Dynamic Assurance Cases for Autonomous Adaptive Systems
Providing assurances that autonomous systems will operate in a safe and secure manner is a prerequisite for their deployment in mission-critical and safety-critical application domains. Typically, assurances are provided in the form of assurance cases, which are auditable and reasoned arguments that a high-level claim (usually concerning safety or other critical properties) is satisfied given a set of evidence concerning the context, design, and implementation of a system. Assurance case development is traditionally an analytic activity, which is carried out off-line prior to system deployment and its validity relies on assumptions/predictions about system behavior (including its interactions with its environment). However, it has been argued that this is not a viable approach for autonomous systems that learn and adapt in operation. The proposed PhD will address the limitations of existing assurance approaches by proposing a new class of security-informed safety assurance techniques that are continually assessing and evolving the safety reasoning, concurrently with the system, to provide through-life safety assurance. That is, safety assurance will be provided not only during initial development and deployment, but also at runtime based on operational data.
CCA-secure constructions for FHE
Fully Homomorphic Encryption (FHE) is a corpus of cryptographic techniques that allow to compute directly over encrypted data. Since its inception around 15 years ago, FHE has been the subject of a lot of research towards more efficiency and better practicality. From a security perspective, however, FHE still raises a number of questions and challenges. In particular, all the FHE used in practice, mainly BFV, BGV, CKKS and TFHE, achieve only CPA-security, which is sometimes referred to as security against passive adversaries.
Over the last few years, a number of works have investigated the security of FHE in the beyond-CPA regime with new security notions (CPAD, FuncCPA, vCCA, vCCAD, and others) being proposed and studied, leading to new attacks and constructions and, overall, a better understanding of FHE security in that regime.
With respect to CCA security, recent works (2024) have defined new security notions, which are stronger than CCA1 and shown to be achievable by both exact and approximate FHE schemes. Leveraging on these advances, the present thesis will aim to design practical FHE-style malleable schemes enforcing CCA security properties, at least for specific applications.
Securing Against Side-Channel Attacks by Combining Lightweight Software Countermeasures
Side-channel attacks, such as analyzing a processor's electrical consumption or electromagnetic emissions, allow for the recovery of sensitive information, including cryptographic keys. These attacks are particularly effective and pose a serious threat to the security of embedded systems.
This thesis focuses on combining low-impact software countermeasures to strengthen security against side-channel attacks, an idea that remains poorly explored in the current state of the art. The goal is to identify synergies and incompatibilities between these countermeasures to create more effective and lightweight solutions. In particular, low-entropy masking countermeasures will be considered.
These ideas will be applied on cryptography algorithm, with a particular focus on post-quantum cryptography algorithms.
The thesis aims to develop new ways to secure software, offering better trade-offs between security and performance than existing approaches.
Identification versus anonymisation from an embedded client operating on a blockchain
The first worldwide deployment of a blockchain dates back to 2010 with Bitcoin, which introduced a completely digital monetary system and a crypto-currency, bitcoin. Within Bitcoin, all transactions are publicly accessible and traceable, which should generate trust between stakeholders. However, the traceability of transactions, and ultimately of the crypto-currency, does not imply the traceability of users authenticated by an account address, or more precisely by a set of account addresses that are independent of each other. In this context, it can be complex to trace the individuals or legal entities owning the crypto-currency.
Crypto-currency is not the only use case supported by blockchain technology. The deployment of Ethereum in 2014, based on the use of smart contracts, opened up many other uses, in particular the protection of identifying data. In this area, the need for traceability versus furtivity can vary greatly from one use case to another. For example, on a blockchain that records the access of a worker owning an employment certificate to an industrial site, no information enabling the worker to be identified or his activity to be traced should appear. On the other hand, in the case of data collected by IoT sensors and processed by remote Edge devices, traceability of data and processing is desirable.
The thesis proposes to study different techniques for tracing digital assets on a blockchain, for stealthing their owners, and offering the possibility of auditing and identification by an authorised body. The aim is to build embedded devices, Edge or personal possibly embedding artificial intelligence, secured by hardware components, integrating different cryptographic solutions and account, data or identity wallet structures to meet the needs of the different use cases envisaged.
The design of integrated circuits requires, at the end of the chain, circuit editing and failure analysis tools. One of these tools is the probing of electrical potential levels using an electron beam available in a SEM (Scanning Electron Microscope) to determine the electrical signal present in an area of the circuit, which may be a metal level or a transistor. This electronic probing technique was widely used in the 90s, and then partially abandoned despite a few recurrent publications on the technique. In recent years, this technique has been revived by using the backside of the component, probing via the silicon substrate and accessing the active areas of the component.
These debugging and failure analysis tools are also tools for attacking integrated circuits. This thesis topic falls within the scope of hardware cybersecurity and so-called invasive attacks. The PhD student will implement this electron beam probing technique on commercial SEMs and under conditions of use specific to cybersecurity. Various techniques will be considered to improve the probed signals and their use.
Integrity, availability and confidentiality of embedded AI in post-training stages
With a strong context of regulation of AI at the European scale, several requirements have been proposed for the "cybersecurity of AI" and more particularly to increase the security of complex modern AI systems. Indeed, we are experience an impressive development of large models (so-called “Foundation” models) that are deployed at large-scale to be adapted to specific tasks in a wide variety of platforms and devices. Today, models are optimized to be deployed and even fine-tuned in constrained platforms (memory, energy, latency) such as smartphones and many connected devices (home, health, industry…).
