The design of integrated circuits requires, at the end of the chain, circuit editing and failure analysis tools. One of these tools is the probing of electrical potential levels using an electron beam available in a SEM (Scanning Electron Microscope) to determine the electrical signal present in an area of the circuit, which may be a metal level or a transistor. This electronic probing technique was widely used in the 90s, and then partially abandoned despite a few recurrent publications on the technique. In recent years, this technique has been revived by using the backside of the component, probing via the silicon substrate and accessing the active areas of the component.
These debugging and failure analysis tools are also tools for attacking integrated circuits. This thesis topic falls within the scope of hardware cybersecurity and so-called invasive attacks. The PhD student will implement this electron beam probing technique on commercial SEMs and under conditions of use specific to cybersecurity. Various techniques will be considered to improve the probed signals and their use.
Complex 3D structuring based on DNA origami
The rapid evolution of new technologies, such as autonomous cars and renewable energy, requires the development of increasingly complex structures. To achieve this, many surface patterning techniques are available today. In microelectronics, optical lithography is the standard method for creating micro- and nanometric patterns. However, it remains limited in terms of the diversity of shapes it can produce.
In recent years, a promising approach has been developed within the laboratories of CBS (INSERM in Montpellier) and the CEA Leti (Grenoble): DNA origami assembly. This technology exploits the self-assembly properties of the DNA origami polymer chain. The assembly of nanometric DNA origami ultimately forms micrometric structures. The aim of this PhD is to explore new perspectives by combining 2D and 3D origami to create novel structures. These patterns could be of great interest for applications in fields such as optics or energy.
Power and data transmission via an acoustic link for closed metallic environments
This thesis focuses on the transmission of power and data through metal walls using acoustic waves. Ultimately, this technology will be used to power, read and control systems located in areas enclosed in metal, such as pressure vessels, ship hulls and submarines.
Because electromagnetic waves are absorbed by metal, acoustic waves are needed to communicate data or power through metal walls. These are generated by piezoelectric transducers bonded to either side of the wall. The acoustic waves are poorly attenuated by the metal, resulting in numerous reflections and multiple paths.
The aim of the thesis will be to develop a robust demonstrator of this technology, enabling the remote powering and communication of acoustic data through metal walls. This work will be based on advanced modelling of the acoustic channel in order to optimise the performance of the power and data transmission device. It will also involve developing innovative electronic building blocks to determine and maintain an optimum power transmission frequency, impacted by environmental conditions and typically by temperature.
The goal of this thesis will be the development and implementation of a communication system embedded in an FPGA and/or microcontroller in order to send sensor data through a metal wall of variable thickness. The limitations due to the imperfections of the channel and the electronics will lead to the invention of a large number of compensation methods and systems in the digital and/or analogue domain. Work will also have to be carried out on the choice of piezoelectric transducers and the characterisation of the channel, in conjunction with the acoustic wave activities of the laboratory working on the transmission of acoustic power.
Contact : nicolas.garraud@cea.fr and esteban.cabanillas@cea.fr
Integrity, availability and confidentiality of embedded AI in post-training stages
With a strong context of regulation of AI at the European scale, several requirements have been proposed for the "cybersecurity of AI" and more particularly to increase the security of complex modern AI systems. Indeed, we are experience an impressive development of large models (so-called “Foundation” models) that are deployed at large-scale to be adapted to specific tasks in a wide variety of platforms and devices. Today, models are optimized to be deployed and even fine-tuned in constrained platforms (memory, energy, latency) such as smartphones and many connected devices (home, health, industry…).
However, considering the security of such AI systems is a complex process with multiple attack vectors against their integrity (fool predictions), availability (crash performance, add latency) and confidentiality (reverse engineering, privacy leakage).
In the past decade, the Adversarial Machine Learning and privacy-preserving machine learning communities have reached important milestones by characterizing attacks and proposing defense schemes. Essentially, these threats are focused on the training and the inference stages. However, new threats surface related to the use of pre-trained models, their unsecure deployment as well as their adaptation (fine-tuning).
Moreover, additional security issues concern the fact that the deployment and adaptation stages could be “on-device” processes, for instance with cross-device federated learning. In that context, models are compressed and optimized with state-of-the-art techniques (e.g., quantization, pruning, Low Rank Adaptation) for which their influence on the security needs to be assessed.
The objectives are:
(1) Propose threat models and risk analysis related to critical steps, typically model deployment and continuous training for the deployment and adaptation of large foundation models on embedded systems (e.g., advanced microcontroller with HW accelerator, SoC).
(2) Demonstrate and characterize attacks, with a focus on model-based poisoning.
(3) Propose and develop protection schemes and sound evaluation protocols.
