Post nr 1
this is a post
ORSHIN Summer School
on Open-source ReSilient Hardware and software for Internet of thiNgs
7th – 10th September 2025
Crete, Greece
0 Days
0 Hours
0 Minutes
0 Seconds
Summer School on Open-source ReSilient Hardware and software for Internet of thiNgs
Where Visionaries Meet and Ideas Thrive
The school aims at bringing together Master/PhD students, academics and security experts from industry, focusing on the following specific topics:
- Secure life cycle management of open source hardware
- Open source hardware with formally verifiable security guarantees
- Efficient firmware and hardware audits
- Secure and privacy preserving cryptographic protocols
DAY 1
Sep 7, 2025
19:00 - 21:00
Welcome reception
DAY 2
Sep 8, 2025
08:50 – 09:00
Welcome and opening
Benedikt Gierlichs
09:00 – 10:30
Methodology for the trusted life cycle of Open-Source HW
Maria Chiara Molteni
Abstract
Abstract: In this talk we present a methodology to develop secure and privacy-preserving (I)IoT devices taking advantage of open-source hardware (and software). We call our methodology the trusted lifecycle. Our lifecycle consists of seven phases, which form a chain of trust: Threat modeling and risk assessment, Design, Implementation, Evaluation, Installation, Maintenance, Retirement. One original and practical aspect of the lifecycle is that it enables to set security and privacy guarantees that are context-dependent, not only for the developed device (e.g. device uses strong encryption), but also for the lifecycle (e.g., lifecycle protected against supply chain attacks). Another novel bit is that our lifecycle is the first addressing open-source hardware development.
We also provide a precise definition of open-source hardware that captures the different aspects and constraints of open-source hardware development. This definition of open-source hardware is used to build a way to score a device based on how many hardware aspects are open-sourced.
10:30 - 11:00
Coffee break
11:00 – 12:30
Phase Side Channels
Aurélien Francillon
12:30 – 14:00
Lunch break
14:00 – 15:30
Hardware masking against side-channel attacks
Benedikt Gierlichs
15:30 – 16:00
Coffee break
16:00 – 17:30
Proteus: A RISC-V CPU for Security Research (Part 1)
Marton Bognar
Abstract
Abstract: Vulnerabilities that are caused by the behavior of the hardware (such as Spectre and Meltdown) are often difficult to reproduce and propose mitigations for due to the closed nature of processor designs. In these sessions, we will present a hands-on introduction to Proteus, an extensible RISC-V processor designed with the specific goal of aiding security research.
19:00
Banquet dinner
DAY 3
Sep 9, 2025
09:00 – 10:30
Proteus: A RISC-V CPU for Security Research (Part 2)
Marton Bognar
Abstract
Abstract: Vulnerabilities that are caused by the behavior of the hardware (such as Spectre and Meltdown) are often difficult to reproduce and propose mitigations for due to the closed nature of processor designs. In these sessions, we will present a hands-on introduction to Proteus, an extensible RISC-V processor designed with the specific goal of aiding security research.
10:30 - 11:00
Coffee break
11:00 – 12:30
Pre-Silicon Fault Injection Testing and Defenses
Volodymyr
Bezsmertnyi
Abstract
Abstract: The session delves into advanced methodologies for fault injection testing in pre-silicon hardware designs. It covers techniques to identify vulnerabilities in hardware and explores strategies for
implementing robust defenses against potential attacks using FPGA-based emulation techniques. Participants will gain a thorough understanding of
fault injection risks, their implications, and effective
countermeasures, emphasizing the importance of secure hardware design inthe early stages of development.
12:30 – 14:00
Lunch break
14:00 – 15:30
Reverse Engineering based OSH supply chain verification (Part 1)
Olivier Thomas
Abstract
Abstract: Open-source Silicon makes mask set comparison an effective method to verify hardware backdoors were not introduced at the manufacturing stage into Integrated-Circuits. The openness of the design translates in the availability of design files such as GDSII files that represent the mask set of a given IC. In that context, comparing them with extracted GDSII files from actual ICs using IC Reverse-Engineering techniques is a very potent way of assessing whether or not a backdoor was introduced into the chip during the manufacturing stage.
As such, this easier testability is a clear improvement compared to Close-Source Silicon devices where finding a golden sample is often an issue.
This talk will present the work performed to make supply chain validation through mask set recovery and comparison viable both in term of price and timing.
After an overview of the physical delayering process, the focus of the talk will be the image processing and data exploitation necessary to reach that goal of efficiency.
