Diplom- und Studienarbeiten

Abstract:
The goal of this thesis is to investigate the size of the gap between cryptographic research and whats implemented in real world. This includes the reverse-engineering of the program code running on an embedded device, a security analysis of the revealed scheme, and the development of attacks that exploit the found flaws.

Kontakt:
Betreuer: M.Sc. Falk Schellenberg
Mail: falk.schellenberg@rub.de

Abstract:
Fault Injection Attacks allow to break mathematically secure cryptographic schemes by disturbing the execution of the actual implementation, e.g., on a microcontroller or a smartcard. In the past, semi-invasive techniques based on the exposure of an IC to laser light have proven to be particularly successful.

Kontakt:
Betreuer: M.Sc. Falk Schellenberg
Mail: falk.schellenberg@rub.de

Abstract:
Elektronisches Geld, das bzgl. Sicherheit und Privatsphäre die gleichen Eigenschaften von klassischem Münz-Geld (keine Seriennummer) garantiert, gab es bisher nur in der Theorie. Da die Verwendung von Münzen keine allzu effiziente Bezahlmöglichkeit darstellt, stellt eine elektronische Realisierung eine überaus attraktive Alternative zur Verfügung - demjenigen, der etwas mehr Wert auf Anonymität/Privatsphäre legt. Die Theorie eines elektronischen Systems, das dies schaffen kann, wurde erstmals von David Chaum 1988 unter dem Namen e-cash vorgestellt. Die ausgebende Stelle ist authentifizierbar, der Benutzer bleibt anonym und eine elektronische Münze kann nur einmal Verwendet werden. E-cash als ein kryptografisches Schema (ungleich EC, VISA, Geldkarte) basiert auf einer langen Liste von kryptografischen Protokollen wie Zero-Knowledge-Proofs, Blind-Signatures, etc. Diese wiederum basieren auf asymmetrischer Kryptografie und sind daher mit einem sehr hohen Rechenaufwand verbunden. Wir arbeiten in diesem Bereich bereits mit namenhaften Universitäten wie der Brown University und der University of Massachusetts zusammen und können angehenden Bachelor-Absolventen eine anspruchsvolle sowie forschungs- und entwicklungstechnisch topaktuelle Bachelorarbeit anbieten. Die Implementierung von ECC auf einem aktuellen Android-Phone steht im Vordergrund und aufbauend die Realisierung der e-cash Protokolle via NFC.

Kontakt:
Betreuer: M.Sc. Christian Zenger
Mail: christian.zenger@rub.de

Abstract:
Im Rahmen des BMBF-Programms „IT-Sicherheitsforschung“ sucht der Lehrstuhl für Eingebettete Sicherheit ab sofort eine studentische Hilfskraft. Die Tätigkeiten können dynamisch an den Studienalltag angepasst werden und umfassen einem Aufwand von ca. 10 Stunden pro Woche. Der Student sollte ein abgeschlossenes Studium im Bereich Elektrotechnik haben. Wünschenswert sind nachrichtentechnische Kenntnisse im Bereich der Messtechnik, Hochfrequenztechnik, digitalen Signalverarbeitung und Entwurf digitaler Empfangssysteme sowie Erfahrungen in MatLab-, und C-Programmierung vorweisen. Koordinator des Projekts mit einem Gesamtvolumen von mehr als 3 Mio. Euro ist das Fraunhofer Heinrich Hertz Institut in Berlin. Außerdem gehören die Robert Bosch GmbH, die ESCRYPT GmbH – Embedded Security, die Technische Universität Dresden (TUD), die Technische Universität Kaiserslautern (UKL) und der Lehrstuhl für Digitale Kommunikationssysteme der RUB zu den Partnern. Haben wir Ihr Interesse geweckt? Für weitere Informationen christian.zenger@rub.de.

Kontakt:
Betreuer: M.Sc. Christian Zenger
Mail: christian.zenger@rub.de

Hardware Implementation of PBKDF2-Alternatives
(Master, Diplomarbeit)

Abstract:
Aside of PBKDF2 (Password-Based Key Derivation Function), there exist other functions to derive cryptographic keys from passwords. To evaluate the strength of those functions against a dedicated hardware attack, a prototype will be implemented using VHDL on different FPGA clusters (RIVYERA, FORMICA) and single FPGAs.
Knowledge of VHDL and basic hardware design concepts is required (e.g., Cryptography on Reconfigurable Hardware or Advanced Digital System Design or FPGA Lab Course).

Kontakt:
Betreuer: Dipl.Inform. Ralf Zimmermann
Mail: Dipl.Inform. Ralf Zimmermann

RIVYERA vs WiFi Protection
(Bachelor, Master, Studienarbeit, Diplomarbeit)

Abstract:
Gaining access to WEP (Wired Equivalent Privacy) protected Accesspoints is trivial. However, these tricks do not apply when the WPA or WPA2 (Wi-Fi Protected Access) protocol is used. In addition, the internal use of PBKDF2 (Password-Based Key Derivation Function) slows down bruteforce attacks against WPA(2) considerably.
Nevertheless, intelligent password search, based on properties of the Accesspoint, combined with a highly parallel computation architecture like the RIVYERA Cluster can significantly increase the chances of success.

Kontakt:
Betreuer: Dipl.Inform. Ralf Zimmermann
Mail: Dipl.Inform. Ralf Zimmermann

Testing Nonlinear Dimensionality Reductions for the Side Channel Disassembler
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Side channel information can not only be used to extract secret keys from encryption algorithms. A challenging task is to gather information about executed instructions inside a microcontroller by analyzing the power consumption. In the last years this was done with template attacks after applying different dimensionality reductions. In this thesis we want to continue this effort by testing nonlinear dimensionality reductions that consider the underlying global geometry of a data set.

Kontakt:
Betreuer: M. Sc. Daehyun Strobel
Mail: M. Sc. Daehyun Strobel

Template Attacks on Stream Ciphers
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Side channel attacks have been analyzed extensively in the last few years. However, so far these attacks are mostly applied to block ciphers and not to stream ciphers. In this thesis we want to apply template attacks on stream ciphers like Trivium and Grain. Therefore, we assume that the attacker has full access to the target device to do a profiling. In a second step the profiled data (or templates) are used to extract an unknown key from a single measurement.

Kontakt:
Betreuer: M. Sc. Daehyun Strobel
Mail: M. Sc. Daehyun Strobel

Direct EM Fault Injection Attacks
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Fault Injection Attacks allow to break mathematically secure cryptographic schemes by disturbing the execution of the actual implementation, e.g., on a microcontroller or a smartcard. Non-invasive techniques based on the exposure of an IC to electro-magnetic pulses are of particular interest, because they do not require an attacker to decap the chip.

Kontakt:
Betreuer: Dipl.-Ing. David Oswald
Mail: david.oswald@rub.de

Solving cryptographic equations with GPUs
(Studienarbeit - Masterarbeit - Diplomarbeit)

Abstract:
GPU are extremely fast when it comes to repetitive computations. Unfortunately, they become rather slow if large amounts of memory need to be addressed. In this thesis, we deal with a special problem of equation solving over finite fields. Such equations are important in breaking ciphers, e.g. stream or block ciphers. The algorithm has been implemented already on a PC and now needs to be ported to a GPU. As it requires very little memory (only a few kB at a time), it is a perfect fit for GPUs.

Kontakt:
Supervisor: Enrico Thomae, Sebastian Uellenbeck and Tim Güneysu

Technology Effect on Power Analysis
(Studienarbeit - Bachelorarbeit)

Abstract:
Power analysis attack is a serious treat against cryptographic devices which are supposed to keep the encryption key secret. The effectiveness of such attacks depends on several parameters like signal to noise ratio (SNR). The noise of the measurement setup and the amount of dynamic power consumption play most significant roles determining SNR and therefore affecting the hardness of the attacks. New process technologies, e.g., 65-nm and 45-nm, reduce the dynamic power consumption of the CMOS circuits, and it seems that they make the attacks harder. At the moment there are two different xilnix FPGA-based platforms suitable for power analysis evaluation purposes which use different process technologies. The goal of this project is to examine the effect of the process technology of these two FPGAs, i.e., virtex-II pro and virtex-5, on vulnerability to power analysis attacks. The same design including the unprotected and protected versions of the AES cipher should be implemented on both platforms and the same power analysis attacks should be investigated. The student will be helped communicating with the target platforms, measuring power consumption, and collecting the traces, but he/she is supposed to perform the attacks and provide an extensive comparison.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail:  moradi@crypto.rub.de

DPA/SPA on KATAN
(Studienarbeit - Bachelorarbeit - Masterarbeit - Diplomarbeit)

Abstract:
KATAN/KTANTAN is a family of hardware oriented block ciphers. Both KATAN and KTANTAN have three variants each, of 32-bit, 48-bit, or 64-bit block. All ciphers share the same key length (of 80 bits), where the only difference between KATAN-n and KTANTAN-n is the key schedule. The resulting ciphers are extremely efficient in hardware, and offer a set of suitable solution for low-end devices that need encryption (such as RFID tags). On the other hand, power analysis attacks are a serious treat against cryptographic devices which are supposed to keep the encryption key secret. The goal of this project is to implement different variants of KATAN/KTANTAN cipher in an FPGA-based platform which has been designed for sidechannel evaluation purposes namely SASEBO, and design power analysis attacks in order to recover the secrets. The student will be helped communicating with the SASEBO, measuring the power consumption and collecting the required measurements, but he/she is supposed to design the power models and the strategies of the attacks to find the most efficient method to show the vulnerability of the implementations.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail:moradi@crypto.rub.de

Intel AES Instruction Set
(Studienarbeit - Bachelorarbeit)

Abstract:
Intel AES instructions are a new set of instructions available beginning with the all new 2010 Intel Core processor family based on the 32nm Intel microarchitecture codename Westmere. These instructions enable fast and secure data encryption and decryption using the AES. The architecture consists of six instructions that offer full hardware support for AES. Four instructions support the AES encryption and decryption, and other two instructions support the AES key expansion. The AES instructions have the flexibility to support all usages of AES, including all standard key lengths, standard modes of operation. They offer a significant increase in performance compared to the current pure-software implementations. Beyond improving performance, it is claimed that the AES instructions provide important security benefits. By running in data-independent time and not using tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES. In addition, they make AES simple to implement, with reduced code size, which may help reducing the risk of inadvertent introduction of security flaws, such as difficult-to-detect side channel leaks. The goal of this project is to develop programs using these new features of the Intel Cores and examine the claimed security features, and recovering the details of hardware which is responsible for these instructions. What also can be considered is examining the possible physical attacks, e.g., electromagnetic analysis or power analysis attacks.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail: moradi@crypto.rub.de

Abstract:
A couple of security algorithms, e.g., A5/1, are used in GSMcommunications. Some of the security features have been implemented inside the Sim Cards which are used mostly when establishing the communication of the mobile phone with the service provider. Th goal of this project is to study the standard communication between the Sim Card and the mobile phone and clarifying which algorithm in which step of the communication is used inside the Sim Card. Later the guessed/realized results should be confirmed by eavesdropping the communication between a commercial Sim Card and a mobile phone. After clarifying all these points, the possibility of performing a power analysis attack on the Sim Card to recover the secrets of the used algorithm is examined. At the last step, the attacks must be performed on the traces which are measured from the Sim Card. The student will be helped eavesdropping the communication between the Sim Card and the mobile phone, and also helped measuring the power consumption and collecting the required measurements, but he/she is supposed to design the power models and the strategies of the attacks, and finally perform the considered power analysis attacks.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail:moradi@crypto.rub.de

Abstract:
Power analysis attacks are considered as a major treat against cryptographic devices which are supposed to keep the encryption key secret. Therefore, making DPA-resistant implementation of cryptographic algorithm is highly interested and required. Amongst the proposed schemes to counteract such attacks, masking got the most interest by the research community. Several masking schemes dedicated for a special algorithm, e.g., AES, have been proposed to make the software or hardware implementation secure against power analysis attacks. During the last years a couple of attacks which could break a certain masking scheme have been introduced. Among the new masking schemes whose security could be theoretically proven is proposed in CHES 2010 which is supposed to provide the proven security for an implementation of AES against certain power analysis attacks. Another scheme which has been recently introduced in SAC2010 is a combinational of two different masking schemes and called affine masking. It is claimed that it can proved more security against the known power analysis attacks in comparison to the other known masking schemes. In fact, there are two open projects: one to deal with the provably secure masking scheme of CHES2010 and the other one to investigate the affine masking of SAC2010. The goal of these projects is to implement the selected masking scheme on an open source platform, i.e., ATMega163 smart card, and evaluate the provided security against different power analysis attacks. The student is supposed to pass the smart card lab course or to has enough knowledge about assembly programming of the aforementioned platform. Moreover, the student will be helped measuring the power consumption and collecting the required measurements, but he/she is supposed to design the power models and the strategies of the attacks, and finally conclude to which kind of power analysis attacks the considered masking scheme provides security.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail:moradi@crypto.rub.de

Abstract:
The American National Institute of Standard and Technology, NIST, has established SHA-3 competition to select a standard hash function. Several candidates have been proposed and a couple of research have been presented in security-related conferences. Finally NIST has selected 5 candidates for the final round. The goal of this project is to study the vulnerability of software and hardware implementation of these final candidates, i.e., BLAKE, Grstl, JH, Keccak, Skein, to power analysis attacks. For the software implementation a smartcard, ATMega163, will be used and for the hardware implementation a SASEBO including xilinx virtex-II pro will be the implementation platform. Most of the software and hardware implementations of these hash functions are already available, and the student is supposed to focus on designing the power model and the strategy of the attacks. Prior to any practical work, the already published articles about side-channel attacks on SHA-3 candidates must be carefully studied.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail: moradi@crypto.rub.de

Abstract:
research center in Japan have developed the Side-channel Attack Standard Evaluation BOard (SASEBO) as common experimental platforms. These experimental board have been designed to investigate and evaluate the efficiency of side-channel attacks as well as countermeasures. One of the SASEBO types is SASEBO-R which is an ASIC version having a cryptographic custom LSI using TSMC 130-nm, 90-nm amd 65-nm CMOS library. All these cores contain several implementations of the AES encryption/decryption including several protected implementations against side-channel attacks. The goal of this project is perform several different power analysis attacks on the traces measured from different implementations of these three cores and examine the effect of process technology on the robustness of implementations to side-channel attacks. The communication interface which is an FPGA is ready and the student will be helped communicating with different cores. Also, he/she will be helped measuring the power consumption and collecting the required measurements. However, the student is supposed to develop the attack strategies and to perform the attacks and comparisons.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail:moradi@crypto.rub.de

Evaluating Sources of Entroy on FPGAs
(Diplomarbeit - Masterarbeit)

Abstract:
Computing systems are usually designed to provide deterministic results. In other words, the computation of, say, a+b is thus expected to return the same sum in all cases - even under different computing conditions. However, for some applications, such as True Random Number Generators (TRNG), this deterministic behavior of typical computing systems is completely undesired. Therefore, we are looking for reliable sources of entropy which can produce unbiased and unpredictable random values on standard computing equipment which are either completely uncorrelated (for TRNGs) or reproducable (for Physically Unclonable Functions or PUF). This thesis focuses on the analysis and implementation of TRNGs and PUFs by exploiting undefined device functions of modern FPGAs. Creating true random numbers or unique device-specific identifiers are still a difficult task and thus of great interest for academia and industry.

Kontakt:
Betreuer: Dr.-Ing. Tim Güneysu
Mail:gueneysu@crypto.rub.de

Implementing Cryptosystems on Sony's Playstation 3
(Bachelorarbeit - Studienarbeit)

Abstract:
Since the last years, many different parallel processor architecture have become available. In this context, a very interesting approach is the hybrid architecture of the CELL processor (the CPU of the Playstation 3): it combines a central PowerPC core with 8 Synergistic Processing Elements (SPE) which are capable to perform much more than just auxiliary computations. In this work, the power of this powerful hybrid architecture should be exploited to efficiently implement common public-key cryptosystems such as RSA, ECC and other typical schemes. A final comparison should show if this alternative processor allows to gain a higher cryptographic performance than with common multi-core processors.

