NORWEGIAN UNIVERSITY OF SCIENCE & TECHNOLOGY - NTNU

Postdoctoral Researcher Position in Hardware-near Reverse Engineering with Application in Security

Location
Gjøvik, Norway
Posted
17 Dec 2020
End of advertisement period
31 Jan 2021
Ref
197829
Contract Type
Temporary
Hours
Full Time

About the position

At the Department of Information Security and Communication Technology (IIK) we have a vacancy for a postdoctoral researcher in Hardware-near Reverse Engineering with application in Security. 

The position's working place is NTNU campus in Gjøvik. You will report to the Head of the Department.

Duties of the position

The appointment is for 2 years. 

Microprocessors and embedded micro controllers are found in more and more consumer electronics (mobile phones, tablets, household appliances, etc) and industrial components (PLC, …). Small devices with the ability to compute and communicate is the driving force behind IoT. In order to increase the knowledge of the security and resilience of such devices, one needs to provide knowledge on how these devices are vulnerable and identifying relevant attack vectors. A powerful method for doing this is reverse engineering. This is the same methods used by the adversary, when a new device is available on the market. 

The attackers reverse engineer both hardware (HW) and software (SW) of a product to find out how it actually works, as soon as a new product is released.  Many security measures are not based upon actual evaluation of the product, but rely upon how the product was designed or intended to work. This gap between intended security and actual security poses a huge risk, that can be reduced with an experimental security evaluation approach.

There is already a Malware Lab established at NTNU, with focus on reverse engineering of software (i.e malicious software). It is well known that looking at SW alone only paints part of the picture. Extending the lab to include HW is therefore a natural way to go. Exploiting unintended information leakage from HW (i.e. side channel attacks) or attacking the HW (e.g. HW trojans or fault injection) are well known attack vectors that should be included in a comprehensive evaluation of a system or components security.

The position will be addressing research challenges related to HW-near challenges of IoT devices such as side channel attacks, HW trojans and tamper resistance. The position will be central in NORCICS project 3.3.2, building a reverse engineering lab at NTNU. 

The objective of this project is to establish a reverse engineering lab at NTNU as a national arena for knowledge development, research, innovation and education. This will contribute towards improving the cybersecurity and resilience of the entire value chain in our digital society.

The Reverse Engineering lab will serve as a hub and will in collaboration with partners and national/international experts to facilitate activities such as:

  • Establishing a physical reversing lab for research, testing and training
  • Develop a Reverse Engineering course available through EVU
  • Develop workshop/seminar series on specific topics, available for partners 
  • Establish NTNU Reverse Engineering Forum, an annual meeting place for the community

The research will be carried out under guidance of Associate Professor Geir Olav Dyrkolbotn as the project leader of NORCICS research project 3.2.2 and leader of NTNU Malware lab. This is a close collaboration between the CCIS Digital Forensic Group and CCIS Cyber Defence Group.

We are looking for expertise in the overlap between Electrical Engineering, Computer Science and Information Security.

Depending on the skills of the candidate, different aspects may be emphasized, e.g. by focusing on:

  • Power and electromagnetic side channels
  • Hardware trojans
  • Invasive and non-invasive attacks
  • Passive and active attacks

A comprehensive understanding of all parts of the analysis chain is an advantage, including:   

  • Invasive and non-invasive preparation of test objects
  • Data capture (sensor knowledge), e.g. antenna and electronics theory
  • Signal processing (analogue and digital)
  • Machine learning
  • Computer technology at Microprocessor/controllers level

The position is part of SFI NORCICS, the new 8-year research-based innovation Norwegian Center for Cybersecurity in Critical Sectors. These sectors include electricity production and distribution, oil & gas production and distribution, manufacturing, healthcare, industrial production, smart districts. NORCICS follows a holistic, comprehensive and systemic approach addressing people, processes and technology to protect critical sectors throughout the cybersecurity core functions (identify, protect, detect, respond, recover). NORCICS has partners from academia, research, the public sector and the industry. For more information about NORCICS see www.ntnu.edu/norcics

Required selection criteria

A postdoctoral research fellowship is a qualification position in which the main objective is qualification for work in academic positions. You must have completed a Norwegian doctoral degree in Electrical Engineering, Computer Science, Computer Engineering, Information Security or similar or corresponding foreign doctoral degree recognized as equivalent to a Norwegian doctoral degree. 

If, for any reason, you have taken a career break or have had an atypical career and wish to disclose this in your application, the selection committee will take this into account, recognizing that the quantity of your research may be reduced as a result.

PhD candidate:

The appointment is to be made in accordance with the regulations in force concerning State Employees and Civil Servants and national guidelines for appointment as PhD, post doctor and research assistant.

