[Focus on] Research activities of the CTSYS team of LCIS

By David Hély & Vincent Beroulle
Research activities of the CTSYS team (LCIS Lab) in Valence are focused on "safety and security of embedded systems and distributed systems". Distributed and pervasive systems are smart, communicating, often open and dynamically reconfigurable systems. They mix many hardware components (sensors, connected objects, switches) with software components (embedded or non-embedded). These systems are ubiquitous in critical applications and security applications in which safety and security are two key issues.
logo LCIS
The CTSYS team consists of nine researchers from various fields of expertise from hardware design to software engineering. This diversity allows the team to tackle embedded system security issues with a cross disciplinary approach. Since a flaw or vulnerability in an element can compromise an entire system, the improvement of the safety and security of embedded systems requires that all their components are analyzed together and that their design take into account security at all levels, from hardware components to use cases. Therefore, the CTSYS team stands out by paying particular attention to the interaction between hardware and software. This approach is applied in various applications such as connected objects (sensor networks, RFID systems, geolocation ), “smart-*” environments (-Home, -building, -car, etc.), critical applications (medical, aeronautics)...
The team contributes to the national communities of software testing and hardware security through its involvement in the working groups of several GDRs (especially SOC2, GPL, and the new “GDR Sécurité”). The team is involved with Grenoble INP ESISAR each year in the organization of the CSAW (Cyber Security Awareness Week) security contest for Europe. This contest is considered to be the largest student cybersecurity contest in the world. CTSYS is also an active partner and founder of the Industrial Chair of Excellence TRUST "Confiance dans les systèmes".
The activities of the team are divided in three subtopics, from hardware to software: (1) circuits and embedded systems, (2) connected systems and (3) embedded software and pervasive applications.

Safety and security of embedded circuits and hardware systems

The hardware target is often qualified as the “root of trust” of the system as it may be compared to the mandatory foundation for building the most elaborate security schemes. Indeed, these security schemes are only effective as long as the hardware target on which they are running is secured. In this subtopic, the main issues discussed can be summarized by the following questions: what hardware vulnerabilities can be exploited to attack a "theoretically secure" system? How to take into account the hardware vulnerabilities during the design of a secure and safe embedded system? How to leverage the hardware to secure the system?

Here are the main works and recent results classified in 3 axes: vulnerability analysis, Trust in IC, and Secure IC design.
  • Vulnerability analysis:
    • An evaluation board “Hackmymcu” for the hardware vulnerability analysis of micro-controllers used in medical applications and the development of tools to easily combine different kinds of hardware attacks (European Project Penta SereneIoT);
    • A simulation-based or emulation-based fault injection platform Secure-RTL using cross layer method (RTL and source code) for analyzing fault attacks on microprocessor architectures, with CEA Leti (IRT Pulse);
  • Trust in IC:
    • Securing the life cycle of systems-on-chip, with CEA Leti (IRT Pulse);
    • Authentication of electronic chips by a non-intrusive RF approach;
    • Design pattern to improve hardware Trojan detection while protecting circuits from counterfeiting;
  • Secure IC design:
    • Vulnerability analysis and conception of secure elliptic encryption blocks, with Maxim Integrated;
    • Study and implementation of protection mechanisms for the execution of embedded applications, with Maxim Integrated.

Safety and security of connected systems

This subtopic focuses on the security and safety of connected systems in the context of IoT (cost and energy constraints). Many works of this subtopic concern RFID technology which can be used in security applications (access control, contact-less payment…). Other works concern the use of geolocation with wireless technologies (Lora, Wifi, UWB… ), for example in e-health or smart homes applications.

The main works and recent results are the following:
  • Design of a secure UWB geolocation platform with LIG team DRAKKAR;
  • Trust-based decentralized synchronization protocols in sensor networks;
  • Design of low cost and secure RFID HF/UHF tags with the Laboratoire d’électronique et de microélectronique EµE in Tunisia;
  • Modeling and improvement of robustness in RFID UHF light authentication protocols with the NOOCS lab in Tunisia;

Safety and security of embedded software and pervasive applications

In pervasive applications, the management of the dynamism of services and their number raises issues about the resilience and security of the system. The many available services must be regularly updated with the arrival and departure of different connected objects (due, for example, to a battery failure, a network issue or simply the intrinsic dynamism of these applications…). It is also necessary to control and restrict access to services. You cannot expect anyone to take control of the sensors in your house: privacy would be threatened. Data from different sensors or RFID tags may be an important source of information to enhance safety in this type of application and monitoring approaches may then be developed.

The main works and recent results are the following:
  • Models to facilitate the development of pervasive applications for trust and security integration, (European Project Penta SereneIoT).
  • Mechanisms to monitor and maintain a coherent state of the mediation chain during execution, and managing security and safety of pervasive applications in the iCASA environment with the LIG and Orange Labs;
  • Model for self-conscious systems with the LIG;

Published on June 29, 2020