Download
1 / 1
70 likes | 365 Views
Context. Basic Principles. Ambient Intelligence: more and more miniaturized computing circuits are bec oming ubiquitous, including smart cards (for banking, GSM, UMTS, pay-TV, ID-cards or electronic passports applications), RFID tags, personal digital assistants, MP3 readers, etc. :
E N D
Context Basic Principles • Ambient Intelligence: more and more miniaturized computing circuits are becoming ubiquitous, including smart cards (for banking, GSM, UMTS, pay-TV, ID-cards or electronic passports applications), RFID tags, personal digital assistants, MP3 readers, etc.: • Revisit the three main paradigms of cryptology: encryption, electronic signature and authentication, in the context of embedded systems, and to focus on the special case of executable codes.. Scientific Goals • Confidentiality of Executable Code: • Further study of recent attack models, taking into account the physical nature of computations within embedded systems. • Rigorous study of the « code obfuscation » concept: analysis of the cryptographic strength, proposal of new schemes. • Code Integrity and authenticity: • Architectures for externalized code. • Study of their security, by extending if needed already existing cryptographic protocols (which have often been designed for static objects and not for dynamic objects). • Security Proofs and Formal Methods: • Applications of « proof carrying code » methods for a potentially malicious code. • More generally, define and implement specification tools that include security policies in the context of distributed systems. Applications Partners • Improving the security of smart card based applications: define a secure environment for « big size » complex application. • Application of code obfuscation to intellectual property protection for software, especially through the use of « watermarking » systems. • Realization of a secure platform (hardware and software) based on a « smart card network » (grid, network, mobile network, etc). • PRiSM Laboratory (Versailles St-Quentin- en-Yvelines University): expertise in multivariate cryptography, cryptanalysis, block ciphers, physical attacks, elliptic curve cryptography, hash functions. • LaBRI (Bordeaux 1 University): expertise in formal methods and software architecture. • LIENS (École normale supérieure): expertise in evaluation of cryptographic mechanisms. Outputs and Expected Results • Physical attacks against embedded systems: publication of new results and countermeasures. • Code obfuscation: modelization, analysis of existing solutions and proposal of new schemes. • Modelization of security requirements when the executable code is implemented in an external device (e.g. a terminal). Study of new induced threats, and design of new strategies to thwart them. • Dissemination of new obtained results: academic publications, participation to international confrences, demonstrations of new architectures. • Organization of a workshop in 2009, on « Cryptography for the Security of Embedded Systems ». www.labri.fr/~ly/cryscoe Cryptography for the Security of Embedded Systems • PHYSICAL ATTACKS • CODE OBFUSCATION • CODE EXTERNALIZATION A « mobile » code has to be carried together with a proof that it satisfies a security policy. The embedded system (« host ») only has to check the proof. Project Contact : Pr. Louis Goubin Laboratoire PRiSM – Université de Versailles St-Quentin-en-Yvelines 45 avenue des Etats-Unis – 78035 Versailles Cedex – France Tél : +33.1.39.25.43.29 Louis.Goubin@uvsq.fr
