Available Topics

Below, you can find some topics which are currently offered by our group as BSc as well as MSc theses. If you are interested, please contact the corresponding staff member. Students who are not yet in contact with one of our staff members and do not feel addressed by the topics listed below also have the possibility to send a general request for a thesis to the contact email address impsec+thesis@rub.de. In this case, please include a short cover letter (a few words about yourself, strengths/weaknesses, motivation,…) as well as your current transcript of records.

  List

Analysis of Pre-Processing Techniques on Side-Channel Traces (BSc)

Topicbild

MOTIVATION
Performing a side-channel attack [1] in a lab is usually done under perfect measurement conditions leading to attacks that can be performed comparably easily. Attacking real-world devices usually comes with many pitfalls, e.g. more noise or misalignment of recorded traces that might make an attack unfeasible.  Pre-Processing of raw traces can significantly increase the Signal-to-Noise ratio (SNR) and allows an attacker to successfully extract secret information. In addition, some techniques allow to reduce the amount of data, which can be important when using machine-learning approaches.

RESEARCH PROBLEM
There are some publications investigating the effect of specific pre-processing techniques on side-channel traces [2], but there is no information comparing the effect of different methods on a own dataset.

REQUIREMENTS

  • Structured way of working
  • C/C++ programming
  • Basic knowledge in signal transformation


YOUR TASK

In this work you have to create a basic side-channel measurement setup and implement / simulate simple SCA countermeasures (e.g. add noise, misalign traces). Afterwards, you are supposed to implement different pre-processing techniques (e.g. Principal-Component Analysis, Discrete Wavelet Analysis, Filtering, …) and perform key-recovery attacks on those data.

CONTACT
If you are interested in this field of research, please contact Marvin Staib (marvin.staib@rub.de) and include a recent transcript of records.

LITERATURE
[1] P. Kocher und S. Francisco, „Differential Power Analysis“
[2] D. Oswald und C. Paar, „Improving Side-Channel Analysis with Optimal Pre-Processing“

Meet Your Needs: Automated Generation of Masked Circuits Tailored to Your Use Case

Topicbild

MOTIVATION
Following a divide-and-conquer approach, any unprotected hardware circuit can be transformed into a circuit thoroughly protected against side-channel attacks – fully automated. Tools [AGEMA] realizing this automation are powered by a library of composable hardware submodules [HPC2, HPC3, GHPC] – so called gadgets – which realize masked variants of logic gates and sub-circuits. The masking is then essentially performed by replacing components in the unprotected circuit by its masked counterpart. Different gadget realizations introduce different overhead into the design with respect to area, latency, and register stages. Up to now, different gadget realization have been mainly considered separately but no combination has been considered.

RESEARCH PROBLEM
It would be interesting to see if we can integrate an extension into AGEMA which – based on the circuit’s graph structure – finds a balanced design with respect to the use case’s requirements. Requirements given by an engineer could look like:

  • There is a maximum latency which we can tolerate. Randomness then should be minimized regardless of the area overhead.
  • Find a balanced design with respect to latency, area overhead and randomness requirements.
  • The design should be as cheap as possible


REQUIREMENTS

  • Structured way of working
  • Having fun at creative thinking
  • C/C++ programming
  • Knowledge of graphs and graph algorithms is a plus


CONTACT

If this sounds interesting to you, please contact David Knichel (David.​Knichel@​rub.​de).

LITERATURE
[AGEMA]   https://eprint.iacr.org/2021/569
[HPC2]       https://eprint.iacr.org/2022/507
[HPC3]       https://eprint.iacr.org/2020/185
[GHPC]      https://eprint.iacr.org/2021/247

Energy/Power Consumption of Cryptographic Primitives on a Prototype Chip (BSc)

Topicbild

MOTIVATION
Ever since the introduction of differential power in 1999, the cryptographic hardware community has been looking for countermeasures to protect embedded devices. The benefits as well as difficulties of masking as a countermeasure against side-channel analysis attacks, have been proven through several scientific articles and experimental investigations. Masked implementations can be made efficient towards a cost function like area, latency, or power consumption, and their security can be proven using abstractions such as the probing model.

RESEARCH PROBLEM
Your task is to measure the energy/power consumption of some protected and unprotected cryptographic primitives on a prototype chip. Please have a look at this paper [1].

REQUIREMENTS

  • Structured way of working
  • C/C++ programming


CONTACT

If you are interested, please contact Aein Rezaei Shahmirzadi (aein.rezaeishahmirzadi@rub.de).

