Projects for students
Project topic #1
Title: Template attacks for modern embedded devices
Skills: Signal processing, Side-channel analysis, Machine learning
Type: Master thesis, hands-on in the lab
Supervisor: Lejla Batina
Daily supervisor: Vahid Jahandideh
Description: An essential part of a side-channel attack is finding a suitable leakage model. A leakage model is a function that links side-channel measurements, such as power traces, with the realized values in the target device. Hamming weight is a popular approach due to its simplicity, but it is probably not optimal. A multi-dimensional Gaussian template with weighted bits is an example of a more elaborate leakage model that requires prepossessing. Learning-based leakage modeling, such as template attacks, is another approach. The cost of building a template in most of these methods depends on the bit-width of the implementations. With emerging {32, 64, 128, 512}-bit devices, some of the existing leakage modeling techniques are computationally unaffordable. In this project, you will explore current and evolving methods for leakage templating and model parameter estimations suitable for various bit widths.
The work of [1] is an excellent introduction to leakage modeling. For more recent results, you can look at [2] and [3], which give an example of an ML-based approach.
Related work:
- A Stochastic Model for Differential Side Channel Cryptanalysis.
- A Novel Completeness Test and its Application to Side Channel Attacks and Simulators.
- Support Vector Regression: Exploiting Machine Learning Techniques for Leakage Modeling.
Project topic #2
Title: Masking cryptographic implementations against side-channel attacks
Skills: Side-channel analysis
Type: Master thesis, hands-on in the lab
Supervisor: Lejla Batina
Daily supervisor: Vahid Jahandideh
Description: Currently, many algorithms for masking a cipher are presented in the literature. Examples include high-order boolean, threshold, parallel, and domain-oriented masking. Some techniques are suitable for software implementations, and others are more hardware-oriented. Designing a masking scheme is more challenging if side-channel resilience is required. In this project, first, we need to review existing masking approaches and then apply them to some of the ciphers designed within our group.
For an introduction to side-channel and masking, see [1]. You can find parallel masking in [2] and the domain-oriented approach in [3]. Consult [4] for more recent research on making techniques. The issue of low-noise masking is discussed in [5].
Related work:
- Power Analysis Attacks Revealing the Secrets of Smart Cards.
- Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model.
- Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order
- Side-Channel Masking with Common Shares.
- Breaking Masked Implementations with Many Shares on 32-bit Software Platforms.
Project topic #3
Title: Using information-theoretic approaches to find bounds on the performance of machine learning techniques in SCA
Skills: Information theory, Side-channel analysis, Machine learning
Type: Master thesis
Supervisor: Lejla Batina
Daily supervisor: Vahid Jahandideh
Description: Information theory is influential in many areas, including side-channel analysis, where It has been used in numerous side-channel papers. Still, research is ongoing to obtain new information-theoretic bounds for the success rate of side-channel attacks. See [1] as a recently published paper in this field. Also, see [2] for more practical information-theoretic bounds. There is also a mathematical reduction from noisy measurements to random noiseless values in [3]. In this project, we obtain new results in this field by combining the idea of the reduction with existing information-theoretic bounds.
Related work:
- On the Success Rate of Side-Channel Attacks on Masked Implementations.
- Perceived Information Revisited.
- Unifying Leakage Models: from Probing Attacks to Noisy Leakage.
Project topic #4
Title: A Scalable SIMD RISC-V based Processor with Customized Vector Extensions for Xoodoo
Skills: RISC-V knowledge, VHDL, Verilog, Cryptography knowledge
Type: Internship / Master thesis
Supervisor: Lejla Batina
Daily supervisor: Parisa Eliasi
Description: Xoodyak is a highly valuable candidate in the NIST Lightweight Cryptography (LWC) competition. Xoodyak relies on the Xoodoo permutation, which operates on internal states of size 384 bits, represented as a 3*4*32-bit matrix. The Xoodoo permutation can benefit from speedup through parallelization. In this project, we aim to explore the potential of parallelization of the Xoodoo permutation in RISCV-based processors through custom vector extensions on 32-bit and 64-bit architectures. Then a SIMD processor written in SystemVerilog and can support RISC-V instruction set architecture (ISA) and RISC-V vector extensions will be used to investigate the performance improvement of the Xoodyak with the goals of low latency and high throughput.
