Theses and Internships

On this page you can find theses and internship positions currently offered at the Chair of Security in Information Technoloty and at the Fraunhofer AISEC. If you are uncertain about your previous knowledge for a topic, please feel free to contact the person specified in the offer. You have not found a topic but still want to do your thesis with us? Please contact a staff member from the research area of your ​​interest. Please attach a current grade sheet and a short CV to your application so that we can assess your qualification for the topic of your choice.

Open Theses and Internships

Bachelor's Theses

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Bringing a RISC-V to Life: Implementation of tooling for a RISC-V CPU

Description

RISC-V is the upcoming instruction set architecture of the future. We have taped out our own RISC-V chip for security purposes.

Your task is to implement various testing routines for a RISC-V CPU existing at the chair.

Prerequisites

This list is not final, rather a guideline for the competences required for successfully completing the project.

  • Sufficient knowledge of C
  • Experience with embedded programming and environment
  • Some knowledge of cmake, as compilation works via cmake
  • Some knowledge of python, as tooling is partially implemented with it.

Supervisor:

Alexander Hepp

Developing tools for chip reverse engineering

Description

In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.

For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.

In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
  • A very basic knowledge of chip design in order to know what data you are dealing with
  • Creativity and interest for details in oder to create a good concept of the tool you want to implement

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Master's Theses

Securing volatile and non-volatile memories with lightweight encryption techniques

Description

In the recent years, many Non-Volatile Memories technologies such as Phase Change Memory or Spin-Transfer Torque Memory have emerged as possible alternative to SRAM and DRAM. With this trend it becomes crucial to protect data that is stored persistently in memory and thereby prevent attacks such as cold-boot [1], replay or memory manipulation. The techniques traditionally used for that purpose rely on an authenticated encryption scheme based on AES and integrity trees such as the Bonsai-Merkle Tree to protect the encryption meta-data [2].
In this thesis, a memory protection concept based on lightweight cryptographic algorithms currently under standardization is to be evaluated. The developped concept should be suitable for systems containing a mix of conventional volatile main memory and NVMs [3]. As an evaluation platform, a RISCV-V microcontroller can be used.

Prerequisites

Good knowledge in hardware design with VHDL or Verilog
Good knowledge in Python or another scripting language
Good knowledge of computer architecture is preferred

 

[1] J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2009. Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52, 5 (May 2009), 91–98. https://doi.org/10.1145/1506409.1506429
[2] Fan Yang, Youyou Lu, Youmin Chen, Haiyu Mao, and Jiwu Shu. 2019. No Compromises: Secure NVM with Crash Consistency, Write-Efficiency and High-Performance. In Proceedings of the 56th Annual Design Automation Conference 2019 (DAC '19). Association for Computing Machinery, New York, NY, USA, Article 31, 1–6. https://doi.org/10.1145/3316781.3317869
[3] Amro Awad, Mao Ye, Yan Solihin, Laurent Njilla, and Kazi Abu Zubair. 2019. Triad-NVM: persistency for integrity-protected and encrypted non-volatile memories. In Proceedings of the 46th International Symposium on Computer Architecture (ISCA '19). Association for Computing Machinery, New York, NY, USA, 104–115. https://doi.org/10.1145/3307650.3322250
 

Supervisor:

Mathieu Gross

Post-Quantum Crypto on RISC-V

Description

As the ongoing development of quantum computers poses a significant threat to classic assymetric cryptography, new approaches for assymetric encryption and signatures need to be developed. These post-quantum secure cryptography can be grouped into different subsets, among them schemes based on lattices, error-correcting codes, isogenies or multivariate equations.

The NIST (National Institute of Standards and Technology) chose 3 lattice-based Post-Quantum secure algorithms for standardization in July 2022.

The goals of this work is to implement one these algorithms on a State-of-the-Art RISC-V platform and evaluate its potential for hardware acceleration as well as its side-channel resilience.

