BACHELOR- UND MASTERARBEITEN
Wir sind immer an Studierenden interessiert, die bei uns eine Bachelor- oder Masterarbeit schreiben möchten. Es sind keine besonderen Vorkenntnisse erforderlich, d.h. Grundlagen der Kryptographie, algorithmische oder VHDL Grundlagen können während der Arbeit erlernt werden. Die Ausschreibung richtet sich gleichermaßen an Studierende der ET, IT, AI und ITS.
Bei Interesse an einer Abschlussarbeit an unserem Lehrstuhl könnt Ihr einfach eine E-Mail an seceng-thesis@rub.de schreiben, idealerweise mit einem aktuellen Transcript of Records und Eurem bevorzugten Thema/Themengebiet
Darüber hinaus bietet unser Lehrstuhl aktuell folgende Themen zur Bearbeitung für Bachelor- und Masterarbeiten an. Ausführliche Beschreibungen befinden sich weiter unten.
Übersicht
Automated and Security-Aware Design Space Exploration in Hardware
MOTIVATION. With the increasing complexity of modern cryptography, especially Post-Quantum Cryptography (PQC), and considering physical implementation attacks, the design space of efficient hardware instances often grows exorbitantly. As a consequence, designers are often unable to weigh all possible design options and base design decisions on their experience. In a similar way, achieving security against physical attacks usually requires the expertise of experienced designers. However, ideally, design decisions should be made based on the predicted performance of the design, and physical security should be natively built-in into the design process.
RESEARCH PROBLEM. We have recently developed the new HADES-framework [1] and its proof-of-concept implementation at our chair. Using generic hardware descriptions, so-called templates, our tool is able to automatically explore the design space and predict the performance of different design options, allowing to make qualified design decisions based on the predicted performance. Our tool is furthermore able to include countermeasures against side-channel attacks into the design-space exploration, and finally outputs side-channel secure designs in standard VHDL or Verilog.
YOUR TASK. Your task is to extend our tool, either by adding templates (e.g., for symmetric cryptography such as PRESENT) or by implementing new features in the backend. Possible tasks can include:
- Addition of new templates for symmetric cryptography (LED, Skinny, Speedy, ...)
- Designing templates for asymmetric cryptography (RSA, ECC, ...)
- Adding new performance metrics for the design space exploration (e.g., critical path)
- Implementation of optimizations during the design space exploration such as local optimizations
- Optimization of randomness usage for side-channel protection
REQUIREMENTS. Our tool is written in Scala and SpinalHDL. Therefore, you ideally have experience with hardware implementations (VHDL/Verilog/SpinalHDL) and with object-oriented programming (Scala/Java/C++).
CONTACT. If you are interested in this topic, please contact: Fabian Buschkowski (fabian.buschkowski@rub.de) or Niklas Höher(niklas.hoeher@rub.de).
LITERATURE
| [1] | Fabian Buschkowski, Georg Land, Jan Richter-Brockmann, Pascal Sasdrich, and Tim Güneysu. "HADES: Automated Hardware Design Exploration for Cryptographic Primitives". In: Cryptology ePrint Archive, Paper 2024/130. URL: https://eprint.iacr.org/2024/130 |
GASYN - Secure Gadget Synthesizer and Logic Optimizer
MOTIVATION. Secure implementation of cryptographic algorithms in software or hardware is a challenging problem. Extensive research has been devoted to the development of efficient countermeasures against physical Side-Channel Analysis (SCA). Lately, masking has been established as promising concept due to its theoretically sound foundations allowing to model and prove its security guarantees. Still, correct and secure implementation of masking schemes is a mostly manual, delicate, complex, and error-prone task. This motivates the need for automated tools that assist designers and engineers to securely implement cryptographic operations in hardware.
BACKGROUND. Experience has shown that new masking schemes often have a short retention time, mostly due to inaccuracies and design flaws. As a consequence, a new line of research emerged, investigating the masking of atomic and reusable components, often considered as gadgets in literature, to limit the engineering complexity and error susceptibility [8, 7, 6, 5, 2, 1, 3].
RESEARCH PROBLEM. The supplementary material of [4] presents different latency-optimized S-boxes using a custom 2-input AND gadget. However, neither different gadget layouts and variants, nor alternative optimization objectives (e.g., area or randomness reduction) have been addressed.