Impact of the Pulse Width Modulation strategy on the semiconductor ageing
The Pulse Witdh Modulation strategy (PWM) is a fundamental technique in power electronics. It is used to control the Energy transfer by modifying the pulse width of the control signals in a power converter. In an automotive traction inverter, this PWM strategy applied to a transistor phase leg allows to convert the DC current from the battery to an AC current adapted to the motor windings. The impact of the PWM on the performances and the reliability of the engine have been widely studied in the litterature. However, the impact of the PWM strategy on the reliability and the ageing of the semiconductor devices inside the power modules has not been adressed. This is particularly true for the power modules intagrating wide bandgap semiconductors (eg: SiC) which are widely used for 10 years. The main objective of this thesis is to understand and model the impact of several PWM strategies on the ageing of SiC power semiconductor devices.
The thesis targets to define a link between the stress on the semicondcutor devices and the shift of its key parameters offering the possibility to define a PWM strategy able to maximize the long term performances and the lifetime of the power electronics system. By combining experimental and theroretical approaches, this thesis will contribute to improve the PWM strategies in power electronics systems.
Design of electrically small antennas for connected object applications
This doctoral project focuses on the design of innovative antennas suited for Internet of Things (IoT) applications, addressing major challenges related to size, performance, and integration. The scientific context is based on the growing demand for electrically small and efficient antennas, capable of seamlessly integrating with IoT devices while maintaining high radiation efficiency. The proposed work involves the creation of electrically small antennas, optimized for performance, tunability, and compatibility with electronic and metallic environments. The designs will explore various types of antennas, such as loops, F-type antennas, top-loaded monopoles, and metallic cage structures, incorporating state-of-the-art tunable components.
The main objectives include benchmarking the performance of these antennas against theoretical physical limits (e.g., Chu/Gustafsson), analyzing dielectric and metallic losses, and achieving dual-band reconfigurability tailored to communication standards. The candidate will use electromagnetic simulation tools, develop behavioral models, and create prototypes, as well as conduct performance tests in anechoic chambers. The expected outcomes are highly efficient, frequency-agile miniature antennas that will advance the understanding of electromagnetic radiation phenomena for compact antennas and meet the requirements of tomorrow's connected objects.
Acoustics and Electromagnetism (AEM): New approaches for the secure characterization of components such as the SoCs
Work carried out within CEA-Leti has shown that physical attacks can be a threat to the security mechanisms of SoCs (System on Chips). Indeed, fault injections by electromagnetic disturbance have already led to an escalation of privileges by authenticating with an illegitimate password, or more recently have made it possible to bypass one of the highest levels of security of a SoC, which is the Secure Boot. However, the technologies integrated into this type of targets are increasingly sophisticated with Package-on-Package (PoP) electronic devices and technological nodes less than or equal to 7 nm, such as the new Samsung S20. Implementing these attacks requires cutting-edge equipment not currently commercially available (very small diameter probe, high transient current pulse generator, magnetometer and current broadband sensors with high spatial resolution, etc.). The thesis defended in 2022 by Clément Gaine [1] within our team made it possible to study several components of the EM injection chain, in particular a main element such as the electromagnetic injection probe.
Other fields are to be explored, in particular the complete injection chain from the pulse generator to the creation of an electromotive force in the target, induced by the EM probe via very high current gradients (di/dt). Mastering the complete chain makes it possible to design the most suitable injection system to characterize a smartphone type target and resolve the obstacles linked to this type of target such as: the complex microarchitecture, the multilayer software stack, the complex packaging with in particular the stacking of several components on the same chip (PoP).
The main objective of this thesis is to study a new EM injection approach and its potential to circumvent certain security mechanisms of a smartphone. This will allow hardware security characterization tools to evolve in order to meet the growing needs for the security characterization of SoCs. In terms of exploitation, the FORENSIC domain is aimed at circumventing and/or supplementing the limits of legal data mining techniques based on “0-day” vulnerabilities by exploiting flaws in hardware implementations that cannot be corrected on the same target model.
To achieve this objective, the PhD student will first be required to characterize, test and validate the new ultra-fast switching attack approach and the magnetometric and amperometric measurement means recently developed in the laboratory. At the same time, the doctoral student will carry out bibliographical and experimental work on the physiological risk potentially linked to exposure to short-term EM pulses. The results will be used to define new protocols allowing operators to carry out their EM injection experiments in a secure environment and to develop standards in this area if necessary. Secondly, the doctoral student will devote part of his work to modeling the transient magnetic flux and the transfer of induced power in high or low impedance targets, with a focus on the impact of the orientation of the field as well as the polarity of the pulse on the fault or glitch model on different types of transistors (NMOS, PMOS, JFET).
[1] https://cea.hal.science/search/index/?q=*&authFullName_s=Cl%C3%A9ment%20Gaine
More here : https://vimeo.com/441318313 (project video)