Projects for students

Title: Templates for wide registers
Skills: Signal processing, Side-channel analysis, Machine learning 
Type: Master thesis, hands-on in the lab
Daily supervisor: Vahid Jahandideh 

Description: An essential part of a side-channel attack is finding a suitable leakage model. A leakage model is a function that links side-channel measurements, such as power traces, with the realized values in the target device. Hamming weight is a popular approach due to its simplicity, but it is  probably not optimal. A multi-dimensional Gaussian template with weighted bits is an example of a more elaborate leakage model that requires prepossessing. Learning-based leakage modeling, such as template attacks, is another approach. The cost of building a template in most of these methods depends on the bit-width of the implementations. With emerging  {32, 64, 128, 512}-bit devices, some of the existing leakage modeling techniques are computationally unaffordable. In this project, you will explore current and evolving methods for leakage templating and model parameter estimations suitable for various bit widths.
The work of [1] is an excellent introduction to leakage modeling. For more recent results, you can look at [2] and [3], which give an example of an ML-based approach.

Related work:

  1. A Stochastic Model for Differential Side Channel Cryptanalysis.
  2. A Novel Completeness Test and its Application to Side Channel Attacks and Simulators.
  3. Support Vector Regression: Exploiting Machine Learning Techniques for Leakage Modeling.

Title: Software optimization for NIST-LWC candidates 
Skills: Experience with C/C++ Programming
Type: Bachelor/master thesis, hands-on in the lab
Daily supervisor: Vahid Jahandideh 

Description: For most of the lightweight NIST candidates, there are a lot of possibilities for developing architecture-specific codes or improving (optimization or bit-slicing for) existing codes. Most candidates lack implementations for popular architectures such as ARM, RISC-v, Intel-SSE, and Intel-AVX.  For this project, you need to have good C/C++ coding skills. To get an initial sense of questions that are addressable with architecture-based optimization, see [1]. The output of this project most likely can be code contributing to the GitHub repository of the candidates. See [2] for a list of candidates and their current state of implementation.

Related work:

  1. Chapter two of Hacker’s Delight 
  2. NIST lightweight cipher design competition.

Title: Efficient Elastic Alignment implementation in CUDA
Skills: CUDA programming (CUDA C++)
Type: internship, practical
Daily supervisor: Peter Horvath

Description: Many side-channel attacks require careful preprocessing of the collected traces. One of the steps that might be taken during preprocessing is alignment. Alignment’s goal is to make sure the traces are synchronized in time. There are different alignment techniques available such as static or elastic alignment. Static alignment is sometimes not sufficient if clock jitters or random process interrupts are present in the traces. Elastic alignment can alleviate these issues but is computationally very expensive. For this project you need to implement elastic alignment in CUDA and benchmark it against existing solutions (Riscure Inspector implementation).

Related work:

  • Elastic alignment:
    van Woudenberg, Jasper GJ, Marc F. Witteman, and Bram Bakker. "Improving differential power analysis by elastic alignment." Cryptographers’ Track at the RSA Conference. Springer, Berlin, Heidelberg, 2011.
  • Dynamic time-warping:
    Salvador, Stan, and Philip Chan. "Toward accurate dynamic time warping in linear time and space." Intelligent Data Analysis 11.5 (2007): 561-580.

Title: Estimating hyperparameters of neural networks with open-source implementations on FPGA
Skills: Programming skills (Python or C++), Deep learning fundamentals, Side-channel analysis fundamentals
Type: Internship/master thesis
Daily supervisor: Peter Horvath

Description: Neural networks are more prevalent than ever in many industries. Deploying neural networks on IoT devices for various purposes is already common practice. However, these devices might be vulnerable to side-channel attacks, resulting in reverse engineering of architectures and parameters of the deployed neural nets. This is a huge blow for companies or entities who wish their neural network architectures and parameters remain secret. The student in this project will reverse engineer neural network architectures and parameters based on publicly available implementations of FPGA.

Related work: 

  • CSI--NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. Batina et al. (2019)
  • Open DNN box by power side-channel attack. Xiang et al. (2020)
  • On Reverse Engineering Neural Network Implementation on GPU. Chmielewski et al. (2021)
  • TELES MAIA, Henrique, et al. Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel. (2021)
  • LIANG, Sisheng, et al. Clairvoyance: Exploiting Far-field EM Emanations of GPU to" See" Your DNN Models through Obstacles at a Distance. In: 2022 IEEE Security and Privacy Workshops (SPW). IEEE, 2022. p. 312-322.