YOUR TASK. In this project, you will a gadget-oriented logic synthesizer allowing to generate secure and optimized hardware circuits (area, latency, or randomness) using a custom set of masked gadgets. More precisely, this project requires the following tasks:
- Literature study (10%)
- Requirement analysis and concept definition (10-20%)
- Implementation and debugging (40-50%)
- Implementation of a custom gadget library
- Construction of a SAT/SMT-based gadget synthesizer
- Integration of optimization strategies for area, latency, or randomness reduction
- Testing and writing (30%)
REQUIREMENTS. Digital logic, hardware design, C/C++ programming, basics on SAT & SMT solvers.
CONTACT. If you are interested in this topic, please contact: Dr.-Ing. Pascal Sasdrich (pascal.sasdrich@rub.de).
LITERATURE
| [1] | Gilles Barthe et al. “Strong Non-Interference and Type-Directed Higher-Order Masking”. In: SIGSAC. ACM, 2016. DOI: 10.1145/ 2976749.2978427 |
| [2] | Gilles Barthe et al. “Verified Proofs of Higher-Order Masking”. In: EUROCRYPT. LNCS. Springer, 2015. DOI: 10.1007/978- 3- 662-46800-5\_18 |
| [3] | Gaëtan Cassiers and François-Xavier Standaert. “Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non- Interference”. In: IEEE TIFS (2020). DOI: 10.1109/TIFS.2020.2971153 |
| [4] | Gaëtan Cassiers et al. “Hardware Private Circuits: From Trivial Composition to Full Verification”. In: IEEE TC (2021). DOI: 10. 1109/TC.2020.3022979 |
| [5] | Hannes Groß, Rinat Iusupov, and Roderick Bloem. “Generic Low-Latency Masking in Hardware”. In: IACR TCHES 2 (2018). DOI: 10.13154/tches.v2018.i2.1-21. |
| [6] | Hannes Groß and Stefan Mangard. “A unified masking approach”. In: JCEN (2018). DOI: 10.1007/s13389-018-0184-y |
| [7] | Hannes Groß, Stefan Mangard, and Thomas Korak. “Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order”. In: TIS@CCS. ACM, 2016. DOI: 10.1145/2996366.2996426. |
| [8] | Oscar Reparaz et al. “Consolidating Masking Schemes”. In: CRYPTO. LNCS. Springer, 2015. DOI: 10.1007/978-3-662-47989- 6\_37 |
Microarchitectural Side Channel Attacks and Countermeasures
MOTIVATION. The internal hardware of modern CPUs, i.e., the microarchitecture, has long been considered a trust anchor that works as a foundation for higher level system security. While this assumption has been challenged time and again, only recent attacks including Spectre [1] and Meltdown [2] saw the industry taking this problem seriously. There are many aspects of microarchitectural vulnerabilities, ranging from cache side channel attacks [3] over Rowhammer [4] to speculative execution attacks [5].
RESEARCH PROBLEM. Aiding current research projects at the Chair for Security Engineering, your thesis will review and advance the current state of research. This may include the design and/or evaluation of attacks and countermeasures. In many cases these attacks directly operate on the CPU hardware. Especially for the evaluation of countermeasures, we often use the gem5 simulator [6].
REQUIREMENTS. C/C++ programming skills, basics of x86 assembly, basic understanding of CPU designs (pipeline, caches, etc.)
CONTACT. If you are interested in this field of research, we can discuss potential topics suited to your prior knowledge and interests. If you already have a specific topic in mind, feel free to propose it directly. Please contact Moritz Peters, moritz.peters-v41@rub.de and include a recent transcript or records.
