Seminare Sommer 2025

Im Sommersemester bietet der Lehrstuhl für Security Engineering ein Seminar für Bachelor- und Masterstudenten an.
Vorkenntnisse im Bereich IT-Sicherheit oder Kryptografie sind abhängig vom Thema erforderlich.
Die Anmeldung erfolgt über die zentrale Anmeldung der Fakultät für Informatik und FlexNow.
Hauptsprache der Veranstaltung ist Englisch.

ZIEL DES SEMINARS
Ziel des Seminars ist das Erlernen von wissenschaftlichem Schreiben und Präsentieren, sowie eigenständiges Arbeiten und Selbstorganisation. Die Teilnehmenden setzen sich mit einem aktuellen Forschungsthema im Bereich Security Engineering auseinander und präsentieren dieses am Ende des Semesters im Plenum.

TERMINE SoSe 2025

01.02. - 01.03.2025 Anmeldung über die zentrale Anmeldung der Fakultät für Informatik
09.04.2025 Einführungsveranstaltung (Anwesenheitspflicht in Präsenz)
30.04.2025 Abgabe des Exposés
17.06.2025 Abgabe der vorläufigen Endversion zur Korrektur beim/bei der BetreuerIn
08.07.2025 Abgabe der finalen Endversion nach Einpflegen der Korrekturen
22.07.2025 (vsl.) Präsentationstag (Anwesenheitspflicht in Präsenz)
Während des Semesters Regelmäßiger Austausch mit dem/der BetreuerIn nach individueller Absprache


