Im Sommersemester bietet der Lehrstuhl für Security Engineering ein Seminar für Bachelor- und Masterstudenten an.
Vorkenntnisse im Bereich IT-Sicherheit oder Kryptografie sind abhängig vom Thema erforderlich.
Die Anmeldung erfolgt über die zentrale Anmeldung der Fakultät für Informatik und FlexNow.
Hauptsprache der Veranstaltung ist Englisch.
ZIEL DES SEMINARS
Ziel des Seminars ist das Erlernen von wissenschaftlichem Schreiben und Präsentieren, sowie eigenständiges Arbeiten und Selbstorganisation. Die Teilnehmenden setzen sich mit einem aktuellen Forschungsthema im Bereich Security Engineering auseinander und präsentieren dieses am Ende des Semesters im Plenum.
TERMINE SoSe 2026
| 01.02. - 01.03.2026 | Anmeldung über die zentrale Anmeldung der Fakultät für Informatik |
| 15.04.2026 | Einführungsveranstaltung (Anwesenheitspflicht in Präsenz) |
| 05.05.2026 | Abgabe des Exposés |
| 23.06.2026 | Abgabe der vorläufigen Endversion zur Korrektur beim/bei der BetreuerIn |
| 14.07.2026 | Abgabe der finalen Endversion nach Einpflegen der Korrekturen |
| 28.07.2026 (vsl.) | Präsentationstag (Anwesenheitspflicht in Präsenz) |
| Während des Semesters | Regelmäßiger Austausch mit dem/der BetreuerIn nach individueller Absprache |
THEMEN SoSe 2026
| Nr. | Titel | Beschreibung | Quellen |
|---|---|---|---|
| 1 | INDIANA - Verifying (Random) Probing Security through Indistinguishability Analysis |
Abstract: Masking as countermeasure against side-channel attacks is complex and error-prone to implement, necessitating automated verification methods for the security of masked circuit designs. INDIANA is a formal securityevaluation tool, that verifies masked circuit security in the threshold d-probing, and the random probing model.
Your seminar paper: For this work, your task is to write an extensive summary with necessary preliminaries and their respective literature. |
[1] |
| 2 | PERSEUS - Probabilistic Evaluation of Random probing Security Using efficient Sampling |
Abstract: Masked cryptographic implementations aim to resist side-channel attacks, but rigorously evaluating their security remains difficult. Existing random probing model techniques either scale poorly or produce inefficient circuits. PERSEUS introduces a scalable Monte Carlo–based method, with pruning, to directly estimate randomprobing security for large circuits. Implemented in the tool, the approach efficiently verifies masked AES-128 with 8 shares and security beyond 32 bits, significantly improving practical side-channel security evaluation.
Your seminar paper: For this work, your task is to understand the theoretical foundations and summarize the work extensivelyand research additional literature to put this work into context. |
[1] |
| 3 | PIOP formalism in post-quantum signature schemes |
Abstract: The National Institute of Standards and Technology (NIST) is currently hosting a competition to identify additional post-quantum cryptographic (PQC) signature schemes. The goal is to standardize a more diverse array of schemes beyond those already selected. Among the categories being evaluated are schemes based on multi-party computation (MPC).The competition has now progressed to the second round, during which many MPC-based schemes have been updated to incorporate the latest research findings, resulting in more efficient implementations. One significant area of focus in these updates is the PIOP (Polynomial Interactive Oracle Proof) formalism. An example of a scheme that has been revised in this context is SDitH.
Your seminar paper: Investigate the MPC-based schemes that have advanced to the second round of the NIST competition. Identify which of these schemes utilize the PIOP (Probabilistically Checkable Interactive Oracle Proofs) formalism and provide a detailed explanation of how they use it. Finally, conduct a comparative analysis to discuss the similarities and differences in how each scheme employs the PIOP formalism. Prerequisites: Master student, with abstract math knowledge |
[1] [2] |
| 4 | Hybrid post-quantum cryptography |
Abstract: Given that the mathematical foundations of current post-quantum cryptography (PQC) are relatively new compared to those used in classical cryptography, the concept of employing a hybrid scheme for practical applications has emerged. This approach combines both post-quantum and classical cryptographic elements to enhance security. By doing so, the scheme remains secure against quantum computer attacks due to the post-quantum component, while also maintaining security against classical computer attacks. This dual-layered security ensures that even if the post-quantum component is eventually found to be vulnerable to classical computation, the classical cryptographic scheme will still provide robust protection as long as there is no strong enough quantum computer.
