Pause
Lecture
Moteur de recherche d'offres d'emploi CEA

Embedded software engineer for cyber-security applications H/F


Détail de l'offre

Informations générales

Entité de rattachement

Le Commissariat à l'énergie atomique et aux énergies alternatives (CEA) est un organisme public de recherche.

Acteur majeur de la recherche, du développement et de l'innovation, le CEA intervient dans le cadre de ses quatre missions :
. la défense et la sécurité
. l'énergie nucléaire (fission et fusion)
. la recherche technologique pour l'industrie
. la recherche fondamentale (sciences de la matière et sciences de la vie).

Avec ses 16000 salariés -techniciens, ingénieurs, chercheurs, et personnel en soutien à la recherche- le CEA participe à de nombreux projets de collaboration aux côtés de ses partenaires académiques et industriels.  

Référence

2022-19910  

Description du poste

Domaine

Mathématiques, information  scientifique, logiciel

Contrat

CDD

Intitulé de l'offre

Embedded software engineer for cyber-security applications H/F

Statut du poste

Cadre

Durée du contrat (en mois)

18

Description de l'offre

This position will focus on the development of countermeasures against side-channel and fault injection attacks on embedded systems. These attacks are considered among the most effective against embedded systems, and in particular against implementation of cryptographic primitives.

The term side-channel attacks describes a large panel of attacks that all have in common the exploitation of implementation characteristics of the attack target. Many of those implementation characteristics can be inferred from physical observations of the target computations (power consumption, electromagnetic emissions, computation time, etc.), but other attacks are possible if the attacker is able to step in the target, or nearby (cache-based timing attacks, Spectre, Meltdown, etc.). Side-channel attacks have gained momentum with the increased use of cryptography, because they represent the most effective way to break unprotected implementations of cryptography.

Fault injection attacks exploit the effects (or the lack of effect) of a physical perturbation on the targeted chip. Many means have been used so far: electro-magnetic emanations, illumination e.g. with a laser, clock or power glitches, or more recently hardware controls leveraged by software means only (e.g. CLKSCREW or Plundervolt attacks). Side-channel and fault injection attacks exploit a partial knowledge of the target to break the standard security assumptions provided by traditional cryptanalysis. For example, the symmetric block cipher AES, which is considered secure by the traditional cryptanalysis, is highly vulnerable in presence of side-channel or fault injection attacks.

Our team has developed software countermeasures applied by a specialised compiler, Cogito [1, 2, 3]. Our compiler is based on LLVM, and we currently support the ARM architecture, with on-going ports for the RISC-V architecture.

Objectives :In the context of several research projects, we will build tools, experimental setups and demonstrators targeting side-channel attacks and fault injection attacks, illustrating our research results achieved so far. You will be in charge of the development and maintenance of these research artefacts. You will also contribute to the development and maintenance of the Cogito toolchain. You will have the opportunity to contribute to our current research and development activities.
You will work within a team of CEA research engineers and in collaboration with several expert teams in cyber-security from the CEA, industrial and/or academic partners, in France or in Europe.
The position includes a few travels for attending exhibits, conferences, or project meetings, mainly in Europe.

1T. Barry et al. “Compilation of a Countermeasure Against Instruction-Skip Fault Attacks,” in CS2,2016
2N. Belleville et al. “Automated software protection for the masses against side-channel attacks”, in ACM TACO2019
3L. Morel et al. "Code Polymorphism Meets Code Encryption" in ACM DTRAP2021

#CEA-LIST CDI CDD

Profil du candidat

Education: Master’s or PhD degree, in computer science or microelectronics.

  • Embedded software development. The knowledge of ARM embedded processors and STM32 products, and/or of RISC-V is a plus, but not mandatory.
  • Proficiency in C (especially embedded), C++ programming languages and scripting languages: Python, bash
  • Experience with software tool development methodologies: testing, version management, documentation and software quality
  • You know how to manage a whole project involving several parties
  • You know how to organise your work independently.
  • You know how to work on several projects in parallel and organize your work schedule to meet the deadlines of each project.
  • You have the ability to work in a multidisciplinary and complex environment.
  • The knowledge of side-channel attacks and fault injection attacks is not required but is a plus for the application.

Localisation du poste

Site

Grenoble

Localisation du poste

France, Auvergne-Rhône-Alpes, Isère (38)

Ville

  Grenoble

Critères candidat

Formation recommandée

Master or PhD

Demandeur

Disponibilité du poste

01/02/2022