LITERATURE
| [1] | Kocher, Paul, et al. "Spectre attacks: Exploiting speculative execution." 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019. |
| [2] | Lipp, Moritz, et al. "Meltdown: Reading kernel memory from user space." 27th USENIX Security Symposium (USENIX Security 18). 2018. |
| [3] | Yarom, Yuval, and Katrina Falkner. "{FLUSH+ RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel} Attack." 23rd USENIX security symposium (USENIX security 14). 2014. |
| [4] | Mutlu, Onur, and Jeremie S. Kim. "Rowhammer: A retrospective." IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 39.8 (2019): 1555-1571. |
| [5] | Canella, Claudio, et al. "A systematic evaluation of transient execution attacks and defenses." 28th USENIX Security Symposium (USENIX Security 19). 2019. |
| [6] | Lowe-Power, Jason, et al. "The gem5 simulator: Version 20.0+." arXiv preprint arXiv:2007.03152 (2020). |
Security-Oriented Electronic Design Automation
MOTIVATION. With ever increasing complexity of Integrated Circuits and Electronic Systems, manual design and development processes are becoming more difficult and cumbersome. Instead, designers and developers are assisted by modern and computer-aided Electronic Design Automation (EDA) tools that handle complex and labor-intensive tasks automatically in order to allow rapid and high-quality development of complex ICs. In addition, these tools provide automatic optimization for various metrics, including area, latency, performance, or power and energy consumption to increase efficiency and quality of the final electronic systems. However, security as an optimization aspect is mostly neglected when addressing classical metrics as area and performance. In fact, authenticity, integrity, and confidentiality of modern ICs is becoming more and more important in recent years. However, integration and evaluation of security features still is a manual and downstream process and since many security goals including secure data flow (non-interference), side-channel resistance, fault tolerance, and hardware obfuscation can only be addressed at certain stages of the manufacturing chain, security is often neglected or rejected as it would interrupt tight and efficient manufacturing processes.
RESEARCH PROBLEM. As this is a very broad topic and certainly exceeds the scope of a single thesis, we offer multiple theses with focus on different aspects, including (but not limited to):
- Automated integration of security features
- Formal verification of security properties
- Optimization of security features
- Development of security extensions for (existing) EDA tools
- Secure High-Level Synthesis (HLS)
REQUIREMENTS. Digital logic, hardware design and security, physical attacks and countermeasures, solid programming skills, hardware description languages, formal verification, etc. (depending on the specific thesis topic and tasks).
CONTACT. If you are interested in this field of research, we can discuss potential topics suited to your prior knowledge and interests. If you already have a specific topic in mind, feel free to propose it directly. Please contact Dr.-Ing. Pascal Sasdrich (pascal.sasdrich@rub.de) and include a recent transcript or records.
Implementation and Side-Channel Security of Multivariate Quadratic Signature Schemes.
MOTIVATION. In the light of the potential threat of large-scale quantum computers breaking today's deployed cryptography, NIST has launched standardization efforts for post-quantum secure KEMs and Signature schemes. Recently, NIST has announced several schemes to be standardized. Additionally, a fourth round will be opened soon for signature schemes that are not based on lattice assumptions. For this round, it is expected that several signature schemes based on multivariate quadratic assumptions are submitted.
RESEARCH PROBLEM AND YOUR TASK. Here are a few works on several topics related to implementation issued. This includes:
- Embedded Software Implementations
- Hardware Implementations
- Side-Channel Attacks and Countermeasures
REQUIREMENTS. Depending on the direction you aim at: VHDL, embedded C and Assembly, and/or side-channel analysis.
CONTACT. If you are interested in this research topic, please contact Georg Land (georg.land@rub.de) and include a recent transcript or records.
LITERATUR:
| [1] | MAYO: Practical Post-Quantum Signatures from Oil-and-Vinegar Maps |
Secure Computation
MOTIVATION. Over the last decade and especially in recent years, many new attacks have been developed that target both desktop- as well as embedded-grade hardware. For example, it has been shown multiple times that caches can leak information by purposefully manipulating their contents and causing exploitable timing differences. Furthermore, SPECTRE and MELTDOWN showed that oversights in the implementation of speculative execution as well as predictions can have severe security considerations. Lastly, with the increasing number of IoT devices adversaries started focusing on exploiting these low-performance devices, thus prompting for solutions that require low overhead.
