Connect With Us:

Research and Development

In the fast-evolving landscape of cybersecurity and electronics, our team has consistently showcased unparalleled expertise in deciphering the multifaceted challenges that arise from electromagnetic interferences to device-specific vulnerabilities. Our extensive research, as published in esteemed journals and conferences, not only emphasizes our deep understanding of commercial-off-the-shelf computer systems but also our proficiency in navigating the intricate architectures of contemporary electronic devices. By pioneering innovative detection methods and revealing vulnerabilities in commonly used devices and systems, we are leading the charge towards a safer, more secure digital future. With a team committed to rigorous investigation and forward-thinking solutions, we are at the forefront of research, ensuring that systems are resilient against an ever-evolving array of threats.

LEIA: the Lab Embedded ISO7816 Analyzer A Custom Smartcard Reader for the ChipWhisperer

  • Conference: SSTIC 2019
  • Publication Date: Jun 5, 2019
  • Summary: This paper highlights the ChipWhisperer, a popular hardware security evaluation toolkit. Despite its capabilities, there is no smart card reader compatible with the ChipWhisperer. The research introduces LEIA, a daughter board designed for smart card security assessment that works with ChipWhisperer.

WooKey: USB Devices Strike Back

  • Conference: SSTIC 2018
  • Publication Date: Jun 1, 2018
  • Summary: The research focuses on securing the USB stack, especially after vulnerabilities like the BadUSB threat were exposed. The WooKey platform is introduced, an STM32-based USB thumb drive designed for user data encryption and protection. It is designed to be an open-source, open hardware platform, emphasizing easy manufacturability and reproducibility.

One Car, Two Frames: Attacks on Hitag-2 Remote Keyless Entry Systems Revisited

  • Conference: 11th USENIX Workshop on Offensive Technologies WOOT17
  • Publication Date: Aug 1, 2017
  • Summary: The Hitag-2 algorithm, though proven to be cryptographically broken, continues to be used in the car industry. This study delves into new vulnerabilities in Hitag-2 based Remote Keyless Entry systems. While certain systems have countermeasures, the paper also proposes a new cryptographic weakness that can be exploited with just two radio packets.

Eurisko: développement d’une carte électronique sécurisée

  • Conference: SSTIC 2016
  • Publication Date: Jun 1, 2016
  • Summary: This is a study on the development of a secure electronic card that integrates a secure boot chain with a unique pre-boot authentication mechanism. The paper discusses the challenges of integrating off-the-shelf components into a platform aiming for security objectives.

Stratégies de défense et d’attaque: le cas des consoles de jeux

  • Conference: SSTIC 2016
  • Publication Date: Jun 2, 2015
  • Summary: The paper reviews the evolution of security measures in gaming consoles over the past two decades. It discusses how game manufacturers have shifted their security strategies from merely combating game piracy to preventing modifications by hobbyists. The study also notes that console makers had a head start in terms of security techniques compared to other consumer goods.

Automation of the Immunity testing of COTS computers by the instrumentation of the internal sensors and involving the operating system logs – Technical report

  • Conference: System Design & Assessment Note - Note Series 11/2014
  • Publication Date: Nov 1, 2014
  • Summary: The research emphasizes the importance of monitoring the internal resources of COTS computers for a comprehensive understanding of perturbations induced by intentional electromagnetic interferences. The paper introduces a monitoring tool designed for large-scale deployment across IT networks.

Event logs generated by an Operating System running on a COTS Computer during IEMI Exposure:

  • Conference: IEEE Transactions on EMC
  • Publication Date: Sep 22, 2014
  • Summary: This research focuses on the analysis of event logs produced by a commercial-off-the-shelf computer during intentional electromagnetic interference (IEMI) exposure. The study primarily leans towards Linux systems due to their open nature, which provides unrestricted access to logs. The research demonstrates that a system running an open OS can detect disturbances caused by intentional electromagnetic interference.

DESIGN OF A HPEM-ATTACK DETECTOR INVOLVING THE INTERNAL RESOURCES OF A COTS COMPUTER:

  • Conference: Future Security 2014
  • Publication Date: 2014
  • Summary: This article is related to the previous one and suggests a design for a detector against High-Power Electromagnetic (HPEM) attacks. The unique feature of this design is that it utilizes the internal resources of a commercial-off-the-shelf (COTS) computer.

Autonomous Electromagnetic Attacks Detection considering a COTS Computer as a Multi-Sensor System:

  • Conference: URSI GASS 2014
  • Publication Date: Aug 18, 2014
  • Summary: This article explores the possibility of detecting electromagnetic attacks by monitoring the internal sensors of a COTS computer. The research promotes the idea that these computers, by using their inherent sensors, can identify abnormal activities resulting from electromagnetic attacks.

A Self-monitored Information System for High Power Electromagnetic Attacks Detection:

  • Conference: AMEREM 2014
  • Publication Date: Jul 27, 2014
  • Summary: The study underscores the increasing integration of electronic devices in crucial infrastructures, which can make them susceptible to high power electromagnetic attacks. The article proposes a novel approach where the targeted system acts as a sensor to detect HPEM attacks, eliminating the need for additional external detection devices.

Investigation numérique & terminaux Apple iOS:

  • Conference: SSTIC
  • Publication Date: Jun 4, 2014
  • Summary: This research dives into the realm of digital forensics on Apple’s iOS platform. It discusses the challenges associated with the closed nature of the iOS system and the difficulties in acquiring data from newer Apple devices. The paper presents two techniques for logical data acquisition, one non-intrusive and the other intrusive (related to jailbreaking methods).

Hacking apple accessories to pown iDevices:

  • Conference: Hackito Ergo Sum (HES)
  • Publication Date: May 4, 2013
  • Summary: This publication scrutinizes the security of popular Apple accessories, particularly dock stations and alarm clocks. It emphasizes the vulnerabilities inherent in these devices and demonstrates how certain Apple services can be exploited to retrieve confidential data or deploy jailbreaks.

Hacking iOS applications - Does your company data safe when stored on iDevices:

  • Conference: GreHack / Hack.lu
  • Publication Date: Oct 19, 2012GreHack
  • Summary: The article deals with the security aspects of iOS applications, specifically those used in enterprise environments. It showcases common vulnerabilities and risks associated with iOS applications and provides insights into techniques attackers use to manipulate these apps and extract sensitive data.