Faites connaître cette offre !
Reference : UMR6074-GILAVO-003
Workplace : RENNES
Date of publication : Tuesday, June 16, 2020
Scientific Responsible name : Gildas Avoine
Type of Contract : PhD Student contract / Thesis offer
Contract Period : 36 months
Start date of the thesis : 1 September 2020
Proportion of work : Full time
Remuneration : 2 135,00 € gross monthly
Description of the thesis topic
Exchanging information is today digitally performed. It is consequently of the utmost importance to guarantee security properties on the exchanges, including confidentiality, authenticity, and integrity. Cybersecurity aims to guarantee these properties using cryptographic protocols. Every one uses such protocols everyday, e.g., WPA2 for WiFi connection either at home or at the office place ; A5.1 for GSM communications ; TLS to check his/her mailbox or purchase items on Internet ; EMV-CAP to authenticate on a bank account, etc. All the mentioned protocols, without any exception, were broken at some point, then repaired. This is the common life cycle of a cryptographic protocol. The weakness can for example be due to a wrong design, an implementation issue, or a misuse of the protocol.
It is worth noting that the data of the users are threatened as long as the protocol is vulnerable. When a flaw is revealed, it is usually easy to know how long the weakness has been existing, and so how long an adversary has been able to exploit it. In the most common cases, it takes two to three years before a flaw is revealed. The protocol must then be repaired, and the fixed version deployed, which can be complicated in case of large-scale systems, or embedded systems that have not been planned to be updated.
The scientific challenge of this thesis is to break the unacceptable life cycle of cryptographic protocols, where a protocol can be periodically vulnerable for several years without anyone noticing.
The research work performed in this thesis will define a methodology to analyze the security of a deployed protocol. It will take into account the design of the protocol, its implementation, and its use. The work will also focus on the tools to be put in place to ensure the security of a protocol throughout its life. It will study the main existing protocols in order to build a portfolio of secure protocols (under certain conditions) that can be used by any individual or company. Finally, this thesis will help identifying protocols widely deployed today that suffer from flaws. In particular, protocols used in the Internet of Things, on social networks and for secure messaging will be considered.
IRISA - Institut de Recherche en Informatique et Systèmes Aléatoires - is today the largest French research laboratory (850+ people) in the field of computer science and information technology. The lab covers all the themes within these fields, from computer and network architecture to artificial intelligence, going through, e.g., software engineering, distributed systems and virtual reality.
The thesis will take place in the EMSEC research group, which performs research activities in embedded security and cryptography.
We talk about it on Twitter!