the virtual machine manager (VMM) QEMU. If possible, guest VM and host kernel shall remain unchanged.

Prerequisites

* High motivation and ability to work independently
* Good understanding of virtualization concepts
* Experience with QEMU / KVM and Linux kernels

Contact

Joana Pecholt
E-Mail: joana.pecholt@aisec.fraunhofer.de

Simon Ott
E-Mail: simon.ott@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Joana Pecholt + Simon Ott (Fraunhofer AISEC)

Digital Hardware Design and Evaluation

Description

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Supervisor:

Jens Nöpel

Hide and Seek

Description

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
  • In the optimum case experience with FPGAs to try the measures in the real world.
  • Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Memory Encryption of Non-Volatile Flash

Short Description:
This exciting master thesis opportunity focuses on the critical area of memory encryption for non-volatile flash memory, a key aspect of ensuring data security in modern computing systems.

Description

Description: The growing popularity of non-volatile flash memory in various applications, including data storage and embedded systems, has raised significant security concerns. Data stored in these memories can be vulnerable to unauthorized access and tampering. Memory encryption is a vital technique to safeguard sensitive information from potential threats. In this thesis project, you will work on advancing the state-of-the-art in memory encryption techniques for non-volatile flash memory.
Project Overview: Non-volatile flash memory, commonly used in a wide range of electronic devices such as smartphones, tablets, and solid-state drives (SSDs), is susceptible to data breaches if not adequately protected. Memory encryption is a crucial technique to safeguard data from unauthorized access or tampering. This master's thesis project aims to explore, design, and implement memory encryption mechanisms for non-volatile flash memory devices.

Key Tasks:
   1. Literature Review: Conduct a comprehensive review of existing memory encryption techniques
       and their suitability for non-volatile flash memory.
   2. Design and Implementation: Integrate an appropriate encryption algorithm into a non-volatile
       flash memory controler, considering factors such as performance, security, and compatibility.
   3. Performance Analysis: Evaluate the performance overhead of memory encryption,
       including e.g. latency, throughput, and area.

Prerequisites

Motivation to learn, or experience with:

   - Strong background in cryptography, computer security, and embedded systems
   - Proficiency in hardware description languages (e.g., Verilog or VHDL) or SystemC
   - Familiarity with Platform Architect is a plus.
   - Excellent problem-solving skills and a passion for cybersecurity research

Contact

Interested candidates are encouraged to submit the following application materials to jens.noepel@tum.de:

   - A cover letter explaining your motivation and qualifications for this research opportunity.
   - Your updated CV/resume.
   - Academic transcripts and relevant certificates.

You can also contact me for inquiries or more information about the position. I would be happy to discuss the details or other related topics with you.

Join us in making advancements in memory encryption technology and contribute to enhancing the security of non-volatile flash memory devices. We look forward to welcoming a motivated and talented student.

Supervisor:

Jens Nöpel

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Needles in Haystacks

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

SCA of AI Hardware Accelerator

Keywords:
SCA, Neural Networks, Hardware, FPGA

Description

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Prerequisites

  • VHDL/Verilog Knowledge
  • Sichere Implementierung Kryptographischer Verfahren (SIKA)
  • Python Skills

Contact

manuel.brosch@tum.de or matthias.probst@tum.de

Supervisor:

Matthias Probst, Manuel Brosch

Implementation of Hardware Trojans

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Interdisciplinary Projects

Performant Trace Recording with Streaming Mode

Description

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Fuzzing Embedded Devices using Feedback from Side-Channel Analysis (AISEC)

Description

Fuzzing is a powerful and versatile technique to hunt security vulnerabilities. Embedded devices, however, usually lack suitable interfaces to apply established fuzzing-concepts known from software. Tapping side-channel information such as power consumption or electromagnetic radiation, can yield these interfaces and enable conventional grey-box fuzzing of an embedded device.

Task Description

Our current test set-up is capable of extracting code-coverage information during a fuzzing campaign from the power consumption of a STM32F417IGT microcontroller and feeding it back into our tool, which is based on the popular AFL++ fuzzer. Your task will be to measure the performance of this tool on additional microcontrollers and to increase its effectiveness where applicable. In detail, this entails hooking up a microcontroller to the test set-up, train a machine-learning model to the microcontroller-specific behavior, and measure the performance and effectiveness while fuzzing proof-of-concept and real-world software running on the microcontroller.
As optional task, you can work towards tapping electromagnetic radiation as second side-channel next to power consumption.

