Hired by CEA-Leti upon completing his thesis, Julien Maillard set about tackling one of today’s biggest cybersecurity challenges, with a particular focus on complex processors. His research coincides with major legislative efforts carried out by the European Union, centered on the Cyber Resilience Act, which aims to strengthen digital defense measures.
His career began at the University of Nantes, where he took an undergraduate degree in IT. This is where he developed a particular interest in the topics of microarchitecture and cryptography. He continued his studies with a master's degree in cybersecurity (Cryptis) in Limoges. Attending advanced cryptology courses and meeting with experts in the field of side-channel analysis proved to be a defining moment for Julien. He joined CEA-Leti for his final internship, researching side-channel code reconstruction on complex processors, before going on to study for a PhD.
Hybrid attacks are a reality requiring more attention
The paper presented by Julien and his team addressed a key issue: how can an attacker exploit the state of a device’s microarchitecture (traditionally targeted through software attacks) via unintentional physical signals (such as electromagnetic emissions or power consumption)? Specifically, he set out to explore the potential for a hybrid attack that would give a bad actor “
the best of both worlds “, he says.
On a test circuit board closely resembling those found in smartphones, they ran a series of tests, organized in three phases.
An initial “characterization” phase focused on creating a controlled state in the microarchitecture, in order to observe it. In the second phase, representing the start of a hybrid attack, the researchers injected malware code and continued observing the device’s physical parameters. The malware forces sensitive data to leak through electromagnetic radiations.
The final phase consisted in repeating the test without placing the microarchitecture in a controlled initial state, with the aim of ascertaining the state of the device’s microarchitecture without using malware code. Using cryptanalysis techniques and differential approaches, they were able to find secrets in the secure compartments of processors known as TrustZones.
They successfully overcame the usual obstacles encountered during software attacks that target cache memory (cache-attacks), bypassing several cache protection measures. This knowledge gave them the necessary material to give insights on new countermeasures to resist such attacks.
Through this study, the researchers not only proved hybrid attacks to be a reality, but also raised the alarm. According to Julien, "this type of attack is feasible in practice, at lower cost and using less powerful tools than those traditionally used to carry out physical attacks on this type of device". We should now be thinking about appropriate protection measures to address them.
“You have to imagine cybersecurity as a game of cat and mouse: even if a territory is defended by a cat, a mouse will keep looking for cracks through which to enter.”
Julien is currently working on security characterization through research into the application of probabilistic models for side-channel attacks.