LITERATURE
[1] https://ieeexplore.ieee.org/iel7/9145512/9154905/09154996.pdf

Efficient Side-Channel Secure Designs in Hardware Platforms

Topicbild

MOTIVATION
The rapid deployment of Internet of Things~(IoT) necessitates physical security in addition to analytical security of the underlying cryptographic primitives. This is due to the fact that in IoT scenarios the device is in hand and control of legitimate users who can play the role of an adversary. Among physical attacks, Side-Channel Analysis~(SCA) attacks are considered the most threatening attack vector, as often the device cannot detect if its physical characteristics are being measured, e.g., its power consumption. After the introduction of such attacks in the open literature, the relevant scientific communities have dedicated a considerable body of research to understand its foundations and the development of defeating mechanisms.
Due to their sound theoretical basis, masking countermeasures have absorbed the attention of the researchers at most. Based on secret-sharing schemes, the key-dependent intermediate values of the cipher are randomized by applying a masking countermeasure, usually done at the algorithmic level.

RESEARCH PROBLEM
The implementation of masking in hardware platforms is rather high in terms of area overhead, randomness complexity, and latency. It becomes even more challenging when higher order of security is desired. The goal of this work is to provide an efficient implementation of block ciphers at a lower cost.

REQUIREMENTS

  • Structured way of working
  • C/C++ programming
  • Verilog/VHDL

PROLEAD_RP: Automated Hardware Security Evaluation under the Random Probing Model (MSc)

Topicbild

MOTIVATION
PROLEAD [PROLEAD] can fully automatically evaluate the security of a protected circuit against side-channel attacks. For this purpose, PROLEAD relies on the (robust) probing model [rob], which allows a simple security abstraction. Unfortunately, the probing model does not always cover the physical reality. For example, it does not consider all attacks. Therefore, we focus on more advanced leakage models, such as the random probing model [rnd].

RESEARCH PROBLEM
Since PROLEAD does not support the random probing model so far, it is your job to integrate this feature into the existing tool. Efficiency will be the most critical factor here. The aim is to be able to evaluate even larger circuits with this extension.

REQUIREMENTS

  • Structured way of working
  • Efficient C/C++ programming
  • Fun with code optimization


CONTACT
If this sounds interesting to you, please contact Nicolai Müller (nicolai.mueller@rub.de).

LITERATURE

[PROLEAD]    Paper: https://eprint.iacr.org/2022/965.pdf, Sourcecode: https://github.com/ChairImpSec/PROLEAD
[rob]              https://eprint.iacr.org/2017/711.pdf
[rnd]              https://eprint.iacr.org/2020/786.pdf

Automation icons created by Becris – Flaticon

Security-aware Debugging in Visual Studio Code (MSc)

Topicbild

MOTIVATION
With PROLEAD_SW, we extended the original PROLEAD [PROLEAD] with the ability to evaluate the security of any ARMv6-M, ARMv7-M, and ARMv7E-M binary against side-channel attacks. While this is a big step forward, PROLEAD_SW still lacks some comfort features. So far, PROLEAD is only available as a stand-alone Linux tool, i.e. it is not part of an IDE, and must therefore be used outside the existing software development flow. Moreover, PROLEAD_SW just reports the leaking assembly instruction without any information about the exact reason for leakage or help to remove the flaw.

RESEARCH PROBLEM
Your task is to convert PROLEAD_SW into a user-friendly Visual Studio Code plugin.
The first step is to integrate the plugin in the Visual Studio Code workflow.
Afterwards, you extend the plugin by debugging features, for example:

  • Show the occurrence of the flaw in assembly and high-level code
  • Report the error to the user, e.g. what is the problem and how critical is it?
  • Give the user tips on how to fix the bug.

We are not limited to that list. Own ideas are always welcome.

REQUIREMENTS

  • Structured way of working
  • Efficient C/C++ programming
  • Fun with code optimization
  • Good knowledge of ARM


CONTACT

If this sounds interesting to you, please contact Nicolai Müller (nicolai.​mueller@​ruhr-uni-bo­chum.​de).

LITERATURE
[PROLEAD] Paper: https://eprint.iacr.org/2022/965.pdf, Sourcecode: https://github.com/ChairImpSec/PROLEAD

Microsoft icons created by Freepik – Flaticon

Practical EM Fault Injection on FPGA Implementations Using Commercial Pulse-Injection Equipment (BSc/MSc)

TopicbildMOTIVATION
Fault injection offers a powerful tool for attacking cryptographic implementations and recovering secrets supposedly safely stored on-device. Here, injection techniques based on electromagnetic pulses penetrating an IC during computation (EM Fault Injection, EMFI) have proven to be both, cost-effective and very efficient.

