Theses and Internships

On this page you can find theses and internship positions currently offered at the Chair of Security in Information Technoloty and at the Fraunhofer AISEC. If you are uncertain about your previous knowledge for a topic, please feel free to contact the person specified in the offer. You have not found a topic but still want to do your thesis with us? Please contact a staff member from the research area of your ​​interest. Please attach a current grade sheet and a short CV to your application so that we can assess your qualification for the topic of your choice.

Open Theses and Internships

Bachelor's Theses

Tracking Down the Source of Indirect Side-Channel Leakages

Description

Real-world implementations of cryptographic algorithms necessarily have to consider physical effects. Side-channel leakages, such as the system’s power draw during the processing containing information about secret values, are a major design objective for today’s secure systems.

The underlying effects can be simple, such as state changes of bus wires effecting higher power draws due to wire capacitances, but can also have their roots in more complex interactions. An integrated circuit’s subsystems can influence each other, e.g. supply voltage fluctuations from a power side channel can transfer to an RF transmitter.

Crucially, interactions like these need to be known for the design of effective general-purpose countermeasure against such leakages.

The aim of this work is to replicate a published attack based on indirect emanations and to trace back the internal mechanisms of the apparent leakages through a series of hardware experiments. If carried out as a bachelor’s thesis, this topic focuses on the replication; for a research internship/master thesis, extending the work is possible.

Prerequisites

Necessary: Either dependable knowledge of FPGA design and VHDL/Verilog or experience programming in Python
Necessary:
Willingness to carry out experiments and measurement campaigns in our lab
Optional:
Soldering skills
Optional: Basic understanding of cryptographics algorithms and side channel attacks

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

 

Contact

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Supervisor:

Jonas Ruchti

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Automation of SRAM Data Extraction using Thermal Laser Stimulation (AISEC)

Description

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Prerequisites

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)


Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Bodo Selmke 
Bodo.Selmke@aisec.fraunhofer.de
Johanna Baehr
Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Bodo Selmke + Johanna Baehr (Fraunhofer AISEC)

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Key Encapsulation Mechanisms and Encryption Techniques for CAN-Bus (AISEC)

Description

CAN (Controller Area Network) is a critical communication protocol used in various industries for the exchange of data between electronic components. It is an essential technology for the automotive industry and can be found in nearly all modern vehicles.
Unauthorized access to the CAN-Bus enables the manipulation of data being sent between electronic units, the extraction of vehicle data, as well as the injection of malicious packets for bypassing security measures.

The goal of this work is the implementation of KEM and encryption algorithms for enhancing the security of the CAN-Bus.

Prerequisites

- Experience implementing software in C and/or Python
- Basic knowledge about key encapsulation and encryption algorithms
- Basic understanding of automotive communication buses
- Optional: Experience writing firmware for embedded systems
- Optional: Understanding of functional encryption algorithms

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Description

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Prerequisites

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Needles in Haystacks

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Enhancing a masked AI Accelerator

Keywords:
SCA, Machine Learning, VHDL, Masking

Description

Artificial Intelligence (AI) experience growing popularity in edge devices. The increasing usage of AI on edge devices enlarges the relevance of security of the Intellectual Property (IP) stored within the algorithm. As an attacker can gain physical access to the device, hardware attacks such as Side-Channel Analysis (SCA) must be considered [1]. SCA uses physical quantities like the power consumption to extract valuable information about the AI algorithm.

A common technique to counter SCA is masking [2], which introduces random numbers to make intermediate results and the power consumption independent of secret values.

In this work an existing FPGA implementation of a neural network accelerator should be extended to execute different types of neural networks.

 

Start: Anytime

References

[1] Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. 2019. CSI NN: reverse engineering of neural network architectures through electromagnetic side channel. In Proceedings of the 28th USENIX Conference on Security Symposium (SEC'19). USENIX Association, USA, 515–532.

[2] Athanasiou, Konstantinos & Wahl, Thomas & Ding, A. & Fei, Yunsi. (2022). Masking Feedforward Neural Networks Against Power Analysis Attacks. Proceedings on Privacy Enhancing Technologies. 2022. 501-521. 10.2478/popets-2022-0025.

 

 

Prerequisites

  • VHDL
  • Python

Contact

manuel.brosch@tum.de

Supervisor:

Manuel Brosch

Machine Learning in Side-Channel Analysis (AISEC)

Description

Utilizing statistical techniques, side-channel analysis exploits information that a cryptographic device is leaking. Possible sources of this leakage are electromagnetic or power side-channel traces. Machine learning based side-channel analysis extends the statistical toolbox with Neural Networks, Belief Propagation or different methods of this field to recombine and exploit leakage.

In collaboration with the Technical University of Munich, the Fraunhofer AISEC's hardware security department offers a variety of open positions in this field. Depending on your strengths, we provide both pure software-based and practical hardware topics, such as the following:

• Trace analysis using explainable machine learning
• Leakage recombination using belief propagation - light-weight or post-quantum algorithms
• Belief propagation performance optimization using GPUs
• Pattern-based triggering using software-defined radios

On request, other topics can be offered.

Prerequisites

• Programming skills, at least one language (Python, C, Rust)
• Interest in hardware security
• Basic Linux skills

Contact

Emanuele Strieder
Telefon: +49 89 322-9986-140
E-Mail: emanuele.strieder@aisec.fraunhofer.de

Fraunhofer Research Institution for Applied and Integrated Security (AISEC)
Department Hardware Security
Parkring 4, 85748 Garching (near Munich), Germany
https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Emanuele Strieder (Fraunhofer AISEC)

Implementation of Hardware Trojans

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Master's Theses

Memory Encryption of Non-Volatile Flash

Short Description:
This exciting master thesis opportunity focuses on the critical area of memory encryption for non-volatile flash memory, a key aspect of ensuring data security in modern computing systems.