Kontakt:
Betreuer: Dr.-Ing. Tim Güneysu
Mail:gueneysu@crypto.rub.de

Electronic Passport Communication
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
The electronic passport (ePass) stores personal data on an RFID chip that can be read out with contactless technology according to the ISO 14443 standard. The data is secured with special access control mechanisms involving cryptography. To analyse these security mechanisms, the software of an existing special RFID reader at EMSEC shall be extended to be able to arbitrarily communicate with the ePass. Furthermore, the software for a transponder emulator shall be programmed such that the transponder emulator behaves like a genuine ePass. device. However, attacking the encryption algorithm by means of DPA (Differential Power Analysis) requires a large amount of measurements. On the other hand, the internal data bus - over which the secret key is transported - appears to be less protected. Template attacks allow to exploit the leakage of the data bus: In a profiling phase with known data, "templates" are generated for all possible bit patterns. In the attack phase, these templates are then used to deduce the transported values.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper
Mail:Timo.Kasper@rub.de

[Ausführliche Beschreibung]

Security Analysis of 125 kHz RFIDs
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
RFID technology operating at a frequency of 125 kHz is widely used for access control, car immobilizers and other security-relevant applications. For facilitating the practical security analysis of these systems, an RFID reader for 125 kHz that is existing at EMSEC shall be extended in two ways. First, various protocols for the relevant types of transponders need to be implemented in order to communicate with the RFIDs. This includes programming the ATMega8 microcontroller on the reader and a controlling software for the PC. In addition, a tag emulator shall be developed that behaves like any 125 kHz tag and allows for, e.g., replay attacks, and other security analyses on the system level.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper
Mail:Timo.Kasper@rub.de

Side-Channel Analysis of FPGA Security Features (BitstreamEncryption)
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Today’s FPGAs offer security features to protect their content, e.g., encrypting the bitstream that is used to configure the FPGA. Side-channel attacks might allow to recover the secret key for the cipher and hence allow to circumvent the security mechanism. In this project, the vulnerability towards Power Analysis of a XILINX Virtex-II FPGA using (3)DES for the encryption shall be investigated.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper
Mail: Timo.Kasper@rub.de

[Ausführliche Beschreibung]

(Remote) EMAnalysis of Contactless Smartcards
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Side-channel analysis based on the electromagnetic emanation is typically carried out in the near field by positioning a probe as close as possible to the surface of a chip. In the context of RFIDs and contactless smartcards, the attacks might be possible from a much larger distance, since the energy consumption is modulated on the field of a reader and hence might be exploitable even in the far field. If and how this approach works shall be investigated in this project.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper
Mail: Timo.Kasper@rub.de

Improved Concepts for EMAnalysis of Cryptographic Devices
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Side-channel analysis allows to very efficiently recover secret information, e.g., a secret key, even from implementations of algorithms that are secure from the mathematical point-of-view. In this project, techniques for EM Analysis such as DEMA (Differential Electromagnetic Analysis) shall be improved and the amount of information contained in the EM leakage shall be compared with the classical Power Analysis approach. A focus lies on the identification of leakage in the frequency spectrum and methods to improve the signal-to-noise ratio of the measurements.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper
Mail: Timo.Kasper@rub.de

Enhanced Tools and Techniques for Low-Cost Fault Injection
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
A powerful class of implementation attacks is called “Fault Injection”. By means of physical interaction/disturbance of a device during a cryptographic operation, it can be forced to produce a faulty output. Evaluating this output may reveal, e.g., a secret key used for an encryption. In addition, features such as a read-out protection of microcontrollers can be spoofed by means of fault injection. In this project, our fault injection setup shall be extended and the vulnerability of some (cryptographic) devices shall be evaluated in practice.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper
Mail: Timo.Kasper@rub.de

Eavesdropping of RFID Communication
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
With RFID (Radio Frequency IDentification) applications becoming ubiquitous, many contactless applications have emerged in which often private or security-relevant data is transferred. The wireless interface makes it possible to intercept the communication between a reader and an RFID transponder or a contactless smartcard. For investigating the achievable range of such an eavesdropping attack in practice, an RFID eavesdropper is to be developed and realized. The maximum reading- and detection range shall be investigated and compared for different RFID technologies (125 KHz, 13.56 MHz, ...) in practice.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper
Mail: Timo.Kasper@rub.de

Template Attacks on Contactless Smartcards
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Smartcards with a wireless interfaceare widely used for ticketing, payment and identification purposes. Depending on the application, different algorithms are employed to encrypt the communication, for instance Triple-DES. Recent research has shown that certain contactless smartcards are vulnerable to Side-channel analysis, making it possible to discover a secret key by monitoring the power consumption of the device. However, attacking the encryption algorithm by means of DPA (Differential Power Analysis) requires a large amount of measurements. On the other hand, the internal data bus - over which the secret key is transported - appears to be less protected. Template attacks allow to exploit the leakage of the data bus: In a profiling phase with known data, "templates" are generated for all possible bit patterns. In the attack phase, these templates are then used to deduce the transported values.