References:

NIST Round 3 Report

Prerequisites

  • Very good programming skills in C and RISC-V assembly
  • Experience in hardware design with VHDL or SystemVerilog

Contact

Supervisor:

Jonas Schupp

Hardware-based memory safety in RISC-V (AISEC)

Description

Memory safety bugs, e.g., buffer-overflows or use-after-free, remain in the top ranks of security
vulnerabilities. New hardware extensions such as the ARM Memory Tagging Extension help as
mitigation, but are not yet available for all architectures. In this work, you will analyze and com-
pare different methods for hardware-based memory safety approaches and will identify their
advantages/disadvantages. You will then implement support for memory safety for RISC-V in
the gem5 simulator. The work done is part of the Chip Design Center Bayern Innovative that
helps build an independent Chip Design infrastructure in Bavaria.In this project the Fraun-
hofer AISEC helps to develop secure RISC-V systems and encourages publication of the final
results.

Prerequisites

The following list of prerequisites is not complete, but shall give you an idea what is expected.

  • Knowledge in C/C++ to use and adapt the instrumentation and simulation framework
  • Basic knowledge of computer architectures
  • Basic knowledge in a scripting language, e.g. Python

 

 

 

Contact

Fraunhofer AISEC
Lichtenbergstraße 11
85748 München
Konrad Hohentanner
or via email: konrad.hohentanner@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Konrad Hohentanner (Fraunhofer AISEC)

Metrics for Obfuscation of Sequential Circuits

Description

Obfuscation of sequential circuits targets the protection of finite state machines. There exist different approaches to achieve this, like modifying the state machine on RTL level or modifying the corresponding flip-flops on gate-level [1]. A metric can be used to evaluate the success of an obfuscation technique and make it comparable to other methods. Due to the wide variety of sequential obfuscation methods, there are no uniform and very few metrics at all.

This work should analyze existing metrics in terms of how well they can be generalized and thus applied to as many obfuscation techniques as possible. In addition, the work should develop an improved metric.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • [1] Kamali, Hadi Mardani, et al. "Advances in Logic Locking: Past, Present, and Prospects." Cryptology ePrint Archive (2022).
  • R. S. Chakraborty and S. Bhunia, "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493-1502, Oct. 2009, doi: 10.1109/TCAD.2009.2028166.

Contact

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Supervisor:

Michaela Brunner

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

HW implementations for Post-Quantum Cryptography

Description

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Prerequisites

Ideally, you should have knowledge of the following:

  • A hardware description language like VHDL/Verilog/SystemVerilog
  • Experience running simulations using ModelSim
  • Basic C programming skills

Contact

patrick.karl@tum.de

Supervisor:

Patrick Karl

Error Correction for PUFs

Keywords:
Channel Coding, Error Correction, PUF, Security

Description

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Prerequisites

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Supervisor:

Christoph Frisch

Interdisciplinary Projects

Parameter exploration of an FPGA-based fault injection framework

Description

Ring Oscillators or circuits relying on glitch amplification have been demonstrated to be efficient for implementing fault attacks remotely in FPGAs [1,2]

In this work, the parameter exploration of an existing FPGA to CPU fault injection framework is to be performed. The optimization goals should lead to a small fault injection circuit capable of implementing fault injection on Linux, while minimizing the number of system crashes.

[1]: Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 44–68. https://doi.org/10.13154/tches.v2018.i3.44-68

[2]: K. Matas, T. M. La, K. D. Pham and D. Koch, "Power-hammering through Glitch Amplification – Attacks and Mitigation," 2020 IEEE 28th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), 2020, pp. 65-69, doi: 10.1109/FCCM48280.2020.00018.

Prerequisites

  • Good knowledge in C programming
  • Good knowledge in Python
  • Previous experience with Hardware design in VHDL preferred

Supervisor:

Mathieu Gross

Automotive radio analysis framework (AISEC)

Description

Modern cars use besides well known wireless standards like WLAN or Bluetooth, a plethora of proprietary radio communication protocols. For example, current tire pressure is transmitted via Ultrahigh Frequency (UHF) to a controller in the car. Radio Data System (RDS) is also still used to embed information like traffic messages, title names or sender logos into FM radio broadcasting. As a final example, radio keys use Low Frequency (LF) as well as UHF to implement different functions to unlock and start the car. Especially Remote Keyless Entry (RKE) is highly popular although implementing little security.
This work shall develop a framework to test automotive wireless services. The main focus should lie with vehicle keys and immobilizers. First of all, devices to analyse LF as well as UHF should be integrated and as necessary expanded. Based on this, tests shall be conceived, like testing RKE for replay or relay vulnerabilities. Finally, these tests may be optimized, e.g. by tuning antenna or other hardware to increase distance.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about:
• Experience with radio communication basics (Modulation, Encoding, ...)
• Experience in programming for embedded devices
• Ability to work self-directed and systematically
Please attach a current grade sheet and a short CV to your application so that we can assess your qualification for the topic of your choice.

