Internship, PhD, job proposals...

Embedded applications with strong security requirements use sophisticated cryptographic algorithms and protocols. These algorithms and protocols are usually considered resistant against cryptanalysis (even if the algorithms sometimes rely on a kind of "very hard" problem which we don't know exactly how "hard" it is...) Inside the complete system they are implemented either in software or hardware form. Unfortunately any computation is eventually performed by a piece of hardware (microprocessor or hardware dedicated accelerator) and every hardware device leaks symptoms of its activity (power consumption, electromagnetic emanations, computation time, sounds, temperature variations, etc.) Attackers can exploit such "side channels" to retrieve embedded secrets. They can also inject and exploit faults by modifying the power supply, the clock frequency, shooting lasers on devices or even by modifying them. This course offers a survey of several well known hardware attacks. For each of them the conditions of success are explored and some counter measures are derived.

The lab source codes and reports account for 30% of the overall mark. A two hours written exam, with documents accounts for the remaining 70%. Example past exams:

The labs are graded and mandatory. Lab reports must be written in Markdown format in a REPORT.md file stored at the root of the project's dedicated directory. You can of course exchange ideas with others but please remember that reports and source codes are personal works used for your own personal evaluation. Identical reports or source codes will not be considered as personal. In your reports explain what you did, why, how and with what results. When results are not what you expected explain what went wrong and how you fixed the problems. The report and all source codes must be pushed the day before the written exam at 23:59. After this deadline the git repository will become read-only and there will be no way to submit anything new.

Recommendations for the lab sessions

All labs are distributed and managed using git and GitLab.

You read one of these documents? Or another that is not in the list and should? Please drop me a note and give me some feedback.

Books

Side-channel attacks

Fault attacks

Probing attacks