Description

Description: The growing popularity of non-volatile flash memory in various applications, including data storage and embedded systems, has raised significant security concerns. Data stored in these memories can be vulnerable to unauthorized access and tampering. Memory encryption is a vital technique to safeguard sensitive information from potential threats. In this thesis project, you will work on advancing the state-of-the-art in memory encryption techniques for non-volatile flash memory.
Project Overview: Non-volatile flash memory, commonly used in a wide range of electronic devices such as smartphones, tablets, and solid-state drives (SSDs), is susceptible to data breaches if not adequately protected. Memory encryption is a crucial technique to safeguard data from unauthorized access or tampering. This master's thesis project aims to explore, design, and implement memory encryption mechanisms for non-volatile flash memory devices.

Key Tasks:
   1. Literature Review: Conduct a comprehensive review of existing memory encryption techniques
       and their suitability for non-volatile flash memory.
   2. Design and Implementation: Integrate an appropriate encryption algorithm into a non-volatile
       flash memory controler, considering factors such as performance, security, and compatibility.
   3. Performance Analysis: Evaluate the performance overhead of memory encryption,
       including e.g. latency, throughput, and area.

Prerequisites

Motivation to learn, or experience with:

   - Strong background in cryptography, computer security, and embedded systems
   - Proficiency in programming languages such as C/C++
   - Familiarity with hardware description languages (e.g., Verilog or VHDL) is a plus.
   - Excellent problem-solving skills and a passion for cybersecurity research

Contact

Interested candidates are encouraged to submit the following application materials to jens.noepel@tum.de:

   - A cover letter explaining your motivation and qualifications for this research opportunity.
   - Your updated CV/resume.
   - Academic transcripts and relevant certificates.

You can also contact me for inquiries or more information about the position. I would be happy to discuss the details or other related topics with you.

Join us in making advancements in memory encryption technology and contribute to enhancing the security of non-volatile flash memory devices. We look forward to welcoming a motivated and talented student.

Supervisor:

Jens Nöpel

Tracking Down the Source of Indirect Side-Channel Leakages

Description

Real-world implementations of cryptographic algorithms necessarily have to consider physical effects. Side-channel leakages, such as the system’s power draw during the processing containing information about secret values, are a major design objective for today’s secure systems.

The underlying effects can be simple, such as state changes of bus wires effecting higher power draws due to wire capacitances, but can also have their roots in more complex interactions. An integrated circuit’s subsystems can influence each other, e.g. supply voltage fluctuations from a power side channel can transfer to an RF transmitter.

Crucially, interactions like these need to be known for the design of effective general-purpose countermeasure against such leakages.

The aim of this work is to replicate a published attack based on indirect emanations and to trace back the internal mechanisms of the apparent leakages through a series of hardware experiments. If carried out as a bachelor’s thesis, this topic focuses on the replication; for a research internship/master thesis, extending the work is possible.

Prerequisites

Necessary: Either dependable knowledge of FPGA design and VHDL/Verilog or experience programming in Python
Necessary:
Willingness to carry out experiments and measurement campaigns in our lab
Optional:
Soldering skills
Optional: Basic understanding of cryptographics algorithms and side channel attacks

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

 

Contact

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Supervisor:

Jonas Ruchti

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Automation of SRAM Data Extraction using Thermal Laser Stimulation (AISEC)

Description

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Prerequisites

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)


Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Bodo Selmke 
Bodo.Selmke@aisec.fraunhofer.de
Johanna Baehr
Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Bodo Selmke + Johanna Baehr (Fraunhofer AISEC)

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Key Encapsulation Mechanisms and Encryption Techniques for CAN-Bus (AISEC)

Description

CAN (Controller Area Network) is a critical communication protocol used in various industries for the exchange of data between electronic components. It is an essential technology for the automotive industry and can be found in nearly all modern vehicles.
Unauthorized access to the CAN-Bus enables the manipulation of data being sent between electronic units, the extraction of vehicle data, as well as the injection of malicious packets for bypassing security measures.

The goal of this work is the implementation of KEM and encryption algorithms for enhancing the security of the CAN-Bus.

Prerequisites

- Experience implementing software in C and/or Python
- Basic knowledge about key encapsulation and encryption algorithms
- Basic understanding of automotive communication buses
- Optional: Experience writing firmware for embedded systems
- Optional: Understanding of functional encryption algorithms

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Description

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Prerequisites

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Needles in Haystacks

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Machine Learning in Side-Channel Analysis (AISEC)

Description

Utilizing statistical techniques, side-channel analysis exploits information that a cryptographic device is leaking. Possible sources of this leakage are electromagnetic or power side-channel traces. Machine learning based side-channel analysis extends the statistical toolbox with Neural Networks, Belief Propagation or different methods of this field to recombine and exploit leakage.

In collaboration with the Technical University of Munich, the Fraunhofer AISEC's hardware security department offers a variety of open positions in this field. Depending on your strengths, we provide both pure software-based and practical hardware topics, such as the following:

• Trace analysis using explainable machine learning
• Leakage recombination using belief propagation - light-weight or post-quantum algorithms
• Belief propagation performance optimization using GPUs
• Pattern-based triggering using software-defined radios

On request, other topics can be offered.

Prerequisites

• Programming skills, at least one language (Python, C, Rust)
• Interest in hardware security
• Basic Linux skills

Contact

Emanuele Strieder
Telefon: +49 89 322-9986-140
E-Mail: emanuele.strieder@aisec.fraunhofer.de

Fraunhofer Research Institution for Applied and Integrated Security (AISEC)
Department Hardware Security
Parkring 4, 85748 Garching (near Munich), Germany
https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Emanuele Strieder (Fraunhofer AISEC)

Post-Quantum Crypto on RISC-V

Description

As the ongoing development of quantum computers poses a significant threat to classic assymetric cryptography, new approaches for assymetric encryption and signatures need to be developed. These post-quantum secure cryptography can be grouped into different subsets, among them schemes based on lattices, error-correcting codes, isogenies or multivariate equations.

