Recent technological advances in hardware and software have irretrievably affected the classical picture of computing systems. Today, these systems no longer consist only of connected servers, but involve a wide range of pervasive devices. This new paradigm, where information processing is embedded into everyday objects, has brought the concept of "ubiquitous computing systems". Such pervasive devices, illustrated in the figure below, perform actions on behalf of their users for access control in mass transportation, payment, building access control, vehicle ignition systems, smart meters, and many others.
Only recently researchers started to focus on the
security of ubiquitous devices. Despite this, they already managed to
find critical flaws in several widely deployed devices. For example,
Texas Instruments' Digital Signature Transponder was successfully
attacked in 2005 (Bono et al., 2005); Mifare Classic was completely
"dismantled" by several research teams (Garcia et al., 2008); critical
flaws in the KeeLoq ignition car system were revealed (Bogdanov et al.,
2006); serious weaknesses were found in iClass (Garcia et al., 2012) and
Hitag2 (Verdult et al., 2012); DESFire MF3ICD40 suffers from
side-channel attacks (Oswald et al., 2011); etc. This enumeration could
be long and quite worrying because applications from which we expect
high security are not immune to security problems. For example, a
"fatal" flaw in the random number generator of Taiwan's ID cards has
very recently been discovered (Bernstein et al., 2013).
Improving the security in this domain is one of tomorrow's challenges that will enable the large-scale deployment of ubiquitous computing systems in applications more innovative than ever. This challenge requires to train engineers to apply the paradigm of security and privacy by design. As a consequence, this course aims to learn how to build secure applications from theory to practice. with a special focus on authentication in ubiquitous computing systems based on the Radio-Frequency IDentification (RFID) technology.
- Enseignant: Avoine Gildas