Internship, PhD, job proposals...

Embedded applications with strong security requirements use sophisticated cryptographic algorithms and protocols. These algorithms and protocols are usually considered resistant against cryptanalysis (even if the algorithms sometimes rely on a kind of "very hard" problem which we don't know exactly how "hard" it is...) Inside the complete system they are implemented either in software or hardware form. Unfortunately - at least for the designers of such systems - any computation is eventually performed by a piece of hardware (microprocessor or hardware dedicated accelerator) and every hardware device leaks symptoms of its activity (power consumption, electromagnetic emanations, computation time, sounds, temperature variations, etc.) An attacker can use such "side channels" to retrieve embedded secrets. She can also inject and exploit faults by modifying the power supply, the clock frequency or even by modifying the structure of the device. This course offers a survey of the known hardware attacks. For each of them the conditions of success are explained and some counter measures are proposed.

A two hours written exam, with documents accounts for 75% of the overall mark. Connected devices (laptops, smartphones, tablets...) are not allowed. Example past exams:

The labs account for the remaining 25% of the overall mark. They are graded based on the individual and personal lab reports and source codes. Lab reports must be written in Markdown format in a REPORT.md file stored at the root of each lab's dedicated directory. The day before the written exam, all lab reports and source codes must be pushed in your personal branch of the git repository (see below the section about labs for more information about the git repository). After this deadline the git repository will become read-only and there will be no way to submit anything new.

Note: attending the lab sessions is mandatory.

Recommendations for the lab sessions

The lab sessions take place in the GNU/Linux lab room 52 and 53 and are mandatory. All labs are distributed and managed using git and GitLab.

You read one of these documents? Or another that is not in the list and should? Please drop me note and give me some feedback.

Books

Side-channel attacks

Fault attacks

Probing attacks