THEMEN SoSe 2025

Nr. Titel Beschreibung Quellen
1 Composable and Predictable Multi-Processor System on Chips Abstract: Nowadays, more and more unrelated applications are integrated into a single system-on-chip. Consequently, the complexity to ensure that timing and resource constraints increases, since the interplay between all applications needs to be considered. The notion of "composability" counteracts this by ensuring that different applications are sufficiently independent. The CoMPSoC platform is an example of such a composable system.
Your seminar paper: For your seminar paper you should dive how the CoMPSoC platform [1] works. Start by illustrating key concepts and definitions for composable and predictable systems. Further, investigate how different hardware components are organized and connected. Show the role of software components and how they interact with the system. Finally, present and discuss the experimental results of the paper.
[1]
2 Testing Security Of Future Micro Architectures Abstract: Modern CPUs often use fancy optimizations (e.g. speculation) to maximize their performance. Unfortunately, such optimizations can break the security of cryptographic implementations by leaking secret values to the micro architectural state (e.g. Spectre attacks). Ideally, such security gaps should be identified before producing actual hardware chips to avoid unnecessary costs. The LMTest/LMSpec [1] framework introduces a practical tool to assess the security of not-yet-existing hardware architectures.
Your seminar paper: For your seminar paper you should dive into how the security of future micro architectures can be tested. To do so, you should first introduce the formal definitions used to model speculation-based side-channel leakage. Further, you should familiarize yourself with the approach taken in [1]; give an overview of the inner workings of the LMTest tool and how the LMSpec language allows modeling not-yet-existing architectures. Finally, present and discuss the case-studies of the paper.
[1]
3 Masking FALCON's Floating-Point Multiplication in Hardware Abstract: Floating-point arithmetic is a fundamental cornerstone in a wide range of computational domains, especially as a building block for the FALCON post-quantum cryptography signature scheme. Masking, on the other hand, is one of the most popular and well-studied countermeasures against side-channel attacks. However, to this date, no masked hardware implementation of floating-point multiplication exists, making it impossible to secure FALCON against side-channel attacks. Recently, the authors of [1] proposed a first masked implementation of floating-point multiplications with the help of mutliple new gadgets, proving its security in the PINI model.
Your seminar paper: Your task in this seminar is to give an overview of the proposed masked floating-point multiplcation. For this, you should summarize the general principle of floating-point multiplications and masking, explain the (new) steps presented in the paper to mask floating-point multiplications, and evaluate the performance of the proposed masked implementations.
Prerequisites: Digitaltechnik (required), Mathematical background (required), Physical Attacks and Countermeasures (helpful), Kryptographie auf Hardwarebasierten Plattformen (helpful)
[1], [2]
4 Compress: Generate Small and Fast Masked Pipelined Circuits Abstract: Masking is one of the most popular and well-studied countermeasures against side-channel attacks. Gadget-based masking, relying on the construction of secure atomic building blocks (so-called gadgets) and replacing all gates in a circuit with these gadgets, is a common technique for the automated application of masking. Due to the varying amounts of register stages in different gadgets, automatically masked circuits are often suboptimal in terms of latency (and area) as they introduce many unneeded registers to ensure correct timing behavior. In [1], the authors present COMPRESS, a novel tool that is able to minimize the number of register stages in a circuit while keeping functional correctness and security guarantees, among other optimizations.
Your seminar paper: Your task in this seminar is to give an overview of the different optimization techniques that COMPRESS uses. For this, you should first summarize masking and the different gagdets, before presenting the novel optimization techniques proposed in the paper and their influence on the performance of a design. Finally, you should evaluate the performance of the optimized designs when compared to normal, unoptimized designs.
Prerequisites: Digitaltechnik (required), Physical Attacks and Countermeasures (helpful), Kryptographie auf Hardwarebasierten Plattformen (helpful)
[1]
5 IP security in cloud computing: FPGA Bitstream encryption (Master) Abstract: Field Programmable Gate Arrays (FPGAs) have been adopted as specialized hardware accelerators in cloud computing. The paper addresses the issue of IP (Intellectual Property) theft in the context of FPGAs in cloud computing.
Your seminar paper: Give short overview of FPGA bitstreams, Short comparison with similar work: protection of FPGA bitstreams, FOCUS: Present the method used in the paper (on a high level)
Prerequisites: First knowledge of FPGAs, cloud computing, and key Aggregation is desired. Not recommended for Bachelor students.
[1]
6 FPGA reverse engineering: Machine Learning Model Reconstruction Abstract: The creation of accurate machine learning models is a resource demanding task, thus protection against IP (Intellectual Property) theft of such machine learning models becomes essential. The paper draws attention to the issue of missing bitstream encryption. The paper demonstrates a method to reconstruct machine learning models deployed on FPGAs (Field Programmable Gate Arrays).
Your seminar paper: Give short overview of FPGA bitstream encryption, Short comparison with similar work: FPGA reverse engineering (OR ML model reconstruction), FOCUS: Identify the main ideas of the method used in the paper
Prerequisites: Interest in FPGAs, side-channel analysis is desired. Interest in Deep Learning is helpful.
[1]
