On Friday 26 November, a Cybersecurity day was organised as part of the LIRMM’s transverse security action. This day took place in the St Priest amphitheatre.
PROGRAM :
9:30 – 10:00: Coffee reception
10:00 – 10:15 : Introduction
10:15 – 11:15 : Damien Stehlé (ENS Lyon, LIP) – Post-quantum cryptography and algebraic Euclidean networks
A sufficiently powerful quantum computer would be able to break a very large proportion of the cryptographic protocols deployed today to guarantee the confidentiality and authenticity of data. Post-quantum cryptography seeks alternative cryptographic constructions that remain secure against potentially quantum attackers, while requiring only classical resources from honest users. In this talk, I will start with an overview of the field, with a focus on the standardisation process by NIST. In the second part, I will present in more detail the cryptography based on so-called algebraic networks, which is currently the most mature branch of post-quantum cryptography.
11:15 – 12:15 : Brice Colombier (Grenoble INP, TIMA) – Physical attack on the cryptosystem based on Classic McEliece error-correcting codes
The Classic McEliece cryptosystem is one of the four candidates selected in the third round of the NIST standardisation process for post-quantum cryptographic algorithms, in the Key Encapsulation Mechanism category. As the only proposal based on code theory, it derives its security from the difficulty of solving the syndrome decoding problem. In this presentation, we draw a parallel between a modified version of this problem and a classical optimisation problem, allowing to solve the problem in a very efficient way. We then show how to fit into this framework by corrupting the instructions executed by the processor through laser fault injection. We then discuss the feasibility of this attack.
=> Lunch break
14:00 – 15:00 : Salah Sadou (Universite de Bretagne Sud, IRISA) – Systems of Systems: an Emerging Technology with Emerging Security Issues
Using existing systems to build a new system is very usual in certain domains. Such a system is called System of Systems (SoS). In system engineering domain, SoS is a concept that exists for a while and the existing systems (subsystems) are mainly physical systems. Combining software systems with physical ones makes it possible to cover a much wider domains of applications than those covered by system engineering alone or software engineering alone. However, this emerging technology comes with its share of security issues. For example, the aim by combining subsystems is to have emerging behaviors available at the SoS. However, by definition this type of behavior can not be provided by any single subsystem. So, even though the subsystems are all safe we have no guarantee regarding the level of security of the emerging behaviors they produce.
The purpose of this presentation is to highlight some security problems caused by SoS and point out some interesting research directions to solve them.
=> Coffee break
15:15 – 16:15 : Pauline Puteaux (CNRS, CRISTAL) – Processing and protection of multimedia data in the encrypted domain
In recent years, France – characterised by a highly connected population – has successfully completed its digital transition. At the same time, the digital world has become a space of confrontation characterised by an increase in unfair competition, espionage, disinformation, terrorism and cyber-crime. Thus, in view of the increasing capabilities of attackers and the proliferation of attack scenarios, digital security has become a major national security issue. Multimedia data is especially vulnerable to various threats due to its abundance on the networks. According to CISCO, it accounts for more than 80% of the total volume of data in transit, particularly on social networks and cloud computing platforms. In this context, methods for protecting multimedia content have been developed. In particular, encryption is used to ensure the visual privacy of the original data and to prevent an unauthorised person from viewing the content (automatic recognition and identification, tracking, tracing, etc.). In this presentation, we will focus on the processing and protection of multimedia data in the encrypted domain, motivated by five technical challenges: 1) ensuring privacy protection, 2) preserving the original format of the data, 3) making it possible to visualise the encrypted data, 4) preserving the size of the unencrypted data, 5) ensuring the reversibility of the operations performed.