RESEARCH PROBLEM AND YOUR TASK. We have developed different countermeasures against the threats mentioned above. To provide a more in-depth evaluation we still require some implementations. This includes, for example:
- Implementing a TLB countermeasure into a softcore OOO-CPU
- Implementing an ISA Extension against fault in a softcore embedded-grade CPU (with compiler support)
- Researching fault-free ISA designs and evaluating them in HW
REQUIREMENTS. Depending on the direction you aim at: Experience with hardware description languages, high-level languages if you aim to provide compiler support
CONTACT. If you are interested in this topic, please contact: M.Sc. Florian Stolz (florian.stolz@rub.de)
Implementation of a randomized cache in Hardware on the RISC-V Rocket Core (Master thesis)
MOTIVATION. In recent years, microarchitectural attacks, particularly cache timing attacks [1,2] have emerged as significant threats to the security of modern computing systems. These attacks exploit the timing variations in cache memory to infer sensitive information, posing a serious risk to data confidentiality and system integrity. As a countermeasure, randomized caches [3] have been proposed to mitigate these vulnerabilities by introducing unpredictability in cache behavior, thereby thwarting potential attackers.
RESEARCH PROBLEM. Despite the growing interest in randomized cache designs for enhancing security and performance, there are currently no good or usable implementations available. This thesis aims to fill this gap by providing a robust solution that can be utilized by the academic and research community.
YOUR TASK. Your primary objective is to implement a randomized cache design, such as ScatterCache [3], on the open-source RISC-V Rocket Core [4] using the ChipYard [5] framework. The goals of this thesis can be broadly split into three:
- Implementation: You integrate a randomized cache design into the Rocket Core using the ChipYard framework.
- Evaluation: You assess the implemented design in terms of speed and area consumption, providing a comprehensive analysis of its performance.
- Extensibility: You take care that your implementation is easily reusable and extensible to simplify future research.
REQUIREMENTS. First hardware design experience, general programming skills (you would use Chisel based on Scala for the hardware design), basic knowledge of Linux and working on the command line, basic understanding of CPU designs.
CONTACT. If you are interested in this topic, please contact Moritz Peters (moritz.peters-v41@rub.de) and include a recent transcript of records.
LITERATURE
| [1] | Y. Yarom and K. Falkner, “FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack” in Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, K. Fu and J. Jung, Eds., USENIX Association, 2014, pp. 719–732. |
| [2] | E. Tromer, D. A. Osvik, and A. Shamir, “Efficient cache attacks on AES, and countermeasures” in J. Cryptol., vol. 23, no. 1, pp. 37–71, 2010 |
| [3] | M. Werner, T. Unterluggauer, L. Giner, M. Schwarz, D. Gruss, and S. Mangard, “ScatterCache: Thwarting Cache Attacks via Cache Set Randomization" in 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, N. Heninger and P. Traynor, Eds., USENIX Association, 2019, pp. 675–692. |
| [4] | Rocket Core |
| [5] | ChipYard |
Hardware Attacks on IoT Devices
MOTIVATION. Internet of Things (IoT) devices are embedded in nearly every aspect of modern life. As their presence grows, so does their potential as targets for hardware attacks, such as side-channel and fault-injection attacks. Understanding these vulnerabilities is crucial for improving security in real-world applications.
RESEARCH PROBLEM. Despite the relevance of hardware attacks on IoT devices, only a limited number of real-world cases have been documented. This gap in research highlights the need for practical investigations into their feasibility and impact.
YOUR TASK. In this thesis, you will analyze the hardware of one or more IoT devices, assess potential attack vectors, and plan a suitable hardware-based attack. Finally, you will conduct the attack and evaluate its effectiveness.
REQUIREMENTS. Experience in C and Python programming, Interest in embedded systems and hardware security.
CONTACT. If you are interested in this topic, please contact Dina Hesse (dina.hesse@rub.de) and include a recent transcript of records.
Hardware Implementation of HAETAE (Master Thesis)
MOTIVATION. In January 2025, HAETAE [1,2] was selected as the final algorithm of the Korean PQC competition (KpqC). Like Dilithium [3], it is a post-quantum digital signature scheme based on lattice problems and was partly inspired by Dilithium. However, to date, no hardware implementation of HAETAE exists.
YOUR TASK. In this thesis, you will develop a hardware implementation of HAETAE. You will begin by implementing smaller sub-functions, closely following the Dilithium hardware design where applicable. The final step will be implementing the sampling process for hyperball uniform distributions.
