BACHELOR- UND MASTERARBEITEN
Wir sind immer an Studierenden interessiert, die bei uns eine Bachelor- oder Masterarbeit schreiben möchten. Es sind keine besonderen Vorkenntnisse erforderlich, d.h. Grundlagen der Kryptographie, algorithmische oder VHDL Grundlagen können während der Arbeit erlernt werden. Die Ausschreibung richtet sich gleichermaßen an Studierende der ET, IT, AI und ITS.
Bei Interesse an einer Abschlussarbeit an unserem Lehrstuhl könnt Ihr einfach eine E-Mail an seceng-thesis@rub.de schreiben, idealerweise mit einem aktuellen Transcript of Records und Eurem bevorzugten Thema/Themengebiet
Darüber hinaus bietet unser Lehrstuhl aktuell folgende Themen zur Bearbeitung für Bachelor- und Masterarbeiten an. Ausführliche Beschreibungen befinden sich weiter unten.
Übersicht
Automated and Formal Hardware Security Verification
MOTIVATION. Automated hardware security verification has become essential for building trust in cryptographic designs and embedded systems. However, most tools and workflows struggle with complex real-world designs and constructions and/or with advanced security notions and adversary models. Scaling and refining automated hardware security verification to handle real-world structures and richer adversary models is key to delivering security guarantees that go beyond toy examples.
RESEARCH PROBLEM. Existing approaches, e.g., SMT/SAT-based analyses or BDDs/MTBDDs, often require simplifying assumptions that limit realism, or they hit scalability limits (e.g., state-space explosion). There is a need for modular, automated verification techniques that (i) handle complex architectures and (ii) support advanced security models. The challenge is to design proof and verification strategies that are efficient yet sound, with clear trade-offs and evidences.
REQUIREMENTS. Strong interest in cryptography, implementation security (SCA/FIA), and formal methods. Solid background in discrete math, logic, probability, and programming skills (e.g., C/C++//Rust/Python/Sage) are beneficial. Familiarity with automated reasoning (SMT/SAT, model checking) or proof assistants (Coq/Isabelle/F*) can help. The specific thesis scope and depth will be tailored to your background and level of expertise (Bachelor or Master).
CONTACT. If you are interested in this research direction and thesis topic, please contact: Dr.-Ing. Pascal Sasdrich (pascal.sasdrich@rub.de).
Automated and Security-Aware Design Space Exploration in Hardware
MOTIVATION. With the increasing complexity of modern cryptography, especially Post-Quantum Cryptography (PQC), and considering physical implementation attacks, the design space of efficient hardware instances often grows exorbitantly. As a consequence, designers are often unable to weigh all possible design options and base design decisions on their experience. In a similar way, achieving security against physical attacks usually requires the expertise of experienced designers. However, ideally, design decisions should be made based on the predicted performance of the design, and physical security should be natively built-in into the design process.
RESEARCH PROBLEM. We have recently developed the new HADES-framework [1] and its proof-of-concept implementation at our chair. Using generic hardware descriptions, so-called templates, our tool is able to automatically explore the design space and predict the performance of different design options, allowing to make qualified design decisions based on the predicted performance. Our tool is furthermore able to include countermeasures against side-channel attacks into the design-space exploration, and finally outputs side-channel secure designs in standard VHDL or Verilog.
YOUR TASK. Your task is to extend our tool, either by adding templates (e.g., for symmetric cryptography such as PRESENT) or by implementing new features in the backend. Possible tasks can include:
- Addition of new templates for symmetric cryptography (LED, Skinny, Speedy, ...)
- Designing templates for asymmetric cryptography (RSA, ECC, ...)
- Adding new performance metrics for the design space exploration (e.g., critical path)
- Implementation of optimizations during the design space exploration such as local optimizations
- Optimization of randomness usage for side-channel protection
REQUIREMENTS. Our tool is written in Scala and SpinalHDL. Therefore, you ideally have experience with hardware implementations (VHDL/Verilog/SpinalHDL) and with object-oriented programming (Scala/Java/C++).
CONTACT. If you are interested in this topic, please contact: Fabian Buschkowski (fabian.buschkowski@rub.de) or Niklas Höher(niklas.hoeher@rub.de).