Prerequisites

• High motivation and ability to work independently
• Good coding skills in python and general understanding of software architecture
• Interest in offensive security and bug-hunting

Contact

Please send your application with current CV and transcript of records to:
Ferdinand Jarisch
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Product Protection and Industrial Security
Lichtenbergstr. 11, 85748 Garching near Munich
Mail: ferdinand.jarisch@aisec.fraunhofer.de
Phone: +49 89 322 9986-166
Publication Date: 21.11.2023

Supervisor:

Georg Sigl - Ferdinand Jarisch (Fraunhofer AISEC)

Fuzzing the Elkhart Lake PSE (AISEC)

Description

Die Programmable Services Engine (PSE) der Elkhart Lake Plattform ist ein separater ARM Core zur Ausführung von Applikationen getrennt vom Hauptprozessor. Die Firmware der PSE ist eine Softwarekomponente, die zur Bereitstellung sicherheitskritischer Plattformfunktionalitäten eingesetzt wird. Durch den Einsatz der Programmiersprache C können in dieser Komponente angreifbare Schwachstellen mit weitreichenden Sicherheitsimplikationen vorhanden sein.

Aufgabenbeschreibung
Ziel der Arbeit ist die Erstellung eines funktionierenden Fuzzing-Setups für die PSE Firmware der Elkhart Lake Plattform. Im Rahmen der Arbeit sollen zunächst Aufbau und Schnittstellen der Firmware analysiert werden. Darauf aufbauend sollen für Fuzzing geeignet Schnittstellen identifiziert werden.
Basierend auf diesen Vorarbeiten soll dann ein geeigneter Fuzzer ausgewählt und damit ein lauffähiges Fuzzing-Setup aufgebaut werden. Auch die Identifikation und Umsetzung von ggf. notwendigen Änderungen am ausgewählten Fuzzer sind Teil der Arbeit. Abschließend soll eine Evaluation des implementierten Fuzzers im Hinblick auf Code Coverage, Performance und Reproduzierbarkeit erfolgen.

Prerequisites

• Erweiterte Kenntnisse sowie praktische Erfahrung im Bereich Fuzzing
• Vorerfahrung mit Betriebssystemkonzepten und Linux-basierten Betriebssystemen
• Idealerweise Kenntnisse im Bereich Echtzeitbetriebssysteme, insbesondere Zephyr
• Idealerweise Grundkenntnisse im Bereich Rechnerarchitektur

Contact

Bitte senden Sie Ihre Bewerbung mit aktuellem Lebenslauf und Leistungsnachweis an:
Vincent Ahlrichs                    
Secure Operating Systems  
Mail: vincent.ahlrichs@aisec.fraunhofer.de   
Tel.: +49 89 322 9986-114   

Felix Wruck
Secure Operating Systems
Mail: felix.wruck@aisec.fraunhofer.de
Tel.: +49 89 322 9986-129

Fraunhofer Institut für Angewandte und Integrierte Sicherheit (AISEC)
Lichtenbergstr. 11, 85748 Garching b. München

Supervisor:

Georg Sigl - Vincent Ahlrichs, Felix Wruck (Fraunhofer AISEC)

Hardware Verification and FPGA Development for Experimental Setups

Keywords:
FPGA development hardware

Description

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

Prerequisites

openOCD Extension Development:

  • Base knowledge in C
  • Basic tcl scripting

FPGA Development:

  • Base Verilog Knowledge
  • You can read schematics and do basic hardware debugging
  • Base python knowledge

 

Supervisor:

Tim Music

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Developing tools for chip reverse engineering

Description

In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.

For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.

In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
  • A very basic knowledge of chip design in order to know what data you are dealing with
  • Creativity and interest for details in oder to create a good concept of the tool you want to implement

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Research Internships (Forschungspraxis)

Breaking a fuzzy extractor PUF

Description

A Physical Unlonable Function (PUF) evaluates manufacturing fluctuations in a chip and generates an individual secret like a fingerprint. It varies greatly from chip to chip and slightly from measurement to measurement. In order to obtain a cryptographic key from this secret, an error-correcting scheme is necessary to remove these variations.
However, some of these schemes are based on invalid assumptions, and can make the design vulnerable to statistical analysis.

 The aim of this work is to
  • Apply a known flaw to an existing PUF design
  • Evaluate the attack complexity
  • Potentially write an attacker software

 Further reading:

Frisch, C., Wilde, F., Holzner, T. et al. A Practical Approach to Estimate the Min-Entropy in PUFs. J Hardw Syst Secur 7, 138–146 (2023)

Maes, R., Van Herrewege, A., Verbauwhede, I. (2012). PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator. In: Prouff, E., Schaumont, P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2012

Prerequisites

  • Background knowledge in statistics and coding theory
  • Familiar with simulation tools (Python/Matlab/...)

