Impact of the Pulse Width Modulation strategy on the semiconductor ageing
The Pulse Witdh Modulation strategy (PWM) is a fundamental technique in power electronics. It is used to control the Energy transfer by modifying the pulse width of the control signals in a power converter. In an automotive traction inverter, this PWM strategy applied to a transistor phase leg allows to convert the DC current from the battery to an AC current adapted to the motor windings. The impact of the PWM on the performances and the reliability of the engine have been widely studied in the litterature. However, the impact of the PWM strategy on the reliability and the ageing of the semiconductor devices inside the power modules has not been adressed. This is particularly true for the power modules intagrating wide bandgap semiconductors (eg: SiC) which are widely used for 10 years. The main objective of this thesis is to understand and model the impact of several PWM strategies on the ageing of SiC power semiconductor devices.
The thesis targets to define a link between the stress on the semicondcutor devices and the shift of its key parameters offering the possibility to define a PWM strategy able to maximize the long term performances and the lifetime of the power electronics system. By combining experimental and theroretical approaches, this thesis will contribute to improve the PWM strategies in power electronics systems.
Design of electrically small antennas for connected object applications
This doctoral project focuses on the design of innovative antennas suited for Internet of Things (IoT) applications, addressing major challenges related to size, performance, and integration. The scientific context is based on the growing demand for electrically small and efficient antennas, capable of seamlessly integrating with IoT devices while maintaining high radiation efficiency. The proposed work involves the creation of electrically small antennas, optimized for performance, tunability, and compatibility with electronic and metallic environments. The designs will explore various types of antennas, such as loops, F-type antennas, top-loaded monopoles, and metallic cage structures, incorporating state-of-the-art tunable components.
The main objectives include benchmarking the performance of these antennas against theoretical physical limits (e.g., Chu/Gustafsson), analyzing dielectric and metallic losses, and achieving dual-band reconfigurability tailored to communication standards. The candidate will use electromagnetic simulation tools, develop behavioral models, and create prototypes, as well as conduct performance tests in anechoic chambers. The expected outcomes are highly efficient, frequency-agile miniature antennas that will advance the understanding of electromagnetic radiation phenomena for compact antennas and meet the requirements of tomorrow's connected objects.
Efficient Multimodal Vision Transformers for Embedded System
The proposed thesis focuses on the optimization of multimodal vision transformers (ViT) for panoptic object segmentation, exploring two main directions. The first is to develop a versatile fusion pipeline to integrate multimodal data (RGB, IR, depth, events, point clouds) by leveraging inter-modal alignment relationships. The second is to investigate an approach combining pruning and mixed-precision quantization. The overall goal is to design lightweight multimodal ViT models, tailored to the constraints of embedded systems, while optimizing their performance and reducing computational complexity.
Acoustics and Electromagnetism (AEM): New approaches for the secure characterization of components such as the SoCs
Work carried out within CEA-Leti has shown that physical attacks can be a threat to the security mechanisms of SoCs (System on Chips). Indeed, fault injections by electromagnetic disturbance have already led to an escalation of privileges by authenticating with an illegitimate password, or more recently have made it possible to bypass one of the highest levels of security of a SoC, which is the Secure Boot. However, the technologies integrated into this type of targets are increasingly sophisticated with Package-on-Package (PoP) electronic devices and technological nodes less than or equal to 7 nm, such as the new Samsung S20. Implementing these attacks requires cutting-edge equipment not currently commercially available (very small diameter probe, high transient current pulse generator, magnetometer and current broadband sensors with high spatial resolution, etc.). The thesis defended in 2022 by Clément Gaine [1] within our team made it possible to study several components of the EM injection chain, in particular a main element such as the electromagnetic injection probe.
Other fields are to be explored, in particular the complete injection chain from the pulse generator to the creation of an electromotive force in the target, induced by the EM probe via very high current gradients (di/dt). Mastering the complete chain makes it possible to design the most suitable injection system to characterize a smartphone type target and resolve the obstacles linked to this type of target such as: the complex microarchitecture, the multilayer software stack, the complex packaging with in particular the stacking of several components on the same chip (PoP).
The main objective of this thesis is to study a new EM injection approach and its potential to circumvent certain security mechanisms of a smartphone. This will allow hardware security characterization tools to evolve in order to meet the growing needs for the security characterization of SoCs. In terms of exploitation, the FORENSIC domain is aimed at circumventing and/or supplementing the limits of legal data mining techniques based on “0-day” vulnerabilities by exploiting flaws in hardware implementations that cannot be corrected on the same target model.
To achieve this objective, the PhD student will first be required to characterize, test and validate the new ultra-fast switching attack approach and the magnetometric and amperometric measurement means recently developed in the laboratory. At the same time, the doctoral student will carry out bibliographical and experimental work on the physiological risk potentially linked to exposure to short-term EM pulses. The results will be used to define new protocols allowing operators to carry out their EM injection experiments in a secure environment and to develop standards in this area if necessary. Secondly, the doctoral student will devote part of his work to modeling the transient magnetic flux and the transfer of induced power in high or low impedance targets, with a focus on the impact of the orientation of the field as well as the polarity of the pulse on the fault or glitch model on different types of transistors (NMOS, PMOS, JFET).
[1] https://cea.hal.science/search/index/?q=*&authFullName_s=Cl%C3%A9ment%20Gaine
More here : https://vimeo.com/441318313 (project video)
Code-Reuse Attacks : Automated Exploitation and Defense
Software vulnerabilities due to memory management errors are among the easiest to exploit. To prevent an attacker from injecting its own arbitrary code (shellcode), modern systems commonly enforce a Data Execution Prevention (DEP), often implemented as segment permissions (Write xor Execute – W^E).
Yet, Code-Reuse Attacks have emerged to circumvent the DEP protections. Thanks to a memory logic issue, the attacker hijacks the control flow of the target program and chains small code fragments referred to as gadgets to build the desired behavior, through so-called Return-Oriented Programming (ROP) or Jump-Oriented Programming (JOP).
In the past years, several research efforts have explored how to automate the construction of code reuse attacks from basic "on stack" attacks, lowering the barrier to such advanced methods. On the other side, program hardening relies on randomized memory layout (e.g. Address Space Layout Randomization – ASLR), Control Flow Integrity (CFI) or stack protection mechanism (e.g. Shadow Stack) to keep the
attacker in check. Still, some of these protection may be costly (execution time, specialized hardware, etc.).
The general goal of this PhD topic is to improve the state of the art of the automatic exploit generation landscape for the purpose of security assessment of anti-code-reuse protection. We will follow two trend:
(1) on the one hand the candidate will push automated code-reuse automation methods, by taking into account the knowledge of the protection to guide the research to valid exploit only, prospectively cutting-off in the search space, and by looking for synergies between the ROP/JOP chaining and program synthesis methods such as syntax guided synthesis or stochastic synthesis methods;
(2) on the other hand, once the potential of such methods is better understood, the candidate will design effective defense against them, based on a comprehensive analysis of their main strengths and weaknesses.