EMSEC: Embedded Security and CryptographyResponsables: Gildas Avoine, Pierre-Alain Fouque

Présentation: Stéphanie Delaune (CNRS)

EMSEC team

Embedded Security & Cryptography−→ 7 permanent researchers, 12 PhD students, and 2 post-docs

P. Derbez, G. Avoine, A. Roux-Langlois, B. Kordy, & P.-A. Fouque.−→ Clémentine Maurice and myself !

EMSEC, Embedded Security and Cryptography 2

Stéphanie Delaune

� Since 2007: CNRS Research Scientist hosted at� ENS Cachan (2007-2016)� IRISA (Rennes) from September 2016

� 2006-2007: Post-doctoral stays at Birmingham University (UK)and University of Lorraine (FR)

� 2003-2006: PhD at ENS Cachan and France Télécom R&D

Formal analysis of security protocols.

More information about me:

� http://people.irisa.fr/Stephanie.Delaune/

EMSEC, Embedded Security and Cryptography 3

Thèmes de recherche

EMSEC, Embedded Security and Cryptography 4

Security protocols are everywhere !

� testing their resilience against well-knownattacks is not sufficient;

� manual security analysis is error-prone.

−→ Caution: Do not underestimate your opponents!

privacyissue

authentication issue

The register - Jan. 2010

Independent - Feb. 2016

EMSEC, Embedded Security and Cryptography 5

Security protocols are everywhere !

� testing their resilience against well-knownattacks is not sufficient;

� manual security analysis is error-prone.

−→ Caution: Do not underestimate your opponents!

privacyissue

authentication issue

The register - Jan. 2010

Independent - Feb. 2016

EMSEC, Embedded Security and Cryptography 5

Security protocols are everywhere !

� testing their resilience against well-knownattacks is not sufficient;

� manual security analysis is error-prone.

−→ Caution: Do not underestimate your opponents!

privacyissue

authentication issue

The register - Jan. 2010

Independent - Feb. 2016

EMSEC, Embedded Security and Cryptography 5

How cryptographic protocols can be attacked?

Proposal #1: Mise en place d’outils automatiques pour la luttecontre les attaques physiques −→V. Migliore

Proposal #2: Cryptanalysis using constraint programming solvers:the case of cube attacks −→ S. Delaune & P. Derbez

EMSEC, Embedded Security and Cryptography 6

How cryptographic protocols can be attacked?

Logical attacks� can be mounted even assuming perfectcryptography,↪→ replay attack, man-in-the middle attack, . . .

� subtle and hard to detect by “eyeballing” theprotocol

A sucessful approach: formal symbolic verification−→ provides a rigorous framework and automatic tools to analysesecurity protocols and find their flaws.

EMSEC, Embedded Security and Cryptography 7

Some proposals on formal verification

Proposal #3: Verification of security protocols: are the usualencodings safe when considering equivalence-based properties?

−→ S. Delaune

Proposal #4: Analysing security protocols based on low-entropysecrets in the symbolic model −→ S. Delaune & S. Kremer

Proposal #5: Security analysis of the LoRaWAN protocol usingformal symbolic verification tools −→ S. Delaune

� more information: https://popstar.irisa.fr

� contact me: stephanie.delaune@irisa.fr

EMSEC, Embedded Security and Cryptography 8

Some other internship proposals

−→ contact: G. Avoine

Proposal #6: Analysis of the Proximity Check Protocol ofContactless Smartcardshttp://www.avoine.net/smartcards_avoine.pdf

Proposal #7: Analyse du contenu de la base de données HAL.

EMSEC, Embedded Security and Cryptography 9