Difference between revisions of "Available Master Projects"

From CryptoLUX
Jump to: navigation, search
 
(22 intermediate revisions by 3 users not shown)
Line 5: Line 5:
  
  
* '''Proof of Work as Micropayments '''
+
'''WhiteBox attacks toolkit'''
This project is to implement proof of work as a way for micropayment. This can be done on example of Tor relays proving extended services to clients who mine alt-currencies.
 
This can be also done for news-websites and other cases.
 
  
Contact: [[Alex Biryukov]] and [[Ivan Pustogarov]]
+
Whitebox cryptography is an implementation of a cryptographic algorithms in software, in such a way that an attacker with full access to the software is not able to gain any advantage compared to a black box attacker.
 +
For example, it should not be possible to obtain key information directly from memory, or intermediate results from the cryptographic algorithm. This research focuses on attempting to recover key information by performing side channel analysis (e.g. MIA or similar attacks) on whitebox implementations.
 +
 
 +
Research question: Can you build a toolkit to extract keys from white-box crypto implementations?
 +
 
 +
Expected outcome
 +
 
 +
- state-of-the-art study
 +
 
 +
- implement well-known attacks
 +
 
 +
- research new WBC attack methods
 +
 
 +
- feasibility study
 +
 
 +
- prototype attack code
 +
 
 +
Skills:
 +
 
 +
- SW Reverse Engineering
 +
- Program analysis
 +
- Cryptographic attacks
 +
 
 +
Contact: [[Alex Biryukov]]
 +
 
 +
 
 +
 
 +
 
 +
<!--
 +
'''Evaluation of state-of-the-art side channel techniques on real-life targets'''
 +
 
 +
Research papers suggest many promising techniques for side channel analysis (SCA) ranging from signal filtering to attack metrics. The techniques are often supported only with a limited experimental evidence in weak scenarios. As a security testing lab, Riscure is interested in evaluating the reproducibility, effectiveness, and efficiency of the academic advances in the context of security evaluations of embedded devices and integrated circuits.
 +
 
 +
Examples of the techniques include but are not limited to (to be discussed on individual basis):
 +
 
 +
- algorithms for full key rank estimation in SCA [http://eprint.iacr.org/2012/578, http://eprint.iacr.org/2014/920]
 +
 
 +
- optimal filtering for side channel trace preprocessing [http://cardis.iaik.tugraz.at/proceedings/cardis_2012/CARDIS2012_16.pdf, http://cosade.org/cosade14/presentations/session7_a.pdf]
 +
 
 +
[[Media:Master_topics_sca2014.pdf| Here]] and [[Media:Efficient_key_recovery_sca2014.pdf| here]] are more details.
 +
 
 +
Research questions: is an SCA technique reproducible for one or two real-life targets?
 +
 
 +
Expected outcome:
 +
 
 +
- prototype tool to apply the attack and interpret results
  
 +
- methodology for application of the technique
  
 +
- related literature study
  
* '''Efficient Code Obfuscator'''
+
- master thesis
Code obfuscation is an important research area, which studies our ability to detect similarities between different computer programs and on the other hand our ability to hide such similarity or functionality. Important applications are for the areas of white-box cryptography, malware classification and reverse-engineering, as well as intellectual property rights for software.
 
  
The goal of this project is to produce a code-obfuscation tool that defeats popular graph-based static analysis tools and emulators, while still having reasonable impact on the performance of the underlying program.
+
- preferably a publication
  
Contact: [[Alex Biryukov]] and [[Ralf-Philipp Weinmann]]
+
- familiarity with side channel evaluations of embedded targets
  
  
* '''Anonymity, Privacy and Digital Currencies'''
+
Skills:
This topic deals with anonymity and privacy on the Internet, as well as with digital currencies such as Bitcoin.
+
- basic crypto and embedded security
 +
- statistics and/or signal processing
 +
- scientific programming (Python, MATLAB, Java)
  
 
Contact: [[Alex Biryukov]]
 
Contact: [[Alex Biryukov]]
  
 +
* '''Pebbling games and their applications in cryptography '''
 +
This project is to explore relations between pebbling games, proofs of space, memory-hard functions etc.
 +
This project is for mathematically/algorithmically inclined students.
 +
 +
Contact: [[Alex Biryukov]] and [[Dmitry Khovratovich]] for more details.
 +
 +
'''De-obfuscator toolkit'''
 +
 +
Obfuscation is the deliberate act of making source code or machine code  difficult for humans to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic, in order to prevent tampering and  reverse engineering difficult.  Programs known as obfuscators transform readable code into obfuscated code using various techniques.
 +
 +
Recently an open source obfuscator based on LLVM was released (see @ollvm) and with this new development we believe that obfuscation will become mainstream.  Conversely to what many people believe, good obfuscation is not easy to achieve.
 +
When analyzing security of a software application understanding the complexity of the obfuscator used is of the essence.
 +
 +
Research question: Can you build a tool to remove obfuscation applied by state-of-the-art tools?
 +
 +
Expected outcome
 +
 +
- Toolkit that can be used to de-obfuscate:
 +
 +
- Code flattening
  
 +
- Opaque predicates
  
* '''Side channel analysis and fault attacks on embedded devices'''
+
- Bogus control flow
  
 +
Skills
 +
 +
- SW Reverse Engineering
 +
- Program analysis
 +
- Compiler design
 +
 +
Contact:  [[Ileana Buhan]] and [[Alex Biryukov]]
 
This is an internship project in a Dutch company [http://www.riscure.com/ Riscure].
 
This is an internship project in a Dutch company [http://www.riscure.com/ Riscure].
  
The project will be available starting from November 2013.
 
  
Contact: [[Ilya Kizhvatov]] and [[Alex Biryukov]]
+
* '''Simple Power Analysis of Public-Key Cryptosystems'''
  
 +
The actual security of a cryptographic system depends not only on the cryptanalytic complexity of the underlying algorithm, but also on the quality of its implementation. This became apparent in the late 1990's with the
 +
emergence of [http://en.wikipedia.org/wiki/Side_channel_attack Side-Channel Analysis (SCA)], a special form of cryptanalysis that exploits measurable physical phenomena (e.g. variations in execution time, power consumption, electromagnetic emanation, etc.) of a device executing a cryptographic algorithm to reveal information about the secret key. One of the most practical variants of SCA is Simple Power Analysis (SPA), an attack that requires only one (or a few) power consumption traces of a device to obtain bits of the key. A common countermeasure to thwart SPA attacks is to implement a cryptographic algorithm in a "regular" way such that always exactly the same sequence of instructions is executed, independent of the operands. Even though this countermeasure is  widely used in practice, there exist only few studies that investigate the actual SPA protection such an approach can achieve. The goal of this project is to mount SPA attacks on software implementations of different public-key cryptosystems (e.g. RSA, ECC) executed on an embedded microcontroller and to develop new SPA countermeasures.
  
* '''Cryptanalysis of Lightweight Primitives'''
+
Required skills:
Lightweight cryptography is about design and analysis of cryptographic primitives for constrained devices such as sensor networks, RFID, microcontrollers, etc. This area is very challenging due to physical limitations that are imposed by some hardware devices and usage scenarios: very small memory, very  small footprint, extended battery life and very low power consumption. This topic is currently a very active research area with many new designs available for analysis. The goal of this projects is to cryptanalyse some of the recently proposed primitives.  
+
 
 +
- Basic programming skills in C and ARM assembly language
 +
 
 +
- Interest in software development for embedded microcontrollers
 +
 
 +
- Experience in performing power measurements with an oscilloscope is a plus
 +
 
 +
Contact: [[Alex Biryukov]] and [http://lacs.uni.lu/members/johann_groszschaedl Johann Gro&szlig;sch&auml;dl].
 +
 
 +
* '''Proof-of-Work as Anonymous Micropayment '''
 +
 
 +
This project is to implement Proof-of-Work as a way for micropayment.
 +
This can be done on example of Tor relays providing extended services to clients who mine alt-currencies.
 +
This can be also done for news-websites and other cases. In case of Tor, clients do not pay Tor relays with
 +
electronic cash directly but submit proof of work shares which the relays can either resubmit to a crypto-currency mining pool or become
 +
mining pools by themselves. Relays credit users who submit shares with tickets that can later be used to purchase improved service.
  
Contact: [[Alex Biryukov]]
+
This is a followup project for our work, which is to appear at Financial Crypto 2015 conference.
  