7 On the Security of Strong Memristor-based Physically Unclonable Functions (Master) Abstract: PUFs (Physically Unclonable Functions) can be used to embed a unique entropy source to derive a device-specific cryptographic key directly into an integrated circuit without the need of any configuration after manufacturing. However existing PUF designs are susceptible to modeling attacks which allow the emulation of the behavior of PUFs. The paper applies various machine learning algorithms to emulate the behavior of PUFs and proofs their insecurity.
Your seminar paper: Give short overview of PUFs and related modeling attacks, Present the attacks, FOCUS: Compare and identify the main flaw(s) of various PUF designs and related attacks, (Analyse previous work with falsified claims of security)
Prerequisites: Interest in digital engineering, FPGAs, side-channel analysis, key generation is desired. Interest in Machine Learning algorithms is helpful. Not recommended for Bachelor students.
[1]
8 Ring Oscillators to Hide Sensitive Data in Hardware: Techniques and Applications Abstract: In order to enhance the security of a cryptographic circuit, not only masking, but also hiding is often used. An often applied method for realizing it is the placement of ring oscillators. The study delves into various techniques and practical applications, demonstrating the effectiveness of this approach in protecting critical information from unauthorized access and tampering.
Your seminar paper: In this paper, the different techniques and practical applications of ring oscillators should be studied and discussed. Especially the basic principles of hiding by ring oscillators should be explained.
[1], [2]
9 Unifying Leakage Models: from t-probing to Noisy Leakage (Master) Abstract: A recent trend in cryptography is to formally show the leakage resilience of cryptographic implementations in a given leakage model. A realistic assumption is to assume that leakages are sufficiently noisy, following the engineering observation that real-world physical leakages are inherently noisy. While the noisy leakage assumption has first been studied in the seminal work of Chari et al. (CRYPTO 99), the recent work of Prouff and Rivain (Eurocrypt 2013) provides the first analysis of a full masking scheme under a physically motivated noise model. Unfortunately, the security analysis of Prouff and Rivain has three important shortcomings: (1) it requires leak-free gates, (2) it considers a restricted adversarial model (random message attacks), and (3) the security proof has limited application for cryptographic settings.
Your seminar paper: In this paper, a summary of the different security models should be given, and their connection should be detailed.
Prerequisites: An advanced mathematical or information theoretical background is highly recommended. Not recommended for Bachelor students.
[1], [2]
10 A stealthy Hardware Trojan based on a Statistical Fault Attack Abstract: Integrated Circuits (ICs) are sensible to a wide range of (passive, active, invasive, non-invasive) physical attacks. In this context, Hardware Trojans (HTs), that are malicious modifications of a circuit by an untrusted manufacturer, are one of the most challenging threats to mitigate. HTs aim to alter the functionality of the infected chip in a malicious way, e.g. under specific conditions known by the adversary. Fault attacks are a typical attack vector. However, for a HT to be exploitable by an adversary, it also has to be stealthy. For example, a HT that would directly inject exploitable faults in a block cipher may be spotted by analyzing its functional behavior (i.e. the positions and the distribution of the faulty values appearing). In this paper, we propose a stealthy HT instance leading to successful and hidden Statistical Fault Attacks (SFA).
Your seminar paper: Gain a deeper understanding of physical implementation attacks with a special focus on deliberate malicious hardware modifications. Present the concept of stealthy hardware trojans introduced in [1]. Briefly discuss the applicability to ciphers other than AES.
Prerequisites: Digitaltechnik/Basic knowledge of digital circuit design (recommended), Introduction to Cryptography/Basic knowledge of symmetric cryptography (recommended)
[1]
11 Composable Gadgets with Reused Fresh Masks: First-Order Probing-Secure Hardware Circuits with only 6 Fresh Masks Abstract:Albeit its many benefits, masking cryptographic hardware designs has proven to be a non-trivial and error-prone task, even for experienced engineers. Masked variants of atomic logic gates, like AND or XOR – commonly referred to as gadgets – aim to facilitate the process of masking large circuits by offering free composition while sustaining the overall design’s security in the d-probing adversary model. A wide variety of research has already been conducted to (i) find formal properties a gadget must fulfill to guarantee composability and (ii) construct gadgets that fulfill these properties, while minimizing overhead requirements. In all existing composition frameworks like NI/SNI/PINI and all corresponding gadget realizations, the security argument relies on the fact that each gadget requires individual fresh randomness. Naturally, this approach leads to very high randomness requirements of the resulting composed circuit. In this work, we present composable gadgets with reused fresh masks (COMAR), allowing the composition of any first-order secure hardware circuit utilizing only 6 fresh masks in total.
Your seminar paper: Familiarize yourself with different security notions and the theoretical modelling of side-channel security. Present the concept of randomness-optimized COMAR gadgets introduced in [1] in a detailed fashion. Highlight the advantages and disadvantages compared to other existing gadget constructions.
Prerequisites: Digitaltechnik/Basic knowledge of digital circuit design (recommended), Affinity for theoretical topics (recommended)
[1]
12 MAYO Key Recovery by Fixing Vinegar Seeds Abstract: As the industry prepares for the transition to post-quantum secure public key cryptographic algorithms, vulnerability analysis of their implementations is gaining importance. A theoretically secure cryptographic algorithm should also be able to withstand the challenges of physical attacks in real-world environments. MAYO is a candidate in the ongoing NIST post-quantum standardization process for selecting additional digital signature schemes.