Contact

Nikolai Puch
Sebastian Peters
Phone:    +49 89 322-9986-142
Phone:    +49 89 322-9986-1037
E-mail:    nikolai.puch@aisec.fraunhofer.de
E-mail:    sebastian.peters@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Nicolai Puch, Sebastian Peters (Fraunhofer AISEC)

Bringing a RISC-V to Life: Implementation of tooling for a RISC-V CPU

Description

RISC-V is the upcoming instruction set architecture of the future. We have taped out our own RISC-V chip for security purposes.

Your task is to implement various testing routines for a RISC-V CPU existing at the chair.

Prerequisites

This list is not final, rather a guideline for the competences required for successfully completing the project.

  • Sufficient knowledge of C
  • Experience with embedded programming and environment
  • Some knowledge of cmake, as compilation works via cmake
  • Some knowledge of python, as tooling is partially implemented with it.

Supervisor:

Alexander Hepp

Developing tools for chip reverse engineering

Description

In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.

For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.

In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
  • A very basic knowledge of chip design in order to know what data you are dealing with
  • Creativity and interest for details in oder to create a good concept of the tool you want to implement

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp

Error Correction for PUFs

Keywords:
Channel Coding, Error Correction, PUF, Security

Description

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Prerequisites

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Supervisor:

Christoph Frisch

Research Internships (Forschungspraxis)

Parameter exploration of an FPGA-based fault injection framework

Description

Ring Oscillators or circuits relying on glitch amplification have been demonstrated to be efficient for implementing fault attacks remotely in FPGAs [1,2]

In this work, the parameter exploration of an existing FPGA to CPU fault injection framework is to be performed. The optimization goals should lead to a small fault injection circuit capable of implementing fault injection on Linux, while minimizing the number of system crashes.

[1]: Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 44–68. https://doi.org/10.13154/tches.v2018.i3.44-68

[2]: K. Matas, T. M. La, K. D. Pham and D. Koch, "Power-hammering through Glitch Amplification – Attacks and Mitigation," 2020 IEEE 28th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), 2020, pp. 65-69, doi: 10.1109/FCCM48280.2020.00018.

Prerequisites

  • Good knowledge in C programming
  • Good knowledge in Python
  • Previous experience with Hardware design in VHDL preferred

Supervisor:

Mathieu Gross

Post-Quantum Crypto on RISC-V

Description

As the ongoing development of quantum computers poses a significant threat to classic assymetric cryptography, new approaches for assymetric encryption and signatures need to be developed. These post-quantum secure cryptography can be grouped into different subsets, among them schemes based on lattices, error-correcting codes, isogenies or multivariate equations.

The NIST (National Institute of Standards and Technology) chose 3 lattice-based Post-Quantum secure algorithms for standardization in July 2022.

The goals of this work is to implement one these algorithms on a State-of-the-Art RISC-V platform and evaluate its potential for hardware acceleration as well as its side-channel resilience.

References:

NIST Round 3 Report

Prerequisites

  • Very good programming skills in C and RISC-V assembly
  • Experience in hardware design with VHDL or SystemVerilog

Contact

Supervisor:

Jonas Schupp

Hardware-based memory safety in RISC-V (AISEC)

Description

Memory safety bugs, e.g., buffer-overflows or use-after-free, remain in the top ranks of security
vulnerabilities. New hardware extensions such as the ARM Memory Tagging Extension help as
mitigation, but are not yet available for all architectures. In this work, you will analyze and com-
pare different methods for hardware-based memory safety approaches and will identify their
advantages/disadvantages. You will then implement support for memory safety for RISC-V in
the gem5 simulator. The work done is part of the Chip Design Center Bayern Innovative that
helps build an independent Chip Design infrastructure in Bavaria.In this project the Fraun-
hofer AISEC helps to develop secure RISC-V systems and encourages publication of the final
results.