RESEARCH PROBLEM
There exists only very sparse work on practical fault attacks on FPGAs during actual computation of a cryptographic algorithm. It is hence an interesting question to see if EMFI is a realistic threat in this scenario. Your task would be to utilize commercial equipment for EM-Pulse Injection (which we already have at our group) and perform practical EMFI attacks on different cipher implementations loaded onto an FPGA. If you are successful, there might be an opportunity to publish your work at a renowned security conference.

REQUIREMENTS

  • Reliable and well organized.
  • Fun at (though you definitely don’t need to be an expert in) hardware hacking like soldering, working with electronic components, understanding electronic circuits.
  • Algorithmic programming (No one expects you to be a professional SW-Engineer, but you need to be able to realize functionality).
  • Motivation to spend some time in our lab.


CONTACT

If this sounds like fun to you, please contact David Knichel (david.knichel@rub.de).

The impact of aging on the static power analysis attack (MSc)

Topicbild

MOTIVATION
The impact of aging on the security of cryptographic devices has already been investigated [1-3]. Although there are some countermeasures against it [4], this field still needs more investigation.
The authors of [2] have shown that aging can reduce the amount of static leakage in single-rail circuits, and at the end of that paper, they presume that the current balancing techniques are not the proper ones against aging.

RESEARCH PROBLEM
The defined task in this work is investigating the effect of aging on the static side channel leakage through the transistor level simulations (e.g., Hspice simulation) of some well-known countermeasures such as WDDL, iMDPL, etc. Based on the simulation results, while aging is inevitable, it is worthwhile to find a way to mitigate the effect of aging.

REQUIREMENTS
Electronic design knowledge (transistor level) to design new logical cells, structured working method, Familiarity with coding tools to analyze the result (i.e C/C++/C# programming, MATLAB), simulation tools (i.e Hspice, pspice, …).

CONTACT
If this sounds interesting to you, please contact Bijan Fada­ei­nia (bijan.​fadaeinia@​rub.​de).

LITERATURE
[1] D. K. et al., „Device aging: A reliability and security concern,“ in European Test Symposium (ETS), 2018, pp. 1–10.
[2] N. Karimi, T. Moos, and A. Moradi, “Exploring the Effect of Device Aging on Static Power Analysis Attacks”, TCHES, vol. 2019, no. 3, pp. 233–256, May 2019.
[3]M. Toufiq Hasan Anik, B. Fadaeinia, A. Moradi and N. Karimi, „On the Impact of Aging on Power Analysis Attacks Targeting Power-Equalized Cryptographic Circuits,“ 2021 26th Asia and South Pacific Design Automation Conference (ASP-DAC), 2021, pp. 414-420
[4] B. Fadaeinia, M. T. Hasan Anik, N. Karimi and A. Moradi, „Masked SABL: A Long Lasting Side-Channel Protection Design Methodology,“ in IEEE Access, vol. 9, pp. 90455-90464, 2021, doi: 10.1109/ACCESS.2021.3090752

Practicality of Asynchronous Logic in Masked Circuits (BSc)

Topicbild

MOTIVATION
Countermeasures against side-channel attacks on hardware devices are continuously developed and provide some level of security, but also introduce significant area overhead and increase latency. Research tries to reduce unwanted side effects while maintaining security goals. The recent work by Simões et. al [STM] introduces a scheme that replaces register stages with asynchronous latches, which follow a handshake protocol based on the dual-rail state of intermediate signals. The authors present a serialized S-box implementation with self-timed masking that computes four S-box outputs in a single clock cycle, resulting in a trade-off between latency and used clock cycles.

RESEARCH PROBLEM
Self-timed masking suffers from a slow handshake mechanism between asynchronous latches, which increases further for high logic depths. Thus, the bandwidth of the scheme is reduced such that a synchronous setting might be more practical. Your task is to examine the practicality of the asynchronous scheme vs. a traditional synchronous implementation and to elaborate on the underlying conditions.

REQUIREMENTS

  • Structured way of working
  • Verilog/VHDL


CONTACT

If this sounds interesting to you, please contact Daniel Lammers (daniel.lammers@​rub.​de).

LITERATURE
[STM] https://eprint.iacr.org/2022/641