LITERATURE
| [1] | Fabian Buschkowski, Georg Land, Jan Richter-Brockmann, Pascal Sasdrich, and Tim Güneysu. "HADES: Automated Hardware Design Exploration for Cryptographic Primitives". In: Cryptology ePrint Archive, Paper 2024/130. URL: https://eprint.iacr.org/2024/130 |
Combined Physical Implementation Security
MOTIVATION. Combined Analysis (CA) exploits information leakage (Side-Channel Analysis, SCA) and induced faults (Fault-Injection Analysis, FIA) simultaneously to bypass defenses that protect against either class in isolation. Practical security for critical systems demands countermeasures that remain effective under such combined attacks. Modeling, designing, implementing, and empirically validating such combined countermeasures can help to improve resistance against simultaneous physical implementation attacks.
RESEARCH PROBLEM. Many physical implementation countermeasures either provide leakage resilience or fault tolerance, while their security guarantees rarely compose cleanly. For instance, masking can amplify fault effects while redundancy can amplify information leakage via imbalance. For this, we need novel models and implementations of countermeasures that simultaneously address leakage and faults, with clear assumptions, tunable parameters, and measurable or provable guarantees. This includes defining combined security notions, understanding interactions between protections, and validating that security remains intact after synthesis and/or compilation.
REQUIREMENTS. General interest in applied cryptography and cryptographic engineering. Either solid programming skills (e.g., C/C++/Rust and/or Python) or familiarity with hardware design (Verilog/VHDL/HCL/HLS) are beneficial. Exposure to physical implementation attacks (SCA/FIA) is beneficial. The specific thesis scope and depth will be tailored to your background and level of expertise (Bachelor or Master).
CONTACT. If you are interested in this research direction and thesis topic, please contact: Dr.-Ing. Pascal Sasdrich (pascal.sasdrich@rub.de).
Implementation and Side-Channel Security of Multivariate Quadratic Signature Schemes.
MOTIVATION. In the light of the potential threat of large-scale quantum computers breaking today's deployed cryptography, NIST has launched standardization efforts for post-quantum secure KEMs and Signature schemes. Recently, NIST has announced several schemes to be standardized. Additionally, a fourth round will be opened soon for signature schemes that are not based on lattice assumptions. For this round, it is expected that several signature schemes based on multivariate quadratic assumptions are submitted.
RESEARCH PROBLEM AND YOUR TASK. Here are a few works on several topics related to implementation issued. This includes:
- Embedded Software Implementations
- Hardware Implementations
- Side-Channel Attacks and Countermeasures
REQUIREMENTS. Depending on the direction you aim at: VHDL, embedded C and Assembly, and/or side-channel analysis.
CONTACT. If you are interested in this research topic, please contact Georg Land (georg.land@rub.de) and include a recent transcript or records.
LITERATUR:
| [1] | MAYO: Practical Post-Quantum Signatures from Oil-and-Vinegar Maps |
Hardware Attacks on IoT Devices
MOTIVATION. Internet of Things (IoT) devices are embedded in nearly every aspect of modern life. As their presence grows, so does their potential as targets for hardware attacks, such as side-channel and fault-injection attacks. Understanding these vulnerabilities is crucial for improving security in real-world applications.
RESEARCH PROBLEM. Despite the relevance of hardware attacks on IoT devices, only a limited number of real-world cases have been documented. This gap in research highlights the need for practical investigations into their feasibility and impact.
YOUR TASK. In this thesis, you will analyze the hardware of one or more IoT devices, assess potential attack vectors, and plan a suitable hardware-based attack. Finally, you will conduct the attack and evaluate its effectiveness.
REQUIREMENTS. Experience in C and Python programming, Interest in embedded systems and hardware security.
CONTACT. If you are interested in this topic, please contact Dina Hesse (dina.hesse@rub.de) and include a recent transcript of records.
Hardware Implementation of HAETAE (Master Thesis)
MOTIVATION. In January 2025, HAETAE [1,2] was selected as the final algorithm of the Korean PQC competition (KpqC). Like Dilithium [3], it is a post-quantum digital signature scheme based on lattice problems and was partly inspired by Dilithium. However, to date, no hardware implementation of HAETAE exists.
YOUR TASK. In this thesis, you will develop a hardware implementation of HAETAE. You will begin by implementing smaller sub-functions, closely following the Dilithium hardware design where applicable. The final step will be implementing the sampling process for hyperball uniform distributions.