REQUIREMENTS. Experience in hardware design (Verilog) is beneficial and familiarity with lattice-based post-quantum cryptographic (PQC) schemes is advantageous.
CONTACT. If you are interested in this topic, please contact Dina Hesse (dina.hesse@rub.de) and include a recent transcript of records.
LITERATURE
| [1] | Cheon, Jung Hee, et al. "Haetae: Shorter lattice-based fiat-shamir signatures." IACR Transactions on Cryptographic Hardware and Embedded Systems 2024.3 (2024): 25-75. |
| [2] | Algorithm Specifications and Supporting Documentation. |
| [3] | Ducas, Léo, et al. "Crystals-dilithium: A lattice-based digital signature scheme." IACR Transactions on Cryptographic Hardware and Embedded Systems (2018): 238-268. |
Optimizing a Custom Intermediate Representation (IR) for Attribute-Based Encryption (ABE) Schemes (Bachelor Thesis)
MOTIVATION. Compilers are powerful tools which transform source to target languages. Much of their strength originates in various optimization passes such as constant folding, dead store elimination, function call inlining and more. Aside from mainstream compilers like GCC and clang, custom compilers are often used for niche applications. While some optimization strategies can be applied straightforwardly, others need to be adapted or are not applicable at all. Also, domain specific optimizations which explicitly consider the intricacies of the problem at hand may apply.
RESEARCH PROBLEM. At the Chair for Security Engineering we are developing a compiler for Attribute-based Encryption [1]. This compiler emits a custom IR which models the operations typically required in implementations of ABE schemes. For now, the generated code is not optimized at all, which results in very lengthy implementations. Also, in many cases specialized instructions may offer a performance boost. We would like to find and integrate optimizations for our IR and evaluate their usefulness.
YOUR TASK. Your task is to research existing optimization strategies from literature and conceptually apply these to our custom IR. You should implement your algorithms as a plugin to our compiler (in Python) and evaluate its correctness. The benefits of your tool should be evaluated based on the reduction in code size as well as performance gains it offers using a customizable cost model.
REQUIREMENTS. Ideally, you should be familiar with abstract modeling of programming languages as ASTs and IRs. You should have experience with Python development and bring a good foundation of (discrete) maths to understand the context of your work.
CONTACT. If you are interested in this topic, please contact Sven Argo (sven.argo@ruhr-uni-bochum.de) and include a recent transcript of records.
LITERATURE
| [1] | A Practical Compiler for Attribute-Based Encryption: New Decentralized Constructions and More, Marloes Venema, 2023 |
Optimizing Associative Containers by Exploiting Domain-Specific Knowledge
MOTIVATION. Attribute-based encryption (ABE) is an advanced cryptographic primitive which realizes role-based access control. To implement ABE schemes, associative containers such as hash maps or trees are required to handle the dynamically sized keys and ciphertexts. While general-purpose implementations work well, there are speed-ups to be gained by exploiting domain-specific knowledge. This includes, for example, the fact that many (hash map) keys share a common prefix, have a fixed format or follow a certain distribution.
RESEARCH PROBLEM. At the Chair for Security Engineering we have developed an implementation of a powerful ABE scheme. Internally, we use Rust's built-in HashMap to realize key-based accesses into data structures. Based on our implementation, one can "log" all key lookups and analyze their format and "distribution". By incorporating these insights, more efficient data structures can be devised. For example, one could use optimized hash functions to reduce collisions (similar to "perfect hashing") or use Trie/FSM based representations [1] to reduce the memory-footprint.
YOUR TASK. Your task is to implement (at least two) custom associate containers in Rust which outperform the built-in HashMap. To this end, you should exploit the known format of the keys as well as their "distribution". Eventually, your implementations should be evaluated with regard to runtime and memory performance.
REQUIREMENTS. You should have a solid foundation in data structures and their performance characteristics. Further, you should have extensive experience with Rust and memory management to develop high-performance implementations on your own. An understanding of discrete math and basic cryptography is useful to understand the context of your assignment.
CONTACT. If you are interested in this topic, please contact Sven Argo (sven.argo@ruhr-uni-bochum.de) and include a recent transcript of records.
LITERATURE
| [1] | Efficient String Matching: An Aid to Bibliographic Search, Aho and Corasick, 1975 |