Brice Colombier

Me FR

Links:

Research

Projects

PANTACOUR and EPOQAP

The PANTACOUR (INS2I) and EPOQAP (IRGA) projects focus on evaluating post-quantum cryptography algorithms against physical attacks.

PILAS

In the framework of the PILAS (FUI) project, I developed advanced laser attacks that make use of multi-spot laser injection setups.

The capabilities of the ALPhANOV four-spot laser fault injection setup that we used are shown in the following video :

The target code we attacked is a VerifyPIN with 3 trials. We performed the following attacks :

  1. PIN code always correct
  2. Denial of service
  3. Increasing the number of trials
  4. Decreasing the number of trials

PROSECCO

In the framework of the ANR-PROSECCO, I was working on evaluating countermeasures inserted at compilation time against physical attacks. The PROSECCO project includes three partners:

  • CEA DACLE is responsible for designing a compiler that can automatically insert countermeasures after annotations by the programmer,
  • Sorbonne Université, LIP6 is responsible for making sure that the countermeasures have been correctly inserted and that the protected program is functionally equivalent to the original one,
  • CEA-Tech SAS is responsible for evaluating the resistance of protected code to physical attacks, by performing side-channel and fault attacks but alos by carrying out a leakage assessment procedure, giving feedbacks to the countermeasures designer to better tune them.

In CEA-Tech SAS team in Gardanne, we performed the security evaluation. To this end, we do:

  • Side-channel attacks: 1st and 2nd-order correlation power analysis, template attacks, machine learning-based attacks,
  • Fault attacks: clock glitches, power glitches, electromagnetic injection, laser injection,
  • Leakage assessment: Welch’s t-test, F-test, profiling.

Single-bit corruption in Flash memory with laser injection

In this work, we showed that by shooting with a laser allows to perform a single-bit set on data read from Flash memory of a 32-bit ARM Cortex-M3 microcontroller. At the correct timing, we could set any bit of the instruction being read. The laser spot had a diameter of 5µm. We shot with a power of 0.5W for 200ns.

This allowed us to attack an implementation of a VerifyPIN algorithm, effectively having as many trials as needed to find the correct PIN. We also attacked the last AddRoundKey transformation of an AES implementation to recover the secret key with only two faulty ciphertexts.

SALWARE

The aim of the ANR-SALWARE project was to fight against counterfeiting of integrated circuits and illegal copying of IP cores.

My PhD thesis is available here and the defense slides here.

A comprehensive hardware/software infrastructure for IP cores design protection

The final outcome of the SALWARE project was a demonstrator meant at illustrating the remote activation procedure of an IP core. It integrates all the contributions of the SALWARE project, namely the logic locking/masking method to make the IP activable, the lightweight block cipher, the PUF to identify each instance of the IP core and the CASCADE key reconciliation protocol to correct the errors found in PUF responses.

An overview of the design is shown below, as well as a video demonstrating how the whole system works with an example design.

Key reconciliation protocols for error correction of PUF responses

PUFs are very interesting security primitives to uniquely identify instances of an IP core, but suffer from errors found in their responses. In order to correct these errors, traditional error-correcting codes can be used but they are quite costly in logic resources. Conversely, we propose as a lightweight alternative to use the CASCADE key reconciliation protocol to correct the errors in PUF responses.

The CASCADE protocol is very efficient at correcting the errors, allowing to reach failure rates as low as one in a million, while being an order of magnitude more lightweight than traditional error-correcting codes implementations. Moreover, it is very flexible and can accomodate various error rates.

Logic-level modifications

Logic masking with centrality indicators

One way to make a combinational circuit unusable is to apply logic masking. By inserting XOR/XNOR logic gates at specific locations in the netlist, it strongly disturbs the circuit operation if the wrong un-masking key is applied. The objective is to have the lowest possible correlation between normal and masked output.

We developped a node-selection heuristic based on centrality indicators to determine the netlist nodes to modify.

Compared to state-of-the-art heuristics, it is more computationnally-efficient while achieving low output correlation.

Combinational logic locking

Another option to make a circuit unusable is to apply logic locking. By inserting non-linear (AND, OR) logic gates at specific locations in the netlist, it forces the outputs of the netlist to a fixed logic value.

In order to select the netlist nodes to modify, we used graph analysis to find out the gate sequences that can propagate a fixed logic value.

Academic service

I serve as an associate editor for the Journal of Cryptographic Engineering.

I have been a program commitee member of the VLSI-SoC conference in 2018 and 2019.

I reviewed submissions to the following conferences:

I reviewed submissions to the following journals:


Built with Pandoc, hosted on Netlify, last modified: 06/2022