Abschlussarbeiten

We are offering a number of thesis topics and student assistant positions at the newly founded MPI for Cybersecurity and Privacy. In particular, we are interested in highly motivated and outstanding students that have some background in hardware and/or strong programming skills. This includes (but is not limited to) IT-security, computer science, and electrical engineering students.

Background:
An FPGA is a reprogrammable hardware device that can be configured to fulfill a multitude of different purposes. It mainly comprises of lookup tables (LUTs) and flip-flops (FFs), as well as their interconnections. The configuration of an FPGA is commonly stored in a vendor-specific file called the „bitstream“. Usually, its file format is propriety and kept secret by the vendor. Since an FPGA’s designs are encoded in such a bitstream, securing it is of utmost importance. Adversaries have many motivations to recover and manipulate the bitstream, including design cloning, IP theft, manipulation of the design, or design subversions. Given that FPGAs are often part of cyber-physical systems, for example in aviation, medical, military, or industrial hardware, this can even lead to physical harm. Consequently, vendors have introduced bitstream encryption, offering authenticity and confidentiality. However, previous works have shown that the format of a bitstream can be reversed and bitstream encryption can be circumvented [2]. This in turn allows for meaningful manipulations of the bitstream to, e.g., implement hardware Trojans or bypass security measures.

Our Research:
Our research aims to implement novel hardware Trojans as well as to develop protections against such threats. To this end, an adversary has to outsmart bitstream encryption schemes and reverse-engineer potentially protected designs. To conduct reverse-engineering on netlist-level, we make use of our advanced open source framework HAL [1]. With our latest publication dubbed „Starbleed“ [2], which will be presented at USENIX Security ’20, we fully break the Xilinx 7-Series bitstream encryption.

Open Projects:
As we are one of only a few research groups worldwide conducting this particular kind of research, we can provide you with a number of unique and highly interesting projects for your thesis (BA/MA) or your work as a student assistant. The list below illustrates some of our current research projects. However, new ideas pop up continuously. If you are interested in one of the project ideas or our research in general, drop us a short mail including your background and motivation. We are especially looking for outstanding students that have some experience in hardware and/or strong programming skills.

• Extending upon the Starbleed attack [2] targeting Xilinx 7-Series devices. We recommend a basic understanding of FPGAs.
• Reverse engineering an FPGA build into a real-world design to understand the design and possibly manipulating it in a meaningful way. We recommend a basic understanding of FPGA.
• Extending our existing bitstream-to-netlist conversion framework for various FPGA families. We recommend having solid C++ skills.
• Exploring the security of machine learning implementations on FPGAs. We recommend a basic understanding of FPGAs and machine learning.

Group:
As of recently, our group is part of the newly founded Max Planck Institute for Cybersecurity and Privacy that is located right on the university campus. However, we are still strongly connected to Ruhr University Bochum as well as its research networks and the HGI.

Contact:
If you are interested in working with us, feel free to contact us any time:
maik.ender@rub.de
julian.speith@rub.de