Diplom- und Studienarbeiten


Ausschreibungen


Wir sind immer an Studierenden interessiert, die bei uns eine Studien- oder Abschlussarbeit schreiben möchten. Es sind keine besonderen Vorkenntnisse erforderlich, d.h. Grundlagen der Kryptographie, algorithmische oder VHDL Grundlagen können während der Arbeit erlernt werden. Die Ausschreibung richtet sich darüber hinaus gleichermaßen an Studierende der ET, IT, AI und ITS.

Unser Lehrstuhl bietet aktuell folgende Themen zur Bearbeitung für Studien-, Bachelor-, Master- und Diplomarbeiten an. Bei Interesse einfach an den zugehörigen Ansprechpartner wenden.

Studierende, die noch keinen Kontakt zu einem unserer Mitarbeiter haben und sich von den unten stehenden Themen nicht angesprochen fühlen, haben darüber hinaus die Möglichkeit, an die Kontakt-Emailadresse emsec+BA_MA@rub.de eine allgemeine Anfrage nach einer Abschlussarbeit zu richten. In diesem Fall bitte ein kurzes Anschreiben (einige Worte zur eigenen Person, Stärken/Schwächen, Motivation,...) sowie den aktuellen Notenspiegel beifügen.

Bitte beachten Sie zusätzlich die offiziellen Merkblätter für Bachelorarbeiten und für Masterarbeiten.

Security Analysis of Drones
(Masterarbeit - Bachelorarbeit)
Puschner_dronesec

Background:
Drones gain more and more popularity nowadays. As there is a high demand on drones, the price of a drone is reasonably cheap, so it is now able for many people to afford a drone. Also, more and more digital features like GPS-positioning or intelligent flight modes are added to the feature set of drones to make them easier to fly. Additionally, many protective features like sensors make drones more safe and prevent breaking or losing them by detecting obstacles in their way of flight or return to the starting point autonomously when the radio connection is disturbed or the battery gets depleted.

The question is, whether the communication protocol of these drones is also secure and with which effort drones could be hijacked. This thesis would be about precisely analyzing existing drone models or components regarding their security aspects. This involves to reverse engineer parts of the communication between a usually existing controller or smartphone app and the drone on the other side. By that, it will be revealed which protocols and security mechanisms are implemented and how easy for an attacker it would be to spoof valid signals or to extract possibly personal information from the radio data stream.

What can you do?
If you generally like to find out how electronic devices work, you have experiences with reverse engineering of assembler code, or you are very interested in drones, this thesis might suit you. It is expected to analyze at least one advanced commercial or non-commercial (self-built) drone about its internal security features and protocol details. It might be more or less simple to find out how communication between the drone and the respective controller works, so this topic is a bit flexible in regard to what exactly needs to be done and how many different drones can be analyzed. It is necessary to have at least general knowledge about radio based systems and basic knowledge of electronics and microprocessors.

Contact:
If this sounds interesting to you, please contact Endres Puschner (endres.puschner@rub.de)

Bitstream Reverse Engineering
(Masterarbeit - Bachelorarbeit)
ender_bitstream

Background:
A bitstream contains the configuration of an FPGA. Internally it configures all basic elements like LUTs, FFs, as well as the routing between them. For recent FPGAs, the bitstream encoding is proprietary, and the vendor's tools are a one-way street as they generate only the bitstream from the netlist. Thus, we have insufficient knowledge about the bitstream format and the internal FPGA structure. A deeper understanding of the aforementioned would serve as the foundation for several projects:

  • Bitstream-to-HDL-transformation and reversing of FPGA designs
  • Attacks on real-world devices like smart TVs or routers
  • Enhanced Bitstream Fault Injection attacks (BiFI++)
  • Attacks aiming directly on the FPGA architecture
  • Formal verification of the bitstream; detection of malicious synthesizers
  • Enhanced side-channel resistance
  • etc.
In our latest research, we have already reversed critical parts of the bitstream. However, some essential features are still missing. Nevertheless, we can already start some of the projects mentioned above, where you come in as a Bachelor's or Master's thesis student!

