[Focus on] LSOSP Lab - Laboratoire de Sécurité des Objets et Systèmes Physiques
By Olivier Savry (CEA-LETI/LSOSP)
The LSOSP (Laboratoire de Sécurité des Objets et Systèmes Physiques) and its 30 permanent staff are one of the two pillars of security within the CEA LETI.
Methods & tools for cybersecurity testing of IoT devices
Knowing product device’s vulnerabilities is essential if it is to be efficiently protected. The laboratory has developed dedicated scanning and fuzzing tools to test different types of communication interfaces pertaining to IoT devices: ethernet, wifi, zigbee, bluetooth, nfc.. The LSOSP also operates state-of-the-art side-channel and fault injection testbenchs that allow us caracterisation of the physical security of objects, components and specific IPs.
Security enhancement of IoT devices
Once threats and vulnerabilities have been assessed, we are able to develop fully secure solutions by being able to address all scales of a Cyber Physical System (CPS): from components to architecture. For example, we have experience in securing vehicles against theft and SCADA-type networks. We have implemented a trust anchor allowing strong authentication on those often old and obsolete networks. The laboratory’s activities also encompass the development of secure hardware IPs for cryptography (symmetric and asymmetric encryption (ECC), homomorphic encryption, RNG, PUF, etc.) that have countermeasures against known attacks. We also have actions in the security of processors and their microarchitecture with the challenge of implementing intrinsically secure processors that would no longer require the developer to worry about vulnerabilities in their code. These SOCs allow fully encrypted programs (data and code) to be executed with intrinsic integrity of the control flow and authenticity of instructions at runtime.
Security & privacy enhancement of objects’ interconnection & their data
Within the framework of the applications and uses we address, we have recurring needs in secure protocols to communicate together very constrained lightweight objects (constrained especially in terms of energy) that are found in the IoT. We therefore adapt these protocols to ensure the most intuitive use of products throughout their life cycle and taking into account end-users’ privacy.
Published on June 29, 2020
- Research Topics
- Cost-effective IoT/Hardware protections
- Cryptography
- Cybersecurity and AI
- Cybersecurity and Privacy
- Education and awareness
- Internet-wide measurements
- Prevention & Reaction to attacks
- Resilient critical infrastructures for Factory 4.0
- Social Impact & Regulation
- Software vulnerabilities