Prerequisites

The following list of prerequisites is not complete, but shall give you an idea what is expected.

  • Knowledge in C/C++ to use and adapt the instrumentation and simulation framework
  • Basic knowledge of computer architectures
  • Basic knowledge in a scripting language, e.g. Python

 

 

 

Contact

Fraunhofer AISEC
Lichtenbergstraße 11
85748 München
Konrad Hohentanner
or via email: konrad.hohentanner@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Konrad Hohentanner (Fraunhofer AISEC)

Metrics for Obfuscation of Sequential Circuits

Description

Obfuscation of sequential circuits targets the protection of finite state machines. There exist different approaches to achieve this, like modifying the state machine on RTL level or modifying the corresponding flip-flops on gate-level [1]. A metric can be used to evaluate the success of an obfuscation technique and make it comparable to other methods. Due to the wide variety of sequential obfuscation methods, there are no uniform and very few metrics at all.

This work should analyze existing metrics in terms of how well they can be generalized and thus applied to as many obfuscation techniques as possible. In addition, the work should develop an improved metric.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • [1] Kamali, Hadi Mardani, et al. "Advances in Logic Locking: Past, Present, and Prospects." Cryptology ePrint Archive (2022).
  • R. S. Chakraborty and S. Bhunia, "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493-1502, Oct. 2009, doi: 10.1109/TCAD.2009.2028166.

Contact

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Supervisor:

Michaela Brunner

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Parameter Optimitzation for On-Chip Voltage Sensor

Description

In a Multi-tenant FPGA scenario multiple users have their own partial reconfigurable region on a single FPGA. Each of theses regions allows a single user to implement her/his design, without being able to directly interact with the design of another user on the same FPGA. So-called Time to Digital Converters (TDCs) can be used to perform remote side-channel attacks in such multi-tenant FPGAs, to extract secrets from other users.

The TDC is used as remote power measurement unit of the FPGA. The working principle is to use a long path in which timing violations are caused. Since the delay of transistors are proportional to the supply voltage, the amount of timing violations is a measure of the devices power consumption.

Different publications have already shown that cryptographic implementations [1, 2] and neural networks [3] can be attacked with such sensors.

In this work, design parameters of the TDC should be explored, in order to evaluate the influence on measurements of the on-device power consumption.

 

[1] F. Schellenberg, D. R. E. Gnad, A. Moradi, and M. B. Tahoori, “An inside job: Remote power analysis attacks on FPGAs,” in Design, Automation and Test in Europe Conference & Exhibition (DATE), 2018, pp. 1111–1116.

[2] O. Glamo?anin, L. Coulon, F. Regazzoni, and M. Stojilovi?, “Are cloud fpgas really vulnerable to power analysis attacks?” in 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2020, pp. 1007–1010.

[3] V. Meyers, D. Gnad and M. Tahoori, "Reverse Engineering Neural Network Folding with Remote FPGA Power Analysis," 2022 IEEE 30th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), 2022, pp. 1-10, doi: 10.1109/FCCM53951.2022.9786107.

Prerequisites

VHDL/Verilog knowledge, Python skills

Contact

manuel.brosch@tum.de
matthias.probst@tum.de

Supervisor:

Manuel Brosch, Matthias Probst

IP Risk Through Satisfiability Checking Tools

Description

Due to long production and supply chains, circuit designs are prone to theft and manipulation. Logic locking inserts a locking key into the circuit netlist to secure them against these risks. However, so called SAT-based attacks, which check the satisfiability of netlists, were developed to extract the locking keys again.

This work should create a better understanding of sequential SAT-based attacks and extend them towards further applications.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • Subramanyan, P.; Ray, S. & Malik, S. Evaluating the security of logic encryption algorithms 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2015, 137-143
  • El Massad, M.; Garg, S. & Tripunitara, M. Reverse engineering camouflaged sequential circuits without scan access 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2017, 33-40

 

Contact

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Supervisor:

Michaela Brunner

Hardware Supply Chain Security (AISEC)

Description

Most customers put trust in their hardware vendors and the corresponding supply chain. No matter how well secured these customers’ own infrastructures are, this trust has the potential to devolve the weaknesses of their vendors (and even the vendors’ vendors etc.) into the customers’ own environment, constituting a blind spot in their overall security architecture.
Proposals to address this multi-dimensional problem on the one hand include organizational measures as, for example, establishing Cyber Supply Chain Risk Management (C-SCRM) or demanding third-party certifications, which confirm conformance with standards such as the ISA/IEC 62443 series. On the other hand, technology-based approaches as, for example, physical unclonable functions or IDevID certificates can also help to decrease the amount of trust which has to be put into the hardware supply chain.

Topic
The overall goal of this guided research is to compile a comprehensive overview of the hardware supply chain security landscape including challenges and potential solutions/countermeasures. The focus should lie on but not solely be limited to industrial automation and control systems (IACS).
The first part is to investigate both real-world incidents and academic approaches exploiting the hardware supply chain. Based on this preliminary research and reasoning, a holistic paradigm of trust relationships and corresponding problems in the hardware supply chain has to be derived and consolidated.
In the second part, suitable countermeasures have to be investigated and mapped to this paradigm. These countermeasures should in turn be categorized based on their maturity (ready-to-use, academic PoC, proposal etc.).

Prerequisites

  • Self-initiative and the ability to work in a self-directed way
  • Knowledge in the field of IT/IACS security
  • First experiences with hardware security would be ideal

Please attach a current grade sheet and a short CV to your application.

Contact

Michael Heinl
Nikolai Puch
Phone:    +49 89 322-9986-125
Phone:    +49 89 322-9986-142
E-mail:    michael.heinl@aisec.fraunhofer.de
E-mail:    nikolai.puch@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Michael Heinl und Nikolai Puch (Fraunhofer AISEC)

Automotive radio analysis framework (AISEC)

Description

Modern cars use besides well known wireless standards like WLAN or Bluetooth, a plethora of proprietary radio communication protocols. For example, current tire pressure is transmitted via Ultrahigh Frequency (UHF) to a controller in the car. Radio Data System (RDS) is also still used to embed information like traffic messages, title names or sender logos into FM radio broadcasting. As a final example, radio keys use Low Frequency (LF) as well as UHF to implement different functions to unlock and start the car. Especially Remote Keyless Entry (RKE) is highly popular although implementing little security.
This work shall develop a framework to test automotive wireless services. The main focus should lie with vehicle keys and immobilizers. First of all, devices to analyse LF as well as UHF should be integrated and as necessary expanded. Based on this, tests shall be conceived, like testing RKE for replay or relay vulnerabilities. Finally, these tests may be optimized, e.g. by tuning antenna or other hardware to increase distance.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about:
• Experience with radio communication basics (Modulation, Encoding, ...)
• Experience in programming for embedded devices
• Ability to work self-directed and systematically
Please attach a current grade sheet and a short CV to your application so that we can assess your qualification for the topic of your choice.

Contact

Nikolai Puch
Sebastian Peters
Phone:    +49 89 322-9986-142
Phone:    +49 89 322-9986-1037
E-mail:    nikolai.puch@aisec.fraunhofer.de
E-mail:    sebastian.peters@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Nicolai Puch, Sebastian Peters (Fraunhofer AISEC)

HW implementations for Post-Quantum Cryptography

Description

Classic asymmetric cryptography is based on mathematical problems like discrete logarithm or integer factorization. With large-scale quantum computers, these problems can be solved in very short time, which causes a serious threat to cryptographic systems.

Post-Quantum Cryptography (PQC) describes cryptographic approaches that are secure even in the presence of such quantum computers. To evaluate the security and efficiency of such systems, NIST started a competition that aims to define a new standard [1].

Depending on the scope of this work, the goal is to implement HW accelerators for commonly used operations in PQC, integrate them into a RISC-V environment and evaluate their impact on performance for PQC.

[1] https://csrc.nist.gov/projects/post-quantum-cryptography

Prerequisites

Ideally, you should have knowledge of the following:

  • A hardware description language like VHDL/Verilog/SystemVerilog
  • Experience running simulations using ModelSim
  • Basic C programming skills

Contact

patrick.karl@tum.de

Supervisor:

Patrick Karl

SystemC modeling of Cryptographic Functions

Description

SystemC [1] is a C++ extension that facilitates system modeling and architecture exploration. Hardware models can be abstracted and design options can be evaluated in a higher abstraction level compared to HDL languages.

The goal of this work is to model cryptographic building blocks and evaluate the performance for different design options.

[1] https://systemc.org/

Prerequisites

  • Good knowledge of C/C++
  • Basic knowledge of SystemC

 

Upon application, please attach a short CV and list your experience using C/C++/SystemC

Contact

patrick.karl@tum.de

Supervisor:

Patrick Karl

Error Correction for PUFs

Keywords:
Channel Coding, Error Correction, PUF, Security

Description

Each integrated ciruict is subject to process variations. PUFs can derive secret keys from this fingerprint-like feature of a device. To ensure stable cryptographic keys error correction is needed.

If this might be interesting for you, feel free to contact me. With this position, I am not targeting a specific topic, but it is rather a nice opportunity work on any kind of error correction topic for PUFs. Depending on your kind of thesis/internship, your background and knowledge, and most importantly your interests, we can try to find a suitable topic together.

Prerequisites

Helpful previous knowledge:

  • Error correcting Codes
  • PUFs

Helpful Tools (you will not need all of them at once most likely)

  • Python
  • Matlab
  • Verilog (for FPGA)
  • Reading Papers
  • C (e.g for Microcontroller)

 

Supervisor:

Christoph Frisch

Internships

Logging of Lab Temperature

Description

Side-Channel measurements are prone to variations due to external factors that can serverly impact the performance of the measurement.

To determine potentially errornous measurements, the ambient temperature of the lab shall be logged on a regular basis. An automated solution that logs the temperature. represents it visually and allows for automated evaluation shall be implemented.

Prerequisites

  • Basics of web development (e.g.: PHP, RubyOnRails, Javascript)
  • Basics knowledge about relational databases (e.g.: PostgreSQL)
  • Basic knowledge about programming on linux
  • Basic knowledge about hardware development

Contact

Supervisor:

Jonas Schupp

Student Assistant Jobs

Working Student: Chip Design for Security Applications (AISEC)

Description

Fraunhofer AISEC and TU Munich are collaborating in designing security chip prototypes for various research projects. You have the opportunity to work with a team of researchers on realizing innovative security solutions on hardware circuits. During your work, you will both learn valuable skills related to the different stages of chip design and have the opportunity to contribute to cutting edge research, e.g. Physical Unclonable Functions, Post Quantum Cryptography, Hardening of cryptographic algorithms, … . This job is an ideal starting point for a future career in chip design and information security.

Prerequisites

* One of the following and the motivation to learn the other:
      Experience with at least one hardware description language, e.g. (System) Verilog or VHDL
      Experience with embedded software development, e.g. C, Assembly (ARM/RISC-V), Rust
* Experience with Python
* Experience with Linux
* Motivation for learning more about chip design
* Motivation for contributing to research in hardware security

Contact

Please send an email with:
* A short CV
* A short cover letter
* Your last grading sheet
* 3-5 dates, which fit to your schedule, for a meeting.
Felix Oberhansl, felix.oberhansl@aisec.fraunhofer.de

Supervisor:

Georg Sigl - Felix Oberhansl (Fraunhofer AISEC)

Studentische Hilfskraft Public Relations & Marketing (m/w/d) (AISEC)

Description

Die Fraunhofer-Gesellschaft (www.fraunhofer.de) betreibt in Deutschland derzeit 76 Institute und Forschungseinrichtungen und ist die weltweit führende Organisation für anwendungsorientierte Forschung. Rund 30 000 Mitarbeitende erarbeiten das jährliche Forschungsvolumen von 2,9 Milliarden Euro.  

 

Das Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC (http://www.aisec.fraunhofer.de/) mit Hauptsitz in Garching bei München und Standorten in Berlin und Weiden gestaltet mit international anerkannter Spitzenforschung im Bereich Cybersicherheit die digitalen Transformationsprozesse in Schlüsselbranchen wie der Automobilindustrie, dem Maschinenbau, der Luftfahrt und der Gesundheitswirtschaft mit.

