CoaP Seminar (18/04/2023)
As part of our series La Cybersécurité sur un plateau (Cybersecurity on a Plate), we will have the following seminars:
- Pierre-Elisée Flory - Comparing Private Set Intersection Various Implementations for Fraud Detection.
- Nathanaël Denis - Integrating Usage Control into Distributed Ledger Technology for Internet of Things Privacy
The talks will take place at 10 a.m. at the IMT/TP/TSP building (room 3.A213).
Pierre-Elisée Flory - Comparing Private Set Intersection Various Implementations for Fraud Detection
Banks have to commit answering their customers' privacy concerns while complying to regulation. Sharing information on customer among a Banking consortium is an efficient way to identify fraud at an early stage but requires efficient biometrics matching algorithms to compare two id cards / biometrics template in pictures. Consortium stakeholders may also be competitors and thus need to protect their customer database. Within the Privacy Enhancing Technologies, we have assessed and compared different Secure Multi-Party Computation and in particular Private Set Intersection schemes to mitigate those risks and design a new protocol to allow privacy preserving biometrics templates matching.
Nathanaël Denis - Integrating Usage Control into Distributed Ledger Technology for Internet of Things Privacy
The Internet of Things brings new ways to collect privacy-sensitive data from billions of devices. Well-tailored distributed ledger technologies (DLTs) can provide high transaction processing capacities to IoT devices in a decentralized fashion. However, privacy aspects are often neglected or unsatisfying, with a focus mainly on performance and security. In this paper, we introduce decentralized usage control mechanisms to empower IoT devices to control the data they generate. Usage control defines obligations i.e., actions to be fulfilled to be granted access, and conditions on the system in addition to data dissemination control. The originality of this paper is to consider the usage control system as a component of distributed ledger networks, instead of an external tool. With this integration, both technologies work in synergy, benefiting their privacy, security and performance. We evaluated the performance improvements of integration using the IOTA technology, particularly suitable due to the participation of small devices in the consensus. The results of the tests on a private network show an approximate 90% decrease of the time needed for the UCS to push a transaction and make its access decision in the integrated setting, regardless of the number of nodes in the network.
This contribution is currently under review for publication in a journal.
Pantaleone Nespoli (4/04/2023)
The seminar will take place at 4 p.m. at the IMT/TP/TSP building (room 3.A213).
Pushing cybersecurity trainings to the limit: The SCORPION Cyber Range
Abstract: During this talk, we will introduce SCORPION, a fully functional and virtualized Cyber Range to train cybersecurity competencies, which can manage the authoring and automated deployment of scenarios in a simple way thanks to a modular and extensible architecture. SCORPION includes several elements to improve student motivation, such as a gamification system with medals, points, or rankings, among other elements, which is used to improve the commitment and motivation of students with cybersecurity challenges. Such a gamification system includes an adaptive learning module that is able to adapt the cyber-exercise based on the performance of the users. Moreover, SCORPION leverages a learning analytics that collects and processes telemetric and biometric user data, including heart rate through a smartwatch, which are available through a dashboard for instructors, so that they can use them to monitor the learning of their students. Then, a case study has been developed where SCORPION obtained 82.10\% in usability and 4.57 out of 5 in usefulness from the viewpoint of a student and an instructor.
Bio: Pantaleone Nespoli is a postdoctoral researcher working together with the Department of Information and Communication Engineering at the University of Murcia, Spain, and the SCN team of the SAMOVAR laboratory, at Institut Polytechnique de Paris, thanks to a Margarita Salas award. He received the PhD cum laudefrom the University of Murcia, Spain, and the M.Sc. degree cum laude in Computer Engineering from the University of Naples "Federico II", Italy. His PhD thesis received the Best PhD thesis award granted by the University of Murcia. Additionally, he led the Bot Buster team to the European and Mediterranean Regional Award (1,444 submissions) and received the Finalist Honorable Mention in the Ericsson Innovation Award 2018. His Master thesis was awarded the #2 prize for cybersecurity Master thesis from the Clusit(Associazione Italiana per la Sicurezza Informatica) in Italy. During his academic training, he completed two research internships, the first (one full year) at NEC Labs, Heidelberg, Germany, and the second (three months) at the Department of Information & Communication System Engineering, University of the Aegean, Greece. His research is mainly focused on cybersecurity and cyber defense, with a particular interest in the detection and response to intrusions and disinformation in social networks. Moreover, his actual research line is focusing on training professionals using Cyber Range platforms. Generally, he applies knowledge in infrastructure, technologies, data analytics, and machine learning to solve problems in cybersecurity and dual scenarios and train personnel against cybercrime.
