Anticipating threats by design
Cyberattacks are on the rise, threatening the now-ubiquitous embedded systems found in our cars, phones, and even in critical infrastructure. Developing comprehensive, appropriate tools to secure these systems by design is becoming essential. The aim is to enable fine-resolution, detailed analysis of the robustness of an electronic component at the design stage, using a digital twin that combines the relevant hardware and software. This virtual model would make it possible to test resistance to state-of-the-art cyberattacks such as laser attacks, and thereby verify the effectiveness of countermeasures before the component is even manufactured.
Using digital twins to counter cyberattacks
We need a more global approach to securing electronic components. By more precisely modeling attackers' capabilities, we can design tools able to effectively anticipate their actions. Inspired by other scientific fields that are already using digital twins to simulate complex environments, the idea is to create a tool capable of faithfully reproducing a system under attack, combining physical and formal modeling approaches.
The research focuses primarily on laser attacks, which are viewed as a benchmark for security standards. This type of attack uses a laser beam to disrupt a system's operation, targeting critical operations such as PIN code checks or program execution on a smartphone as a means of bypassing security features and gaining access to sensitive data.
Developing more secure, resilient embedded systems
This approach paves the way for enhanced embedded system security by design. By developing an initial tool able not only to verify the robustness of a component but also to predict its behavior in response to advanced attacks, this method addresses a crucial need, i.e. the ability to anticipate threats before they become exploitable vulnerabilities.
Securing technologies by design helps to protect critical infrastructure and our digital future. By investing in ambitious, rigorous innovation, we can accelerate the development of reliable, sustainable cybersecurity solutions fit for tomorrow's challenges.
> Overview of Audace!, the pioneering research program At national level: - In 2024, five research organizations (CEA, CNRS, INRAE, INRIA and INSERM) were tasked with conducting research programs alongside a broad spectrum of academic partners.
- Two government agencies: the General Secretariat for Investment (SGPI) specializing in financing aspects, and the National Research Agency (ANR), which handles contracting arrangements with the various institutions.
At CEA level: - €40M budget for the Audace! program
- 10 fundamental projects selected from among 35 submitted proposals, of which 25 were auditioned
- 46 seed initiatives funded, out of a total of 157 letters of intent received
- More than 80 academic partners nationwide
"The goal is to encourage blue-sky thinking and give researchers carte blanche to explore new ideas through theoretical, experimental or instrument-focused research, with no need to seek real-world applications or provide performance guarantees" Anne-Isabelle Etienvre.
|
For more information about CEA-Leti's cybersecurity initiatives: