In April 2015, TV5 Monde suffered a cyber attack that cut its broadcast for two days. From our TVs to telephones, cars, data and communications networks, or industrial systems, cyber attacks can impact most aspects of life.
Grenoble INP is working to protect society from these risks by supporting research on all levels, from hardware to software, in order to promote overall system security. "The strength of our multidisciplinary approach is that it combines electronics and IT. We help ensure security by protecting the value chain from beginning to end. This means protecting electronic components and circuits as well as software. We can't afford to leave any gaps in security!" highlights David Hély, a professor at Grenoble INP - Esisar and a researcher at the LCIS.
The first challenge is to ensure the security of each component. Does a component's fabrication process include a Trojan Horse? How do you guarantee an electronic circuit is not a counterfeit? Can existing circuits be improved to resist more sophisticated attacks?
These questions are at the heart of the work being carried out by various laboratories. At the LCIS, tools are being developed to guarantee the authenticity of a component. The idea is to track a component from its fabrication to its integration thanks to RF signatures and other security measures. Another protection measure under development is the integration of a spy mode for circuits. This would allow a system to check in real time if a circuit is carrying out its assigned task or if it has been hijacked for malicious reasons.
Testing the security of electronic circuits
Researchers at the LCIS, TIMA and LIG are working on methods to test the security of circuits. "Chip cards can be attacked by analyzing physical characteristics such as energy consumption or electromagnetic emissions. These attacks rely on auxiliary channels that are not encrypted. Another attack option is to disturb a card's normal operation. By analyzing the difference between normal and disturbed operations, attackers can discover critical information such an encryption key." explains Régis Leveugle, a researcher at TIMA.
At the LIG, researchers are exploring the security risks found in black box systems (devices, objects or systems viewed only in terms of their inputs and outputs). "By using what's called a fuzzing test, we submit random, unexpected or invalid data to a program in order to analyze how it will react when attacked." adds Roland Groz, a professor at Grenoble INP - Ensimag and a researcher at the LIG.
In addition to testing circuit security, researchers are working on methods to strengthen security. Protective measures can include improvements on both physical and software levels. However, a crucial part of this research process is finding the right compromise between achieving required security levels and controlling the cost and energy consumption of a given improvement.
Date of update June 3, 2016