CIFRE - Cybersecurity Engineer
Valeo
il y a 8 heures
Date de publicationil y a 8 heures
S/O
Niveau d'expérienceS/O
Temps pleinType de contrat
Temps pleinValeo is a tech global company, designing breakthrough solutions to reinvent the mobility. We are an automotive supplier partner to automakers and new mobility actors worldwide. Our vision? Invent a greener and more secured mobility, thanks to solutions focusing on intuitive driving and reducing CO2 emissions. We are leader on our businesses, and recognized as one of the largest global innovative companies.
[Power Division] PhD Subject Proposal
Manager : Yacine Ladjici- Power Division Cybersecurity Discipline Director- Valeo Master Expert
Post-Quantum Cryptography Transition Strategies for Automotive Embedded Systems and EV Charging Infrastructures
The rapid progress of quantum computing threatens classical cryptographic schemes (notably RSA and ECC) that are currently used in vehicles, production plants, and connected infrastructures. The automotive industry faces a unique challenge: how to transition to quantum-resistant a.k.a. post-quantum cryptography (PQC) within long product lifecycles, heterogeneous embedded platforms, and complex supply chains. Some ECUs have extremely limited computational resources, while others can support advanced cryptographic algorithms; moreover, vehicles already deployed with classical cryptography must remain secure and updateable throughout service lifetimes that often exceed 15 years. This PhD will explore practical migration strategies to PQC, focusing on hybrid schemes combining classical and PQC approaches, crypto-agility mechanisms enabling smooth algorithm transitions (to switch from classical to PQC or hybrid or from a PQC algorithm to another one if later deemed insecure), onboard security functions that rely on cryptography (secure boot, secure OTA updates, secure debug, secure diagnostic authentication, secure onboard communications, etc.), lightweight implementations for constrained ECUs, physical attacks and countermeasures on PQC in automotive embedded settings.
In addition to onboard aspects, the research will address the adaptation of production line security (e.g., plant Hardware Security Modules, certificate provisioning workflows) and the interoperability of electric vehicle charging stations, which must securely communicate with both vehicles and institutional PKIs. The expected outcome is a framework for managing the secure and cost-efficient introduction of PQC into automotive embedded products and infrastructures, with clear, actionable recommendations for industry adoption.
The research will also consider the evolving landscape of worldwide standards and regulations. Automotive-specific frameworks (e.g., UNECE WP.29 [1], ISO/SAE 21434 [2]) must be reconciled with broader cryptographic guidance from national security agencies and international bodies. This includes standards and recommendations from NIST in the US [3, 3a, 3b], ANSSI and equivalent agencies in the EU [4], and relevant authorities in other regions, where different PQC strategies and timelines are emerging. A key objective is to map regulatory and standardization requirements to automotive use cases, ensuring that proposed migration paths remain globally compliant, interoperable, and future-proof.
[1] United Nations Economic Commission for Europe (UNECE), "Working Party on Automated/Autonomous and Connected Vehicles" [https://unece.org/transport/road-transport/working-party-automatedautonomous-and-connected-vehicles-introduction]
[2] International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE), "ISO/SAE 21434:2021 - Road vehicles - Cybersecurity engineering" [https://www.iso.org/standard/70918.html]
[3] National Institute of Standards and Technology (NIST), "Post-Quantum Cryptography" [https://csrc.nist.gov/projects/post-quantum-cryptography]
[3a] NIST, "NIST Releases First 3 Finalized Post-Quantum Encryption Standards" [https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards]
[3b] NIST, "Recommendations for Key-Encapsulation Mechanisms" [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-227.pdf]
[4] French National Agency for the Security of Information Systems (ANSSI), "ANSSI views on the Post-Quantum Cryptography transition" [https://cyber.gouv.fr/sites/default/files/document/follow_up_position_paper_on_post_quantum_cryptography.pdf]
Job:
R&D Engineer
Organization:
GTSC BG/PG Product Cybersecurity
Schedule:
Full time
Employee Status:
Fixed Term (Fixed Term)
Job Type:
CIFRE agreement
Job Posting Date:
2025-10-17
Join Us !