 +
Contact: [[Alex Biryukov]] and [[Ivan Pustogarov]]
  
 
* '''Lightweight Cryptography for Wireless Sensor Networks'''
 
* '''Lightweight Cryptography for Wireless Sensor Networks'''
Line 56: Line 147:
  
 
Contact: [http://lacs.uni.lu/members/johann_groszschaedl Johann Gro&szlig;sch&auml;dl]  
 
Contact: [http://lacs.uni.lu/members/johann_groszschaedl Johann Gro&szlig;sch&auml;dl]  
 +
-->
 +
 +
<!--
 +
* '''Efficient Code Obfuscator'''
 +
Code obfuscation is an important research area, which studies our ability to detect similarities between different computer programs and on the other hand our ability to hide such similarity or functionality. Important applications are for the areas of white-box cryptography, malware classification and reverse-engineering, as well as intellectual property rights for software.
 +
 +
The goal of this project is to produce a code-obfuscation tool that defeats popular graph-based static analysis tools and emulators, while still having reasonable impact on the performance of the underlying program. The starting point would be the [http://o-llvm.org OLLVM] open source obfuscation tool.
 +
 +
Contact: [[Alex Biryukov]] and [[Dmitry Khovratovich]] for more details.
  
 +
 +
* '''White-Box Cryptography'''
 +
 +
the goal of this project is to study and cryptanalyze existing white-box solutions, using well known techniques like structural
 +
cryptanalysis of the SASAS constructions; as well as to try and design alternatives.
 +
 +
Contact: [[Alex Biryukov]] and [[Léo Perrin]] for more details.
 +
 +
 +
* '''Anonymity, Privacy and Digital Currencies'''
 +
This topic deals with anonymity and privacy on the Internet, as well as with digital currencies such as Bitcoin.
 +
 +
Contact: [[Alex Biryukov]]
 +
 +
 +
* '''Cryptanalysis of Lightweight Primitives'''
 +
Lightweight cryptography is about design and analysis of cryptographic primitives for constrained devices such as sensor networks, RFID, microcontrollers, etc. This area is very challenging due to physical limitations that are imposed by some hardware devices and usage scenarios: very small memory, very  small footprint, extended battery life and very low power consumption. This topic is currently a very active research area with many new designs available for analysis. The goal of this projects is to cryptanalyse some of the recently proposed primitives.
 +
 +
Contact: [[Alex Biryukov]]
  
 
* '''Cryptanalysis of the Swiss NEMA Cipher machine'''
 
* '''Cryptanalysis of the Swiss NEMA Cipher machine'''
 
[[Image:rotors.jpg|200px|thumb|left|NEMA rotors]]
 
[[Image:rotors.jpg|200px|thumb|left|NEMA rotors]]
Swiss [http://en.wikipedia.org/wiki/NEMA_machine NEMA] cipher machine is a 10-wheel rotor machine designed by the Swiss Army during World War II as a replacement for their Enigma machines. The design of this machine was declassified in 1992, however no public cryptanalysis better than exhaustive search is currently available.
+
Swiss [http://en.wikipedia.org/wiki/NEMA_machine NEMA] cipher machine is a 10-wheel rotor machine designed by the Swiss Army during World War II as a replacement for their Enigma machines. The design of this machine was declassified in 1992, and we have recently made progress in its cryptanalysis.
  
 
The goal of this project would be to study the mathematical properties of the NEMA encryption algorithm and to find faster ways to cryptanalyse the cipher. Part of the task would be to learn how to distribute the attack algorithm on a parallel cluster or on CUDA machines. Additional task could be to break some of the real-life ciphertexts for the Enigma cipher machine.
 
The goal of this project would be to study the mathematical properties of the NEMA encryption algorithm and to find faster ways to cryptanalyse the cipher. Part of the task would be to learn how to distribute the attack algorithm on a parallel cluster or on CUDA machines. Additional task could be to break some of the real-life ciphertexts for the Enigma cipher machine.
Line 67: Line 186:
  
  
 
+
-->
  
  
 
&mdash;
 
&mdash;

Latest revision as of 15:18, 11 December 2017

Master Project topics for Uni.lu and Erasmus students

We are looking for capable students who would like to do their master/bachelor thesis or a semester project. Below is the list of open topics. Student jobs related to these projects are also available upon request. These projects can be done also in collaboration with external university. Foreign students may look for financial support from Erasmus Mundus programme.


WhiteBox attacks toolkit

Whitebox cryptography is an implementation of a cryptographic algorithms in software, in such a way that an attacker with full access to the software is not able to gain any advantage compared to a black box attacker. For example, it should not be possible to obtain key information directly from memory, or intermediate results from the cryptographic algorithm. This research focuses on attempting to recover key information by performing side channel analysis (e.g. MIA or similar attacks) on whitebox implementations.

Research question: Can you build a toolkit to extract keys from white-box crypto implementations?

Expected outcome

- state-of-the-art study

- implement well-known attacks

- research new WBC attack methods

- feasibility study

- prototype attack code

Skills:

- SW Reverse Engineering - Program analysis - Cryptographic attacks

Contact: Alex Biryukov