Project I: Bitstream-tools (BA): As mentioned above critical parts of the bitstream are already reversed, but we need proper tooling, as well as the reverse engineering of the missing bitstream parts for future projects. Thus, your task is to develop a tool which can (1) read out the bitstream and write a gate-level netlist, and (2) manipulate the bitstream in a meaningful way. As an extension to this (3) the remaining bitstream parts can be reversed. You should have a solid skill set in programming and data structures. Experience in FPGA/HDL programming is not necessary; the required techniques can be learned during the thesis.

Project II: BiFI++ (MA): In [1] Swierczynski carried out an attack called Bitstream Fault Injection (BiFI), which alters the LUT content of an AES core to introduce permanent faults. We extend this attack to the routing structure to enable advanced attacks against RSA cores.
[1] https://emsec.rub.de/research/publications/BiFI/

Project III: Attacks on real-world devices (BA/MA) - future project: With the capability of reversing FPGA bitstreams, we can attack several real-world devices as a showcase. After finding a suitable target device, you (1) reverse engineer the bitstream in order to (2) inject a hardware Trojan into the design. Previous experiences and skills in FPGA programming or reverse engineering may be advantageous.

Project IV: Formal Verification (MA) - future project: In this project, we want to verify the synthesis tools' output against the gate-level netlist. In other words, we want to check if the tools altered the designed circuit (malicious synthesizer), e.g., added a Trojan. Your task will be to (1) write or use a tool which checks the formal equivalence of the HDL to the netlist. In a second step, your tool (2) verifies the equivalence of the netlist and the bitstream.

Contact:
If you are interested in one of the thesis write us an email or come to our office (ID 2/627): steffen.becker@rub.de, maik.ender@rub.de.

Using FPGA antennas to leak information from cryptographic cores
(Masterarbeit - Bachelorarbeit)
albartus_fpga_antennas

Background:
By placing FPGA interconnects in a specific physical shape an FPGA can be used to transmit data, much like a radio transmitter.

[1] http://www.ccm.ece.vt.edu:8444/papers/couch_2011_reconfig.pdf

What can you do?

We are trying to build FPGA antennas to leak security critical information from a circuit. Currently we have an FPGA core utilizing the antenna.

  • Understand and improve the current version of the FPGA antenna core
  • Build an antenna to receive data from the FPGA
  • Implement various security case studies

The topic is especially suited for students of ET/IT. Knowledge about electrical communication engineering (Nachrichtentechnik) is required and basic knowledge in VHDL/Verilog is recommended.

Contact:
If you are interested write us an email: nils.albartus@rub.de, maik.ender@rub.de.

Defence Against the Dark Arts meets Embedded Software
(Masterarbeit - Bachelorarbeit - Studienarbeit)
fyrbiak_anti-reversing

Background:
Hardly a week goes by without a new attack to embedded applications becomes publicly known. Everything ranging from IoT applications to cars and even medical devices gets hacked, often with catastrophic consequences to our modern society. A common denominator for virtually all real-world attacks is a preceded reverse engineering of the firmware to expose bugs, since original source code is typically not publicly available. Thus an effective countermeasure to prevent most attacks is to transform the program in a smart way to prevent reverse engineering. We offer the following BA/MA theses topics:

  • Anti Reverse Engineering in the Embedded World. In this thesis, you analyze the suitability of program transformation techinques for embedded systems. Your goal is to implement advanced, bare-metal techniques (e.g., to hamper reverse engineering and mitigate exploitation), perform a security analysis, and evaluate its overheads for a comprehensive embedded benchmark suite.
  • Expose Secrets of Embedded Devices. In this thesis, you analyze and improve advanced program analysis techniques to reverse engineer the firmware of embedded devices to subsequently expose its secrets (e.g. protocol specification or cryptographic keys). Your goal is to implement automated techniques in state-of-the-art analysis tools, and evaluate its results for real-world embedded devices.

Requirements
Requirements vary so the final scope of the thesis is chosen depending on the student’s background. However, some knowledge regarding embedded systems, software reverse engineering, and C++/Python will be beneficial.

Contact:
If this sounds interesting to you, please contact Marc Fyrbiak (marc.fyrbiak@rub.de)

Side-Channel Evaluations and Countermeasures

Background:
Side-channel Analysis investigates whether the power consumption of a device during a cryptographic operation reveals information about the secret key. A well-known attack against symmetric cryptography is differential power analysis (DPA) [Koc99] which allows the attacker to formulate key hypotheses and evaluate their likelihood with a statistical test performed on power measurements.
Please approach me to find a specific topic based on your interests and skills.

Requirements:
Mandatory: Some knowledge of C and C++ programming. An interest in side-channel analysis.
Optional: For an in-depth topic you should have completed the course "Physical Attacks and Countermeasures"

Contact:
Betreuer: Felix Wegener
Mail: felix.wegener@rub.de

Location-based Group-Key Extraction from the Sky
(Masterarbeit oder herausfordernde Bachelorarbeit)
Zenger_Location-based-Group-Key-Extraction-from-the-Sky_2 Zenger_Location-based-Group-Key-Extraction-from-the-Sky_3

Background:
Location or proximity based key establishment enables security that is intuitive and easy to understand. For example, it would be nice to provide all cars within a given environment with a group key for privacy-preserving/anonymous communication. However, using state-of-the-art approaches, such as, pseudonym certificates, are insufficient and new solutions are urgently needed for C2C/C2X-communication.

What is this thesis about?
We propose a group key extraction mechanism that is based on time/space-complexity. Specifically we use the random time/space behavior of the ionosphere (we start with the one of our earth) to generate vicinity-based key material. We have developed a first ionosphere measurement setup utilizing signals from GPS-satellites. The setup is based on GNU-radio [1] and GNSS-SDR [2]. We are searching for a Master (or highly motivated Bachelor) student who is interested in wireless systems and software-defined radios. You need to be able to program C (maybe also C++) and Python.

[1] http://gnuradio.org
[2] http://gnss-sdr.org

Contact:
If this sounds interesting to you, please contact Christian Zenger (christian.zenger@rub.de)

PROPHYLAXE – Effizientes Schlüsselmanagement
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Im Rahmen des Projektes „Effizientes Schlüsselmanagement für mehr Sicherheit im ‚Internet der Dinge‘“, kurz PROPHYLAXE soll ein alternatives Konzept zur Schlüsselerzeugung auf „Internet der Dinge“-Szenarien angewendet werden, das insbesondere für kleine eingebettete Knoten geeignet ist. Die wesentliche Frage in der Praxis ist immer: Wie können ALICE und BOB ein solches Geheimnis vereinbaren, ohne dass EVE den Schlüssel ebenfalls erfährt?
Prophylaxe
Das Grundprinzip des PROPHYLAXE-Verfahrens ist das Folgende: Vermessen ALICE und BOB ihren gemeinsamen Kanal nahezu gleichzeitig, werden seine Übertragungsparameter (z.B. die effektive Signalstärke) bei beiden Parteien stark korrelieren—dies wird Reziprozität genannt. Da die Übertragungsparameter durch die Umgebung des Kanals beeinflusst werden (z.B. durch Signalreflektionen, Brechungen, Störungen, Einstreuungen, etc.) können sie nicht vorhergesagt werden und verhalten sich wie zufällig. Als folge daraus generiert die Messung des Kanals bei ALICE und BOB eine Serie von Zufallszahlen, die sich stark ähnelt.
(Wir suchen 2 Masterarbeiten)
MaThe-Prototyp: Im Rahmen einer Masterarbeit würden Sie Kleinstsysteme, die via Bluetooth- oder ZigBee-basieret kommunizieren, mit unserem Ansatz erweitern. Somit können höchst aktuelle Internet-of-Things Anwendungen (Smart Home, Industrie 4.0, …) andressiert werden.
MaThe-Protokoll: PHYSEC stellt einen gänzlich neues symmetrische Primitiv dar. Mit PHYSEC sind wir erstmal in der Lage ein dynamisches SYMMERISCHES Schlüsselmanagement zu realisieren! Hierfür gibt es noch keine Protokolle (ev. Vergleichbar mit PKI-Ansätze oder Kerberos). Im Rahmen einer Masterarbeit sollen neue Protokollansätze entwickelt und in ein OpenSource-SmartHome-Server implementiert werden.
(Wir suchen 2 Bachelorarbeiten)
Experimentelle Sicherheitsanalyse: Um die Schlüsselerzeugung angriffssicher zu machen, kümmern wir uns natürlich auch um die spannende Aufgabe wie das System kompromittiert werden kann. Hier könnten Sie im Rahmen einer Abschlussarbeit Teile der Sicherheitsanalyse behandeln. Im Rahmen der Bachelorarbeit würden Sie einen PHYSEC-Contest ins Leben rufen. Basieren auf passiven Angreifern würde der Contest alle interessierten Sicherheitsexperten auffordern unser System zu evaluieren. – Eine zweite Arbeit würde aktive Kanalmanipulations-Attacken beinhalten.
Koordinator des Projekts mit einem Gesamtvolumen von 3,37 Mio. Euro ist das Fraunhofer Heinrich Hertz Institut in Berlin. Außerdem gehören die Robert Bosch GmbH, die ESCRYPT GmbH – Embedded Security, die Technische Universität Dresden (TUD), die Technische Universität Kaiserslautern (UKL) und der Lehrstuhl für Digitale Kommunikationssysteme der RUB zu den Partnern.
PROPHYLAXE Homepage

