Projects and Collaborations

ABR-ARPEGE2010 Project

Project Lead

• Jean-Max Dutertre

Abstract

The EMAISeCi project is dedicated to studying hardware-level vulnerabilities that arise during the physical implementation of cryptographic algorithms. Two families of attacks will be studied:

• side-channel attacks exploiting the correlation between manipulated data and the component’s electromagnetic radiation (EMA) to recover encryption keys,
• differential fault analysis (DFA) attacks exploiting information leakage caused by circuit malfunction due to fault injection. The innovative nature of this project lies in exploring new methods for exploiting EM measurements for EMA attacks and using the EM medium for fault injection in a circuit—a topic that has received little attention until now. This project aims to provide a better understanding of the physical phenomena involved and their experimental application. Its goal is to propose new security evaluation principles for circuits against these attacks and to validate appropriate countermeasures. During its course, new functionalities will be added to the CMP-SGC EM bench. Labeling for this project by the SCS cluster has been requested and obtained.

FUI 2010 Funding

Project Lead

• Jean-Max Dutertre

Abstract

The Calisson 2 project is a continuation of the Calisson project, which ends in May 2010. ENSMSE’s participation focuses on the study of fault attacks on security circuits, particularly regarding the acceptance, setup, and use of the advanced laser bench. ENSMSE is responsible for Work Package 2, dedicated to: “Setup and implementation of an advanced laser bench.” This also includes modeling faults injected using the corresponding laser sources. Our participation also includes developing countermeasures against fault injection attacks (whether laser-induced or not). These countermeasures will be tested and validated using programmable circuits and an ASIC produced by the SAS department (this ASIC may also include test patterns to evaluate the feasibility of original attack scenarios using the advanced laser).

The expected results are:

• the effective setup of the advanced laser bench,
• the strengthening of our expertise in the fields of laser fault injection and security characterization,
• the development of new countermeasures,
• the development of collaborations with the involved industrial partners,
• increased recognition of the CMP in these areas (publications, technology transfers, etc.).

FCE-DGE Project

Project Leads

• Jean-Baptiste Rigaud and Bruno Robisson

Objectives

Contactless banking applications, generally associated with transport, identity, or loyalty contexts, will require increasingly fast and secure transactions, as required by the specifications for contact card-based EMV transactions. It is therefore necessary to define cryptographic processor architectures capable of maintaining this performance at the low power consumption levels imposed by contactless smart card technology.

The project’s objective is to remove the current barrier to using cryptoprocessors in the contactless world by developing revolutionary cryptoprocessor technology that ultimately enables contactless payment applications, electronic passports, or strong network authentication to have:

• high transaction speeds,
• low processor power consumption required by contactless technology, thanks to the introduction of asynchrony in the security coprocessor architecture,
• a level of security equal to or greater than what they would have in a traditional “contact” environment, based on key lengths double those currently used for contactless chips.

CR13/OSEO Project

Project Leads

• Jean-Baptiste Rigaud and Assia Tria

Objectives

The company SP3H (a startup) has developed a highly innovative optoelectronic sensor since late 2003 that identifies fuel quality on board vehicles. Based on near-infrared technology, this sensor reduces CO2 emissions, fuel consumption, and pollutant emissions by 5% to 10% in vehicles equipped with internal combustion engines.

The first embedded application is planned by a leading global manufacturer for late 2010. Although it has already filed 8 patents to date and has 6 others in progress, SP3H wishes to develop a secure hardware architecture that will minimize the risks of reverse engineering and counterfeiting of the sensor and the misappropriation of proprietary signal processing algorithms.

The goal of the FQS project is to design, develop, and validate a secure hardware architecture for the MCU (Micro-Controller Unit) and its I/O peripherals for the SP3H system.