Contact

Supervisor:

Niklas Stein

Optimising the Loop PUF

Description

Physical Unclonable Functions (PUFs) are methods to measure hard-to-control manufacturing variabilities of electronic devices at runtime. These measurements can be used as device-unique fingerprints, or as a basis for authentication protocols or the storage of secret keys.

The Loop PUF is an established PUF design, which uses intrinsic delays in silicon logic to derive PUF responses by measuring frequencies of purpose-built on-device oscillators. The Loop PUF is easily integrated into FPGAs and more forgiving in its design than other PUFs—though these conservative design choices might leave room for optimisation. The focus of this work is to explore these areas while making sure the resulting PUF still meets its performance specifications.

The aim of this work is to

  • gradually modify an existing Loop PUF FPGA design written in VHDL,
  • carry out measurements using an existing Python measurement framework,
  • evaluate the optimised PUFs performance, and
  • summarise the findings in the context of a general Loop PUF.

Prerequisites

Necessary: Basic experience with VHDL, FPGAs
Necessary:
Experience coding in Python

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

 

Contact

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Supervisor:

Jonas Ruchti

Performant Trace Recording with Streaming Mode

Description

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Digital Hardware Design and Evaluation

Description

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Supervisor:

Jens Nöpel

Practical evaluation of RowHammer on an Embedded System (AISEC)

Description

RowHammer is a powerful fault injection technique, launched from software, to inject bitfaults into DRAM. Over the last decade, RowHammer was shown to threaten DRAMs. Vendors reacted and deployed countermeasures, which lead to the believe that the problem was solved. However, in the last years, research showed that RowHammer is still threatened by a more sophisticated technique, called Many-sided RowHammer.
In this work, we aim to create bitfaults inside the LPDDR4 of an embedded system by using the Many-Sided RowHammer technique. Therefore, we will port an existing RowHammer tool to our target embedded architecture. We will then evaluate, whether successful Many-sided RowHammer attack is possible on our targetted embedded platform, and which are the necessary parameters. Finally, we want evaluate how an attacker may use the particular achieved fault model.

Prerequisites

The following skills are valuable for the execution of the project:
* Good knowledge of programming in C
* Basic experience with assembly programming
* Basic experience with embedded Linux (e.g., Buildroot, Yocto, Raspbian, etc.)
* Basic knowledge about memory hierarchies and DRAM structure

Contact

If you are interested in this particular HiWi position, please send an email with
* a short CV,
* a short cover letter, and
* your last grading sheet.

Kilian Zinnecker, kilian.zinnecker@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Kilian Zinnecker (Fraunhofer AISEC)

Hide and Seek

Description

Side-Channel based exfiltration of cryptographic secrets is an long-standing and ever occuring problem when implementing cryptographic algorithms under the assumption of real hardware.

Established formally-proved countermeasures against side channels do not provide definite protection. In the real world, a multitude of hardening measures are necessary to provide in depth-protection.

In this thesis, you will try and compare different methods of in-depth protection.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for measurement automisation etc.
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the hardening measures
  • In the optimum case experience with FPGAs to try the measures in the real world.
  • Knowledge in design/architecture of cryptographic algorithms to know when and how to do the hardening.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Trusted Channels for IoT Devices (AISEC)

Description

Remote Attestation is the process of assessing the trustworthiness of a remote computing platform through verifying the integrity of its software stack. Arm Trusted Firmware-M provides the Initial Attestation Service (IAS) to enable attestation on resource-constraint Arm Cortex-M microcontrollers. However, executing a remote attestation protocol without binding it to the device's communication channel opens up the possibility of Man-in-the-Middle (MitM) attacks: In such a scenario, an attacker uses a rogue device to fetch attestation evidence from a good device and establish communication to an IoT hub or other IoT devices. Therefore, the scope of this work is to design and implement a channel binding mechanism for common IoT protocols such as Constraint Application Protocol (CoAP) to augment the communication channel with an attestation mechanism. This includes the following tasks:
• Survey of existing IoT protocols and attestation mechanisms
• Design of a channel binding mechanism, e.g., for CoAP with OSCORE/EDHOC
• Implement a Proof-of-Concept for the solution
• Evaluate the solution

Prerequisites

• High motivation and ability to work independently
• Good Programming skills in C
• At least basic knowledge of cryptographic primitives
• Preferably knowledge about embedded systems and Arm Cortex-M processors

Contact

Simon Ott
Telefon: +49 89 322-9986-143
E-Mail: simon.ott@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Simon Ott (Fraunhofer AISEC)

