Below, you can find some topics which are currently offered by our group as BSc as well as MSc theses. If you are interested, please contact the corresponding staff member. Students who are not yet in contact with one of our staff members and do not feel addressed by the topics listed below also have the possibility to send a general request for a thesis to the contact email address impsec+thesis@rub.de. In this case, please include a short cover letter (a few words about yourself, strengths/weaknesses, motivation,…) as well as your current transcript of records.
List
Energy/Power Consumption of Cryptographic Primitives on a Prototype Chip (BSc)
MOTIVATION
Ever since the introduction of differential power in 1999, the cryptographic hardware community has been looking for countermeasures to protect embedded devices. The benefits as well as difficulties of masking as a countermeasure against side-channel analysis attacks, have been proven through several scientific articles and experimental investigations. Masked implementations can be made efficient towards a cost function like area, latency, or power consumption, and their security can be proven using abstractions such as the probing model.
RESEARCH PROBLEM
Your task is to measure the energy/power consumption of some protected and unprotected cryptographic primitives on a prototype chip. Please have a look at this paper [1].
REQUIREMENTS
- Structured way of working
- C/C++ programming
CONTACT
If you are interested, please contact Aein Rezaei Shahmirzadi (aein.rezaeishahmirzadi@rub.de).
LITERATURE
[1] https://ieeexplore.ieee.org/iel7/9145512/9154905/09154996.pdf
Efficient Side-Channel Secure Designs in Hardware Platforms
MOTIVATION
The rapid deployment of Internet of Things~(IoT) necessitates physical security in addition to analytical security of the underlying cryptographic primitives. This is due to the fact that in IoT scenarios the device is in hand and control of legitimate users who can play the role of an adversary. Among physical attacks, Side-Channel Analysis~(SCA) attacks are considered the most threatening attack vector, as often the device cannot detect if its physical characteristics are being measured, e.g., its power consumption. After the introduction of such attacks in the open literature, the relevant scientific communities have dedicated a considerable body of research to understand its foundations and the development of defeating mechanisms.
Due to their sound theoretical basis, masking countermeasures have absorbed the attention of the researchers at most. Based on secret-sharing schemes, the key-dependent intermediate values of the cipher are randomized by applying a masking countermeasure, usually done at the algorithmic level.
RESEARCH PROBLEM
The implementation of masking in hardware platforms is rather high in terms of area overhead, randomness complexity, and latency. It becomes even more challenging when higher order of security is desired. The goal of this work is to provide an efficient implementation of block ciphers at a lower cost.
REQUIREMENTS
- Structured way of working
- C/C++ programming
- Verilog/VHDL
CONTACT
If you are interested, please contact Aein Rezaei Shahmirzadi (aein.rezaeishahmirzadi@rub.de).
LITERATURE
[1] Re-Consolidating First-Order Masking Schemes – Nullifying Fresh Randomness
[2] Cryptanalysis of Efficient Masked Ciphers: Applications to Low Latency
[3] Second-Order Low-Randomness d+1 Hardware Sharing of the AES
The impact of aging on the static power analysis attack (MSc)
MOTIVATION
The impact of aging on the security of cryptographic devices has already been investigated [1-3]. Although there are some countermeasures against it [4], this field still needs more investigation.
The authors of [2] have shown that aging can reduce the amount of static leakage in single-rail circuits, and at the end of that paper, they presume that the current balancing techniques are not the proper ones against aging.
RESEARCH PROBLEM
The defined task in this work is investigating the effect of aging on the static side channel leakage through the transistor level simulations (e.g., Hspice simulation) of some well-known countermeasures such as WDDL, iMDPL, etc. Based on the simulation results, while aging is inevitable, it is worthwhile to find a way to mitigate the effect of aging.
REQUIREMENTS
Electronic design knowledge (transistor level) to design new logical cells, structured working method, Familiarity with coding tools to analyze the result (i.e C/C++/C# programming, MATLAB), simulation tools (i.e Hspice, pspice, …).
CONTACT
If this sounds interesting to you, please contact Bijan Fadaeinia (bijan.fadaeinia@rub.de).
LITERATURE
[1] D. K. et al., „Device aging: A reliability and security concern,“ in European Test Symposium (ETS), 2018, pp. 1–10.
[2] N. Karimi, T. Moos, and A. Moradi, “Exploring the Effect of Device Aging on Static Power Analysis Attacks”, TCHES, vol. 2019, no. 3, pp. 233–256, May 2019.
[3]M. Toufiq Hasan Anik, B. Fadaeinia, A. Moradi and N. Karimi, „On the Impact of Aging on Power Analysis Attacks Targeting Power-Equalized Cryptographic Circuits,“ 2021 26th Asia and South Pacific Design Automation Conference (ASP-DAC), 2021, pp. 414-420
[4] B. Fadaeinia, M. T. Hasan Anik, N. Karimi and A. Moradi, „Masked SABL: A Long Lasting Side-Channel Protection Design Methodology,“ in IEEE Access, vol. 9, pp. 90455-90464, 2021, doi: 10.1109/ACCESS.2021.3090752
Practicality of Asynchronous Logic in Masked Circuits (BSc)
MOTIVATION
Countermeasures against side-channel attacks on hardware devices are continuously developed and provide some level of security, but also introduce significant area overhead and increase latency. Research tries to reduce unwanted side effects while maintaining security goals. The recent work by Simões et. al [STM] introduces a scheme that replaces register stages with asynchronous latches, which follow a handshake protocol based on the dual-rail state of intermediate signals. The authors present a serialized S-box implementation with self-timed masking that computes four S-box outputs in a single clock cycle, resulting in a trade-off between latency and used clock cycles.
RESEARCH PROBLEM
Self-timed masking suffers from a slow handshake mechanism between asynchronous latches, which increases further for high logic depths. Thus, the bandwidth of the scheme is reduced such that a synchronous setting might be more practical. Your task is to examine the practicality of the asynchronous scheme vs. a traditional synchronous implementation and to elaborate on the underlying conditions.
REQUIREMENTS
- Structured way of working
- Verilog/VHDL
CONTACT
If this sounds interesting to you, please contact Daniel Lammers (daniel.lammers@rub.de).
LITERATURE
[STM] https://eprint.iacr.org/2022/641
PROLEAD_SW: Extending automated leakage detection of ARM binaries (BSc)
MOTIVATION
Masking provides us with a sound theoretical foundation to secure cryptographic implementations against side-channel attacks.
Unfortunately, applying masking naivley does not lead to the desired security level.
The reasons are many time micro-architectural effects that can reduce the security drastically.
PROLEAD_SW help designers detect such effects. It is a probing-based leakage detection tool for ARM binaries
RESEARCH PROBLEM
While PROLEAD_SW covers many effects we would like to further extend the tool to be aware of more subtle micro-architectural leakages.
Your tasks is to increase the detectable effects that PROLEAD_SW can handle. This can include for example:
- extending PROLEAD_SW with a floating point unit (FPU)
- make PROLEAD_SW speculative execution aware
- possibility to handle control-flow effects
We are not limited to that list and not every point above needs to be addressed.
REQUIREMENTS
- Structured way of working
- Efficient C/C++ programming
- Basic knowledge of ARM assembly
CONTACT
If this sounds interesting to you, please contact Jannik Zeitschner (jannik.zeitschner@rub.de).
LITERATURE
[MIRACLE]: https://eprint.iacr.org/2021/261.pdf