FUI7 Project
Electronic Terminal Security Evaluation Group

Project Leads

• Nicolas Rodriguez and Assia Tria

Objectives

The objective of the GESTe project is to propose a certification methodology adapted to the payment terminal market and demonstrate the feasibility of a terminal meeting SEPA (Single Euro Payment Area) security requirements.

The project brings together various stakeholders in the chain: industrial partners, evaluation laboratories, a specifier, digital security specialist laboratories, and a legal research entity.

ANR-RNRT Project

Period

• 2007-2010

Manager

• Assia Tria

Objectives

High-speed encrypted transmissions will become widespread for high-capacity portable objects (USB drives, MP3 players, smart cards, DVB-H mobiles, etc.).

To strengthen the security of these links, high-speed, low-power, and attack-resistant cryptographic modules are required. Physical attacks on stream cipher implementations are not well-developed, and software or hardware countermeasures have hardly been studied.

The main goal of the project is therefore to select, analyze, and secure the implementation of stream cipher algorithms against physical attacks. The results will be validated on models and demonstrators based on market-relevant applications.

ANR-TLCOM Project
Secure Contactless

Period

• 2008-2011

Manager

• Philippe Lalevée

Objectives

As a practical and economical solution, contactless smart card systems are increasingly used in the deployment of government applications or services. However, most of these applications require a high level of security: bank cards, electronic wallets, transport tickets, electronic passports, and access control badges, to name a few. Furthermore, electronic tags (RFID), which represent a market with a very high growth rate in the coming years, use the same contactless technology. However, they have not—or only very recently and minimally—been designed with security and privacy protection for companies and citizens in mind.

The goal of the SACOSE project is threefold:

• Identify potential attacks specific to the contactless air interface
• Propose countermeasures
• Validate these proposals using technological demonstrators on typical application scenarios

European FP7 Project

Period

• 2008-2012

Manager

• Assia Tria

Objectives

SECRICOM is proposed as a collaborative research project with two essential ambitions.

• Solve or mitigate problems of contemporary crisis communication infrastructures (Tetra, GSM, Citizen Band, IP) such as poor interoperability of specialized communication means, vulnerability against tapping and misuse, lack of possibilities to recover from failures, inability to use alternative data carrier and high deployment and operational costs.
• Add new smart functions to existing services which will make the communication more effective and helpful for users. Smart functions will be provided by distributed IT systems based on an agents’ infrastructure. Achieving these two project ambitions will allow creating a pervasive and trusted communication infrastructure fulfilling requirements of crisis management users and ready for immediate application.

ANR-SESUR Project
Smart On Smart

Period

• 2008-2011

Project Lead

• Bruno Robisson

Objectives

The SOS project proposes adding a dedicated audit system to a security circuit exclusively for the circuit’s reaction policy toward hardware attacks. This proof of concept will be materialized by creating a simplified but representative prototype of a security component. This implementation will require a redesign of the security organization within the component: it will involve “separating” the processing of calculations related to the security strategy from those related to “user” data.

FCE-DGE Project
Security Technologies and Investigations for Mobile Phones and Digital Devices

Manager

• Laurent Freund

Objectives

The main goal of the TISPHANIE project is to propose a structured and as systematic as possible methodology, tools, and security evaluation processes to provide users (mobile operators, application developers, police laboratories, etc.) with a rapid security evaluation of “components of” mobile phones, PDAs, PMR terminals, etc., used for critical applications.

European MEDEA+ Project
Trusted Secure Computing

Period

• 2007-2010

Manager

• Philippe Lalevée

Objectives

The TSC project aims to develop a family of silicon components and associated embedded software, intended to strengthen secure computing and trust concepts in application areas related to IT, mobile telecommunications, and the consumer sector.

While the first domain, particularly the Intel/Microsoft world, is beginning to be addressed today, notably through the work of the TCG ad-hoc standardization group, the areas of Linux PCs and servers, mobile, and consumer electronics—vital stakes for European industry—remain very open. Here, partners with a global reach in their field, such as those in the TSC project, can hope to play an important role.