Title: Extending FiSim, a Fault Attack Simulator
Skills: Programming skills (preferably C# or similar), suitable for someone passionate about coding; preferably some background on fault injection attacks
Type: Master thesis
Daily supervisor: Asmita Adhikary

Description: Fault injection attacks have caused implementations to behave unexpectedly, leading to the extraction of cryptographic keys and the bypass of security features. Since manually mitigating fault injection attacks is time-consuming and complex, fault attack simulators automate the process. FiSim is one such fault attack simulator prototype. However, being a prototype, it's not fit to be used in different scenarios involving different implementations. Also, it only implements two fault models. Can FiSim be modified to diminish its limitations so it can be used in any implementation? Can FiSim be made more useful by adding more relevant fault models? In this project, you will extend FiSim to mitigate some of its limitations, like simulating different implementations, adding more fault models, or modifying its range and coverage.

Related work:

Title: A Scalable SIMD RISC-V based Processor with Customized Vector Extensions for Xoodoo 
Skills:  RISC-V knowledge, VHDL, Verilog, Cryptography knowledge 
Type: Master thesis/internship
Daily supervisor: Parisa Eliasi

Description: Xoodyak is a highly valuable candidate in the NIST Lightweight Cryptography (LWC) competition. Xoodyak relies on the Xoodoo permutation, which operates on internal states of size 384 bits, represented as a 3*4*32-bit matrix. The Xoodoo permutation can benefit from speedup through parallelization. In this project, we aim to explore the potential of parallelization of the Xoodoo permutation in RISCV-based processors through custom vector extensions on 32-bit and 64-bit architectures. Then a SIMD processor written in SystemVerilog and can support RISC-V instruction set architecture (ISA) and RISC-V vector extensions will be used to investigate the performance improvement of the Xoodyak with the goals of low latency and high throughput.

Related work:

  • Maximizing the Potential of Custom RISC-V Vector Extensions for Speeding up SHA-3 Hash Functions

Title: Title Acoustic injection attacks on MEMS accelerometers 
Skills: signal processing, programming, knowledge about MEMS sensors, control theory
Daily supervisor: Parisa Eliasi

Description: It has been shown that nearby emitting acoustics could damage the integrity of a MEMS sensor’s digital outputs at resonant frequencies of the sensor. Conducted experiments show that the hardware security flaws in amplification and filtering circuits of MEMS sensors (MEMS accelerometer and MEMS gyroscope) represent the root causes of the vulnerabilities. The goal of this internship is to control the time series output of the sensor. To this end, the fluctuating false measurements should be stabilized into constant ones. This can be done by injecting an acoustic sinusoidal signal at the resonance frequency. The desired output signal is then reshaped by modulating it on top of the acoustic sinusoidal signal. However, the resonant frequencies of MEMS accelerometers are over a range, and it can deviate in each measurement. We want to design a feedback circuit to control the output series automatically by correcting the resonance frequency. 

Related work:

  • WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks

Title: Feature collection framework for Micro-architectural leakage assessment
Skills: Python programming, Pandas data frame, QEMU.
Type: Master thesis/internship
Daily supervisor: Omid Bazangani

Description: By profiling assembly instructions, operand values, and memory transactions in an ARM Cortex-M microcontroller, it’s possible to investigate micro-architectural leakages. One of the bottlenecks for this feature extraction is considering all the variations of assembly instructions and applying optimizations to the dataset creation process. The framework already exists to add more instruction supports and optimizations. Most optimizations would be related to speeding up the feature extraction and dataset preprocessing process. All the development would be in Python programming language.   

Related work: 

  • Towards Practical Tools for Side Channel Aware Software Engineering: `Grey Box' Modelling for Instruction Leakages
  • Reverse Engineering the Micro-Architectural Leakage Features of a Commercial Processor

Title: Side-channel analysis on RISCV
Skills: programming (C/C++), signal processing
Type: (Master thesis/internship)
Daily supervisor: Léo Weissbart 

Description: Implementation and evaluation of cryptographic algorithm on RISCV platform. The platform for development is a RISCV SCA evaluation platform (a.k.a. Saidoyoki). The Worcester Polytechnic Institute (WPI) has designed the board as a hardware and software side-channel test platform. It has two chips with various cryptographic coprocessors: three different versions of AES and ASCON.

Related work: 

Title: Hardware design for triggering based on real-time signal processing
Skills: Hardware design, signal processing
Type: Master thesis/internship
Daily supervisor: Léo Weissbart 

Description: In the side-channel analysis and fault injection, generating a trigger pulse at the right time is essential. However, programs running on top of an OS are highly sensitive to clock jitter, and random program interrupts. This phenomenon makes it difficult for an evaluator in academia to do SCA and can lead to inaccurate timing of the injection of faults, measuring too long a time window, slowing down the data acquisition process, collecting too much data, and leading to strongly misaligned traces. A solution is to detect a pattern in the signal just before the point a fault should be injected, or measurement should start and send a trigger in real-time. We would use an FPGA-based platform (e.g., Basys3, Zedboard, or a cheaper FPGA board) to make a design that could generate a trigger pulse after real-time detection of a pattern in a side-channel power trace.