Kontakt:
Betreuer: Dipl.-Ing. Timo Kasper, Dipl.-Ing. David Oswald
Mail: david.oswald@rub.de

Cryptanalysis with Graphics Cards
(Masterarbeit - Diplomarbeit - Studienarbeit - Bachelorarbeit)

Abstract:
Recent graphics cards provide most powerful processors available at the low price of commodity hardware. Since most cryptanalysic applications require vast amounts of computational power at best at lowest cost, it is a logical consequence to adapt those applications to run on large GPU clusters. This scope of this thesis is to evaluate the feasibility and efficiency of implementing cryptanalytic attacks (e.g., smart brute force and/or a subset of advanced attacks such as Pollard's Rho, ECM or Index Calculus) on GPUs.

Kontakt:
Betreuer: Dr.-Ing. Tim Güneysu
Mail: gueneysu@crypto.rub.de

Pollard-Rho Attacks using New Xilinx Spartan-6 Devices
(Masterarbeit – Diplomarbeit )

Abstract:
Pollard-Rho is a method that can be used both for factorization and discrete logarithm computations. In this thesis, a novel implementation on new Spartan-6 should be developed to solve discrete logarithms either in the integer or elliptic curve domain (more precisely, over a prime field). Spartan-6 FPGAs are the new devices which will be running on the next generation of COPACOBANA. Hence, the Pollard-Rho attack should be implemented on this cluster system and compared against the performance reported in recent published work (on Playstations and older FPGA implementations) to assess the power of the new FPGA devices for this type of application.

Kontakt:
Betreuer: Dr.-Ing. Tim Güneysu
Mail: gueneysu@crypto.rub.de

KeeLoq on COPACOBANA
(Masterarbeit - Diplomarbeit)

Abstract:
KeeLoq algorithm is widely used on remote key-less entry systems, e.g., remote of garage door openers and the central lock of some vehicles. The algorithm has been analyzed by several researches, and some cryptanalytical attacks are possible on the KeeLoq algorithm. The best attack which has been proposed so far needs 2^{16} pairs of plaintext and ciphertext implemented on 50-core PCs and can recover the secret key in average around 4 days. The aim of this project is to try implementing the already verified attack on COPACOBANA. Since the attack needs a huge amount of memory and must generate and search inside some tables, the most of the work in this project would be to manage the usage of memory and communication bottleneck.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail: moradi@crypto.rub.de

Abstract:
Power analysis attack (so-called DPA) is a serious treat against cryptographic devices which are supposed to keep the encryption key secret. Therefore, making DPA-resistant implementation of cryptographic algorithm is highly interested and required. Amongst several schemes to counteract DPA attacks, logic styles which are independent of the target algorithm and are applied at the cell-level during the hardware design are promising. One of these DPA-resistant logic styles is Dual-rail Transition Logic (DTL) which is based on a communication protocol at the physical layer namely "Transition Signaling". DTL tries to apply this scheme when designing a hardware to improve the robustness against DPA attacks. It means that the fundamental gates (which are available in CMOS) must be redesigned considering the DTL definitions and specifications. Since the original DTL has been designed for ASIC implementations and making an ASIC is quite expensive and time-consuming, Side-channel Attack Standard Evaluation BOard (SASEBO) seems to be a low-cost and quick solution to practically evaluate DTL. The DTL gates have been designed considering an ASIC platform; therefore, the fundamental DTL gates must be redesigned for an FPGA platform. After designing the basic DTL gates suitable for an FPGA, a cryptographic algorithm (preferably AES) must be partially implemented using the designed basic DTL gates. Then, power consumption traces should be collected using an oscilloscope, and finally the investigation/evaluation on the measured traces should be performed.

Kontakt:
Betreuer: Dr. Amir Moradi
Mail: moradi@crypto.rub.de