 

Was Sie bei uns tun

 

Als Unterstützung für unser PR- und Marketing-Team erwartet Sie ein vielseitiges und interessantes Aufgabenspektrum. Dazu zählt die aktive Mitarbeit sowohl an der Kommunikation des Fraunhofer AISEC mit seinen wichtigsten internen und externen Stakeholdern, als auch am Marketing seines Know-hows und seiner Technologien gegenüber Kund*innen und potentiellen Bewerber*innen.

 

Prerequisites

Was Sie mitbringen

 

  • Sie studieren Kommunikations-, Medien- oder Geisteswissenschaften bzw. interessieren sich für einen Einstieg ins Berufsfeld „PR & Marketing“ und bringen erste Kenntnisse in digitaler Kommunikation mit.
  • Als Digital Native haben Sie keine Scheu vor digitalen Tools, verstehen es Social-Media-Kanäle geschickt zu nutzen und haben ein Händchen für digitale Foto-, Video- oder Audio-Inhalte.
  • Es macht Ihnen Spaß, Veranstaltungen und Messen – sowohl Präsenz- als auch Online-Formate – zu organisieren.
  • Sicheres Auftreten, Teamarbeit und soziale Kompetenz sind für unser Team ebenso wichtig wie Flexibilität und selbstständiges, genaues Arbeiten.
  • Gute MS Office-Kenntnisse und einen sicheren Umgang mit dem Internet setzen wir voraus. Erste Erfahrungen mit Tools zur Grafikerstellung bzw. zur Bearbeitung von Foto-, Video- und Audio-Dateien sind hilfreich.
  • Außerdem sollten Sie ein Grundverständnis von Cybersicherheit und eine Vorstellung von ihrer Relevanz bzw. ihren Funktions- und Wirkungsweisen haben.

 

Contact

Tobias Steinhäußer

 

Head of PR & Marketing

 

Fraunhofer AISEC/CCIT

 

Tel. +49 3229986-170

 

 

Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC 

 

www.aisec.fraunhofer.de 


Kennziffer: 22082   

 

Supervisor:

Georg Sigl - Tobias Steinhäußer (Fraunhofer AISEC)

Exploring netlist representations for netlist RE

Description

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Supervisor:

Alexander Hepp

Unterstützung im Auf- und Ausbau der Labore (AISEC)

Short Description:
Die Abteilung PIN verfügt über vier Labore, die sich über die Bereiche Automotive, Elektronik bis Industrie erstrecken. Diese beinhalten Ausrüstung wie einen Rollenprüfstand mit Hebebühne, 3D Drucker, eine Platinenfräse oder Lötarbeitsplätze. Aktuell sind diese Arbeitsplätze aber noch nicht final eingerichtet und konnten weiter optimiert und ergänzt werden. Im Rahmen der Arbeit am AISEC sollen die Arbeitsprozesse und Ausstattung der Labore und Werkstatten optimiert werden. Beispielsweise können dabei Methoden und Ideen aus dem Toyota/Lean Produktionssystem angewendet werden. Aber auch Unterstützung bei Aufbauten für das Tagesgeschäft ist möglich. Aufgaben sind beispielsweise:

Description

Testen der Werkstattausstattung, um Lücken oder Ineffizienzen zu identifizieren

  •     Seiton & Seiketsu: Erstellen von Ordnungsstrukturen in den Laboren
  •     Design, Einrichten und Optimieren von Arbeitsplätzen
  •     Aufbau von Versuchsträgern
  •     Dokumentation

Prerequisites


    
    
Die folgende Auflistung der Voraussetzungen ist weder vollständig noch verbindlich, soll Ihnen aber einen Eindruck vermitteln worauf es bei der Arbeit ankommt:

  •     Praktische Erfahrung mit elektronischen / mechanischen Aufbauten
  •     Maker-Spirit, Kreativität und Lösungsdenken
  •     Optimalerweise Berufserfahrung, Ausbildung oder Erfahrung mit praktischer Arbeit in Laboren
  •     Fertigkeit zum selbstständigen und systematischen Arbeiten


Bitte beachte, dass durch die Art der Arbeit i.d.R. Anwesenheit am Institut in Garching nötig ist.
Bitte legen Sie bei Bewerbungen immer einen aktuellen Notenauszug sowie einen kurzen Lebenslauf bei, damit wir Ihre Eignung für das Thema einschätzen können.