The NIST (National Institute of Standards and Technology) chose 3 lattice-based Post-Quantum secure algorithms for standardization in July 2022.

The goals of this work is to implement one these algorithms on a State-of-the-Art RISC-V platform and evaluate its potential for hardware acceleration as well as its side-channel resilience.

References:

NIST Round 3 Report

Prerequisites

  • Very good programming skills in C and RISC-V assembly
  • Experience in hardware design with VHDL or SystemVerilog

Contact

Supervisor:

Jonas Schupp

HW implementations for Post-Quantum Cryptography

Description

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Prerequisites

Ideally, you should have knowledge of the following:

  • A hardware description language like VHDL/Verilog/SystemVerilog
  • Experience running simulations using ModelSim
  • Basic C programming skills
  • Basic knowledge of post-quantum cryptography as taught as e.g. in Quantum Computers and Quantum Secure Communications

Contact

If you are interested in the topic, please send a CV and your transcript of records to: patrick.karl@tum.de

Supervisor:

Patrick Karl

SCA of AI Hardware Accelerator

Keywords:
SCA, Neural Networks, Hardware, FPGA

Description

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Prerequisites

  • VHDL/Verilog Knowledge
  • Sichere Implementierung Kryptographischer Verfahren (SIKA)
  • Python Skills

Contact

manuel.brosch@tum.de or matthias.probst@tum.de

Supervisor:

Manuel Brosch, Matthias Probst

Implementation of Hardware Trojans

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Interdisciplinary Projects

Hardware Verification and FPGA Development for Experimental Setups

Keywords:
FPGA development hardware

Description

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

Prerequisites

openOCD Extension Development:

  • Base knowledge in C
  • Basic tcl scripting

FPGA Development:

  • Base Verilog Knowledge
  • You can read schematics and do basic hardware debugging
  • Base python knowledge

 

Supervisor:

Tim Music

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Automation of SRAM Data Extraction using Thermal Laser Stimulation (AISEC)

Description

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Prerequisites

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)


Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Bodo Selmke 
Bodo.Selmke@aisec.fraunhofer.de
Johanna Baehr
Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Bodo Selmke + Johanna Baehr (Fraunhofer AISEC)

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Research Internships (Forschungspraxis)

Tracking Down the Source of Indirect Side-Channel Leakages

Description

Real-world implementations of cryptographic algorithms necessarily have to consider physical effects. Side-channel leakages, such as the system’s power draw during the processing containing information about secret values, are a major design objective for today’s secure systems.

The underlying effects can be simple, such as state changes of bus wires effecting higher power draws due to wire capacitances, but can also have their roots in more complex interactions. An integrated circuit’s subsystems can influence each other, e.g. supply voltage fluctuations from a power side channel can transfer to an RF transmitter.

Crucially, interactions like these need to be known for the design of effective general-purpose countermeasure against such leakages.

The aim of this work is to replicate a published attack based on indirect emanations and to trace back the internal mechanisms of the apparent leakages through a series of hardware experiments. If carried out as a bachelor’s thesis, this topic focuses on the replication; for a research internship/master thesis, extending the work is possible.

Prerequisites

Necessary: Either dependable knowledge of FPGA design and VHDL/Verilog or experience programming in Python
Necessary:
Willingness to carry out experiments and measurement campaigns in our lab
Optional:
Soldering skills
Optional: Basic understanding of cryptographics algorithms and side channel attacks

This work can either be conducted in German or in English. I am happy to provide more details and answer your questions upon request.

 

Contact

If you are interested in this work, please contact me via email with a short CV and grade report. We will then arrange a short meeting where we can discuss the details.

Jonas Ruchti, M.Sc.
Technical University of Munich, Chair of Security in Information Technology
Room N1014
E-Mail: j.ruchti@tum.de

 

Supervisor:

Jonas Ruchti

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Automation of SRAM Data Extraction using Thermal Laser Stimulation (AISEC)

Description

Thermal Laser Stimulation is a technique which can be used to extract data from SRAM memory over a power side channel without interfering with the memory cells. This technique involves using a focused laser beam for local heating of the chip, causing an altered current consumption of the targeted SRAM cell. Since this influence on the SRAM cell is data dependent, this enables to readout the memory by measuring and recording the device power consumption while scanning it with the laser system. The advantage of this technique is that it allows the extraction of sensitive data from SRAM cells that are not accessible otherwise, for example because they are used in secure systems. The main goal of this work is the create a framework to automate the evaluation of the recorded data (possibly by the use of machine learning techniques), and to verify the feasibility on modern chips.

Prerequisites

Motivation to learn, or experience with:
- Python or C
- Hardware description languages (e.g. VHDL, Verilog)


Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Bodo Selmke 
Bodo.Selmke@aisec.fraunhofer.de
Johanna Baehr
Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Bodo Selmke + Johanna Baehr (Fraunhofer AISEC)

Double Diverse Compiling Framework for Hardware Security using Open Source EDA Tools (AISEC)

Description

Double diverse compiling is a technique used in software security to check for the insertion of malicious code by compilers during the compilation process. It involves compiling the code using two different tools and then cross-referencing the results to ensure their consistency. This approach can also be applied to hardware, where the netlist generated by a commercial tool can be formally verified against the output of an open source tool, and vice versa. The main goal of this project is to develop a framework that automates and verifies this process.