REQUIREMENTS. Experience in hardware design (Verilog) is beneficial and familiarity with lattice-based post-quantum cryptographic (PQC) schemes is advantageous.
CONTACT. If you are interested in this topic, please contact Dina Hesse (dina.hesse@rub.de) and include a recent transcript of records.
LITERATURE
| [1] | Cheon, Jung Hee, et al. "Haetae: Shorter lattice-based fiat-shamir signatures." IACR Transactions on Cryptographic Hardware and Embedded Systems 2024.3 (2024): 25-75. |
| [2] | Algorithm Specifications and Supporting Documentation. |
| [3] | Ducas, Léo, et al. "Crystals-dilithium: A lattice-based digital signature scheme." IACR Transactions on Cryptographic Hardware and Embedded Systems (2018): 238-268. |
Implementation of a randomized cache in Hardware on the RISC-V Rocket Core (Master thesis)
MOTIVATION. In recent years, microarchitectural attacks, particularly cache timing attacks [1,2] have emerged as significant threats to the security of modern computing systems. These attacks exploit the timing variations in cache memory to infer sensitive information, posing a serious risk to data confidentiality and system integrity. As a countermeasure, randomized caches [3] have been proposed to mitigate these vulnerabilities by introducing unpredictability in cache behavior, thereby thwarting potential attackers.
RESEARCH PROBLEM. Despite the growing interest in randomized cache designs for enhancing security and performance, there are currently no good or usable implementations available. This thesis aims to fill this gap by providing a robust solution that can be utilized by the academic and research community.
YOUR TASK. Your primary objective is to implement a randomized cache design, such as ScatterCache [3], on the open-source RISC-V Rocket Core [4] using the ChipYard [5] framework. The goals of this thesis can be broadly split into three:
- Implementation: You integrate a randomized cache design into the Rocket Core using the ChipYard framework.
- Evaluation: You assess the implemented design in terms of speed and area consumption, providing a comprehensive analysis of its performance.
- Extensibility: You take care that your implementation is easily reusable and extensible to simplify future research.
REQUIREMENTS. First hardware design experience, general programming skills (you would use Chisel based on Scala for the hardware design), basic knowledge of Linux and working on the command line, basic understanding of CPU designs.
CONTACT. If you are interested in this topic, please contact Moritz Peters (moritz.peters-v41@rub.de) and include a recent transcript of records.
LITERATURE
| [1] | Y. Yarom and K. Falkner, “FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack” in Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, K. Fu and J. Jung, Eds., USENIX Association, 2014, pp. 719–732. |
| [2] | E. Tromer, D. A. Osvik, and A. Shamir, “Efficient cache attacks on AES, and countermeasures” in J. Cryptol., vol. 23, no. 1, pp. 37–71, 2010 |
| [3] | M. Werner, T. Unterluggauer, L. Giner, M. Schwarz, D. Gruss, and S. Mangard, “ScatterCache: Thwarting Cache Attacks via Cache Set Randomization" in 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, N. Heninger and P. Traynor, Eds., USENIX Association, 2019, pp. 675–692. |
| [4] | Rocket Core |
| [5] | ChipYard |
Microarchitectural Side Channel Attacks and Countermeasures
MOTIVATION. The internal hardware of modern CPUs, i.e., the microarchitecture, has long been considered a trust anchor that works as a foundation for higher level system security. While this assumption has been challenged time and again, only recent attacks including Spectre [1] and Meltdown [2] saw the industry taking this problem seriously. There are many aspects of microarchitectural vulnerabilities, ranging from cache side channel attacks [3] over Rowhammer [4] to speculative execution attacks [5].
RESEARCH PROBLEM. Aiding current research projects at the Chair for Security Engineering, your thesis will review and advance the current state of research. This may include the design and/or evaluation of attacks and countermeasures. In many cases these attacks directly operate on the CPU hardware. Especially for the evaluation of countermeasures, we often use the gem5 simulator [6].
REQUIREMENTS. C/C++ programming skills, basics of x86 assembly, basic understanding of CPU designs (pipeline, caches, etc.)
CONTACT. If you are interested in this field of research, we can discuss potential topics suited to your prior knowledge and interests. If you already have a specific topic in mind, feel free to propose it directly. Please contact Moritz Peters, moritz.peters-v41@rub.de and include a recent transcript or records.
LITERATURE
| [1] | Kocher, Paul, et al. "Spectre attacks: Exploiting speculative execution." 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019. |
| [2] | Lipp, Moritz, et al. "Meltdown: Reading kernel memory from user space." 27th USENIX Security Symposium (USENIX Security 18). 2018. |
| [3] | Yarom, Yuval, and Katrina Falkner. "{FLUSH+ RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel} Attack." 23rd USENIX security symposium (USENIX security 14). 2014. |
| [4] | Mutlu, Onur, and Jeremie S. Kim. "Rowhammer: A retrospective." IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 39.8 (2019): 1555-1571. |
| [5] | Canella, Claudio, et al. "A systematic evaluation of transient execution attacks and defenses." 28th USENIX Security Symposium (USENIX Security 19). 2019. |
| [6] | Lowe-Power, Jason, et al. "The gem5 simulator: Version 20.0+." arXiv preprint arXiv:2007.03152 (2020). |
Optimizing a Custom Intermediate Representation (IR) for Attribute-Based Encryption (ABE) Schemes (Bachelor Thesis)
MOTIVATION. Compilers are powerful tools which transform source to target languages. Much of their strength originates in various optimization passes such as constant folding, dead store elimination, function call inlining and more. Aside from mainstream compilers like GCC and clang, custom compilers are often used for niche applications. While some optimization strategies can be applied straightforwardly, others need to be adapted or are not applicable at all. Also, domain specific optimizations which explicitly consider the intricacies of the problem at hand may apply.
RESEARCH PROBLEM. At the Chair for Security Engineering we are developing a compiler for Attribute-based Encryption [1]. This compiler emits a custom IR which models the operations typically required in implementations of ABE schemes. For now, the generated code is not optimized at all, which results in very lengthy implementations. Also, in many cases specialized instructions may offer a performance boost. We would like to find and integrate optimizations for our IR and evaluate their usefulness.
YOUR TASK. Your task is to research existing optimization strategies from literature and conceptually apply these to our custom IR. You should implement your algorithms as a plugin to our compiler (in Python) and evaluate its correctness. The benefits of your tool should be evaluated based on the reduction in code size as well as performance gains it offers using a customizable cost model.
REQUIREMENTS. Ideally, you should be familiar with abstract modeling of programming languages as ASTs and IRs. You should have experience with Python development and bring a good foundation of (discrete) maths to understand the context of your work.
CONTACT. If you are interested in this topic, please contact Sven Argo (sven.argo@ruhr-uni-bochum.de) and include a recent transcript of records.
LITERATURE
| [1] | A Practical Compiler for Attribute-Based Encryption: New Decentralized Constructions and More, Marloes Venema, 2023 |
Optimizing Associative Containers by Exploiting Domain-Specific Knowledge
MOTIVATION. Attribute-based encryption (ABE) is an advanced cryptographic primitive which realizes role-based access control. To implement ABE schemes, associative containers such as hash maps or trees are required to handle the dynamically sized keys and ciphertexts. While general-purpose implementations work well, there are speed-ups to be gained by exploiting domain-specific knowledge. This includes, for example, the fact that many (hash map) keys share a common prefix, have a fixed format or follow a certain distribution.
RESEARCH PROBLEM. At the Chair for Security Engineering we have developed an implementation of a powerful ABE scheme. Internally, we use Rust's built-in HashMap to realize key-based accesses into data structures. Based on our implementation, one can "log" all key lookups and analyze their format and "distribution". By incorporating these insights, more efficient data structures can be devised. For example, one could use optimized hash functions to reduce collisions (similar to "perfect hashing") or use Trie/FSM based representations [1] to reduce the memory-footprint.
YOUR TASK. Your task is to implement (at least two) custom associate containers in Rust which outperform the built-in HashMap. To this end, you should exploit the known format of the keys as well as their "distribution". Eventually, your implementations should be evaluated with regard to runtime and memory performance.
REQUIREMENTS. You should have a solid foundation in data structures and their performance characteristics. Further, you should have extensive experience with Rust and memory management to develop high-performance implementations on your own. An understanding of discrete math and basic cryptography is useful to understand the context of your assignment.
CONTACT. If you are interested in this topic, please contact Sven Argo (sven.argo@ruhr-uni-bochum.de) and include a recent transcript of records.