Your seminar paper: The main resource for this seminar topic demonstrates fault injection attacks on a MAYO implementation which should be understood, processed and set into context by the student.
Prerequisites: Math and formalism shouldn't be red flags for you.
[1]
13 MPC-in-the-Head Signatures (Master) Abstract: Post-quantum signature schemes can be grouped depending on the mathematical problems their security assumptions are based on. One of these groups that is also represented with several candidates in the ongoing NIST call for additional PQC signature schemes are the so-called MPC-in-the-Head schemes.
Your seminar paper: You should understand and explain how MPCitH signature schemes work. The seminar paper should also include a discussion of advantages and shortcommings compared to other families of PQC signature algorithms like lattice-based crypto, and an introduction of individual schemes like SDitH and Mirath.
Prerequisites: Strong Mathematical background (required), first familiarities with post-quantum cryptography (helpful). Not recommended for Bachelor students.
[1]
14 CipherLeaks: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel Abstract: AMD’s Secure Encrypted Virtualization (SEV) is a hardware extension available in AMD’s EPYC server processors to support confidential cloud computing. While various prior studies have demonstrated attacks against SEV by exploiting its lack of encryption in the VM control block or the lack of integrity protection of the encrypted memory and nested page tables, these issues have been addressed in the subsequent releases of SEV-Encrypted State (SEV-ES) and SEV-Secure Nested Paging (SEV-SNP). In this paper, we study a previously unexplored vulnerability of SEV, including both SEV-ES and SEV-SNP. The vulnerability is dubbed ciphertext side channels, which allows the privileged adversary to infer the guest VM’s execution states or recover certain plaintext. To demonstrate the severity of the vulnerability, we present the CipherLeaks attack, which exploits the ciphertext side channel to steal private keys from the constant-time implementation of the RSA and the ECDSA in the latest OpenSSL library.
[1]
15 ScatterCache: Thwarting Cache Attacks via Cache Set Randomization Abstract: Cache side-channel attacks can be leveraged as a building block in attacks leaking secrets even in the absence of software bugs. Currently, there are no practical and generic mitigations with an acceptable performance overhead and strong security guarantees. The underlying problem is that caches are shared in a predictable way across security domains. In this paper, we eliminate this problem. We present ScatterCache, a novel cache design to prevent cache attacks. ScatterCache eliminates fixed cache-set congruences and, thus, makes eviction-based cache attacks unpractical. For this purpose, ScatterCache retrofits skewed associative caches with a keyed mapping function, yielding a security-domaindependent cache mapping.
[1]
16 Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model Abstract: Composability and robustness against glitches are vital properties for secure implementations of masking schemes.
Your seminar paper: Your task is to research probing models that formalize these properties and argue about their viability compared to other models. Moreover, your task is to describe shortcomings of the d-probing model and reason about how the model(s) you researched improve upon it.
[1], [2]
17 Optimized Masking Abstract: Flexibility and performance of masked circuits are becoming increasingly important as security is often a feature that comes at the cost of runtime performance or chip area. Therefore it is crucial to optimize the performance and area of solutions without loss of security.
Your seminar paper: Your task is to juxtapose common masking techniques and existing optimizations.
[1], [2]
18 CHERI for IoT Abstract: Embedded devices are increasingly deployed in critical applications, from IoT systems to automotive and medical devices, yet their limited resources and long lifecycle make them vulnerable to exploitation through memory safety issues. The CHERI instruction set extension addresses these challenges by providing fine-grained memory protection and pointer integrity, enabling systems to enforce strict bounds on memory accesses and prevent common vulnerabilities like buffer overflows. By integrating CHERI, embedded devices could achieve a significant leap in security.
Your seminar paper: In this seminar you take a closer look at CHERI and the challenges posed by resource-constrained embedded devices.
[1]
19 ISEs for Shuffling Abstract: Side-channel attacks exploit unintentional information leaks, such as timing, power consumption, or electromagnetic emissions, to compromise the security of cryptographic systems. Shuffling is an effective technique for implementing side-channel hiding by introducing randomization into the order of operations or memory accesses. By breaking the deterministic patterns that attackers rely on, shuffling makes it significantly harder to correlate observed side-channel signals with specific internal computations.
Your seminar paper: In this seminar you take a closer look at instruction set extensions, which accelerate shuffling.
[1]

VORLAGEN


FRAGEN UND KONTAKT ZUM SEMINAR

Fragen bitte per E-Mail an Elisabeth Krahmer (elisabeth.krahmer@rub.de).

Dieses Semester bietet der Lehrstuhl für Security Engineering ein Seminar für Bachelor- und Masterstudenten an.

Besondere Vorkenntnisse im Bereich IT-Sicherheit oder Kryptografie sind nicht erforderlich.

Die Anmeldung erfolgt über den Moodle-Kurs und FlexNow.


TERMINE SoSe 2025

TBAEinführungsveranstaltung (Anwesenheitspflicht!) in MB 3/86
TBAAbgabe des Exposés
TBAVorläufige Endversion, Abgabe zur Korrektur beim Betreuer
TBAFinale Endversion nach Einpflegen der Korrekturen
TBAPräsentationstag

VORLAGEN


FRAGEN UND KONTAKT ZUM SEMINAR

Fragen bitte per E-Mail an Elisabeth Krahmer (elisabeth.krahmer@rub.de).