Prerequisites

Motivation to learn, or experience with:
- Python
- Hardware description languages (e.g. VHDL, Verilog)
- Hardware Synthesis
- Formal Verification

Interested?
We are constantly looking for new student team members that are excited about hardware security. Please send your application via e-mail with your CV, and most recent certificates and grades to the contact below. We are excited to meet you!

Contact

Johanna.Baehr@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Johanna Baehr (Fraunhofer AISEC)

Key Encapsulation Mechanisms and Encryption Techniques for CAN-Bus (AISEC)

Description

CAN (Controller Area Network) is a critical communication protocol used in various industries for the exchange of data between electronic components. It is an essential technology for the automotive industry and can be found in nearly all modern vehicles.
Unauthorized access to the CAN-Bus enables the manipulation of data being sent between electronic units, the extraction of vehicle data, as well as the injection of malicious packets for bypassing security measures.

The goal of this work is the implementation of KEM and encryption algorithms for enhancing the security of the CAN-Bus.

Prerequisites

- Experience implementing software in C and/or Python
- Basic knowledge about key encapsulation and encryption algorithms
- Basic understanding of automotive communication buses
- Optional: Experience writing firmware for embedded systems
- Optional: Understanding of functional encryption algorithms

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Description

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Prerequisites

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Needles in Haystacks

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

Detection methods have come a long way, but still cannot archieve good performance in realistic scenarios.

During this thesis, you will implement and improve an existing hardware trojan detection method.

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python, because machine learning and reverse engineering tools build on this
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for understanding the trojan samples
  • Basic knowledge in design/architecture of hardware design to understand  trojan location and insertion.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Enhancing a masked AI Accelerator

Keywords:
SCA, Machine Learning, VHDL, Masking

Description

Artificial Intelligence (AI) experience growing popularity in edge devices. The increasing usage of AI on edge devices enlarges the relevance of security of the Intellectual Property (IP) stored within the algorithm. As an attacker can gain physical access to the device, hardware attacks such as Side-Channel Analysis (SCA) must be considered [1]. SCA uses physical quantities like the power consumption to extract valuable information about the AI algorithm.

A common technique to counter SCA is masking [2], which introduces random numbers to make intermediate results and the power consumption independent of secret values.

In this work an existing FPGA implementation of a neural network accelerator should be extended to execute different types of neural networks.

 

Start: Anytime

References

[1] Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. 2019. CSI NN: reverse engineering of neural network architectures through electromagnetic side channel. In Proceedings of the 28th USENIX Conference on Security Symposium (SEC'19). USENIX Association, USA, 515–532.

[2] Athanasiou, Konstantinos & Wahl, Thomas & Ding, A. & Fei, Yunsi. (2022). Masking Feedforward Neural Networks Against Power Analysis Attacks. Proceedings on Privacy Enhancing Technologies. 2022. 501-521. 10.2478/popets-2022-0025.

 

 

Prerequisites

  • VHDL
  • Python

Contact

manuel.brosch@tum.de

Supervisor:

Manuel Brosch

Machine Learning in Side-Channel Analysis (AISEC)

Description

Utilizing statistical techniques, side-channel analysis exploits information that a cryptographic device is leaking. Possible sources of this leakage are electromagnetic or power side-channel traces. Machine learning based side-channel analysis extends the statistical toolbox with Neural Networks, Belief Propagation or different methods of this field to recombine and exploit leakage.

In collaboration with the Technical University of Munich, the Fraunhofer AISEC's hardware security department offers a variety of open positions in this field. Depending on your strengths, we provide both pure software-based and practical hardware topics, such as the following:

• Trace analysis using explainable machine learning
• Leakage recombination using belief propagation - light-weight or post-quantum algorithms
• Belief propagation performance optimization using GPUs
• Pattern-based triggering using software-defined radios

On request, other topics can be offered.

Prerequisites

• Programming skills, at least one language (Python, C, Rust)
• Interest in hardware security
• Basic Linux skills

Contact

Emanuele Strieder
Telefon: +49 89 322-9986-140
E-Mail: emanuele.strieder@aisec.fraunhofer.de

Fraunhofer Research Institution for Applied and Integrated Security (AISEC)
Department Hardware Security
Parkring 4, 85748 Garching (near Munich), Germany
https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Emanuele Strieder (Fraunhofer AISEC)

Post-Quantum Crypto on RISC-V

Description

As the ongoing development of quantum computers poses a significant threat to classic assymetric cryptography, new approaches for assymetric encryption and signatures need to be developed. These post-quantum secure cryptography can be grouped into different subsets, among them schemes based on lattices, error-correcting codes, isogenies or multivariate equations.

The NIST (National Institute of Standards and Technology) chose 3 lattice-based Post-Quantum secure algorithms for standardization in July 2022.

The goals of this work is to implement one these algorithms on a State-of-the-Art RISC-V platform and evaluate its potential for hardware acceleration as well as its side-channel resilience.

References:

NIST Round 3 Report

Prerequisites

  • Very good programming skills in C and RISC-V assembly
  • Experience in hardware design with VHDL or SystemVerilog

Contact

Supervisor:

Jonas Schupp

HW implementations for Post-Quantum Cryptography

Description

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Prerequisites

Ideally, you should have knowledge of the following:

  • A hardware description language like VHDL/Verilog/SystemVerilog
  • Experience running simulations using ModelSim
  • Basic C programming skills
  • Basic knowledge of post-quantum cryptography as taught as e.g. in Quantum Computers and Quantum Secure Communications

Contact

If you are interested in the topic, please send a CV and your transcript of records to: patrick.karl@tum.de

Supervisor:

Patrick Karl

SCA of AI Hardware Accelerator

Keywords:
SCA, Neural Networks, Hardware, FPGA

Description

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A side-channel attack can be used to extract the network parameters such as the number or type of layers, as well as weights and bias values. In [3, 4] side-channel attacks on different implementations of ANNs are performed. 