As such, picture distortion, tile stitching and layer alignement will be discussed to highlight the difficulties of a task that sounds so simple at first glance. The talk is also designed to show the solutions that were put in place. These are taking advantage of picture distortion correction mechanisms combined with feature extraction techniques using Machine Learning and dedicated pre- and post- processing. As a final note, the talk will conclude on the possibility of making an efficient assessment as well as fully characterizing a found backdoor.
15:30 – 16:00
Coffee break
16:00 – 17:30
Reverse Engineering based OSH supply chain verification (Part 2)
Olivier Thomas
Abstract
Abstract: Open-source Silicon makes mask set comparison an effective method to verify hardware backdoors were not introduced at the manufacturing stage into Integrated-Circuits. The openness of the design translates in the availability of design files such as GDSII files that represent the mask set of a given IC. In that context, comparing them with extracted GDSII files from actual ICs using IC Reverse-Engineering techniques is a very potent way of assessing whether or not a backdoor was introduced into the chip during the manufacturing stage.
As such, this easier testability is a clear improvement compared to Close-Source Silicon devices where finding a golden sample is often an issue.
This talk will present the work performed to make supply chain validation through mask set recovery and comparison viable both in term of price and timing.
After an overview of the physical delayering process, the focus of the talk will be the image processing and data exploitation necessary to reach that goal of efficiency.
As such, picture distortion, tile stitching and layer alignement will be discussed to highlight the difficulties of a task that sounds so simple at first glance. The talk is also designed to show the solutions that were put in place. These are taking advantage of picture distortion correction mechanisms combined with feature extraction techniques using Machine Learning and dedicated pre- and post- processing. As a final note, the talk will conclude on the possibility of making an efficient assessment as well as fully characterizing a found backdoor.
DAY 4
Sep 10, 2025
09:00 – 10:30
Diving into Bluetooth security testing (Part 1)
Tommaso Sacchetti
Abstract
Abstract: This talk presents BlueToolkit, an open-source framework for automated and large-scale over-the-air security testing of Bluetooth devices. It uses a black-box approach to support reconnaissance, exploit execution, and reporting across 44 known vulnerabilities, covering critical MITM, RCE, DoS, and information leakage. We will demonstrate BlueToolkit and host a practical hands-on session. Bring your Bluetooth devices and test them to see whether they are vulnerable!
10:30 - 11:00
Coffee break
11:00 – 12:30
Diving into Bluetooth security testing (Part 2)
Tommaso Sacchetti
Abstract
Abstract: This talk presents BlueToolkit, an open-source framework for automated and large-scale over-the-air security testing of Bluetooth devices. It uses a black-box approach to support reconnaissance, exploit execution, and reporting across 44 known vulnerabilities, covering critical MITM, RCE, DoS, and information leakage. We will demonstrate BlueToolkit and host a practical hands-on session. Bring your Bluetooth devices and test them to see whether they are vulnerable!
12:30 – 14:00
Lunch break
14:00 – 15:30
TROPIC01: Open-source secure element hands-on
Stanislav Jerabek
15:30 – 17:00
Application of ORSHIN research results in industry context
Jan Pleskac
Abstract
Abstract: ORSHIN’s research addressed multiple advanced facets of embedded-device security—each a substantial domain on its own, and at first glance loosely connected. In this talk, we’ll traverse these areas and demonstrate how they integrate within a real-world use case: the partially open-source secure element chip TROPIC01. Along the way, we’ll highlight both the advantages and the hurdles of translating ORSHIN’s academic findings into industrial practice.
Speakers
- Home
- Speakers
Dr. Benedikt
Gierlichs
Speaker
Prof. at KU Leuven, Scientific Lead of the ORSHIN project
Topic: Hardware masking as countermeasure against side-channel attacks
Marton
Bognar
Speaker
KU Leuven
Topic: Extending processors for stronger security
Aurélien
Francillon
Speaker
Prof. at EURECOM
Topic: Phase Side Channels
Olivier
Thomas
Speaker
Founder and CTO at Texplained
Topic: Reverse Engineering based OSH supply chain verification
Jan
Pleskac
Speaker
CTO and co-founder at Tropic Square
Topic: Application of ORSHIN research results in industry context
Stanislav
Jerabek
Speaker
Security researcher at Tropic Square
Topic: Secure Channel implementation
Maria Chiara
Molteni
Speaker
Researcher at Security Pattern
Topic: Trusted Lifecycle TLC and the definition of open source hardware
Tommaso
Sacchetti
Speaker
PhD student at EURECOM
Topic: Bluetooth Security
Volodymyr
Bezsmertnyi
Speaker
Researcher at NXP
Topic: Pre-Silicon Fault Injection Testing and Defenses
Register Now and Shape the Future of Secure Open-Source Hardware
Registration for the ORSHIN summer school is open. The registration fee is 230 EUR
until 7 May 2025. From 8 May 2025 the fee will be 330 EUR. The registration includes all lectures, the welcome reception, lunches, the banquet dinner, coffee breaks and refreshments. The registration fee does not include travel and accommodation, these need to be booked separately.
