Scientific Objectives

EMSEC performs research on the security of embedded devices, with a special focus on security primitives, schemes, and protocols. The team studies and develops tools, processes, and methods of security engineering that enable security assessment of ubiquitous computing systems and objects. The activities are organized along four axes.

Security models

One of the major concerns of information security is to establish security proofs. EMSEC considers computational proofs and formal methods for the verification of communication protocols.

The addressed topics include:

  • Computational proofs
  • Symbolic proofs
  • NP-hard problems
  • Security proofs on cryptographic protocols

Design and analysis of primitives, schemes, and protocols

EMSEC addresses the design of secure building blocks based on security proofs and cryptanalysis of such blocks.

The addressed topics include:

  • Distance-bounding protocols
  • Design of ciphers (lightweight block ciphers, authenticated encryption schemes, etc.)
  • Fully homomorphic encryption, symmetric searchable encryption
  • Lattice-based cryptosystems
  • Cryptanalytic time-memory trade-off
  • Cryptographic protocols for low-cost devices (RFID tags, smartcards, etc.)
  • Multi-party contract signing protocols

Hardware and software security.

EMSEC exploits reverse-engineering techniques to analyze primitives, schemes, and protocols implemented in embedded systems. This includes (but is not limited to) side-channel analysis and forensics.

The addressed topics include:

  • Side-channel attacks and countermeasures
  • Forensics in embedded systems
  • Browser fingerprinting
  • Relay attack against smartcard-based systems

Security analysis of real-world ubiquitous systems

EMSEC works on finding vulnerabilities in real-world systems, with the aim to provide the security community with valuable feedback and lead to more secure designs.

The addressed topics include:

  • Risk analysis based on attack-defense trees.
  • Analysis of access control systems
  • Security of SSL/TLS
  • Smartphone security


EMSEC is strongly involved in the scientific community through national and international research projects and structures. In particular, Gildas Avoine chairs the H2020 COST Action IC1403 Cryptacus about cryptanalysis in ubiquitous computing systems, and Pierre-Alain Fouque is the head of the French ANR project Brutus addressing authenticated ciphers and the resistance against side-channel attacks. Gildas Avoine is also the head of the CNRS GDR Security, which is an operational structure of the CNRS gathering French researchers working in the field of computer security.


The Cryptacus project is a H2020 COST Action (IC1403) that aims to improve and adapt the existent cryptanalysis methodologies and tools to the ubiquitous computing framework. Cryptanalysis, which is the assessment of theoretical and practical cryptographic mechanisms designed to ensure security and privacy, will be implemented along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. Twenty-nine European states and neighboring countries are so far members of Cryptacus.

ANR Brutus

The Brutus project aims at investigating the security of authenticated encryption systems. It aims to evaluate carefully the security of the most promising candidates, by trying to attack the underlying primitives or to build security proofs of modes of operation. It targets the traditional black-box setting, but also more "hostile" environments, including the hardware platforms where some side-channel information is available. It also aims at quantifying the impact of not respecting implementation hypotheses such as not reusing a nonce. Finally, a more constructive goal of the Brutus project is to advise solutions in each of these scenarios, including the choice of a cryptosystem and implementation aspects. This constructive task will be extended to the field of white box cryptography, which aims at hiding the key even if the full implementation is available, including any secret data.

ERC Popstar

The main objective of the POPSTAR project is to develop foundations and practical tools to analyse modern security protocols that establish and rely on physical properties. The POPSTAR project will significantly advance the use of formal verification to contribute to the security analysis of protocols that rely on physical properties. This project is bold and ambitious, and answers the forthcoming expectation from consumers and citizens for high level of trust and confidence about contactless nomadic devices.


TLS/SSL (currently version TLS 1.2) is one of the 3 essential cryptographic protocols used today (together with SSH and IPSec). Despite its central role in securing e-commerce, Internet browsing, email, VoIP, etc., despite the fact that almost every search and connection query in every browser in the world requires its use, this protocol still presents security flaws in its conception. To overcome recent attacks, such as FREAK, LogJam, 3Shake, SLOTH, or DROWN, a new version i.e. TLS 1.3 has recently been drafted. SafeTLS addresses the security both of TLS 1.3 and of TLS 1.2 as they are (expected to be) used.

last modification: 10/26/17