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Needles in Haystacks

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

SCA of AI Hardware Accelerator

Keywords:
SCA, Neural Networks, Hardware, FPGA

Description

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Prerequisites

  • VHDL/Verilog Knowledge
  • Sichere Implementierung Kryptographischer Verfahren (SIKA)
  • Python Skills

Contact

manuel.brosch@tum.de or matthias.probst@tum.de

Supervisor:

Matthias Probst, Manuel Brosch

Implementation of Hardware Trojans

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Internships

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Student Assistant Jobs

Optimising the Loop PUF

Description

Physical Unclonable Functions (PUFs) are methods to measure hard-to-control manufacturing variabilities of electronic devices at runtime. These measurements can be used as device-unique fingerprints, or as a basis for authentication protocols or the storage of secret keys.

The Loop PUF is an established PUF design, which uses intrinsic delays in silicon logic to derive PUF responses by measuring frequencies of purpose-built on-device oscillators. The Loop PUF is easily integrated into FPGAs and more forgiving in its design than other PUFs—though these conservative design choices might leave room for optimisation. The focus of this work is to explore these areas while making sure the resulting PUF still meets its performance specifications.

The aim of this work is to

  • gradually modify an existing Loop PUF FPGA design written in VHDL,
  • carry out measurements using an existing Python measurement framework,
  • evaluate the optimised PUFs performance, and
  • summarise the findings in the context of a general Loop PUF.

Prerequisites

Necessary: Basic experience with VHDL, FPGAs
Necessary:
Experience coding in Python

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

 

Contact

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Supervisor:

Jonas Ruchti

Tutor/in: Advanced Cryptographic Implementations (SS2024)

Description

The course "Advanced Cryptographic Implementation" is focuses on advanced techniques for engineering state-of-the-art cryptographic implementations for embedded systems. It offers a comprehensive exploration of efficient methods for implementing cryptographic algorithms, along with countermeasures to safeguard these implementations against side-channel and fault attacks.

During the course, students will have the opportunity to engage in a practical, hands-on project that will enable them to acquire the necessary skills to implement cryptographic algorithms on a microcontroller.   

As a tutor you will provide technical support to students during the summer semester in form of meetings and/or supervision (e.g., chat or mail).

Timeline and working hours:

From 15.04.2024 until 31.07.2024 with a total of 84 hours. Flexible working hours and working period are possible.

Prerequisites

    • Self-motivated and independent working style.

    • Hands-on experience with programming and microcontrollers.

    • Previous knowledge of ARM and/or RISC-V platforms is desirable but not required.

    • Previous attendance to the course is desirable, but not required.

Contact

Fabrizio De Santis

fabrizio.desantis@siemens.com

 

Supervisor:

Fabrizio De Santis

Performant Trace Recording with Streaming Mode

Description

Oscilloscope Trace Recording requires quick data processing, low-level driver API handling, high level post-processing, all highly configurable for scientific applications. To increase performance on the oscilloscope side, it is important to use the streaming mode, that is near real-time recording from the scope. This creates tight constraints for data processing on the computer side, as Samples will arrive with 1.2 GBit/s

In this thesis, you will continue development of a skeleton application for this task, written in Rust

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a System-Level Programming language such as C/C++/Rust etc. as a baseline for programming abilities
  • Basic to intermediate knowledge of Rust, to be able to actually enhance the status quo in Rust. Learning on the job is possible, probably.
  • In the optimum case experience with (Side-Channel) Trace Measurement, to understand the environment of the program

 

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Digital Hardware Design and Evaluation

Description

I am looking for students who are interested in HW implementations and have knowledge of a HDL language. If you are also interested in cryptography and its applications, you would be a suitable candidate.

Possible implementation tasks are the
  - Extension / implementation of symmetric ciphers
  - Extension / implementation of message authentication codes
  - Extension / implementation of error correction codes / functionality

The implementation will be analysed for its suitability for memory encryption and integrity verification of memory contents. For this assessment, typical performance metrics will be measured and evaluated on an FPGA.

If any of the topics interest you, please email me to discuss the details and your personal interests.

Supervisor:

Jens Nöpel

Hardware Verification and FPGA Development for Experimental Setups

Keywords:
FPGA development hardware

Description

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

Prerequisites

openOCD Extension Development:

  • Base knowledge in C
  • Basic tcl scripting

FPGA Development:

  • Base Verilog Knowledge
  • You can read schematics and do basic hardware debugging
  • Base python knowledge

 

Supervisor:

Tim Music

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Developing tools for chip reverse engineering

Description

In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.

For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.

In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
  • A very basic knowledge of chip design in order to know what data you are dealing with
  • Creativity and interest for details in oder to create a good concept of the tool you want to implement

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp