Post nr 1
this is a post
The school aims at bringing together Master/PhD students, academics and security experts from industry, focusing on the following specific topics:
Abstract: In this talk we present a methodology to develop secure and privacy-preserving (I)IoT devices taking advantage of open-source hardware (and software). We call our methodology the trusted lifecycle. Our lifecycle consists of seven phases, which form a chain of trust: Threat modeling and risk assessment, Design, Implementation, Evaluation, Installation, Maintenance, Retirement. One original and practical aspect of the lifecycle is that it enables to set security and privacy guarantees that are context-dependent, not only for the developed device (e.g. device uses strong encryption), but also for the lifecycle (e.g., lifecycle protected against supply chain attacks). Another novel bit is that our lifecycle is the first addressing open-source hardware development.
We also provide a precise definition of open-source hardware that captures the different aspects and constraints of open-source hardware development. This definition of open-source hardware is used to build a way to score a device based on how many hardware aspects are open-sourced.
Abstract: Vulnerabilities that are caused by the behavior of the hardware (such as Spectre and Meltdown) are often difficult to reproduce and propose mitigations for due to the closed nature of processor designs. In these sessions, we will present a hands-on introduction to Proteus, an extensible RISC-V processor designed with the specific goal of aiding security research.
Abstract: Vulnerabilities that are caused by the behavior of the hardware (such as Spectre and Meltdown) are often difficult to reproduce and propose mitigations for due to the closed nature of processor designs. In these sessions, we will present a hands-on introduction to Proteus, an extensible RISC-V processor designed with the specific goal of aiding security research.
Abstract: The session delves into advanced methodologies for fault injection testing in pre-silicon hardware designs. It covers techniques to identify vulnerabilities in hardware and explores strategies for
implementing robust defenses against potential attacks using FPGA-based emulation techniques. Participants will gain a thorough understanding of
fault injection risks, their implications, and effective
countermeasures, emphasizing the importance of secure hardware design inthe early stages of development.
Abstract: Open-source Silicon makes mask set comparison an effective method to verify hardware backdoors were not introduced at the manufacturing stage into Integrated-Circuits. The openness of the design translates in the availability of design files such as GDSII files that represent the mask set of a given IC. In that context, comparing them with extracted GDSII files from actual ICs using IC Reverse-Engineering techniques is a very potent way of assessing whether or not a backdoor was introduced into the chip during the manufacturing stage.
As such, this easier testability is a clear improvement compared to Close-Source Silicon devices where finding a golden sample is often an issue.
This talk will present the work performed to make supply chain validation through mask set recovery and comparison viable both in term of price and timing.
After an overview of the physical delayering process, the focus of the talk will be the image processing and data exploitation necessary to reach that goal of efficiency.
As such, picture distortion, tile stitching and layer alignement will be discussed to highlight the difficulties of a task that sounds so simple at first glance. The talk is also designed to show the solutions that were put in place. These are taking advantage of picture distortion correction mechanisms combined with feature extraction techniques using Machine Learning and dedicated pre- and post- processing. As a final note, the talk will conclude on the possibility of making an efficient assessment as well as fully characterizing a found backdoor.
Abstract: Open-source Silicon makes mask set comparison an effective method to verify hardware backdoors were not introduced at the manufacturing stage into Integrated-Circuits. The openness of the design translates in the availability of design files such as GDSII files that represent the mask set of a given IC. In that context, comparing them with extracted GDSII files from actual ICs using IC Reverse-Engineering techniques is a very potent way of assessing whether or not a backdoor was introduced into the chip during the manufacturing stage.
As such, this easier testability is a clear improvement compared to Close-Source Silicon devices where finding a golden sample is often an issue.
This talk will present the work performed to make supply chain validation through mask set recovery and comparison viable both in term of price and timing.
After an overview of the physical delayering process, the focus of the talk will be the image processing and data exploitation necessary to reach that goal of efficiency.
As such, picture distortion, tile stitching and layer alignement will be discussed to highlight the difficulties of a task that sounds so simple at first glance. The talk is also designed to show the solutions that were put in place. These are taking advantage of picture distortion correction mechanisms combined with feature extraction techniques using Machine Learning and dedicated pre- and post- processing. As a final note, the talk will conclude on the possibility of making an efficient assessment as well as fully characterizing a found backdoor.
Abstract: This talk presents BlueToolkit, an open-source framework for automated and large-scale over-the-air security testing of Bluetooth devices. It uses a black-box approach to support reconnaissance, exploit execution, and reporting across 44 known vulnerabilities, covering critical MITM, RCE, DoS, and information leakage. We will demonstrate BlueToolkit and host a practical hands-on session. Bring your Bluetooth devices and test them to see whether they are vulnerable!
Abstract: This talk presents BlueToolkit, an open-source framework for automated and large-scale over-the-air security testing of Bluetooth devices. It uses a black-box approach to support reconnaissance, exploit execution, and reporting across 44 known vulnerabilities, covering critical MITM, RCE, DoS, and information leakage. We will demonstrate BlueToolkit and host a practical hands-on session. Bring your Bluetooth devices and test them to see whether they are vulnerable!
Abstract: ORSHIN’s research addressed multiple advanced facets of embedded-device security—each a substantial domain on its own, and at first glance loosely connected. In this talk, we’ll traverse these areas and demonstrate how they integrate within a real-world use case: the partially open-source secure element chip TROPIC01. Along the way, we’ll highlight both the advantages and the hurdles of translating ORSHIN’s academic findings into industrial practice.
Prof. at KU Leuven, Scientific Lead of the ORSHIN project
Topic: Hardware masking as countermeasure against side-channel attacks
KU Leuven
Topic: Extending processors for stronger security
Prof. at EURECOM
Topic: Phase Side Channels
Founder and CTO at Texplained
Topic: Reverse Engineering based OSH supply chain verification
CTO and co-founder at Tropic Square
Topic: Application of ORSHIN research results in industry context
Security researcher at Tropic Square
Topic: Secure Channel implementation
Researcher at Security Pattern
Topic: Trusted Lifecycle TLC and the definition of open source hardware
PhD student at EURECOM
Topic: Bluetooth Security
Researcher at NXP
Topic: Pre-Silicon Fault Injection Testing and Defenses
Registration for the ORSHIN summer school is open. The registration fee is 230 EUR
until 7 May 2025. From 8 May 2025 the fee will be 330 EUR. The registration includes all lectures, the welcome reception, lunches, the banquet dinner, coffee breaks and refreshments. The registration fee does not include travel and accommodation, these need to be booked separately.
The summer school will take place at Porto Platanias 5*, Crete
Participants of the summer school can benefit from a special rate in both of the indicated hotels. Please note that accommodation is not included in the registration fee for the summer school.
Porto Platanias Village Resort
Double room for single use with pool or garden view, with the NET daily rate of 145,00 EUR incl. breakfast
Double/Twin room with pool or garden view, with the NET daily rate of 155,00 EUR incl. breakfast
Triple room with pool or garden view, with the NET daily rate of 210,00 EUR incl. breakfast
Half board supplement: 26,00 euro per person, per day
Porto Platanias Beach Resort & Spa
Double room for single use with pool or garden view, with the NET daily rate of 175,00 EUR incl. breakfast
Double/Twin room with pool or garden view, with the NET daily rate of 185,00 EUR incl. breakfast
Triple room with pool or garden view, with the NET daily rate of 255,00 EUR incl. breakfast
We have blocked 50 rooms for summer school participants:
10 Doubles: 185,00€ per room, per day, at Porto Platanias Beach Resort on Bed & Breakfast basis
40 Doubles: 155,00€ per room , per day, at Porto Platanias Village Resort on Bed & Breakfast basis
Notes:
7 Sep - 10 Sep 2025
Porto Platanias Beach Resort & Spa,
GR-73014 Chania – Crete, Hellas
Resort:
Mail: info@portoplatanias.gr
Event Info:
Péla Noé
Mail : pela.noe@esat.kuleuven.be
Students who seek financial assistance (i.e. a registration fee waiver of a stipend, or more) please write to pela.noe@esat.kuleuven.be with the subject line “ORSHIN summer school stipend request” before 28 April 2025 (and preferably as soon as possible). Please include in your email a short motivating paragraph specifying your school and advisor (if any). Please also ask your advisor to write us an email in support (one email can pertain to multiple students).
In all cases, please await a response before registering yourself (this saves us some trouble). If you ask for assistance, you will not be assessed a late fee if we respond too late for you to make the early registration deadline. Students who receive assistance should be prepared to show a student ID or other proof of affiliation at the registration desk.
The closest airport to Porto Platanias Beach Resort & Spa Chania airport.
Porto Platanias Beach Resort & Spa, GR-73014 Chania – Crete, Hellas
Péla Noé Mail : pela.noe@esat.kuleuven.be
Transfer
We advise to contact one of these two companies to arrange transport from the airport to the conference venue:
Kyriakakis Travel
+30 28210 27700
kyrtravel@kyriakakis.gr
Star Crete Transfers:
https://starcretetransfers.gr/
Reservation Department Transfer
+30 6955851783
chaniataxitransfer@gmail.com
Public transportation
You can view the public bus time tables from Chania airport to Chania City Center and from Chania City Center to the hotel here:
https://www.e-ktel.com/en/services/dromologia
Do check the timetables closer to the date of the workshop, as they will be updated in the next few months.
In order to find the timetables for the bus, you need to select the starting point and then choose Platanias.
Normally, during the summer, the bus comes every half hour.
Open-source ReSilient Hardware and software for Internet of thiNgs
The open-source initiative represents a significant shift in the industry, providing the opportunity to share knowledge between industry and research and enabling rapid time-to-market for solutions, but there is still much room for improvement – particularly with a view to cyber security. Therefore, the ORSHIN project team stepped together to develop a new approach that will improve cyber security, manage the entire lifecycle of trustworthy network and create a secure infrastructure for connected devices. To meet this challenge ORSHIN works on building a trusted open-source hardware and software that will significantly reduce the risks associated with IoT devices – from design to its retirement, as a chain of trust called the trusted lifecycle.
The ORSHIN project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No. 101070008.