In this work, a side-channel attack on autogenerated implementations of different ANNs should be performed. This includes a detailed analysis of the side-channel properties of the different implementations.

 Start of Thesis: Anytime


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Prerequisites

  • VHDL/Verilog Knowledge
  • Sichere Implementierung Kryptographischer Verfahren (SIKA)
  • Python Skills

Contact

manuel.brosch@tum.de or matthias.probst@tum.de

Supervisor:

Manuel Brosch, Matthias Probst

Implementation of Hardware Trojans

Description

In a world of multinational production chains, hardware trojans inserted by untrusted third parties are an emerging threat for the security of integrated circuits.

In order to develop methods for hardware trojan detection, specimens of hardware trojans are needed. Unfortunately, the variety of specimen currently available is very low.

During this thesis, you will implement a hardware trojan for a FPGA or ASIC circuit.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a High-Level Programming language such as python for designing an interface
  • Basic to intermediate knowledge of a hardware description language such as vhdl or verilog for designing the trojan
  • Basic knowledge in design/architecture of cryptographic algorithms / CPUs to know where a trojan might be injected

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Internships

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Logging of Lab Temperature

Description

Side-Channel measurements are prone to variations due to external factors that can serverly impact the performance of the measurement.

To determine potentially errornous measurements, the ambient temperature of the lab shall be logged on a regular basis. An automated solution that logs the temperature. represents it visually and allows for automated evaluation shall be implemented.

Prerequisites

  • Basics of web development (e.g.: PHP, RubyOnRails, Javascript)
  • Basics knowledge about relational databases (e.g.: PostgreSQL)
  • Basic knowledge about programming on linux
  • Basic knowledge about hardware development

Contact

Supervisor:

Jonas Schupp

Student Assistant Jobs

Tutor/in: Sichere Implementierung kryptographischer Verfahren

Keywords:
Seitenkanalanalyse, Implementierungen, Tutor, Tutorin

Description

Die Vorlesung Sichere Implementierung kryptographischer Verfahren (SIKA) wird durch eine Übung begleitet, in der vier Programmieraufgaben durchgeführt werden. Zur Unterstützung der Studierenden, zur Betreuung des Seitenkanalmessplatzes und zum Testen der Abgabe-Umgebung wird ein/e Tutor/in gesucht.

Die Programmierübungen beinhalten die Implementierung von AES in C und die Entwicklung verschiedener Angriffe auf RSA und AES in Python. Im Rahmen des Differential Power Analysis(DPA)-Angriffs wird der Stromverbrauch einer Implementierung mit dem Oszilloskop aufgezeichnet. Für die Abgabe und Auswertung der Progammieraufgaben wird dabei die Coderunner-Umgebung aus Moodle verwendet.

Im Rahmen der Tätigkeit können für die Unterstützung bei den Progammieraufgaben feste Sprechzeiten am Lehrstuhl für Sicherheit in der Informationstechnik eingerichtet werden. Zum Testen der Coderunner-Umgebung sollten die Aufgaben jeweils eine Woche vor dem Übungstermin eigenständig gelöst und abgegeben werden, um mögliche Probleme der Umgebung aufzudecken.

Zeitraum und Stundenanzahl:

Ab 01. November 2023 bis 31. Januar 2024 mit 6-12 Stunden pro Woche, geringfügige Anpassung des Zeitraums, der Stundenzahl und Absprache von flexiblen Arbeitszeiten sind möglich.

Prerequisites

  • Programmierkenntnisse in C und Python
  • Grundverständnis im Umgang mit Messgeräten, z.B. Oszilloskop
  • Idealerweise Belegung der SIKA-Vorlesung in einem vorhergehenden Semester
  • Eigenständige Arbeitsweise

Contact

Technische Universität München
Lehrstuhl für Sicherheit in der Informationstechnik
Manuel Brosch
Theresientr. 90, N1007
E-Mail: manuel.brosch@tum.de

Supervisor:

Manuel Brosch

Hardware Verification and FPGA Development for Experimental Setups

Keywords:
FPGA development hardware

Description

To perform security assessments on devices, firmware and data typically need to be bootstrapped from the host PC to the device-under-test (DUT) by the means of debug, as well as several embedded communication interfaces. To streamline these setups, a novel hardware based around an FPGA has been developed, which awaits further testing and is eager to receive software.

The main focus is centered around flexibly bootstrapping custom ASICs, as well as off-the-shelf microcontrollers through SWD and JTAG. As means of interfacing the former, openOCD is used as a debug bridge.

We can offer you to either work on adding custom extensions to openOCD or developing hardware IP on FPGA. If you are eager, of course also both.

If you have any additional questions feel free to contact us!

Prerequisites

openOCD Extension Development:

  • Base knowledge in C
  • Basic tcl scripting

FPGA Development:

  • Base Verilog Knowledge
  • You can read schematics and do basic hardware debugging
  • Base python knowledge

 

Supervisor:

Tim Music

Hardware Development for Security

Keywords:
hardware development security

Description

Do you have hardware experience? We are looking for you!

  • You are looking for a thesis, research internship or student assistant position?
  • You know how to draw an orderly schematic?
  • You know a thing or two about electronic component selection?
  • You know op-amps not just from textbooks?
  • You have laid out your own PCBs before?
  • You are no stranger to soldering?
  • You know not just SMD, but lots of other three-letter acronyms, too: ESL, FR-4, C0G, NP0, UJT, QFN, DFN, BGA ... ?
  • You prefer to talk to microcontrollers (at the register level)?
  • You can tell components apart from the smell of their magic smoke?