Kontakt:
Betreuer: Christian Zenger
Mail: christian.zenger@rub.de

Bring Your Own Bug
(Bachelorarbeit)
BYOB

Abstract:
Das neue Paradigma “Bring Your Own Device” (BYOD), welches das Nutzen von privaten Geräten im Arbeitsumfeld ermöglichen und fördern soll, bringt mit sich eine eigene Klasse von Sicherheitsrisiken. Diese entstehen dadurch, dass der Arbeitgeber seinen Mitarbeitern in der Regel nicht detailliert vorschreiben kann oder darf, was diese auf ihren Geräten (z.B. Smartphones) installieren dürfen oder müssen.
Obiges Szenario birgt die Gefahr, dass Mitarbeiter leistungsstarke, ständig mit dem Internet verbundene und mit vielfältigen Sensoren ausgestattete Geräte in sensible Firmenkontexte eingebringen. Neben dem Fall des bewussten Insider-Angriffs durch einen Mitarbeiter, gibt es noch den externen Angreifer: Hier ist denkbar, dass, ohne Kenntnis eines Mitarbeiters, dessen Smartphone durch Malware kompromittiert wird.
In dieser Arbeit soll untersucht werden, wie realistisch und simpel ein möglicher Angriff aussehen kann. Die Ausgangssituation für unseren Angriff betrifft nahezu jeden, der sein Smartphone auf den Schreibtisch neben die Tastatur legt (z.B. zum Laden der Batterie). Konkret wollen wir herausfinden, ob in einem solchen Fall mittels Sensoren (Mikrofon, Beschleunigungssensor, …) eingegebene Passwörter rekonstruiert werden können (Tastatur-, Nutzer-, Tisch- und Umgebungsunabhängig).

Kontakt:
Betreuer: Christian Zenger
Mail: christian.zenger@rub.de

Secret-Key Generation via Uncertainty of Communication Channels
(Masterarbeit - Bachelorarbeit)
Topicbild

Abstract:
Yes, there is another approach to secure channels beside asymmetric /symmetric Crypto approaches: Physical Layer Security!
Physical Layer (PHY) Security is a rich area and a very interesting approach, which combines Coding Theory, Networking, Game Theory and Cryptography. A PHY-Security based system is able to solve the problems of key-management- and arbitrary-precision arithmetic and so it represents a very attractive approach.
In the context of our PROPHYLAXE-project supported by the Federal Ministry of Education and Research of Germany (Link) an entirely new paradigm for generating secret keys will be developed. The approach is based on a common estimation of the transmission channel by the sender and receiver whereby the secret key will be derived from channel parameters. It shall be assumed that the channel between two communication nodes is reciprocal and the entropy of spatial, temporal, and spectral characteristics is sufficiently high. Most practical channels present these requirements.
We offer highly research- and industry-related Bachelor’s and Master’s theses in the following topics:

  • Physical Layer Security protocol design based on real world requirements (by Robert BOSCH AG).
  • Implementing of a prototype system based on WiFi-n-standard (Android- or µC-based). Here you would improve our/the first channel-based prototype system.
  • First security analysis of our real-world security system (Communication engineering vs. IT-Security). For the simple reason that no system existed, a security analysis wasn’t possible so far. Now we have a running system and we want you to analyze it.