Your seminar paper: Conduct a literature survey to investigate the efforts being undertaken by standardization organizations, such as NIST (National Institute of Standards and Technology) and BSI (Federal Office for Information Security), to standardize hybrid constructions for post-quantum cryptography. Prerequisites: tbd |
[1] |
| 5 | (Securely) Sharing is Caring: A Comparison of Secret Sharing Schemes |
Abstract: A secret sharing scheme is a method by which a dealer distributes shares to parties such that only authorized subsets of parties can reconstruct the secret. Secret sharing schemes are an important tool in cryptography and they are used as a building block in many secure protocols, e.g., secure multiparty computation protocols for arbitrary functionalities, Byzantine agreement, threshold cryptography, access control, attribute-based encryption, and weighted cryptography (e.g., stake-based blockchains). To this end, different schemes exist that all have their own properties and shortcomings.
Your seminar paper: Your task is to identify and present different secret sharing techniques, such as Shamir's Secret Sharing or secret sharing using the Chinese Remainder Theorem or Monotone Span Programs, and present their advantages and weaknesses. You should also compare the identified techniques on different metrics such as the size of the shares, the efficiency of the secret sharing schemes or other interesting findings. Prerequisites: Good foundation in mathematics |
[1] [2] |
| 6 | A Survey on KP-ABE Schemes |
Abstract: Attribute-Based Encryption (ABE) is a powerful cryptographic primitive for providing fine-grained access control and confidentiality. Generally, ABE schemes are categorized into two types of ABE, where Key-Policy ABE uses an access structure to issue the user keys and attributes fulfilling this access structure to encrypt ciphertexts. But even for this type of ABE, there are plenty of different schemes that all have their own advantages and limitations.
Your seminar paper: In your seminar paper, you should first present a small introduction of Attribute-Based Encryption and its most important concepts. Then, your main task is to identify different KP-ABE schemes and present them together with their properties such as the supported access structure and if they are centralized, as well as possible limitations like a boundedness in some parameter. These findings should then be used to compare the identified schemes and propose different use-cases. Prerequisites: Good mathematical background, Not recommended for Bachelor students |
[1] [2] |
| 7 | PermuteV: A Performant Side-channel-Resistant RISC-V Core Securing Edge AI Inference |
Abstract: Edge AI inference is becoming a prevalent task in embedded systems. However, as these systems are physically exposed to the end user, they also become prime targets for side-channel attacks.
Your seminar paper: In this seminar you will take a closer look at ISA/microarchitectural level defenses against these threats [1]. |
[1] |
| 8 | Speculative Execution Attacks on the Apple M Architecture |
Abstract: In 2018 researchers shocked the industry by discovering fundamental flaws in the implementation of speculative execution that can lead to the leakage of sensitive information across address spaces. But not only Intel and AMD are affected. It has been shown, that the new Apple M architecture contains similar flaws.