If you can at least tick a few boxes here and want to help us improve our lab and measurement for various hardware attacks, please contact us! We will ?nd a hardware-oriented security-adjacent topic together.

Supervisor:

Tim Music

Practical Cache Side-Channel on Embedded SoC Platforms (AISEC)

Description

Caches are indispensable hardware components of powerful, modern processors. However, their timing characteristics form a challenge to the implementation of secure systems: As they are used concurrently by different processes, they form a side-channel, leaking information about memory access patterns. In addition, misusing cache timings as a deliberate covert-channel between two malicious processes can threaten security, too.
The threat of cache based side-channel attacks has been known and demonstrated for many years. With the increasing performance and complexity of processors throughout all domains, they become more relevant in the domain of embedded SoCs. We want to gain deeper insight in the practical feasibility of cache side-channel attacks on embedded SoCs.
The aim of this work is to help us set up a cache based covert-channel on a modern embedded SoC platform. Therefore we will develop software, which uses the cache to form a covert-channel. Afterwards we will determine the characteristics and reliability of the covert-channel.

Prerequisites

The following skills are valuable for the execution of the project:
* Proficiency in programming in C
* Basic experience with assembly programming (preferably ARM)
* Basic knowledge about cache architectures (e.g., from a university lecture)
* Basic experience with embedded Linux (e.g., Raspberry Pi, BeagleBone, buildroot)
* Basic experience with git
* Basic knowledge in programming in Python3

Contact

If you are interested in this particular HiWi position, please send an email with
* a short CV,
* a short cover letter, and
* your last grading sheet.
If you are interested in working on cache side-channels in some other way, e.g., as research internship ("Forschungspraxis"), please feel free to contact me via email as well.

Kilian Zinnecker, kilian.zinnecker@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Kilian Zinnecker (Fraunhofer AISEC)

Key Encapsulation Mechanisms and Encryption Techniques for CAN-Bus (AISEC)

Description

CAN (Controller Area Network) is a critical communication protocol used in various industries for the exchange of data between electronic components. It is an essential technology for the automotive industry and can be found in nearly all modern vehicles.
Unauthorized access to the CAN-Bus enables the manipulation of data being sent between electronic units, the extraction of vehicle data, as well as the injection of malicious packets for bypassing security measures.

The goal of this work is the implementation of KEM and encryption algorithms for enhancing the security of the CAN-Bus.

Prerequisites

- Experience implementing software in C and/or Python
- Basic knowledge about key encapsulation and encryption algorithms
- Basic understanding of automotive communication buses
- Optional: Experience writing firmware for embedded systems
- Optional: Understanding of functional encryption algorithms

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Low-Level Implementation and Evaluation of Privacy-Enhancing Techniques (PETs) on Microcontrollers (AISEC)

Description

As the amount of technology in our daily lives grows, the need for privacy and security becomes increasingly important. Microcontrollers are commonly used in a range of applications, including smart home appliances, automotive hardware and medical equipment, which are often connected to the internet or other networks. This increased connectivity creates potential vulnerabilities which can be exploited. Privacy-Enhancing Techniques (PETs) can be used for enhancing the privacy and security of such connected systems.

The goal of this work is the implementation of different PETs on microcontrollers, with the aim of identifying the most suitable approaches in terms of performance and privacy gains. Based on your skill set, the implementation of some PETs in hardware would also be possible.

Prerequisites

- First experience implementing software in C (Python is a plus)
- Basic understanding of cryptographic algorithms
- Basic knowledge on microcontroller architectures (e.g. ARM, RISC-V)
- Optional: Experience with embedded systems and microcontroller programming

Contact

If you are interested in this or similar topics, please write an e-mail to the following address and include a short CV, as well as your last grading sheet:

armando.miguel.garcia@aisec.fraunhofer.de

Armando Miguel Garcia, M.Sc.
Hardware Security Department
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching near Munich

Supervisor:

Georg Sigl - Armando Miguel Garcia (Fraunhofer AISEC)

Veranschaulichung von Sicherheitslücken in Fahrzeugen (AISEC)

Description

Die zunehmende Vernetzung von Fahrzeugen erlaubt Angreifern weitgreifende Manipulationen durchzuführen [1]. Zur Veranschaulichung von Sicherheitslücken in Fahrzeugen und zur Demonstration möglicher Gegenmaßnahmen soll daher ein realitätsnaher Demonstrator eines Fahrzeuginnenraums (Armaturenbrett, Tachometer, Lenkrad mit Force-Feedback) erstellt werden. Konkret werden reale Angriffe über die On-Board-Diagnose (OBD) Schnittstelle, direkten Zugriff auf Fahrzeugbusse oder über drahtlose Schnittstellen nachgestellt, z.B. auf die Kommunikation zwischen Fahrzeug und Schlüssel.

Neben der Ausarbeitung von Angriffsszenarien aus der jüngeren Vergangenheit gehört die Umsetzung und Darstellung in einem Demonstrator zu deinem Aufgabenspektrum. Konkret entwickelst du Software zum Ansteuern des Lenkrads und Tachometers über einen CAN-Bus und erstellst aus den einzelnen Komponenten einen Gesamtaufbau.

Im Zuge deiner Tätigkeit gewinnst du Erfahrungen über aktuelle E/E-Fahrzeugarchitekturen, über drahtlose Kommunikation und Kommunikation auf CAN-Bussen, über Schutzmaßnahmen und über konkrete Angriffe aus dem Bereich Cybersecurity.

[1] https://www.youtube.com/watch?v=MK0SrxBC1xs

Prerequisites

•   Praktische Erfahrung mit elektronischen/mechanischen Aufbauten; handwerkliches Geschick

•   Programmierkenntnisse und -erfahrung

•   Fähigkeit zur selbstständigen und zielorientierten Arbeit

•   Interesse im Bereich Automotive Security

Bitte beachte, dass durch die Art der Arbeit Anwesenheit am Institut in Garching nötig ist. Bewerben kannst du dich mit einem aktuellen Notenauszug sowie einem Lebenslauf bei den untenstehenden Personen.

