1. Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient Intelligence: more and more miniaturized computing circuits are becoming ubiquitous, including smart cards (for banking, GSM, UMTS, pay-TV, ID-cards or electronic passports applications), RFID tags, personal digital assistants, MP3 readers, etc.: Revisit the three main paradigms of cryptology: encryption, electronic signature and authentication, in the context of embedded systems, and to focus on the special case of executable codes.. Context Project Contact : Pr. Louis Goubin Laboratoire PRiSM – Université de Versailles St-Quentin-en-Yvelines 45 avenue des Etats-Unis – 78035 Versailles Cedex – France Tél : +33.1.39.25.43.29 Louis.Goubin@uvsq.fr Louis.Goubin@uvsq.fr Confidentiality of Executable Code: Further study of recent attack models, taking into account the physical nature of computations within embedded systems. Rigorous study of the « code obfuscation » concept: analysis of the cryptographic strength, proposal of new schemes. Code Integrity and authenticity: Architectures for externalized code. Study of their security, by extending if needed already existing cryptographic protocols (which have often been designed for static objects and not for dynamic objects). Security Proofs and Formal Methods: Applications of « proof carrying code » methods for a potentially malicious code. More generally, define and implement specification tools that include security policies in the context of distributed systems. Scientific Goals Physical attacks against embedded systems: publication of new results and countermeasures. Code obfuscation: modelization, analysis of existing solutions and proposal of new schemes. Modelization of security requirements when the executable code is implemented in an external device (e.g. a terminal). Study of new induced threats, and design of new strategies to thwart them. Dissemination of new obtained results: academic publications, participation to international confrences, demonstrations of new architectures. Organization of a workshop in 2009, on « Cryptography for the Security of Embedded Systems ». www.labri.fr/~ly/cryscoe Outputs and Expected Results Improving the security of smart card based applications: define a secure environment for « big size » complex application. Application of code obfuscation to intellectual property protection for software, especially through the use of « watermarking » systems. Realization of a secure platform (hardware and software) based on a « smart card network » (grid, network, mobile network, etc). Applications PRiSM Laboratory (Versailles St-Quentin- en-Yvelines University): expertise in multivariate cryptography, cryptanalysis, block ciphers, physical attacks, elliptic curve cryptography, hash functions. LaBRI (Bordeaux 1 University): expertise in formal methods and software architecture. LIENS (École normale supérieure): expertise in evaluation of cryptographic mechanisms. Partners Basic Principles CODE OBFUSCATION CODE EXTERNALIZATION A « mobile » code has to be carried together with a proof that it satisfies a security policy. The embedded system (« host ») only has to check the proof. PHYSICAL ATTACKS