Your seminar paper: In this seminar you will take a closer look at the SLAP and FLOP attack, which exploit mispredictions to leak data [1]. |
[1] |
| 9 | RMPocalypse: How a Catch-22 Breaks AMD SEV-SNP |
Abstract: AMD SEV-SNP offers confidential computing in form of confidential VMs, such that the untrusted hypervisor cannot tamper with its confidentiality and integrity. SEV-SNP, the latest addition, ensures integrity via the Reverse Map Table (RMP) that stops the hypervisor from tampering guest page mappings. AMD uses RMP entries to protect the rest of the RMP, thus causing a Catch-22 during the RMP setup phase. To address this, SEV-SNP relies on AMD's Platform Security Processor (PSP), that resides next to the x86 cores executing SEV-SNP VMs, to perform the RMP initialization. During initialization, only PSP should be able to alter the RMP memory. All other memory accesses must be fenced, especially from the x86 cores. We present RMPocalypse, a novel attack that shows a critical gap in the security of RMP initialization, wherein the x86 cores maliciously control parts of the initial RMP state. Our analysis shows that the vulnerability arises due to the complex, but insufficient, interplay of multiple hardware components and distributed access controls. To show the impact of our finding, we exploit this gap to break confidentiality and integrity guarantees of SEV-SNP. We demonstrate RMPocalypse by enabling debug on production-mode CVMs, faking attestation, VMSA state replay, and code injection.
Your seminar paper: Your task is to understand the RMPocalypse attack, explain how and why it works and compare it to related attacks on AMD SEV-SNP. |
[1] |
| 10 | CacheWarp: Software-based Fault Injection using Selective State Reset |
Abstract: AMD SEV is a trusted-execution environment (TEE), providing confidentiality and integrity for virtual machines (VMs). With AMD SEV, it is possible to securely run VMs on an untrusted hypervisor. While previous attacks demonstrated architectural shortcomings of earlier SEV versions, AMD claims that SEV-SNP prevents all attacks on the integrity.
In this paper, we introduce CacheWarp, a new software-based fault attack on AMD SEV-ES and SEV-SNP, exploiting the possibility to architecturally revert modified cache lines of guest VMs to their previous (stale) state. Unlike previous attacks on the integrity, CacheWarp is not mitigated on the newest SEV-SNP implementation, and it does not rely on specifics of the guest VM. CacheWarp only has to interrupt the VM at an attacker-chosen point to invalidate modified cache lines without them being written back to memory. Consequently, the VM continues with architecturally stale data. In 3 case studies, we demonstrate an attack on RSA in the Intel IPP crypto library, recovering the entire private key, logging into an OpenSSH server without authentication, and escalating privileges to root via the sudo binary. While we implement a software-based mitigation proof-of-concept, we argue that mitigations are difficult, as the root cause is in the hardware.
Your seminar paper: Your task is to understand the CacheWarp fault attack, explain how and why it works and compare it to related attacks on AMD SEV-SNP. |
[1] |
| 11 | Iteration-Skip and Loop-Abort Fault Attacks on LESS |
Abstract: In Fiat--Shamir-based signatures, it is well-known that key material will be leaked if an attacker can somehow obtain what amounts, in the sigma protocol, to the responses to different challenges with respect to the same commitment. This idea is for example at the basis of a famous differential fault attack against deterministic Fiat--Shamir-based signatures like EdDSA. It is usually difficult to mount a fault injection attack based on that principle against a properly randomized Fiat--Shamir-based scheme however (at least with single faults): since commitment collisions are ruled out, it typically involves obtaining the responses to multiple challenges with respect to the same commitment within a single execution of the signature, which is often impossible by construction (e.g., because the extra information will not fit in a single signature, or because it is hard to force the computation of both responses).
Due to the comparative inefficiency of signatures based on Stern-like protocols with parallel repetition, candidate constructions are led to use clever compression techniques to reduce signature size, in a way that increases the attack surface for physical attacks. In this paper, the authors demonstrate this against the LESS signature scheme, which uses so-called GGM trees for signature compression. The authors propose a simple fault attack on the construction of a binary array used to build the GGM tree, and show that a small number of faulty signatures suffice for full key recovery.
Your seminar paper: Understand and explain the background and the theory behind the described attacks and set them into context. Prerequisites: Math and formalism shouldn't be red flags for you. Recommended for advanced Bachelor or Master students. |
[1] [2] |
| 12 | Beyond Side-Channels: Evaluating Inner Product Masking Against SIFA |
Abstract: Statistical Ineffective Fault Attack (SIFA) presents a critical threat to cryptographic implementations by circumventing conventional detection-based countermeasures effective against traditional fault attacks. Particularly, SIFA operates via two mechanisms: SIFA-1 exploits fault effectiveness dependency on target values, while SIFA-2 leverages conditional propagation of faulted values based on sensitive intermediates. Recent studies suggest that, masking, mainly a side-channel protection, also exhibits promising resistance to SIFA-1, such as prime masking. In this paper, the authors systematically evaluate the resilience of Inner Product Masking (IPM) against SIFA.