Related work:
- Maximizing the Potential of Custom RISC-V Vector Extensions for Speeding up SHA-3 Hash Functions
Project topic #5
Title: Title Acoustic injection attacks on MEMS accelerometers
Skills: signal processing, programming, knowledge about MEMS sensors, control theory
Type:
Supervisor: Lejla Batina
Daily supervisor: Parisa Eliasi
Description: It has been shown that nearby emitting acoustics could damage the integrity of a MEMS sensor’s digital outputs at resonant frequencies of the sensor. Conducted experiments show that the hardware security flaws in amplification and filtering circuits of MEMS sensors (MEMS accelerometer and MEMS gyroscope) represent the root causes of the vulnerabilities. The goal of this internship is to control the time series output of the sensor. To this end, the fluctuating false measurements should be stabilized into constant ones. This can be done by injecting an acoustic sinusoidal signal at the resonance frequency. The desired output signal is then reshaped by modulating it on top of the acoustic sinusoidal signal. However, the resonant frequencies of MEMS accelerometers are over a range, and it can deviate in each measurement. We want to design a feedback circuit to control the output series automatically by correcting the resonance frequency.
Related work:
- WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks
Project topic #6
Title: Python Library for Deep Learning based Side-Channel Analysis (DL-SCA)
Skills: Python programming
Type: Bachelor thesis / Internship
Supervisor: Ileana Buhan
Daily supervisor: Abraham Basurto
Description: Side-channel attacks exploit information leaked from the physical implementations of cryptographic algorithms. Applying Machine Learning techniques to defeat cryptographic implementations, particularly Deep Learning techniques, is a very actively researched topic with great potential.
Getting started with DL-SCA can be a real challenge, even for those familiar with side-channel analysis. The concepts, tools, and resources required for a basic setup can be daunting.
Through this project, we aim to make DL-SCA more accessible to newcomers and help practitioners by creating a Python library that provides the base infrastructure on which users can learn and build to create more advanced functionality as they gain experience.
Related work:
- DLSCA: a Tool for Deep Learning Side Channel Analysis
- SCAAML: Side Channel Attacks Assisted with Machine Learning
- AISY - Deep Learning-based Framework for Side-Channel Analysis
Project topic #7
Title: VHDL Implementation of cryptographic permutations
Skills: Basic knowledge of VHDL
Type: Bachelor thesis / Internship
Supervisor: Lejla Batina
Daily supervisor: Konstantina Miteloudi
Description: Several cryptographic permutations have a round function that is almost shift-invariant. This project focuses on the hardware implementation of one of the permutations with almost shift-invariant round functions: AES unkeyed, Salsa, or Chacha.
The primary objective is to understand the challenges of implementing these permutations in VHDL. By the end of this internship, the students will have enhanced their VHDL coding skills but also they will have identified and overcome challenges of the hardware implementation of cryptographic primitives.
Project topic #8
Title: VHDL Implementation of the ROCKY countermeasure in cryptographic algorithms
Skills: Basic knowledge of VHDL
Type: Bachelor thesis / Internship
Supervisor: Lejla Batina
Daily supervisor: Konstantina Miteloudi
Description: The ROCKY countermeasure has been designed to protect cryptographic algorithms against fault attacks. This project focuses on applying ROCKY to existing VHDL implementations of one of the following cryptographic algorithms: Keccak, Subterranean, or ASCON.
The primary objective is to integrate ROCKY into these algorithms and understand the challenges associated with such an implementation in VHDL. By the end of this internship, students will have deepened their VHDL coding skills and also gained experience in integrating countermeasures.
Related work:
- ROCKY: Rotation Countermeasure for the Protection of Keys and Other Sensitive Data
- Evaluating the ROCKY Countermeasure for Side-Channel Leakage
Project topic #9
Title: A Review and Comparison of FPGA-Related Fault Injection Frameworks
Skills: - Ability to read and understand academic papers.
- Basic knowledge of FPGAs and fault injection techniques, or a willingness to read, learn, and acquire the necessary knowledge in these areas.
- Good writing skills to clearly communicate findings and insights.
Type: Master thesis
Supervisor: Lejla Batina
Daily supervisor: Konstantina Miteloudi
Description: This master thesis aims to explore and compare the various fault injection frameworks available for FPGAs, a topic with many contributions but lacking a comprehensive comparative study. The student will review the existing literature, understand the basics of the discussed frameworks, and assess their benefits and performance. The goal is to provide clear insights into the strengths and weaknesses of different fault injection frameworks, contributing to a better understanding of fault injection methodologies in cryptography.
Related work:
Project topic #10
Title: Multibit recovery of message in CRYSTALS-Kyber implementation
Skills: Knowledge of neural networks, knowledge of cryptography (Post Quantum Crypto knowledge has an advantage), Python programming
Type: Internship / Master thesis
Supervisor: Lejla Batina
Daily supervisor: Azade Rezaeezade
Description: CRYSTALS-Kyber is one of the selected key exchange mechanisms to be standardized with NIST. However, resistance of hardware and software implementations against side-channel should be considered an essential criterion. In other words, its implementations should be analyzed against different possible attacks.
