Informations générales
Intitulé de l'offre : PhD student M/W in Susceptibility to fault injections of volatile and non-volatile embedded memories (H/F)
Référence : UMR5506-FLOBRU-002
Nombre de Postes : 1
Lieu de travail : MONTPELLIER
Date de publication : jeudi 18 mai 2023
Type de contrat : CDD Doctorant/Contrat doctoral
Durée du contrat : 36 mois
Date de début de la thèse : 1 octobre 2023
Quotité de travail : Temps complet
Rémunération : 2 135,00 € gross monthly
Section(s) CN : Information sciences: processing, integrated hardware-software systems, robots, commands, images, content, interactions, signals and languages
Description du sujet de thèse
Nowadays, the implementation of security protocols is essentially based on integrated devices on which many threats are based, including fault injection attacks [1-3]. Understanding and modeling the phenomena leading to the induction of faults is an important issue for securing integrated devices [4-5].
Volatile and non-volatile embedded memories are highly susceptible to fault injection attacks [6-7]. They constitute an important point of penetration into the security devices for attackers. Unfortunately, fault induction mechanisms are poorly understood, particularly in the case of recent threats such as fault injection by electromagnetic pulses (EMFI) or by voltage pulse in the substrate (BBI). This finding is all the more striking when considering advanced or emerging CMOS technologies.
The objective of the thesis will therefore be first to establish a detailed understanding of the fault induction mechanisms in the usual (RAM, flash) and emerging (MRAM) embedded memories. In the second step, protection or hardening devices must be proposed and validated.
Based on the expertise acquired by the LIRMM team in the practice of fault injection (notably by Laser, EM, and BBI) [2] [8] and their modeling in volatile and non-volatile memories [ 4-5], the common denominators and characteristics specific to these different usual fault injection mediums will be identified. In addition, a technological watch will be carried out based on the work carried out in the SECUREVAL project which could highlight new fault injection platforms.
In a second step, protection strategies adapted to the SoC context (RISC-V) will then be defined in order to design secure memories against the injection of faults at a fair cost. Solutions at the coding level (correction codes, redundancy), architecture (random dynamic addressing), by detection of disturbances, or structural will finally be proposed against the usual attacks but also the attacks in reverse engineering (linear extraction of code by survey).
References :
[1] Kim, C. H., & Quisquater, J. J. (2007). Faults, injection methods, and fault attacks. IEEE Design & Test of Computers, 24(6), 544-545.
[2] Dehbaoui, A., Dutertre, J. M., Robisson, B., Orsatelli, P., Maurine, P., & Tria, A. (2012). Injection of transient faults using electromagnetic pulses Practical results on a cryptographic system. ACR Cryptology ePrint Archive (2012).
[3] Van Woudenberg, J. G., Witteman, M. F., & Menarini, F. (2011, September). Practical optical fault injection on secure microcontrollers. In 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (pp. 91-99). IEEE.
[4] Ordas, S., Guillaume-Sage, L., & Maurine, P. (2015, September). EM injection: Fault model and locality. In 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 3-13). IEEE.
[5] Dumont, M., Lisart, M., & Maurine, P. (2019, August). Electromagnetic fault injection: How faults occur. In 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 9-16). IEEE.
[6] Cai, F., Bai, G., Liu, H., & Hu, X. (2016, June). Optical fault injection attacks for flash memory of smartcards. In 2016 6th International Conference on Electronics Information and Emergency Commu-nication (ICEIEC) (pp. 46-50). IEEE.
[7] Lacruche, M., Borrel, N., Champeix, C., Roscian, C., Sarafianos, A., Rigaud, J. B., ... & Kussener, E. (2015, July). Laser fault injection into sram cells: Picosecond versus nanosecond pulses. In 2015 IEEE 21st International On-Line Testing Symposium (IOLTS) (pp. 13-18). IEEE.
[8] Dehbaoui, A., Dutertre, J. M., Robisson, B., Orsatelli, P., Maurine, P., & Tria, A. (2012). Injection of transient faults using electromagnetic pulses Practical results on a cryptographic system. ACR Cryp-tology ePrint Archive (2012).
Contexte de travail
The work will take place at LIRMM (www.lirmm.fr), within the Microelectronics department, which has extensive expertise and know-how in the field of fault injection attacks (EMFI, BBI) and emergent memories ( MRAMs). This work will be co-financed by the ARSENE project funded by the PEPR Cybersecurity.
Le poste se situe dans un secteur relevant de la protection du potentiel scientifique et technique (PPST), et nécessite donc, conformément à la réglementation, que votre arrivée soit autorisée par l'autorité compétente du MESR.
Contraintes et risques
This position is located in a sector covered by the protection of scientific and technical potential (PPST) and therefore requires, in accordance with the regulations, that your arrival be authorized by the competent authority of the MESR.