Katarzyna Wasielewska (6/02/2023)
The seminar will take place at 10 a.m. in Evry, Amphi C06.
Network Dataset Quality Assessment with Permutation Testing
Abstract:ML models can only be as good as the datasets they are trained on. The problem of the lack of high-quality network datasets has been mentioned many times in papers. The quality of datasets is difficult to assess, but also to define. What does it mean that a dataset is of high quality? Generally, a dataset is said to be of high quality if it meets the requirements for its intended use. In the convention of this ambiguity, I would like to introduce the PerQoDA methodology, which evaluates the dataset in terms of the relationship between observations and labels in a classification problem. This is just one aspect of the problem of assessing the quality of datasets, but it highlights its problematic nature and complexity.
Bio: Katarzyna Wasielewska received the M.Sc. degree in computer science at the Faculty of Mathematics and Computer Science, Nicolaus Copernicus University (NCU), Torun, Poland, and the Ph.D. degree in telecommunications at the Faculty of Telecommunications, Information Technology and Electrical Engineering, UTP University of Science and Technology, Bydgoszcz, Poland. She has been awarded the Marie Sklodowska-Curie Actions Individual Fellowships (MSCA) program. She is currently a Postdoctoral Researcher at the Department of Signal Theory, Networking and Communications and researcher in the Information and Communication Technologies Research Centre (CITIC) at the University of Granada, Spain. Her research interests include cybersecurity, network security, machine learning, multivariate data analysis, and dataset quality problem. She has ten years of experience as an ISP Network Administrator.
CoaP Seminar (19/01/2023)
As part of our series La Cybersécurité sur un plateau (Cybersecurity on a Plate), we will have two seminars next January 19th, 2023. They will take place at 2 p.m. at the IMT/TP/TSP building (room 3.A213).
Romain Ferrari, Louis Cailliot, Julie Sauzedde, Pierre-Elisée Flory - NVIDIA DOCA hackathon
The NVIDIA DOCA hackathon took place on March 21, during NVIDIA 2022 GTC.
The Thales team chose to build a solution upon the DPI acceleration to enable Yara rules, which are used for inspection of files downloaded from the network to identify malware and potential threats. To implement this, Team Thales used a Yara Parser to transform public Yara rules into DPI rules in a Suricata community-based format supported by the DOCA DPI lib. This solution leveraged DOCA DPI functionality to scan the files on the fly as the packets flow through the device.
Soline Ducousso - Adversarial Reachability for Program-level Security Analysis
Many program analysis tools and techniques have been developed to assess program vulnerability. Yet, they are based on the standard concept of reachability and represent an attacker able to craft smart legitimate input, while in practice attackers can be much more powerful, using for instance micro-architectural exploits or fault injection methods. We introduce adversarial reachability , a framework allowing to reason about such advanced attackers and check whether a system is vulnerable or immune to a particular attacker. As equipping the attacker with new capacities significantly increases the state space of the program under analysis, we present a new symbolic exploration algorithm, namely adversarial symbolic execution, injecting faults in a forkless manner to prevent path explosion, together with optimizations dedicated to reduce the number of injections to consider while keeping the same attacker power. Experiments on representative benchmarks from fault injection show that our method significantly reduces the number of adversarial paths to explore, allowing to scale up to 10 faults where prior work timeout for 3 faults. In addition, we analyze the well-tested WooKey's bootloader, and demonstrate the ability of our analysis to find attacks and evaluate countermeasures in real-life security scenarios.
This is joint work with Sébastien Bardin and Marie-Laure Potet.
CoaP Seminar (21/11/2022)
As part of our series La Cybersécurité sur un plateau (Cybersecurity on a Plate), we will have the following seminars:
- Aina Toky Rasoamanana, PhD candidate at Télécom SudParis, who will present his work on state machine inference of TLS protocol implementations.
- Mohamad Mansouri, PhD (CIFRE) candidate at EURECOM / Thales, who will present his work on secure and fault-tolerant aggregation for federated learning.
The talks will take place at 2 p.m. at the IMT/TP/TSP building (room 3.A405).