Kontakt:
Betreuer: Christian Zenger
Mail: christian.zenger@rub.de

SHK gesucht für 1 Jahr oder länger
(Bachelor oder Masterarbeit sind möglich)
Topicbild

Abstract:
Im Rahmen des BMBF-Programms „IT-Sicherheitsforschung“ sucht der Lehrstuhl für Eingebettete Sicherheit ab sofort eine studentische Hilfskraft. Die Tätigkeiten können dynamisch an den Studienalltag angepasst werden und umfassen einem Aufwand von ca. 10 Stunden pro Woche. Der Student sollte ein abgeschlossenes Studium im Bereich Elektrotechnik haben. Wünschenswert sind nachrichtentechnische Kenntnisse im Bereich der Messtechnik, Hochfrequenztechnik, digitalen Signalverarbeitung und Entwurf digitaler Empfangssysteme sowie Erfahrungen in MatLab-, und C-Programmierung vorweisen. Koordinator des Projekts mit einem Gesamtvolumen von mehr als 3 Mio. Euro ist das Fraunhofer Heinrich Hertz Institut in Berlin. Außerdem gehören die Robert Bosch GmbH, die ESCRYPT GmbH – Embedded Security, die Technische Universität Dresden (TUD), die Technische Universität Kaiserslautern (UKL) und der Lehrstuhl für Digitale Kommunikationssysteme der RUB zu den Partnern. Haben wir Ihr Interesse geweckt? Für weitere Informationen christian.zenger@rub.de.

Kontakt:
Betreuer: Christian Zenger
Mail: christian.zenger@rub.de

Cryptanalysis of Lightweight Ciphers
(Masterarbeit - Bachelorarbeit)
Rasoolzadeh_Cryptanalysis-of-Lightweight-Ciphers

Abstract:
Lightweight Cryptography In last decade, some symmetric-key primitives namely lightweight ciphers are designed which are appropriate to use in concentrated source computing devices. Due to the limitation of resources, these pervasive devices are extremely limited in computing power, battery supply and memory, the structure of designed lightweight ciphers are innovative and sometimes simple that makes the computation operations lighter. Hence their cryptographic security need to be studied carefully.
The target of this project is to investigate theoretical security of some lightweight block or stream ciphers using well-known symmetric-key attacks (like differential, linear, mitm, integral and ... ).

Requirements
Some knowledge about Cryptanalysis of Symmetric Ciphers will be a benefit.

Contact:
If this sounds interesting to you, please contact Shahram Rasoolzadeh (shahram.rasoolzadeh@rub.de)

Nano-Scale Side-Channel Analysis
(Masterarbeit - Bachelorarbeit)
Moos_Nano-Scale-Side-Channel-Analysis

Background:
The traditional use case of cryptography, namely transferring secret messages between two distant parties, does not involve any adversarial access to the machines that execute cryptographic algorithms. Hence, for several decades, mathematical security of the applied ciphers was the only important criterion. For many of todays applications on the other hand this assumption is no longer suitable. Smart-cards, RFID tags, electronic door locks and keys as well as many further small scale devices in the IoT are in the hands of potential adversaries with a constant and non-observable physical access to them. The most prominent class of attacks that becomes important in such a setting is the side-channel analysis. Side-channel analysis attacks are based on the observation of the physical properties of a cryptographic device and try to learn information about the internal key material. These physical properties, like e.g. the power consumption or the electromagnetic emanation, vary significantly when the respective technology is scaled down as aggressively as current nanometer CMOS processes. Thus, it is crucial to keep effective countermeasures against side-channel attacks up-to-date and to generate new ones that fit the altered conditions.

What can you do?
One of the most important – technology scaling-induced – changes in the power consumption characteristics of physical devices is the rise of the static power consumption. Since many countermeasures against power analysis attacks are based on concealing the data dependency in the dynamic currents, it can be possible to circumvent these by exploiting the information leakage through the static power dissipation.
Our group has recently built a sophisticated measurement setup for static power analysis and carried out several preliminary experiments with promising results. However, it is necessary to advance the research in this area. Concrete thesis topics can include the development and test of new countermeasures against static power analysis, the study of temperature effects on the static and dynamic power consumption in different technologies and the improvement of the existing measurement setup.
The topic is well suited both for students of ITS and ET/IT. To practically implement and test the countermeasures and to work with the FPGA boards, it is necessary that you are familiar with VHDL and at least one suitable PC programming language, e.g., C or C++. It is also possible to realize smaller parts of the project as a Studien- or Bachelorarbeit.