Contact

Ferdinand Jarisch                                                             

Tel.:           +49 89 322-9986-166                                         ferdinand.jarisch@aisec.fraunhofer.de                     

Nikolai Puch

Tel.:+49 89 322-9986-142

nikolai.puch@aisec.fraunhofer.de

Fraunhofer Research Institute for Applied and Integrated Security AISEC

Department Product Protection and Industrial Security, Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Ferdinand Jarisch (Fraunhofer AISEC)

Tutor: Advanced Cryptographic Implementations

Description

 

The course “Advanced Cryptographic Implementation” teaches advanced techniques for implementing state-of-the-art cryptographic algorithms on embedded systems, including advanced countermeasures to secure cryptographic implementations against side-channel and fault attacks.

As part of the course, students undertake a practical, hands-on project that involves implementing and optimizing cryptographic algorithms on a RISC-V based microcontroller using C and assembly code.

As a tutor you will provide technical support to students during the summer semester in form of (virtual) meetings and/or remote supervision (e.g., chat or mail).

Timeline and working hours:

From 15.04.2023 until 31.07.2023 with a total of 84 hours. Flexible working hours and flexible working period are possible.

 

Prerequisites

 

·       Basic knowledge of cryptography

·       Hands-on experience with C/ASM programming and microcontrollers

·       Self-motivated and independent working style

·       Previous knowledge of RISC-V and attendance to the course are desirable, but not required

Contact

 

Fabrizio De Santis

fabrizio.desantis@siemens.com

 

Supervisor:

Fabrizio De Santis

Automated Test Environment for Embedded Devices (AISEC)

Description

At Fraunhofer AISEC, we research and develop software for embedded systems. This usually involves
usage of CI Pipelines to run unit and integration tests. However, for some functionalities, e.g. SoC specific security functions, there has not been any suitable automated test setup so far.
The goal of this student job is to extend existing CI functionality with a mechanism to integrate several physical devices. Currently, our setup for testing these devices requires manually setting hardware jumpers, and flashing the board over a USB connection. This process, i.e. setting jumpers, resetting and flashing boards, should be automated and made accessible over the network.

Area of Work
You will get in touch with:
• ARM Toolchain / Yocto
• NXP Universal Updater (UUU)
• Hardware Boards/ Raspberry Pi / PI KVM
• potentially Jenkins for CI/CD integration

Prerequisites

• Scripting Languages (e.g. Python)
• Previous experience in Embedded Development (e.g. with Cortex-A, Cortex-M . . . ) and its interfaces (USB, UART, GPIO) is advantageous

Contact

Albert Stark
albert.stark@aisec.fraunhofer.de
+49 89 322-9986-1038

Corinna Lingstaedt
corinna.lingstaedt@aisec.fraunhofer.de
+49 89 322-9986-1022

Fraunhofer Institute for Applied and Integrated Security (AISEC)
Lichtenbergstrase 11, 85748 Garching (near Munich), Germany
https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Corinna Lingstädt + Albert Stark (Fraunhofer AISEC)

Machine Learning in Side-Channel Analysis (AISEC)

Description

Utilizing statistical techniques, side-channel analysis exploits information that a cryptographic device is leaking. Possible sources of this leakage are electromagnetic or power side-channel traces. Machine learning based side-channel analysis extends the statistical toolbox with Neural Networks, Belief Propagation or different methods of this field to recombine and exploit leakage.

In collaboration with the Technical University of Munich, the Fraunhofer AISEC's hardware security department offers a variety of open positions in this field. Depending on your strengths, we provide both pure software-based and practical hardware topics, such as the following:

• Trace analysis using explainable machine learning
• Leakage recombination using belief propagation - light-weight or post-quantum algorithms
• Belief propagation performance optimization using GPUs
• Pattern-based triggering using software-defined radios

On request, other topics can be offered.

Prerequisites

• Programming skills, at least one language (Python, C, Rust)
• Interest in hardware security
• Basic Linux skills

Contact

Emanuele Strieder
Telefon: +49 89 322-9986-140
E-Mail: emanuele.strieder@aisec.fraunhofer.de

Fraunhofer Research Institution for Applied and Integrated Security (AISEC)
Department Hardware Security
Parkring 4, 85748 Garching (near Munich), Germany
https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Emanuele Strieder (Fraunhofer AISEC)

Secure Video Processing and Streaming (AISEC)

Description

The most of contemporary video recording and streaming software do not provide strong security guarantees, in terms of confidentiality, provable authenticity of the video data, as well as enforced access policies. To demonstrate possible solutions to those shortcomings, Fraunhofer AISEC develops software for secure and trusted video applications, e.g., security cameras.
This software is written in C/C++ for Linux-based systems and applies security mechanisms and policies on video data. For the current implementation state we are seeking support for various extensions and improvements. The position provides an opportunity to work on a project bringing cutting edge security into the video-based applications. The candidates are expected to be able to find her way through technical documentations, understand third-party libraries and tools, and of course have fun trying out new approaches.

