Internship/Cryptographic Algorithms Reverse Engineering by Side-Channels Analysis (m/f)

Stage Par Airbus
  • Ingénierie / Gestion de production
  • Élancourt
  • A négocier

Description

Internship/Cryptographic Algorithms Reverse Engineering by Side-Channels Analysis (m/f)

Internship/Cryptographic Algorithms Reverse Engineering by Side-Channels Analysis (m/f)

Cassidian CyberSecurity Elancourt

European specialist in cyber security, Airbus Defence and Space mission is to protect companies, critical national infrastructures, as well as government and defence organisations against cyber threats. Its reliable and high performance security products and services are able to detect, analyse and neutralise the most sophisticated cyber-attacks.

Airbus Group is a global leader in aeronautics, space and related services. In 2015, the Group - comprising Airbus, Airbus Defence and Space and Airbus Helicopters - generated revenues of € 64.5 billion and employed a workforce of around 136,600.

Our people work with passion and determination to make the world a more connected, safer and smarter place. Taking pride in our work, we draw on each other's expertise and experience to achieve excellence. Our diversity and teamwork culture propel us to accomplish the extraordinary - on the ground, in the sky and in space.

Description of the job

Airbus Defence and Space CyberSecurity (Elancourt) is looking for an intern (m/f) for a 6-month internship.

Within Airbus Defence and Space CyberSecurity, you will join the Computer Security Incident Response Team (CSIRT) as an intern.
Your role will be to respond to IT security incidents by providing all the services necessary to resolve the problems or assist with their resolution.
The team also issues security alerts describing vulnerabilities and viruses affecting software and hardware components, which can enable its customers to patch and update their systems very quickly.
As such, one of the CSIRT team's activities consists in performing the retro-engineering of firmwares. However, when CSIRT needs to extract a firmware in a component (e.g. micro-controller), it is possible for protections against writeback (fuses) to be activated, and this will hence render the extraction of the firmware impossible using conventional means. Very sophisticated means can be brought into play (e.g. reversal of fuse polarity by ultraviolet radiation), but the necessary material for this can be expensive, the process may required highly skilled personnel and the customer will not desire that an invasive process be performed on the system to be audited.
Another possible alternative is to perform cryptographic algorithms reverse engineering by side-channel analysis (Side-Channel Analysis for Reverse-Engineering, SCARE).

This internship will start on 1st March 2016 (subject to some flexibility).

Internships at Airbus Group

Tasks & accountabilities

The internship and its objectives will consist of:

We are proposing to perform SCARE on components, i.e. monitoring side-channels (electrical consumption, electromagnetic radiation, etc.) of the audited system in order to find the basic instructions executed by the system (often, a microprocessor).
Firstly, we start by “profiling” an identical and programmable system: the system is programmed (in this case, a Leon2 processor embedded on a FPGA) with a specific instruction (e.g. the addition of two set “X” and “Y” operands, or “ADD(X,Y)”), the auditor will then take several measurement of the system's electrical consumption during the execution of this instruction, then the process will be repeated for all possible operands, then for all remaining instructions (“SUB”, “LD”, etc.) At the end of the process, the auditor recovers a real “dictionary” that will be used as a reference for the second phase.

The second phase consists in the comparison of the audited system consumption measurements with those of the dictionary to find each executed instruction, then at the end of the process, the entire firmware embedded in the system.

Required skills

You are in the final year of engineering school, completing a Master's degree or in 5th year of university, specialising in IT.

You ideally have initial experience in this field.

You are a good team player and you have excellent interpersonal skills.

English: intermediate level,
French: fluent.