LITERATURE
| [1] | Efficient String Matching: An Aid to Bibliographic Search, Aho and Corasick, 1975 |
Secure Computation
MOTIVATION. Over the last decade and especially in recent years, many new attacks have been developed that target both desktop- as well as embedded-grade hardware. For example, it has been shown multiple times that caches can leak information by purposefully manipulating their contents and causing exploitable timing differences. Furthermore, SPECTRE and MELTDOWN showed that oversights in the implementation of speculative execution as well as predictions can have severe security considerations. Lastly, with the increasing number of IoT devices adversaries started focusing on exploiting these low-performance devices, thus prompting for solutions that require low overhead.
RESEARCH PROBLEM AND YOUR TASK. We have developed different countermeasures against the threats mentioned above. To provide a more in-depth evaluation we still require some implementations. This includes, for example:
- Implementing a TLB countermeasure into a softcore OOO-CPU
- Implementing an ISA Extension against fault in a softcore embedded-grade CPU (with compiler support)
- Researching fault-free ISA designs and evaluating them in HW
REQUIREMENTS. Depending on the direction you aim at: Experience with hardware description languages, high-level languages if you aim to provide compiler support
CONTACT. If you are interested in this topic, please contact: M.Sc. Florian Stolz (florian.stolz@rub.de)
Theoretical Adversary Models for Physical Implementation Attacks
MOTIVATION. Physical implementation attacks such as Side-Channel Analysis (SCA) and Fault-Injection Analysis (FIA) are practical, cost-effective, and increasingly relevant for critical and embedded devices. However, security claims and evaluations often rely on inherent, unrealistic, or fragmented assumptions. Advancing formal, realistic, and interoperable adversary models for SCA, FIA, and Combined Analysis (CA) is key to making security proofs meaningful and guiding robust designs and secure implementation.
RESEARCH PROBLEM. Current models, e.g., probing and noisy-leakage for SCA, zeta- or k-injection for FIA, and emerging CA models vary in complexity, realism, and accuracy and rarely compose cleanly. We seek parameterized, formal adversary models that precisely capture observables (signals, traces), controllables (fault types, timing, locality), budgets (time, equipment, samples), and success criteria, with well-defined relations between models. This includes proving implications/separations between models, defining simulation- or game-based security notions that reflect practice, and establishing composability results that hold under combined attacks.
REQUIREMENTS. Strong interest in cryptography, implementation security (SCA/FIA), and formal reasoning. Solid background in discrete math, logic, probability, and programming skills (e.g., Python/Sage) are beneficial. Experience with formal methods or proof assistants is a plus. Basic familiarity with hardware design (HDL/HCL/HLS) helps for case studies. The specific thesis scope and depth will be tailored to your background and level of expertise (Bachelor or Master).
CONTACT. If you are interested in this research direction and thesis topic, please contact: Dr.-Ing. Pascal Sasdrich (pascal.sasdrich@rub.de).
Tooling for Physical Implementation Security
MOTIVATION. The rising complexity of modern embedded systems, combined with the manual and often ad-hoc integration of countermeasures, has created a significant vulnerability to physical implementation attacks (SCA/FIA/CA). The limitations of current manual design methods for ensuring physical implementation security, which are typically time-consuming, error-prone, and unable to scale with system complexity, have become a major concern. To address this critical need, novel tooling solutions that can provide robust, efficient, and scalable physical implementation security for modern embedded systems is urgently needed.
RESEARCH PROBLEM. The development of secure embedded systems resistant to SCA/FIA and/or CA is hindered by the lack of constructive tooling. Current design and implementation flows often neglect physical implementation security, relying on manual and ad-hoc countermeasures that are time-consuming and error-prone. The goal is to develop automated tooling that enables the creation of secure embedded systems by automatically integrating SCA/FIA and/or CA countermeasures into the design and development flow.
REQUIREMENTS. Strong interest in embedded security, computer architecture, and design automation. Solid programming skills (e.g., C/C++/Rust and/or Python) or familiarity with hardware design (Verilog/VHDL/HCL/HLS) are beneficial. Exposure to physical implementation attacks (SCA/FIA) is beneficial. The specific thesis scope and depth will be tailored to your background and level of expertise (Bachelor or Master).
CONTACT. If you are interested in this research direction and thesis topic, please contact: Dr.-Ing. Pascal Sasdrich (pascal.sasdrich@rub.de).