Being part of our team, you will join:
- one of the largest global innovative companies, with more than 20,000 engineers working in Research & Development
- a multi-cultural environment that values diversity and international collaboration
- more than 100,000 colleagues in 31 countries... which make a lot of opportunity for career growth
- a business highly committed to limiting the environmental impact if its activities and ranked by Corporate Knights as the number one company in the automotive sector in terms of sustainable development
More information on Valeo: https://www.valeo.com
[Power Division] PhD Subject Proposal
Manager : Yacine Ladjici- Power Division Cybersecurity Discipline Director- Valeo Master Expert
Post-Quantum Cryptography Transition Strategies for Automotive Embedded Systems and EV Charging Infrastructures
The rapid progress of quantum computing threatens classical cryptographic schemes (notably RSA and ECC) that are currently used in vehicles, production plants, and connected infrastructures. The automotive industry faces a unique challenge: how to transition to quantum-resistant a.k.a. post-quantum cryptography (PQC) within long product lifecycles, heterogeneous embedded platforms, and complex supply chains. Some ECUs have extremely limited computational resources, while others can support advanced cryptographic algorithms; moreover, vehicles already deployed with classical cryptography must remain secure and updateable throughout service lifetimes that often exceed 15 years. This PhD will explore practical migration strategies to PQC, focusing on hybrid schemes combining classical and PQC approaches, crypto-agility mechanisms enabling smooth algorithm transitions (to switch from classical to PQC or hybrid or from a PQC algorithm to another one if later deemed insecure), onboard security functions that rely on cryptography (secure boot, secure OTA updates, secure debug, secure diagnostic authentication, secure onboard communications, etc.), lightweight implementations for constrained ECUs, physical attacks and countermeasures on PQC in automotive embedded settings.
In addition to onboard aspects, the research will address the adaptation of production line security (e.g., plant Hardware Security Modules, certificate provisioning workflows) and the interoperability of electric vehicle charging stations, which must securely communicate with both vehicles and institutional PKIs. The expected outcome is a framework for managing the secure and cost-efficient introduction of PQC into automotive embedded products and infrastructures, with clear, actionable recommendations for industry adoption.
The research will also consider the evolving landscape of worldwide standards and regulations. Automotive-specific frameworks (e.g., UNECE WP.29 [1], ISO/SAE 21434 [2]) must be reconciled with broader cryptographic guidance from national security agencies and international bodies. This includes standards and recommendations from NIST in the US [3, 3a, 3b], ANSSI and equivalent agencies in the EU [4], and relevant authorities in other regions, where different PQC strategies and timelines are emerging. A key objective is to map regulatory and standardization requirements to automotive use cases, ensuring that proposed migration paths remain globally compliant, interoperable, and future-proof.
[1] United Nations Economic Commission for Europe (UNECE), "Working Party on Automated/Autonomous and Connected Vehicles" [https://unece.org/transport/road-transport/working-party-automatedautonomous-and-connected-vehicles-introduction]
[2] International Organization for Standardization (ISO) and Society of Automotive Engineers (SAE), "ISO/SAE 21434:2021 - Road vehicles - Cybersecurity engineering" [https://www.iso.org/standard/70918.html]
[3] National Institute of Standards and Technology (NIST), "Post-Quantum Cryptography" [https://csrc.nist.gov/projects/post-quantum-cryptography]
[3a] NIST, "NIST Releases First 3 Finalized Post-Quantum Encryption Standards" [https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards]
[3b] NIST, "Recommendations for Key-Encapsulation Mechanisms" [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-227.pdf]
[4] French National Agency for the Security of Information Systems (ANSSI), "ANSSI views on the Post-Quantum Cryptography transition" [https://cyber.gouv.fr/sites/default/files/document/follow_up_position_paper_on_post_quantum_cryptography.pdf]
Job:
R&D Engineer
Organization:
GTSC BG/PG Product Cybersecurity
Schedule:
Full time
Employee Status:
Fixed Term (Fixed Term)
Job Type:
CIFRE agreement
Job Posting Date:
2025-10-17
Join Us !
Being part of our team, you will join:
- one of the largest global innovative companies, with more than 20,000 engineers working in Research & Development
- a multi-cultural environment that values diversity and international collaboration
- more than 100,000 colleagues in 31 countries... which make a lot of opportunity for career growth
- a business highly committed to limiting the environmental impact if its activities and ranked by Corporate Knights as the number one company in the automotive sector in terms of sustainable development
More information on Valeo: https://www.valeo.com
RÉSUMÉ DE L' OFFRE
CIFRE - Cybersecurity Engineer
Valeo
Créteil
il y a 8 heures
S/O
Temps plein
CIFRE - Cybersecurity Engineer