Contact

Dr. Sven Plaga
Nikolai Puch
Phone:    +49 89 322-9986-117
Phone:    +49 89 322-9986-142
E-mail:    sven.plaga@aisec.fraunhofer.de
E-mail:    nikolai.puch@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany https://www.aisec.fraunhofer.de

Supervisor:

Georg Sigl - Sven Plaga und Nicolai Puch (Fraunhofer AISEC)

HIWI: Advanced Cryptographic Implementations

Description

The course Advanced Cryptographic Implementation (ACI) provides an introduction to advanced implementation techniques to optimize state-of-the-art cryptographic algorithms on embedded systems, including advanced countermeasures to secure cryptographic implementations against side-channel and fault attacks.
The course relies on a practical hands-on project. During the project students are asked to implement and optimize cryptographic algorithms on a RISC-V based microcontroller using both C and assembly.
As a HIWI you will help improving the current RISC-V based evaluation framework and tooling, and improve the current solutions of the project by implementing and/or optimizing portions of current cryptographic implementations.  
Timeline and working hours:
From 01.04.2022 until 31.08.2022 with a total of 160 hours. Flexible working hours and flexible working period are possible.

Prerequisites

* Basic knowledge of cryptography
* Hands-on experience with C/ASM programming and microcontrollers
* Self-motivated and independent working style
* Previous knowledge of RISC-V and attendance to the course are desirable, but not required

Contact

Supervisor:

Fabrizio De Santis - Fabrizio De Santis ()

Tutor/in: Advanced Cryptographic Implementations

Description

The course Advanced Cryptographic Implementation (ACI) provides an introduction to advanced implementation techniques to optimize state-of-the-art cryptographic algorithms on embedded systems, including advanced countermeasures to secure cryptography implementations against side-channel and fault attacks.
The exercise part of the course relies on a practical hands-on project. During the project students will be asked to implement and optimize cryptographic algorithms on a RISC-V based microcontroller using both C and assembly.
As a tutor you will provide technical support to students during the project period in form of (virtual) meetings or remote supervision (e.g., chat or mail) and help with the organization of the project (preparation).
Timeline and working hours:
From 01.04.2022 until 29.07.2022 with a total of 84 hours. Flexible working hours and flexible working period are possible.

Prerequisites

* Basic knowledge of cryptography
* Hands-on experience with C/ASM programming and microcontrollers
* Self-motivated and independent working style
* Previous knowledge of RISC-V and attendance to the course are desirable, but not required

Contact

Fabrizio De Santis

fabrizio.desantis@siemens.com

Supervisor:

Fabrizio De Santis - Fabrizio De Santis ()

Bringing a RISC-V to Life: Implementation of tooling for a RISC-V CPU

Description

RISC-V is the upcoming instruction set architecture of the future. We have taped out our own RISC-V chip for security purposes.

Your task is to implement various testing routines for a RISC-V CPU existing at the chair.

Prerequisites

This list is not final, rather a guideline for the competences required for successfully completing the project.

  • Sufficient knowledge of C
  • Experience with embedded programming and environment
  • Some knowledge of cmake, as compilation works via cmake
  • Some knowledge of python, as tooling is partially implemented with it.

Supervisor:

Alexander Hepp

Developing tools for chip reverse engineering

Description

In reverse engineering of digital circuits, automation helps the researcher to cope with the complexity of input data. Many tools have to be tailored to the specific research focus and help to use standard tools made for IC design.

For example, the researcher might receive a netlist synthesized with a cell library that is not available. In this case, it would be necessary to reverse-engineer the library, eg. based on the cell and pin names, and create a bare dummy-library that allows to parse the netlist with general purpose synthesis tools.

In this engineering internship, you'll work closely with a researcher in the reverse engineering field and create well-designed automation tools for netlist reverse engineering.

Prerequisites

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in any High-Level Programming language such as python, c, c++, rust, perl, etc.
  • A very basic knowledge of chip design in order to know what data you are dealing with
  • Creativity and interest for details in oder to create a good concept of the tool you want to implement

Contact

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Supervisor:

Alexander Hepp