This position will focus on the development of countermeasures against side-channel and fault injection attacks on embedded systems. These attacks are considered among the most effective against embedded systems, and in particular against implementation of cryptographic primitives.

The term side-channel attacks describes a large panel of attacks that all have in common the exploitation of implementation characteristics of the attack target. Many of those implementation characteristics can be inferred from physical observations of the target computations (power consumption, electromagnetic emissions, computation time, etc.), but other attacks are possible if the attacker is able to step in the target, or nearby (cache-based timing attacks, Spectre, Meltdown, etc.). Side-channel attacks have gained momentum with the increased use of cryptography, because they represent the most effective way to break unprotected implementations of cryptography.

Fault injection attacks exploit the effects (or the lack of effect) of a physical perturbation on the targeted chip. Many means have been used so far: electro-magnetic emanations, illumination e.g. with a laser, clock or power glitches, or more recently hardware controls leveraged by software means only (e.g. CLKSCREW or Plundervolt attacks). Side-channel and fault injection attacks exploit a partial knowledge of the target to break the standard security assumptions provided by traditional cryptanalysis. For example, the symmetric block cipher AES, which is considered secure by the traditional cryptanalysis, is highly vulnerable in presence of side-channel or fault injection attacks.

Our team has developed software countermeasures applied by a specialised compiler, Cogito [1, 2, 3]. Our compiler is based on LLVM, and we currently support the ARM architecture, with on-going ports for the RISC-V architecture.

Objectives :In the context of several research projects, we will build tools, experimental setups and demonstrators targeting side-channel attacks and fault injection attacks, illustrating our research results achieved so far. You will be in charge of the development and maintenance of these research artefacts. You will also contribute to the development and maintenance of the Cogito toolchain. You will have the opportunity to contribute to our current research and development activities.
You will work within a team of CEA research engineers and in collaboration with several expert teams in cyber-security from the CEA, industrial and/or academic partners, in France or in Europe.
The position includes a few travels for attending exhibits, conferences, or project meetings, mainly in Europe.

1T. Barry et al. “Compilation of a Countermeasure Against Instruction-Skip Fault Attacks,” in CS2,2016
2N. Belleville et al. “Automated software protection for the masses against side-channel attacks”, in ACM TACO2019
3L. Morel et al. "Code Polymorphism Meets Code Encryption" in ACM DTRAP2021

#CEA-LIST CDI CDD

Education: Master’s or PhD degree, in computer science or microelectronics.

• Embedded software development. The knowledge of ARM embedded processors and STM32 products, and/or of RISC-V is a plus, but not mandatory.
• Proficiency in C (especially embedded), C++ programming languages and scripting languages: Python, bash
• Experience with software tool development methodologies: testing, version management, documentation and software quality
• You know how to manage a whole project involving several parties
• You know how to organise your work independently.
• You know how to work on several projects in parallel and organize your work schedule to meet the deadlines of each project.
• You have the ability to work in a multidisciplinary and complex environment.
• The knowledge of side-channel attacks and fault injection attacks is not required but is a plus for the application.