ORSHIN Summer School

on Open-source ReSilient Hardware and software for Internet of thiNgs
7th – 10th September 2025 Crete, Greece
0 Days
0 Hours
0 Minutes
0 Seconds
Summer School on Open-source ReSilient Hardware and software for Internet of thiNgs

Where Visionaries Meet and Ideas Thrive

The school aims at bringing together Master/PhD students, academics and security experts from industry, focusing on the following specific topics:

 

  • Secure life cycle management of open source hardware
  • Open source hardware with formally verifiable security guarantees
  • Efficient firmware and hardware audits
  • Secure and privacy preserving cryptographic protocols
Program

Tentative Event Schedule

habour of Chania, Crete, Greece

DAY 1

Sep 7, 2025
19:00 - 21:00

Welcome reception

DAY 2

Sep 8, 2025
08:50 – 09:00

Welcome and opening

Benedikt Gierlichs
09:00 – 10:30

Methodology for the trusted life cycle of Open-Source HW

Maria Chiara Molteni

Abstract: In this talk we present a methodology to develop secure and privacy-preserving (I)IoT devices taking advantage of open-source hardware (and software). We call our methodology the trusted lifecycle. Our lifecycle consists of seven phases, which form a chain of trust: Threat modeling and risk assessment, Design, Implementation, Evaluation, Installation, Maintenance, Retirement. One original and practical aspect of the lifecycle is that it enables to set security and privacy guarantees that are context-dependent, not only for the developed device (e.g. device uses strong encryption), but also for the lifecycle (e.g., lifecycle protected against supply chain attacks). Another novel bit is that our lifecycle is the first addressing open-source hardware development. 

We also provide a precise definition of open-source hardware that captures the different aspects and constraints of open-source hardware development. This definition of open-source hardware is used to build a way to score a device based on how many hardware aspects are open-sourced.

10:30 - 11:00

Coffee break

11:00 – 12:30

Phase Side Channels

Aurélien Francillon
12:30 – 14:00

Lunch break

14:00 – 15:30

Hardware masking against side-channel attacks

Benedikt Gierlichs
15:30 – 16:00

Coffee break

16:00 – 17:30

Proteus: A RISC-V CPU for Security Research (Part 1)

Marton Bognar

Abstract: Vulnerabilities that are caused by the behavior of the hardware (such as Spectre and Meltdown) are often difficult to reproduce and propose mitigations for due to the closed nature of processor designs. In these sessions, we will present a hands-on introduction to Proteus, an extensible RISC-V processor designed with the specific goal of aiding security research.

19:00

Banquet dinner

DAY 3

Sep 9, 2025
09:00 – 10:30

Proteus: A RISC-V CPU for Security Research (Part 2)

Marton Bognar

Abstract: Vulnerabilities that are caused by the behavior of the hardware (such as Spectre and Meltdown) are often difficult to reproduce and propose mitigations for due to the closed nature of processor designs. In these sessions, we will present a hands-on introduction to Proteus, an extensible RISC-V processor designed with the specific goal of aiding security research.

10:30 - 11:00

Coffee break

11:00 – 12:30

Pre-Silicon Fault Injection Testing and Defenses

Volodymyr Bezsmertnyi

Abstract: The session delves into advanced methodologies for fault injection testing in pre-silicon hardware designs. It covers techniques to identify vulnerabilities in hardware and explores strategies for
implementing robust defenses against potential attacks using FPGA-based emulation techniques. Participants will gain a thorough understanding of
fault injection risks, their implications, and effective
countermeasures, emphasizing the importance of secure hardware design inthe early stages of development.

12:30 – 14:00

Lunch break

14:00 – 15:30

Reverse Engineering based OSH supply chain verification (Part 1)

Olivier Thomas

Abstract: Open-source Silicon makes mask set comparison an effective method to verify hardware backdoors were not introduced at the manufacturing stage into Integrated-Circuits. The openness of the design translates in the availability of design files such as GDSII files that represent the mask set of a given IC. In that context, comparing them with extracted GDSII files from actual ICs using IC Reverse-Engineering techniques is a very potent way of assessing whether or not a backdoor was introduced into the chip during the manufacturing stage.

 

As such, this easier testability is a clear improvement compared to Close-Source Silicon devices where finding a golden sample is often an issue.

 

This talk will present the work performed to make supply chain validation through mask set recovery and comparison viable both in term of price and timing.

 

After an overview of the physical delayering process, the focus of the talk will be the image processing and data exploitation necessary to reach that goal of efficiency.

 

As such, picture distortion, tile stitching and layer alignement will be discussed to highlight the difficulties of a task that sounds so simple at first glance. The talk is also designed to show the solutions that were put in place. These are taking advantage of picture distortion correction mechanisms combined with feature extraction techniques using Machine Learning and dedicated pre- and post- processing. As a final note, the talk will conclude on the possibility of making an efficient assessment as well as fully characterizing a found backdoor.

15:30 – 16:00

Coffee break

16:00 – 17:30

Reverse Engineering based OSH supply chain verification (Part 2)

Olivier Thomas

Abstract: Open-source Silicon makes mask set comparison an effective method to verify hardware backdoors were not introduced at the manufacturing stage into Integrated-Circuits. The openness of the design translates in the availability of design files such as GDSII files that represent the mask set of a given IC. In that context, comparing them with extracted GDSII files from actual ICs using IC Reverse-Engineering techniques is a very potent way of assessing whether or not a backdoor was introduced into the chip during the manufacturing stage.

 

As such, this easier testability is a clear improvement compared to Close-Source Silicon devices where finding a golden sample is often an issue.

 

This talk will present the work performed to make supply chain validation through mask set recovery and comparison viable both in term of price and timing.

 

After an overview of the physical delayering process, the focus of the talk will be the image processing and data exploitation necessary to reach that goal of efficiency.

 

As such, picture distortion, tile stitching and layer alignement will be discussed to highlight the difficulties of a task that sounds so simple at first glance. The talk is also designed to show the solutions that were put in place. These are taking advantage of picture distortion correction mechanisms combined with feature extraction techniques using Machine Learning and dedicated pre- and post- processing. As a final note, the talk will conclude on the possibility of making an efficient assessment as well as fully characterizing a found backdoor.

DAY 4

Sep 10, 2025
09:00 – 10:30

Diving into Bluetooth security testing (Part 1)

Tommaso Sacchetti

Abstract: This talk presents BlueToolkit, an open-source framework for automated and large-scale over-the-air security testing of Bluetooth devices. It uses a black-box approach to support reconnaissance, exploit execution, and reporting across 44 known vulnerabilities, covering critical MITM, RCE, DoS, and information leakage. We will demonstrate BlueToolkit and host a practical hands-on session. Bring your Bluetooth devices and test them to see whether they are vulnerable!

10:30 - 11:00

Coffee break

11:00 – 12:30

Diving into Bluetooth security testing (Part 2)

Tommaso Sacchetti

Abstract: This talk presents BlueToolkit, an open-source framework for automated and large-scale over-the-air security testing of Bluetooth devices. It uses a black-box approach to support reconnaissance, exploit execution, and reporting across 44 known vulnerabilities, covering critical MITM, RCE, DoS, and information leakage. We will demonstrate BlueToolkit and host a practical hands-on session. Bring your Bluetooth devices and test them to see whether they are vulnerable!

12:30 – 14:00

Lunch break

14:00 – 15:30

TROPIC01: Open-source secure element hands-on

Stanislav Jerabek
15:30 – 17:00

Application of ORSHIN research results in industry context

Jan Pleskac

Abstract: ORSHIN’s research addressed multiple advanced facets of embedded-device security—each a substantial domain on its own, and at first glance loosely connected. In this talk, we’ll traverse these areas and demonstrate how they integrate within a real-world use case: the partially open-source secure element chip TROPIC01. Along the way, we’ll highlight both the advantages and the hurdles of translating ORSHIN’s academic findings into industrial practice.

Boat in picturesque old port of Chania, Crete island. Greece

Speakers

Dr. Benedikt
Gierlichs

Speaker

Prof. at KU Leuven, Scientific Lead of the ORSHIN project

Topic: Hardware masking as countermeasure against side-channel attacks

Marton
Bognar

Speaker

KU Leuven

Topic: Extending processors for stronger security

Aurélien
Francillon

Speaker

Prof. at EURECOM

Topic: Phase Side Channels

Olivier
Thomas

Speaker

Founder and CTO at Texplained

Topic: Reverse Engineering based OSH supply chain verification

Jan
Pleskac

Speaker

CTO and co-founder at Tropic Square

Topic: Application of ORSHIN research results in industry context

Stanislav
Jerabek

Speaker

Security researcher at Tropic Square

Topic: Secure Channel implementation

Maria Chiara
Molteni

Speaker

Researcher at Security Pattern

Topic: Trusted Lifecycle TLC and the definition of open source hardware

Tommaso
Sacchetti

Speaker

PhD student at EURECOM

Topic: Bluetooth Security

Volodymyr
Bezsmertnyi

Speaker

Researcher at NXP

Topic: Pre-Silicon Fault Injection Testing and Defenses​

Register Now and Shape the Future of Secure Open-Source Hardware

Registration for the ORSHIN summer school is open. The registration fee is 230 EUR
until 7 May 2025. From 8 May 2025 the fee will be 330 EUR. The registration includes all lectures, the welcome reception, lunches, the banquet dinner, coffee breaks and refreshments. The registration fee does not include travel and accommodation, these need to be booked separately.