  • Academic background as listed above 
  • Excellent English language skills (written and oral)
  • Ability to obtain Norwegian Defense Security clearance is an advantage

Preferred selection criteria

  • Knowledge and skills in Electrical Engineering and Computer Science
  • Knowledge and skills in Information Security
  • Experience with side channel attacks
  • Experience with HW trojans
  • Experience with EMC labs
  • Experience with software defined radio
  • Excellent practical hands-on skills preferably from lab environments

Personal characteristics

  • Highly motivated by fundamental scientific research of practical relevance
  • Highly motivated by deep technical research
  • Highly comfortable picking apart bits and bytes to extract knowledge about the data
  • Ability to work independently
  • Well organized and have interests beyond their own research and ability
  • Eager to disseminate research results through publications and presentations at international conferences
  • Be scientifically curious and open to new research challenges
  • Demonstrate independence and persistence in addressing technical problems
  • Be flexible and reliable, with ability to work effectively independently and as part of a team

We offer

Salary and conditions

The employment period is 2 years.

Postdoctoral candidates are placed in code 1352, and are normally remunerated at gross from NOK 566 700 per annum, depending on qualifications and seniority. From the salary, 2% is deducted as a contribution to the Norwegian Public Service Pension Fund.

The engagement is to be made in accordance with the regulations in force concerning State Employees and Civil Servants, and the acts relating to Control of the Export of Strategic Goods, Services and Technology. Candidates who by assessment of the application and attachment are seen to conflict with the criteria in the latter law will be prohibited from recruitment to NTNU. After the appointment you must assume that there may be changes in the area of work.

The position is subject to external funding.

It is a prerequisite you can be present at and accessible to the institution daily.

About the application

The application and supporting documentation to be used as the basis for the assessment must be in English.

Publications and other scientific work must follow the application. Please note that applications are only evaluated based on the information available on the application deadline. You should ensure that your application shows clearly how your skills and experience meet the criteria which are set out above. 

The application must include:

  • A short and directed cover letter identifying:
    • Your motivation for the position
    • Why you are suited for the position.
  • Research plan or project proposal 
  • CV, certificates and diplomas
  • Academic works - published or unpublished - that you would like to be considered in the assessment (up to 5 works)
  • Name and address of three referees

Joint works will be considered. If it is difficult to identify your contribution to joint works, you must attach a brief description of your participation.

In the evaluation of which candidate is best qualified, emphasis will be placed on education, experience and personal suitability.

NTNU is committed to following evaluation criteria for research quality according to The San Francisco Declaration on Research Assessment - DORA.

General information

Working at NTNU

A good work environment is characterized by diversity. We encourage qualified candidates to apply, regardless of their gender, functional capacity or cultural background. 

The city of Gjøvik has a population of 30 000 and is a town known for its rich music and cultural life. The beautiful nature surrounding the city is ideal for an active outdoor life! The Norwegian welfare state, including healthcare, schools, kindergartens and overall equality, is probably the best of its kind in the world.

As an employee at NTNU, you must at all times adhere to the changes that the development in the subject entails and the organizational changes that are adopted.

According to Information Act (Offentleglova), your name, age, position and municipality may be made public even if you have requested not to have your name entered on the list of applicants.

If you have any questions about the position, please contact Associate Professor Geir Olav Dyrkolbotn, telephone +47 99094835, email geir.dyrkolbotn@ntnu.no. If you have any questions about the recruitment process, please contact Stine Terese Ruen Nymoen, e-mail: stine.t.r.nymoen@ntnu.no.

Please submit your application electronically via jobbnorge.no with your CV, diplomas and certificates. Applications submitted elsewhere will not be considered. Diploma Supplement is required to attach for European Master Diplomas outside Norway. Chinese applicants are required to provide confirmation of Master Diploma from China Credentials Verification (CHSI).

If you are invited for interview you must include certified copies of transcripts and reference letters.

Application deadline: 31.01.2021

NTNU - knowledge for a better world

The Norwegian University of Science and Technology (NTNU) creates knowledge for a better world and solutions that can change everyday life.

Department of Information Security and Communication Technology

Research is vital to the security of our society. We teach and conduct research in cyber security, information security, communications networks and networked services. Our areas of expertise include biometrics, cyber defence, cryptography, digital forensics, security in e-health and welfare technology, intelligent transportation systems and malware. The Department of Information Security and Communication Technology is one of seven departments in the Faculty of Information Technology and Electrical Engineering .

Deadline 31st January 2021
Employer NTNU - Norwegian University of Science and Technology
Municipality Gjøvik
Scope Fulltime
Duration Temporary
Place of service NTNU Campus Gjøvik