Contact:
If this sounds interesting to you, please contact Thorben Moos (thorben.moos@rub.de)

Kleptography - Attacking Cryptography Using Cryptography
(Master Thesis - Bachelor Thesis)
Hoffmann_Kleptography

Background:
Kleptography is the art of stealing information securely and subliminally. A kleptographic attack cannot be detected if the device under test is analyzed as a black-box. Even if a kleptographic Trojan is discovered by analyzing the device, it is impossible to tell when information was leaked. In addition, previous transcripts cannot be classified as affected or not. Kleptography has similarities to the area of subliminal channels. However, once a subliminal channel is discovered, everyone can read the transmitted data. Kleptography takes the approach to not create a hidden channel, but use existing channels and hide information in a way, such that only the Trojan engineer is capable of reading it. Therefore, kleptography is also referred to as using cryptography against cryptography.

What can you do?
Understanding and implementing kleptographic algorithms is not a challenging task in general. However most research in this area has been theory and no practical evaluation was done.
The same problem applies to detection and countermeasures: Theoretic approaches exist but they rely on unrealistic assumptions or were not validated in real-world applications. After implementing cryptographic algorithms and infecting them with a kleptographic Trojan, it would be interesting to analyze devices and evaluate different detection methods. This task can be done on both, microcontrollers or FPGAs.
The topic combines basic mathematical manipulation of cryptographic systems, implementations for embedded platforms and analysis of runtime characteristics. It is required that you have a good understanding of mathematical descriptions of cryptographic algorithms and that you are familiar with C and possibly Assembly or VHDL/Verilog.

Contact:
If this sounds interesting to you, please contact Max Hoffmann (max.hoffmann@rub.de)

Image Processing in Hardware Reverse Engineering
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)
clockbending

Background:
VLSI circuits are from millions of transistors, generating logical and analog signals on the silicon die. Multiple transistors group into logical functions like INVERTER, NAND and NOR gates. Within one chip several hundred different logic-gates can be distinguished, each repeating multiple thousand up to multiple million times over the chip.
Hardware Reverse Engineering is the invasive approach to find hard-wired proprietary implementations and functions in ASICs. Besides the interpretation of VLSI circuits and functions, acquiring clean images from the metal layers and the polysilicon layer are essential for reverse engineering. Each layer is step by step delayered in a wet-chemical polishing process and acquired to get a digital image of the chip. Promising new approaches are using neuronal networks for street detection and might be adjustable.
The sheer number of transistors and gates makes the reverse engineering impossible to execute manually. Full and semi-automatic tools are required to help the reverser. With Moore’s Law still intact, the number of transistors and logic-cells grows exponentially showing that this approach becomes even more repetitive and tedious. First academic research tries in a semi-automatic way to find repetitive logic cells and highlights wires over multiple layers.

What can you do?
Our group is capable of producing high resolution images of multiple layers from modern CMOS chips. The aim of this work is to extend our tools to reverse engineer VLSI chips in an automatic and generic way. The academic challenge is the feature-extraction and pattern recognition of wires and logic cells on noisy layer images, as well as a new (semi)-automatic cell-function evaluation. The first focus of the thesis is thus on implementing further image processing functions and validate them on real-world CMOS images. Next, practical attacks on modern real-world devices can be realized. Optionally, advanced topics such as a combination of micro-probing and side-channel analysis may be included. The student can do his own experiments with depackaging and delayering. The topic is well suited for students in electrical-engineering, physics and and IT. To practically implement the algorithms, it is required that you are familiar with one programming language and at least know the basics of CMOS circuits. However, this is not a strict requirement, as most concepts base on simple ideas that are quickly understood. It is possible to realize only a part of the whole project as a Studien- or Bachelorarbeit. This work can be done in the high-security facility of the BKA in Wiesbaden.