This project aims to use multi-task learning to exploit a known vulnerability, Incremental-Storage, to recover the message in Kyber's decapsulation process.
By the end of this project, students will have a deeper understanding of post-quantum cryptography focused on CRYSTALS-Kyber and extended knowledge of deep learning-based side-channel analysis.
Related work:
- Breaking Free: Leakage Model-free Deep Learning-based Side-channel Analysis
- On Exploiting Message Leakage in (few) NIST PQC Candidates for Practical Message Recovery and Key Recovery Attacks
Project topic #11
Title: Using Autoencoders to de-mask boolean-masked AES
Skills: Knowledge of neural networks, Assembly or C Programming, Python programming
Type: Internship / Master thesis done by 1 student || Bachelor thesis done by 2 students
Supervisor: Lejla Batina
Daily supervisor: Azade Rezaeezade
Description: Autoencoders have been used successfully to remove countermeasures like Gaussian noise, desynchronization, and jitter. A natural question is whether this kind of neural network can be used to neutralize the effect of masking. The first step in exploring this question is to consider the simplest masking technique, boolean masking. In this project, we first aim to collect two data sets, one with random shares of boolean masks and the other with one share equal to zero and the other equal to the actual plaintext. Then, train an autoencoder with these two datasets and finally use the trained autoencoder to reduce (or remove) the masking effect from the actual datasets for profiling (deep learning-based side-channel analysis).
A pre-requested step is customizing and downloading a masked implementation of AES on a stm32 target and then using a chipwhisperer to collect the traces.
By the end of this project, students will know assembly code implementation and understanding of deep learning based side-channel analysis, especially understanding of Autoencoders.
Related work:
- Remove Some Noise: On Pre-processing of Side-channel Measurements with Autoencoders
Project topic #12
Title: Extending FiSim, a fault attack simulator
Skills: Programming skills (preferably C# or similar), suitable for someone passionate about coding; preferably some background on fault injection attacks
Type: Master thesis
Supervisor: Ileana Buhan
Daily supervisor: Asmita Adhikary
Description: Fault injection attacks have caused implementations to behave unexpectedly, leading to the extraction of cryptographic keys and the bypass of security features. Since manually mitigating fault injection attacks is time-consuming and complex, fault attack simulators automate the process. FiSim is one such fault attack simulator prototype. However, being a prototype, it's not fit to be used in different scenarios involving different implementations. Also, it only implements two fault models. Can FiSim be modified to diminish its limitations so it can be used in any implementation? Can FiSim be made more useful by adding more relevant fault models? In this project, you will extend FiSim to mitigate some of its limitations, like simulating different implementations, adding more fault models, or modifying its range and coverage.
Related work:
Project topic #13
Title: Side-channel analysis on RISCV
Skills: programming (C/C++), signal processing
Type: Internship / Master thesis
Supervisor: Lejla Batina
Daily supervisor: Asmita Adhikary
Description: Implementation and evaluation of cryptographic algorithm on RISCV platform. The platform for development is a RISCV SCA evaluation platform (a.k.a. Saidoyoki). The Worcester Polytechnic Institute (WPI) has designed the board as a hardware and software side-channel test platform. It has two chips with various cryptographic coprocessors: three versions of AES and ASCON.
Related work:
- https://secure-embedded-systems.github.io/site-picopcb/pcb2.html
- Saidoyoki: Evaluating side-channel leakage in pre- and post-silicon setting
- Leverage the Average: Averaged Sampling in Pre-Silicon Side-Channel Leakage Assessment
Project topic #14
Title: Implementing neural network SCA attacks in Riscure Inspector
Skills: Programming (Java)
Type: Bachelor thesis / Internship
Supervisor: Ileana Buhan
Daily supervisor: Péter Horváth
Description: Riscure Inspector is a side-channel evaluation software that provides several tools to aid side-channel analysis. Most of the modules in Inspector are aimed at attacking cryptographic implementations. It lacks support for attacking different neural network algorithms (such as convolutional layers) but allows users to implement their own modules into the tool.
Therefore, the student would implement efficient modules that cover fundamental neural network layers (e.g. convolutional, fully-connected) with different activation layers (e.g. ReLU, Sigmoid) in Java to integrate them into Riscure Inspector. Furthermore, the implemented modules would be expected to facilitate attacks like Differential Power Analysis (DPA) on the implemented layers.
Related work:
- CSI--NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. Batina et al. (2019)
- https://cs230.stanford.edu/syllabus/ (to get familiar with neural networks)