However, considering the security of such AI systems is a complex process with multiple attack vectors against their integrity (fool predictions), availability (crash performance, add latency) and confidentiality (reverse engineering, privacy leakage).
In the past decade, the Adversarial Machine Learning and privacy-preserving machine learning communities have reached important milestones by characterizing attacks and proposing defense schemes. Essentially, these threats are focused on the training and the inference stages. However, new threats surface related to the use of pre-trained models, their unsecure deployment as well as their adaptation (fine-tuning).
Moreover, additional security issues concern the fact that the deployment and adaptation stages could be “on-device” processes, for instance with cross-device federated learning. In that context, models are compressed and optimized with state-of-the-art techniques (e.g., quantization, pruning, Low Rank Adaptation) for which their influence on the security needs to be assessed.
The objectives are:
(1) Propose threat models and risk analysis related to critical steps, typically model deployment and continuous training for the deployment and adaptation of large foundation models on embedded systems (e.g., advanced microcontroller with HW accelerator, SoC).
(2) Demonstrate and characterize attacks, with a focus on model-based poisoning.
(3) Propose and develop protection schemes and sound evaluation protocols.
Acoustics and Electromagnetism (AEM): New approaches for the secure characterization of components such as the SoCs
Work carried out within CEA-Leti has shown that physical attacks can be a threat to the security mechanisms of SoCs (System on Chips). Indeed, fault injections by electromagnetic disturbance have already led to an escalation of privileges by authenticating with an illegitimate password, or more recently have made it possible to bypass one of the highest levels of security of a SoC, which is the Secure Boot. However, the technologies integrated into this type of targets are increasingly sophisticated with Package-on-Package (PoP) electronic devices and technological nodes less than or equal to 7 nm, such as the new Samsung S20. Implementing these attacks requires cutting-edge equipment not currently commercially available (very small diameter probe, high transient current pulse generator, magnetometer and current broadband sensors with high spatial resolution, etc.). The thesis defended in 2022 by Clément Gaine [1] within our team made it possible to study several components of the EM injection chain, in particular a main element such as the electromagnetic injection probe.
Other fields are to be explored, in particular the complete injection chain from the pulse generator to the creation of an electromotive force in the target, induced by the EM probe via very high current gradients (di/dt). Mastering the complete chain makes it possible to design the most suitable injection system to characterize a smartphone type target and resolve the obstacles linked to this type of target such as: the complex microarchitecture, the multilayer software stack, the complex packaging with in particular the stacking of several components on the same chip (PoP).
The main objective of this thesis is to study a new EM injection approach and its potential to circumvent certain security mechanisms of a smartphone. This will allow hardware security characterization tools to evolve in order to meet the growing needs for the security characterization of SoCs. In terms of exploitation, the FORENSIC domain is aimed at circumventing and/or supplementing the limits of legal data mining techniques based on “0-day” vulnerabilities by exploiting flaws in hardware implementations that cannot be corrected on the same target model.
To achieve this objective, the PhD student will first be required to characterize, test and validate the new ultra-fast switching attack approach and the magnetometric and amperometric measurement means recently developed in the laboratory. At the same time, the doctoral student will carry out bibliographical and experimental work on the physiological risk potentially linked to exposure to short-term EM pulses. The results will be used to define new protocols allowing operators to carry out their EM injection experiments in a secure environment and to develop standards in this area if necessary. Secondly, the doctoral student will devote part of his work to modeling the transient magnetic flux and the transfer of induced power in high or low impedance targets, with a focus on the impact of the orientation of the field as well as the polarity of the pulse on the fault or glitch model on different types of transistors (NMOS, PMOS, JFET).
[1] https://cea.hal.science/search/index/?q=*&authFullName_s=Cl%C3%A9ment%20Gaine
More here : https://vimeo.com/441318313 (project video)
Code-Reuse Attacks : Automated Exploitation and Defense
Software vulnerabilities due to memory management errors are among the easiest to exploit. To prevent an attacker from injecting its own arbitrary code (shellcode), modern systems commonly enforce a Data Execution Prevention (DEP), often implemented as segment permissions (Write xor Execute – W^E).
Yet, Code-Reuse Attacks have emerged to circumvent the DEP protections. Thanks to a memory logic issue, the attacker hijacks the control flow of the target program and chains small code fragments referred to as gadgets to build the desired behavior, through so-called Return-Oriented Programming (ROP) or Jump-Oriented Programming (JOP).
In the past years, several research efforts have explored how to automate the construction of code reuse attacks from basic "on stack" attacks, lowering the barrier to such advanced methods. On the other side, program hardening relies on randomized memory layout (e.g. Address Space Layout Randomization – ASLR), Control Flow Integrity (CFI) or stack protection mechanism (e.g. Shadow Stack) to keep the
attacker in check. Still, some of these protection may be costly (execution time, specialized hardware, etc.).
The general goal of this PhD topic is to improve the state of the art of the automatic exploit generation landscape for the purpose of security assessment of anti-code-reuse protection. We will follow two trend:
(1) on the one hand the candidate will push automated code-reuse automation methods, by taking into account the knowledge of the protection to guide the research to valid exploit only, prospectively cutting-off in the search space, and by looking for synergies between the ROP/JOP chaining and program synthesis methods such as syntax guided synthesis or stochastic synthesis methods;
(2) on the other hand, once the potential of such methods is better understood, the candidate will design effective defense against them, based on a comprehensive analysis of their main strengths and weaknesses.