Guillaume Bouffard
Researcher in Embedded System Security
I defended my Ph.D. thesis on October 14, 2014, at Salle du conseil, Faculté des Sciences et Techniques (123 Av. Albert Thomas, 87000 Limoges).
The defense was held in French, starting at 14:30, and was open to the public.
🏆 In 2015, this Ph.D. work received the “Prix de thèse de l’action du CNRS Objets intelligents sécurisés et Internet des objets”, recognizing outstanding contributions to the security of smart and connected devices.
| Role | Name | Affiliation |
|---|---|---|
| President | Erik Poll | Professor, Institute for Computing and Information Science, Radboud University |
| Reviewer | David Naccache | Professor, École Nationale Supérieure |
| Reviewer | Peter Ryan | Professor, Université du Luxembourg |
| Examiner | Jean-Louis Lanet | Professor, INRIA (Ph.D. thesis director) |
| Examiner | Emmanuel Prouff | Researcher HDR, ANSSI / Laboratoire Sécurité des Composants |
| Examiner | Éric Vétillard | Java Card Principal Product Manager, Oracle Inc. |
Smart cards are the keystone of various applications which we daily use: pay money for travel, phone, etc. To improve the security of this device with a friendly development environment, the Java technology has been designed to be embedded in a smart card. Introduce in the mid-nineties, this technology becomes nowadays the leading application platform in the world. As a smart card embeds critical information, evil-minded people are interested to attack this device.
In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use the Fault Tree Analysis. This method used in safety analysis helps to understand and implement all the desirable and undesirable events existing in this domain. We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code. During this thesis, we focused on the integrity property, especially on the code integrity. Indeed, a perturbation on this element can break each other properties. By modelling the conditions, we discovered new attack paths to get access to the smart card contents. We introduce new countermeasures to mitigate the undesirable events defined in the tree models.