Venue
- Home
- Venue
The summer school will take place at Porto Platanias 5*, Crete
Participants of the summer school can benefit from a special rate in both of the indicated hotels. Please note that accommodation is not included in the registration fee for the summer school.
Porto Platanias Village Resort
Double room for single use with pool or garden view, with the NET daily rate of 145,00 EUR incl. breakfast
Double/Twin room with pool or garden view, with the NET daily rate of 155,00 EUR incl. breakfast
Triple room with pool or garden view, with the NET daily rate of 210,00 EUR incl. breakfast
Half board supplement: 26,00 euro per person, per day
Porto Platanias Beach Resort & Spa
Double room for single use with pool or garden view, with the NET daily rate of 175,00 EUR incl. breakfast
Double/Twin room with pool or garden view, with the NET daily rate of 185,00 EUR incl. breakfast
Triple room with pool or garden view, with the NET daily rate of 255,00 EUR incl. breakfast
We have blocked 50 rooms for summer school participants:
10 Doubles: 185,00€ per room, per day, at Porto Platanias Beach Resort on Bed & Breakfast basis
40 Doubles: 155,00€ per room , per day, at Porto Platanias Village Resort on Bed & Breakfast basis
Notes:
- The above rates include all taxes & services.
- The Climate crisis resilience fee 15€ per room, per day is not included.
- Taxes are subject to change without prior notice.
- Check in time 14:00
- Check out time 12:00
- When you as participant want to book a room, please mention that you will take part in the ‘ORSHIN summer school’.
- Rooms are kept until 30th April 2025.
- Please book your room by sending an email to
reservations@portoplatanias.gr mentioning “ORSHIN summer school“.
Please specify: check-in date, check-out date, type of room, number of guests.
Event Information
Date
7 Sep - 10 Sep 2025
Event Location
Porto Platanias Beach Resort & Spa,
GR-73014 Chania – Crete, Hellas
Contact Info
Resort:
Mail: info@portoplatanias.gr
Event Info:
Péla Noé
Mail : pela.noe@esat.kuleuven.be
Stipends
- Home
- Stipends
Students who seek financial assistance (i.e. a registration fee waiver of a stipend, or more) please write to pela.noe@esat.kuleuven.be with the subject line “ORSHIN summer school stipend request” before 28 April 2025 (and preferably as soon as possible). Please include in your email a short motivating paragraph specifying your school and advisor (if any). Please also ask your advisor to write us an email in support (one email can pertain to multiple students).
In all cases, please await a response before registering yourself (this saves us some trouble). If you ask for assistance, you will not be assessed a late fee if we respond too late for you to make the early registration deadline. Students who receive assistance should be prepared to show a student ID or other proof of affiliation at the registration desk.
Travel
Travel & Transfer
The closest airport to Porto Platanias Beach Resort & Spa Chania airport.
Workshop Venue
Porto Platanias Beach Resort & Spa, GR-73014 Chania – Crete, Hellas
Contact info
Péla Noé Mail : pela.noe@esat.kuleuven.be
Transfer
We advise to contact one of these two companies to arrange transport from the airport to the conference venue:
Kyriakakis Travel
+30 28210 27700
kyrtravel@kyriakakis.gr
Star Crete Transfers:
https://starcretetransfers.gr/
Reservation Department Transfer
+30 6955851783
chaniataxitransfer@gmail.com
Public transportation
You can view the public bus time tables from Chania airport to Chania City Center and from Chania City Center to the hotel here:
https://www.e-ktel.com/en/services/dromologia
Do check the timetables closer to the date of the workshop, as they will be updated in the next few months.
In order to find the timetables for the bus, you need to select the starting point and then choose Platanias.
Normally, during the summer, the bus comes every half hour.
Open-source ReSilient Hardware and software for Internet of thiNgs
The open-source initiative represents a significant shift in the industry, providing the opportunity to share knowledge between industry and research and enabling rapid time-to-market for solutions, but there is still much room for improvement – particularly with a view to cyber security. Therefore, the ORSHIN project team stepped together to develop a new approach that will improve cyber security, manage the entire lifecycle of trustworthy network and create a secure infrastructure for connected devices. To meet this challenge ORSHIN works on building a trusted open-source hardware and software that will significantly reduce the risks associated with IoT devices – from design to its retirement, as a chain of trust called the trusted lifecycle.
The ORSHIN project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No. 101070008.
