Category Archive: Master Thesis

Current proposals for Master thesis topics. These proposals are only for students of the Université Libre de Bruxelles (ULB). We strongly encourage students to come up with their own ideas for their Master Thesis topics. If you have an idea you can always contact us and we will discuss it. Note: This list might be on several pages, click on "Older posts" at the bottom of this page to see more proposals for Master Thesis.

Feb 27

Side-channel attacks based on deep learning

Side-Channel Attacks are attacks against implementations of cryptographic algorithms. These attacks exploit physical properties of a device under attack. For example an attacker can measure the execution time or power consumption of a device while it executes a cryptographic algorithm.

Based on neural network, deep learning represents an active research in machine learning that allows producing automatic attacks requiring no a priori information on the underlying phenomenon. The purpose of this work is to shed new light on the capabilities of deep learning in side-channel attacks.

This work is in collaboration with RISCURE (www.riscure.com), a company working on security evaluation of embedded devices.

Supervision: Liran Lerman – Director: Olivier Markowitch

Aug 10

Data encoding as a countermeasure against side-channel attacks

Side-Channel Attacks (SCA) are attacks against implementations of cryptographic algorithms. These attacks exploit physical properties of a device under attack. For example an attacker can measure the execution time or power consumption of a device while it executes a cryptographic algorithm.

There exists many countermeasures against SCA. The most popular among them are masking and hiding. The goal of this work is to implement a cryptographic algorithm that encrypt data which was encoded as a preprocessing and removes the special encoding at the end of the encryption (the result of such encryption should be the same as without the encoding).

Contacts : Nikita Veshchikov, Olivier Markowitch

Aug 04

Comparison and study of metrics used to evaluate a SCA

Side-Channel Attacks (SCA) are attacks on cryptographic devices. These attacks measure physical parameters of a device (power consumption, execution time, electro-magnetic radiation, sound) in order to extract the secret key that is embedded in the crypto-system.

Over the years, several metrics that are used in order to evaluate the strength of a SCA (or the strength of the protection of a device) were developed. Among them are the average number of measurements used in order to extract the secret key, the success rate (SR) of the attack, guessing entropy as well as bias-variance decomposition of the SR.

The goal of this work is to study and compare some of these techniques in deapth.

Contacts : Nikita Veshchikov, Liran Lerman, Olivier Markowitch

Aug 04

Mutli-step SCA on parallel FPGA implementation

FPGA is a type of hardware that could be used in order to implement an algorithm. FPGA allows to execute several operations at the same time. This type of hardware is also used in order to implement cryptographic systems.

Side-Channel Attacks (SCA) are attacks that target implementations of cryptographic algorithms rather than the algorithm itself. SCA use physical properties such as power consumption of a device in order to find out information about the intermediate state of an algorithm. A SCA targets a part of the secret key at a time in order to extract it. If several (bigger) parts of the key are used at the same time this type of attack becomes more difficult (since an attacker would try to isolate a single part of a key).

The goal of this project is to implement a multi step SCA that targets sub-keys of different size. The topic is related to an internship at an enterprise that use FPGAs in order to implement cryptographic algorithms.

Contacts: Olivier Markowitch and Nikita Veshchikov

 

Aug 04

Comparison of Profiled Side-Channel Attacks vs. Profiled Target

Side-channel attacks (SCA) are attacks that target an implementation of a cryptographic algorithms in order to extract the secret key from a device.
In order to extract the entire key an attacker would focus on one part of a key (typically one byte) at a time.

Profiled attacks are among strongest SCA. Attackers could profile each byte separately and build a new model for it or they can try to build just one profile and attack all bytes of the key using the same profile.

The goal of this work is to try both techniques and compare their success rate depending on a couple of parameters.

Contacts : Nikita Veshchikov, Liran Lerman, Olivier Markowitch

Feb 27

Implementation aspects of Keccak

The purpose of this work is to scientifically analyze the gain obtained by implementing a parallel mode of use on top of Keccak. This includes tree hash modes and parallel authenticated encryption schemes. The student’s tasks would include:
– to model the performance of a mode as a function of its parameters;
– to measure the actual performance and to scientifically compare it to
the model;
– to propose optimal parameters or to fine-tune the mode.

Supervision: Keccak team – Director : Olivier Markowitch (ULB)

Feb 27

Cryptanalysis aspects of Keccak

The purpose of this work is to analyze some specific aspects of the resistance of the Keccak-f permutation to cryptanalysis. Depending on the advances at the time the student start, this work can include the analysis of trail weight in linear and differential cryptanalysis or algebraic attacks.

Supervision : Keccak team – Director : Olivier Markowitch (ULB)

Feb 27

Side-channel aspects of Keccak-based authentication and/or encryption schemes

The purpose of this work is to analyze the sensitivity to side-channel attacks of an implementation of the Keccak-f round function, which is relevant to any FIPS 202 instance in the presence of a key, or to the Keyak or Ketje authenticated encryption schemes. The student’s tasks would include:
– to model the leakage;
– to analyze an implementation;
– to scientifically compare the obtained results to the model;
– to propose countermeasures (or improvements thereof).

Supervision: Keccak team – Director : Olivier Markowitch (ULB)

Jan 31

Cryptanalyse logique d’algorithmes pour le chiffrement authentifié

Afin d’assurer la confidentialité et l’authenticité de données numériques, il est d’usage de faire appel à deux algorithmes cryptographiques distincts, avec des clés différentes : l’une pour le chiffrement et l’autre pour l’authenticité. La compétition CAESAR (Competition for Authenticated Encryption : Security Applicability Robustness) vise à identifier des algorithmes qui assurent simultanément la confidentialité et l’authenticité.

La communauté cryptographique est confrontée à un grand nombre de candidats et afin d’accélérer leur évaluation, des outils automatisés sont désirables.
Certaines propriétés peuvent être vérifiées automatiquement à l’aide du logiciel cryptosat. Ce logiciel permet de traduire automatiquement des questions concernant l’implémentation (C/C++) des candidats en problèmes de satisfaisabilité (SAT), puis de faire appel à des algorithmes SAT.

Le travail demandé consiste à intégrer des algorithmes de CAESAR dans ce logiciel afin d’en vérifier quelques propriétés.

Contact : Frédéric Lafitte

Jan 25

Secured RTOS, HIPPEROS as a case study

The aim of the thesis is to propose measures to introduce security in the architecture of a modern Real-Time Operating System (RTOS) in the sense of allowing Multiple Levels of Security (MILS). This means both the security of the RTOS itself related to the authentication of the kernel, updates, drivers, services, … as well as the secure management of applications (for example: registration of a new application, update and upgrade of applications and execution of applications) and the security of data inside applications. The student would study the HIPPEROS architecture and propose, based on the state-of-the-art of secure operating systems, how to smoothly integrate such an architecture in the existing development process of HIPPEROS. The study would allow developers to implement practically and easily the proposed architecture in the operating system.

One of the challenges is to define a predictable real-time architecture. An interesting aspect of the proposed work is to deal with different domains of computer sciences: operating systems, real-time and security.

References

Contacts: Olivier Markowitch and Joël Goossens

Older posts «