Prerequisites

• High motivation and independent work style
• Ability to grasp new technlogies and concepts quickly
• Good knowledge and experience in C/C++ programming
• Knowledge in the field of video processing and codecs is advantageous

Contact

Mykolai Protsenko, Dr.-Ing.
Telefon: +49 89 322-9986-192
E-Mail:    mykolai.protsenko@aisec.fraunhofer.de
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Secure Operating Systems
Lichtenbergstraße 11, 85748 Garching (near Munich), Germany https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Mykolai Protsenko (Fraunhofer AISEC)

Working Student: Chip Design for Security Applications (AISEC)

Description

Fraunhofer AISEC and TU Munich are collaborating in designing security chip prototypes for various research projects. You have the opportunity to work with a team of researchers on realizing innovative security solutions on hardware circuits. During your work, you will both learn valuable skills related to the different stages of chip design and have the opportunity to contribute to cutting edge research, e.g. Physical Unclonable Functions, Post Quantum Cryptography, Hardening of cryptographic algorithms, … . This job is an ideal starting point for a future career in chip design and information security.

Prerequisites

* One of the following and the motivation to learn the other:
      Experience with at least one hardware description language, e.g. (System) Verilog or VHDL
      Experience with embedded software development, e.g. C, Assembly (ARM/RISC-V), Rust
* Experience with Python
* Experience with Linux
* Motivation for learning more about chip design
* Motivation for contributing to research in hardware security

Contact

Please send an email with:
* A short CV
* A short cover letter
* Your last grading sheet
* 3-5 dates, which fit to your schedule, for a meeting.
Felix Oberhansl, felix.oberhansl@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Felix Oberhansl (Fraunhofer AISEC)

Studentische Hilfskraft Public Relations & Marketing (m/w/d) (AISEC)

Description

Die Fraunhofer-Gesellschaft (www.fraunhofer.de) betreibt in Deutschland derzeit 76 Institute und Forschungseinrichtungen und ist die weltweit führende Organisation für anwendungsorientierte Forschung. Rund 30 000 Mitarbeitende erarbeiten das jährliche Forschungsvolumen von 2,9 Milliarden Euro.  

 

Das Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC (http://www.aisec.fraunhofer.de/) mit Hauptsitz in Garching bei München und Standorten in Berlin und Weiden gestaltet mit international anerkannter Spitzenforschung im Bereich Cybersicherheit die digitalen Transformationsprozesse in Schlüsselbranchen wie der Automobilindustrie, dem Maschinenbau, der Luftfahrt und der Gesundheitswirtschaft mit.

 

Was Sie bei uns tun

 

Als Unterstützung für unser PR- und Marketing-Team erwartet Sie ein vielseitiges und interessantes Aufgabenspektrum. Dazu zählt die aktive Mitarbeit sowohl an der Kommunikation des Fraunhofer AISEC mit seinen wichtigsten internen und externen Stakeholdern, als auch am Marketing seines Know-hows und seiner Technologien gegenüber Kund*innen und potentiellen Bewerber*innen.

 

Prerequisites

Was Sie mitbringen

 

  • Sie studieren Kommunikations-, Medien- oder Geisteswissenschaften bzw. interessieren sich für einen Einstieg ins Berufsfeld „PR & Marketing“ und bringen erste Kenntnisse in digitaler Kommunikation mit.
  • Als Digital Native haben Sie keine Scheu vor digitalen Tools, verstehen es Social-Media-Kanäle geschickt zu nutzen und haben ein Händchen für digitale Foto-, Video- oder Audio-Inhalte.
  • Es macht Ihnen Spaß, Veranstaltungen und Messen – sowohl Präsenz- als auch Online-Formate – zu organisieren.
  • Sicheres Auftreten, Teamarbeit und soziale Kompetenz sind für unser Team ebenso wichtig wie Flexibilität und selbstständiges, genaues Arbeiten.
  • Gute MS Office-Kenntnisse und einen sicheren Umgang mit dem Internet setzen wir voraus. Erste Erfahrungen mit Tools zur Grafikerstellung bzw. zur Bearbeitung von Foto-, Video- und Audio-Dateien sind hilfreich.
  • Außerdem sollten Sie ein Grundverständnis von Cybersicherheit und eine Vorstellung von ihrer Relevanz bzw. ihren Funktions- und Wirkungsweisen haben.

 

Contact

Tobias Steinhäußer

 

Head of PR & Marketing

 

Fraunhofer AISEC/CCIT

 

Tel. +49 3229986-170

 

 

Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC 

 

www.aisec.fraunhofer.de 


Kennziffer: 22082   

 

Supervisor:

Georg Sigl - Tobias Steinhäußer (Fraunhofer AISEC)

Side-Channel Analysis of Error-Correcting Codes for PUFs

Description

Physical Unclonable Functions (PUFs) exploit manufacturing process variations to generate unique signatures. PUF and error-correcting codes can be joined together to reliably generate cryptographically strong keys. However, the implementation of error-correcting codes is prone to physical attacks like side-channel attacks. Side-channel attacks exploit the information leaked during the computation of secret intermediate states to recover the secret key. Therefore, the implementation of error-correcting codes must also involve the implementation of proper countermeasures against side-channel attacks.

The goal of this thesis is to evaluate the side-channel resistance of a secure implementation of error-correcting codes for PUFs on FPGA. The thesis consists of the following steps:

  • Get familiar with currently available implementations of error-correcting codes for PUFs
  • Adapt and improve current implementations (VHDL)
  • Develop a measurement setup for side-channel analysis (Matlab/Python)
  • Perform side-channel analysis using the state-of-the-art EMF measurement equipment in our lab (Oscilloscope knowledge + Matlab/Python required)

Prerequisites

 The ideal candidate should have:

  • Previous experience in field of digital design (VHDL/Vivado/Xilinx FPGA)
  • Basic knowledge on using lab equipment (e.g Oscilloscope,...)
  • Basic knowledge in statistics
  • Good programming skills in Matlab/Python
  • Attendance at the lecture “Secure Implementation of Cryptographic Algorithms” is advantageous

 

Contact

Email: m.pehl@tum.de or manuel.brosch@tum.de

Supervisor:

Michael Pehl, Manuel Brosch