Antoine MARCHAND's thesis defense (IT department)

Mr ANTOINE GALLAIS (Université Polytechnique Hauts de France), Thesis Director
M. David ESPES (Université de Bretagne Occidentale), Examiner
M. Virginie DENIAU (Université Gustave Eiffel), Rapporteur
. Mrs Virginie DENIAU (Université Gustave Eiffel), Rapporteur
. Mr. Michaël HAUSPIE (University of Lille), Rapporteur
Mr. Hamza OUARNOU (University of Lille), Rapporteur Mr. Hamza OUARNOUGHI (Université Polytechnique Hauts de France), Thesis co-supervisor
. Mr. Youcef IMINE (Université Polytechnique Hauts de France), Thesis co-supervisor
. Mr. Yohan WOITTEQUAND (Orange Cyberdefense), Guest

Mr.

In recent years, with the development of sensors, intelligent vehicles and other embedded devices, firmware has become ubiquitous. These firmwares are the most privileged software elements that can operate a system. That's why it's vital to guarantee their integrity. Some of the most critical attacks are physical attacks, as the attacker has full access to the target.

In this thesis, we focus our study on improving firmware integrity security when physical access is compromised.

General Purpose Computers (GPCs) are easily physically accessible to an attacker since they are often left unattended, leading to Evil Maid attacks.

To address this issue, this thesis first presents a new hardware root of trust (RoT) for general-purpose computers taking into account an attacker with physical access to the system.

Our solution is based on secure boot and update mechanisms that not only ensure firmware integrity during the boot phase, but also offer a mechanism for secure firmware updates by authorized persons only. Furthermore, in this context, the confidentiality of secrets is ensured thanks to a Physical Unclonable Function (PUF).

We then studied how to implement our solution using only commercially available hardware components. In this way, we guarantee ease of implementation on a variety of platforms and independence from manufacturers.

We have also studied how to implement our solution using only commercially available hardware components.

Finally, we assessed the hardware footprint of our solution, which turned out to be small, and found that the degradation of the user experience is negligible.

Once this root of trust had been validated, we sought to propose a new firmware integrity solution using other security mechanisms such as attestation and secure updating.

We targeted a specific application context, namely connected vehicles, in order to highlight the importance of securing these critical systems. Indeed, these vehicles embark a multitude of electronic control units (ECUs), each containing at least one firmware. These ECUs are responsible for all the functions required to operate the vehicle. Some of these functions are essential to the safety of the vehicle's occupants, and it is therefore crucial to guarantee the integrity of their firmware. That's why, in this thesis, we present a new solution ensuring firmware integrity in the vehicular context through attestation and secure update mechanisms.

The core of our solution is based on the same cryptographic primitives as the solution proposed for general-purpose computers and therefore takes into account an attacker with physical access to the system.

We then built on these foundations to propose a new solution, designed to take into account the specificities of the heterogeneous ecosystems that are connected vehicles in order to guarantee firmware integrity both during execution and when updating.

In the future, we would like to extend the scope of our security solutions by implementing additional security mechanisms such as periodic reflectometry measurements on the Front-side Bus or integrating the solution within the CPU, which would free us from certain assumptions we are currently forced to make.

We also plan to implement the security solution for the vehicular context using off-the-shelf hardware in order to qualify and quantify its potential cost and ease of implementation within these heterogeneous systems.