[AI-announce] BA/MA/SHK @MPI-EMSEC FPGA (In)Security

[Maik Ender]

Dear students,

We are offering a number of thesis topics and student assistant
positions at the newly founded MPI for Cybersecurity and Privacy. In
particular, we are interested in highly motivated and outstanding
students that have some background in hardware and/or strong programming
skills. This includes (but is not limited to) IT-security, computer
science, and electrical engineering students.


Background:
An FPGA is a reprogrammable hardware device that can be configured to
fulfill a multitude of different purposes. It mainly comprises of lookup
tables (LUTs) and flip-flops (FFs), as well as their interconnections.
The configuration of an FPGA is commonly stored in a vendor-specific
file called the "bitstream". Usually, its file format is propriety and
kept secret by the vendor. Since an FPGA's designs are encoded in such a
bitstream, securing it is of utmost importance. Adversaries have many
motivations to recover and manipulate the bitstream, including design
cloning, IP theft, manipulation of the design, or design subversions.
Given that FPGAs are often part of cyber-physical systems, for example
in aviation, medical, military, or industrial hardware, this can even
lead to physical harm. Consequently, vendors have introduced bitstream
encryption, offering authenticity and confidentiality. However, previous
works have shown that the format of a bitstream can be reversed [3] and
bitstream encryption can be circumvented [2]. This in turn allows for
meaningful manipulations of the bitstream to, e.g., implement hardware
Trojans or bypass security measures.


Our Research:
Our research aims to implement novel hardware Trojans as well as to
develop protections against such threats. To this end, an adversary has
to outsmart bitstream encryption schemes and reverse-engineer
potentially protected designs. To conduct reverse-engineering on
netlist-level, we make use of our advanced open source framework HAL
[1]. With our latest publication dubbed “Starbleed” [2], which will be
presented at USENIX Security '20, we fully break the Xilinx 7-Series
bitstream encryption.


Open Projects:
As we are one of only a few research groups worldwide conducting this
particular kind of research, we can provide you with a number of unique
and highly interesting projects for your thesis (BA/MA) or your work as
a student assistant. The list below illustrates some of our current
research projects. However, new ideas pop up continuously. If you are
interested in one of the project ideas or our research in general, drop
us a short mail including your background and motivation. We are
especially looking for outstanding students that have some experience in
hardware and/or strong programming skills.

* Extending upon the Starbleed attack [2] targeting Xilinx 7-Series
devices. We recommend a basic understanding of FPGAs.

* Reverse engineering an FPGA build into a real-world design to
understand the design and possibly manipulating it in a meaningful way.
We recommend a basic understanding of FPGA.

* Extending our existing bitstream-to-netlist conversion framework for
various FPGA families. We recommend having solid C++ skills.

* Exploring the security of machine learning implementations on FPGAs.
We recommend a basic understanding of FPGAs and machine learning.


Group:
As of recently, our group is part of the newly founded Max Planck
Institute for Cybersecurity and Privacy that is located right on the
university campus. However, we are still strongly connected to Ruhr
University Bochum as well as its research networks and the HGI.

[1] https://github.com/emsec/hal
[2] https://www.usenix.org/conference/usenixsecurity20/presentation/ender


Contact:
If you are interested in working with us, feel free to contact us any
time: maik.ender at rub.de, julian.speith at rub.de

Best,
Julian & Maik


-- 
Maik Ender, M.Sc.
Research Assistant

Chair for Embedded Security (EMSEC)
Dept. Electrical Engineering & Information Technology
Horst Görtz Institute for IT-Security,
Ruhr-University Bochum, Germany

http://www.emsec.rub.de