Your seminar paper: For your seminar paper you should read and understand the linked source. Give a thorough introduction and background before explaining the results of the main source. Prerequisites: Be aware that this is a theory/mathematical/formal topic and that you won't get away with superficial descriptions. Not recommended for Bachelor students. |
[1] |
| 13 | ECTester: Reverse-engineering Side-Channel Countermeasures of ECC Implementations |
Abstract: Elliptic Curve Cryptography (ECC) is used widely to integrate asymmetric cryptographic schemes into resource-constrained devices, e.g., smart cards. However, their diverse nature and intricate mathematical details make their correct (and secure) implementation non-trivial. The restricted access to internal details on practical implementations further complicates their analysis and evaluation. Using a new tool, *ECTester*, researchers attempt to verify the security of real-world devices using black-box testing.
Your seminar paper: For your seminar paper you should give an overview of the *ECTester* tool and the results discovered with it. To this end, start by introducing the math behind elliptic curves and their inner workings. Illustrate, what could go wrong when deploying ECC in practice and how the *ECTester* aims to detect possible errors. Finally, discuss the flaws found on real devices and possible limitations. Prerequisites: Background in basic cryptographic protocols and discrete mathematics highly recommended. |
[1] |
| 14 | Security Models for Attribute-Based Encryption |
Abstract: Attribute-based encryption (ABE) is a powerful primitive which enforces access control on a cryptographic level. As common today, the security of new schemes is proven theoretically according to some model. These models differ in nature and range from realistic attack scenarios to simplified assumption to facilitate security proofs. It is therefore necessary to carefully examine the context when a scheme is claimed to be "secure".
Your seminar paper: For your seminar paper you should dive into the security models of (pairing-based) attribute-based encryption. Start by introducing key concepts of ABE and illustrating the scenario in which it can be applied. Further, show the security models used in literature, e.g., the static- and full-security paradigm, and juxtapose their differences. Finally, discuss in how far the models realistically represent practical use-cases. Prerequisites: Background in discrete mathematics and cryptography highly recommended. |
[1] |
| 15 | LEAF: Lightweight and Efficient Hardware Accelerator for Signature Verification of FALCON |
Abstract: FALCON is among the digital signature schemes selected for standardization by NIST due to its many advantages such as compact key sizes and efficient signature verification. At same time however, FALCON is computationally complex, which raises the need for efficient hardware accelerators for its core components. Most works in this direction so far target high performance, while resource-efficiency has not yet been considered. In \[1\], the authors propose a novel data dependence flow, allowing to create a resource-efficient signature verification accelerator that reduces the resource utilization by around 65%.
Your seminar paper: Your task in this seminar is to give an overview of the FALCON signature scheme and the new proposed hardware architecture. For this, you should reiterate the general functionality of FALCON, especially the signature verification, and explain the new ideas of the proposed architecture, especially with regard to already existing ones. Finally, you should compare the performance of the proposed architecture with performance numbers from literature. Prerequisites: Digitaltechnik (required), Kryptografie auf Hardware-basierten Plattformen (required), good cryptographic/mathematical background (helpful) |
[1] |
| 16 | KyberSlash: Exploiting secret-dependent division timings in Kyber implementations |
Abstract: Kyber is one of the Key Encapsulation Mechanisms selected for standardization by NIST. Despite its mathematical soundness, implementing it securely and without any side-channels such as timing or power consumption is a difficult task. The authors of \[1\] show this by reporting two timing vulnerabilities, KyberSlash1 and KyberSlash2, that exploit timing variations in division operations to recover the secret key in minutes respectively hours.
Your seminar paper: Your task in this seminar is to give an overview of the found attacks and their countermeasures. For this, you should explain timing side-channels in general and the two found vulnerabilities in more detail. Furthermore, you should summarize and explain the proposed countermeasures by the authors. Prerequisites: Good cryptographic/mathematical background (required), knowledge of PQC and timing side-channels (helpful) |
[1] |
| 17 | Improving Power Side-Channel Attacks through (Digital) Signal Processing |
Abstract: tbd
Your seminar paper: Prerequisites: tbd |
[1] [2] |
| 18 | Software-Based Hiding Countermeasures |
Abstract: tbd
Your seminar paper: tbd Prerequisites: tbd |
[1] [2] |
| 19 | Chypnosis: Undervolting-based Static Side-channel Attacks |
Abstract: Static side-channel analysis attacks, which rely on a stopped clock to extract sensitive information, pose a growing threat to embedded systems’ security. To protect against such attacks, several proposed defenses aim to detect unexpected variations in the clock signal and clear sensitive states. In this work, we present Chypnosis, an undervolting attack technique that indirectly stops the target circuit clock, while retaining stored data. Crucially, Chypnosis also blocks the state clearing stage of prior defenses, allowing recovery of secret information even in their presence. However, basic undervolting is not sufficient in the presence of voltage sensors designed to handle fault injection via voltage tampering. To overcome such defenses, we observe that rapidly dropping the supply voltage can disable the response mechanism of voltage sensor systems. We implement Chypnosis on various FPGAs, demonstrating the successful bypass of their sensors, both in the form of soft and hard intellectual property (IP) cores. To highlight the real-world applicability of Chypnosis, we show that the alert handler of the OpenTitan root-of-trust, responsible for providing hardware responses to threats, can be bypassed. Furthermore, we demonstrate that by combining Chypnosis with static side-channel analysis techniques, namely laser logic state imaging (LLSI) and impedance analysis (IA), we can extract sensitive information from a side-channel protected cryptographic module used in OpenTitan, even in the presence of established clock and voltage sensors. Finally, we propose and implement an improvement to an established FPGA-compatible clock detection countermeasure, and we validate its resilience against Chypnosis.
Your seminar paper: Understand the presented attack and why / how it works, Provide an introduction to the attack scenario and the given class of side-channel attacks, Explain how the authors are able to utilize the attack concept to circumvent existing countermeasures and gain access to cryptographic secrets, Discuss the impact of this attack and the countermeasures proposed by the authors Prerequisites: tbd |
[1] |
| 20 | Composable Gadgets with Reused Fresh Masks: First-Order Probing-Secure Hardware Circuits with only 6 Fresh Masks |
Abstract: Albeit its many benefits, masking cryptographic hardware designs has proven to be a non-trivial and error-prone task, even for experienced engineers. Masked variants of atomic logic gates, like AND or XOR – commonly referred to as gadgets – aim to facilitate the process of masking large circuits by offering free composition while sustaining the overall design’s security in the d-probing adversary model. A wide variety of research has already been conducted to (i) find formal properties a gadget must fulfill to guarantee composability and (ii) construct gadgets that fulfill these properties, while minimizing overhead requirements. In all existing composition frameworks like NI/SNI/PINI and all corresponding gadget realizations, the security argument relies on the fact that each gadget requires individual fresh randomness. Naturally, this approach leads to very high randomness requirements of the resulting composed circuit. In this work, we present composable gadgets with reused fresh masks (COMAR), allowing the composition of any first-order secure hardware circuit utilizing only 6 fresh masks in total.
Your seminar paper: Familiarize yourself with different security notions and the theoretical modelling of side-channel security, Present the concept of randomness-optimized COMAR gadgets introduced in [1] in a detailed fashion, Highlight the advantages and disadvantages compared to other existing gadget constructions Prerequisites: A basic understanding of digital circuits (-> "Digitaltechnik" lecture), affinity for theoretical topics |
[1] |
VORLAGEN
FRAGEN UND KONTAKT ZUM SEMINAR
Fragen bitte per E-Mail an Elisabeth Krahmer (elisabeth.krahmer@rub.de).