Venue

The summer school will take place at Porto Platanias 5*, Crete
Participants of the summer school can benefit from a special rate in both of the indicated hotels. Please note that accommodation is not included in the registration fee for the summer school.

Porto Platanias Village Resort
Double room for single use with pool or garden view, with the NET daily rate of 145,00 EUR incl. breakfast
Double/Twin room with pool or garden view, with the NET daily rate of 155,00 EUR incl. breakfast
Triple room with pool or garden view, with the NET daily rate of 210,00 EUR incl. breakfast

Half board supplement: 26,00 euro per person, per day

Porto Platanias Beach Resort & Spa
Double room for single use with pool or garden view, with the NET daily rate of 175,00 EUR incl. breakfast
Double/Twin room with pool or garden view, with the NET daily rate of 185,00 EUR incl. breakfast
Triple room with pool or garden view, with the NET daily rate of 255,00 EUR incl. breakfast

We have blocked 50 rooms for summer school participants:
10 Doubles: 185,00€ per room, per day, at Porto Platanias Beach Resort on Bed & Breakfast basis
40 Doubles: 155,00€ per room , per day, at Porto Platanias Village Resort on Bed & Breakfast basis

Notes:

  • The above rates include all taxes & services.
  • The Climate crisis resilience fee 15€ per room, per day is not included.
  • Taxes are subject to change without prior notice.
  • Check in time 14:00 
  • Check out time 12:00
  • When you as participant want to book a room, please mention that you will take part in the  ‘ORSHIN summer school’.
  • Rooms are kept until 30th April 2025.
  • Please book your room by sending an email to
    reservations@portoplatanias.gr mentioning “ORSHIN summer school“.
    Please specify: check-in date, check-out date, type of room, number of guests.

Event Information

Date

7 Sep - 10 Sep 2025

Event Location

Porto Platanias Beach Resort & Spa,
GR-73014 Chania – Crete, Hellas

Contact Info

Resort:
Mail: info@portoplatanias.gr

Event Info: Péla Noé
Mail : pela.noe@esat.kuleuven.be

Stipends

Students who seek financial assistance (i.e. a registration fee waiver of a stipend, or more) please write to pela.noe@esat.kuleuven.be with the subject line “ORSHIN summer school stipend request” before 28 April 2025 (and preferably as soon as possible). Please include in your email a short motivating paragraph specifying your school and advisor (if any). Please also ask your advisor to write us an email in support (one email can pertain to multiple students).

In all cases, please await a response before registering yourself (this saves us some trouble). If you ask for assistance, you will not be assessed a late fee if we respond too late for you to make the early registration deadline. Students who receive assistance should be prepared to show a student ID or other proof of affiliation at the registration desk.

Travel

Travel & Transfer

The closest airport to Porto Platanias Beach Resort & Spa Chania airport.

Workshop Venue

Porto Platanias Beach Resort & Spa, GR-73014 Chania – Crete, Hellas

Contact info

Péla Noé

Mail : pela.noe@esat.kuleuven.be

Transfer

We advise to contact one of these two companies to arrange transport from the airport to the conference venue:

Kyriakakis Travel
+30 28210 27700
kyrtravel@kyriakakis.gr

Star Crete Transfers:
https://starcretetransfers.gr/
Reservation Department Transfer
+30 6955851783
chaniataxitransfer@gmail.com

Public transportation

You can view the public bus time tables from Chania airport to Chania City Center and from Chania City Center to the hotel here:

https://www.e-ktel.com/en/services/dromologia

Do check the timetables closer to the date of the workshop, as they will be updated in the next few months.

In order to find the timetables for the bus, you need to select the starting point and then choose Platanias.

Normally, during the summer, the bus comes every half hour.

Open-source ReSilient Hardware and software for Internet of thiNgs

The open-source initiative represents a significant shift in the industry, providing the opportunity to share knowledge between industry and research and enabling rapid time-to-market for solutions, but there is still much room for improvement – particularly with a view to cyber security. Therefore, the ORSHIN project team stepped together to develop a new approach that will improve cyber security, manage the entire lifecycle of trustworthy network and create a secure infrastructure for connected devices. To meet this challenge ORSHIN works on building a trusted open-source hardware and software that will significantly reduce the risks associated with IoT devices – from design to its retirement, as a chain of trust called the trusted lifecycle.

News

News will be shown here as soon as it is published. 

The ORSHIN project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No. 101070008.