More practical and quicker to use, contactless technology, already present in our daily lives (building access badges, transport cards), is developing more and more, for example in payment cards or car opening and starting systems. However, there are currently no security protocols that are truly designed for the particularities of contactless. These protocols in charge of ensuring the security of information exchanges are based on a certain number of parameters: authentication, non-traceability, anonymity, etc. In the case of contactless systems, the notions of time and distance must be added. These are essential to ensure that the information is addressed to the person for whom it is intended, and not to another device nearby!
Currently, to measure the distance between two elements that are exchanging, a message is sent and the time in which the response should arrive is estimated. The only solution proposed is the "time out": a response that arrives too late could indicate that the device with which one is exchanging is not nearby, and therefore perhaps not the right one. But this leaves plenty of room for an attacker who is nearby, with sufficiently fast equipment.
To remedy this, Stéphanie Delaune, a CNRS research fellow at the Institute for Research in Computer Science and Random Systems, is working on the verification of these cryptographic protocols for contactless systems. She wants to produce a formal, mathematical proof of the proper functioning of the security protocol. One of the techniques used consists of constructing a mathematical representation of the protocol and the attackers, and thus verifying that the protocol is secure whatever the possible behaviour of these malicious agents.
Then, a significant part of Stéphanie Delaune's work consists in implementing these findings. In this way, she wants to propose general principles for better protocol design, but also ways to improve faulty protocols. Based on these discoveries of attacks and vulnerabilities on contactless objects, she wishes to disseminate good practices to be adopted if one wants to give oneself every chance of designing a secure system.
Financing that facilitates mobility
The ERC grant will fund the positions of 3 PhD students, 4 post-docs and engineers. At the time she applied, Stéphanie Delaune was organising her move to Rennes from ENS Cachan, where she had been working since 2007. As her research was theoretical, it did not require the purchase of equipment. The funding made it easier for Stéphanie Delaune to build up a team.
"The ERC made it easier for me to come to Rennes because I didn't have to worry about funding: I am more independent".