Contact:
If this sounds interesting to you, please contact Christian Kison (christian.kison@rub.de)

Side-Channel Attacks using Deep Learning Techniques
(Masterarbeit)
KNN

Background:
Side-Channel Attacks: Side-Channel Attacks (SCA) enable an attacker to extract informations from a cryptographic circuit using information leakage not intended by the developer e.g. timing, power consumption, or electromagnetic emanation.

Deep Learning: In the recent years Deep Learning(DL) has seen a huge increase. Using machine learning techniques like Convolutional Neural Networks, applications like image recognition have been enabled with unseen accuracy.

What can you do?
In 2016 Maghrebi et al. presented a first study on using DL techniques to improve SCA. They tested different architectures of Neural Networks, i.e., Multilayer Perceptron, Stacked Auto-Encoder, Convolutional Neural Network, and Long and Short Term Memory, for their suitability to analyze side-channel signals. The Analysis was performed in a profiling setting. The attacker has access to an identical device he can control, which enables him to perform known-key measurements to build profiles of the leakage behavior.

The goal of this thesis is to apply different types and architectures of Deep Learning / Neural Network techniques on the problem of profiled side-channel analysis. Since Maghrebi et al. only analyzed software implementations, an interesting aspect is applying these techniques on hardware implementations which exhibit a different leakage behavior due to the parallel processing of signals.

The methods should be implemented using state of the art DL frameworks, e.g., Google's TensorFlow, which can utilize the groups GPU server to efficiently perform the calculations.

Contact:
If this sounds interesting to you, please contact Bastian Richter (bastian.richter@rub.de)

Implementation of Post Quantum Cryptography
(Masterarbeit - Bachelorarbeit)
Topicbild

Background:
Nearly all of the currently used and well-tested asymmetric cryptographic schemes (e.g. RSA, DSA) are based either on the factoring assumption or the presumed intractability of the discrete logarithm problem. Further algorithmic advances on these problems or the appearance of a quantum computer might lead to the unpleasant situation that a large number of schemes have to be replaced with alternatives. For these alternatives to become practical and usable it is necessary that they can be implemented in an efficient and secure way. As recent results suggest, the first quantum computer might be built in the next two decades which creates peculiar need to deal with the problem now. As a consequence, a NIST standardization contest for post-quantum cryptography has been launched [1].

What can you do?
Depending on your background, it is possible to develop efficient and side-channel resistant implementations of schemes that are considered secure against attacks by quantum computers, as for example:

  • Hash-based signatures
  • Multivariate Quadratic (MQ) schemes
  • Lattice-based cryptography
  • Code-based schemes
Possible target hardware are FPGAs, graphics cards, microcontrollers or x86 architecture. The evaluation of the side-channel resistance of schemes is also a possible topic for a thesis.

[1] http://http://csrc.nist.gov/groups/ST/post-quantum-crypto/

Contact:
If this sounds interesting to you, please contact Tobias Oder (tobias.oder@rub.de)

Security Analysis of Real-World Devices
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)
Topicbild

Background:
Research in the field of cryptology offered convenient algorithms and protocols to fulfill certain security goals. Even though there are no strict mathematical proofs for many algorithms, public scrutiny enables confidence in the schemes. In contrast, manufacturers of security-relevant devices sometimes tend to implement proprietary algorithms to create an “additional layer” of security or to save cost in terms of program size or performance. As shown multiple times, when the undisclosed mechanisms are reverse-engineered or leak to the public, the implemented schemes turned out to be insecure with respect to their claimed security features.

What can you do?
The goal of this thesis is to investigate the size of the gap between cryptographic research and what is implemented in real world. To this end, we have multiple widely deployed candidates available for a detailed analysis of the implemented proprietary security mechanisms. The first step here is to reverse-engineer the extracted program code running on the device. This enables an understanding of the used methods and the possibility to reason about the level of security. In the second step, you can exploit possible flaws by developing attacks or the required hardware to circumvent the claimed security. The topic is well suited for students of ITS, ET/IT, and AI. To be able to understand the recovered program code, it is required that you are familiar with microcontrollers and at least one assembly programming language, e.g., AVR-asm. The underlying concepts can be quickly transferred to other devices and their corresponding instruction set. It is possible to find the most suitable target and to realize only a part of the whole project as a Studien- or Bachelorarbeit.

Contact:
If this sounds interesting to you, please contact Endres Puschner (endres.puschner@rub.de)