Aina Toky Rasoamanana - Towards a Systematic and Automatic Use of State Machine Inference to Uncover Security Flaws and Fingerprint TLS Stacks
TLS is a well-known and thoroughly studied security protocol. In this paper, we focus on a specific class of vulnerabilities affecting TLS implementations, state machine errors. These vulnerabilities are caused by differences in interpreting the standard and correspond to deviations from the specifications, e.g. accepting invalid messages, or accepting valid messages out of sequence. We develop a systematic methodology to infer the state machines of major TLS stacks from stimuli and observations, and to study their evolution across revisions. We use the L* algorithm to compute state machines corresponding to different execution scenarios. We reproduce several known vulnerabilities (denial of service, authentication bypasses), and uncover new ones. We also show that state machine inference is efficient and practical for integration within a continuous integration pipeline, to help find new vulnerabilities or deviations introduced during development.
With our systematic black-box approach, we study over 400 different versions of server and client implementations in various scenarios (protocol version, options). Using the resulting state machines, we propose a robust algorithm to fingerprint TLS stacks. To the best of our knowledge, this is the first application of this approach on such a broad perimeter, in terms of number of TLS stacks, revisions, or execution scenarios studied.
This work has been published at ESORICS 2022.
Mohamad Mansouri - Learning from Failures: Secure and Fault-Tolerant Secure Aggregation for Federated Learning
Federated learning allows multiple parties to collaboratively train a global machine learning (ML) model without sharing their private datasets. To make sure that these local datasets are not leaked, existing works propose to rely on a secure aggregation scheme that allows parties to encrypt their model updates before sending them to the central server that aggregates the encrypted inputs.
In this work, we design and evaluate a new secure and fault-tolerant aggregation scheme for federated learning that is robust against client failures. We first develop a threshold-variant of the secure aggregation scheme proposed by Joye and Libert. Using this new building block together with a dedicated decentralized key management scheme and an input encoding solution, we design a privacy-preserving federated learning protocol that, when executed among n clients, can recover from up to n/3 failures. Our solution is secure against a malicious aggregator who can manipulate messages to learn clients' individual inputs. We show that our solution outperforms the state-of-the-art fault-tolerant secure aggregation schemes in terms of computation cost on the client. For example, with an ML model of 100K parameters, trained with 600 clients, our protocol is 5.5x faster (1.6x faster in case of 180 clients drop).
This work will appear in ACSAC’22.
Students seminar (11/10/2022)
The seminar will take place at 1.30 p.m. at the IMT/TP/TSP building (room Amphi 5). It will be followed by a cocktail at the Entrepôtes 19 (6.30 pm).
- 1.30 p.m.: Welcome Coffee
- 2 p.m.: Grégory Blanc, Christophe Kiennert, Olivier Levillain - Opening
- 2.15 p.m.: Constance Chou (Thales) - Web Application Firewall : enjeux, fonctionnement et étude
- 2.45 p.m.: Martin Spiering, Matthieu Touloucanon, Quentin Michaud (HackademINT) - 404 CTF
- 3.15 p.m.: Ministère de l'Intérieur - Analyse de flux chiffré en entreprise pour la détection d'incident de sécurité
- 3.45 p.m.: Break
- 4.30 p.m.: Amré Abouali (Cybershen) - Former RSSI & Entrepreneur
- 5 p.m.: Olivier Levillain (TSP) - Influence de la qualité des spécifications sur la sécurité logicielle
- 5.30 p.m.: Rump Session
- 6.30 p.m.: Cocktail at the Entrepôtes 19.
- Constance Chou - Développement en cycle en V et IVVQ
- Rémi Di Valentin and Yadi Huang - Offres IVVQ Cyber Thales
- Ministère de l'Intérieur - Présentation d'une offre de stage de développement d'outil de sécurité pour le traitement de fichiers
- Grégory Blanc et Olivier Levillain - Séminaire CoaP (Cybersecurity on a Plate / la cybersécurité sur un plateau)
- Florian Martin - BlueTeam vs SMB
- Romain Cherré - Filtrage et DNS : RPZ et XDP
- Mathieu Degré - Introduction aux réseaux euclidiens (lattices)
Grégoire Menguy (4/10/2022)
We welcome Grégoire Menguy, a former Telecom SudParis student, currently doing a thesis at the CEA. His intervention will take place at 2 p.m. in the IMT/TP/TSP building (room 3.A405).
Search-Based Local Blackbox Deobfuscation: Understand, Improve and Mitigate
Code obfuscation aims at protecting Intellectual Property and other secrets embedded into software from being retrieved. Recent works leverage advances in artificial intelligence (AI) with the hope of getting blackbox deobfuscators completely immune to standard (whitebox) protection mechanisms. While promising, this new field of AI-based, and more specifically search-based blackbox deobfuscation, is still in its infancy. In this work, we deepen the state of search-based blackbox deobfuscation in three key directions: understand the current state-of-the-art, improve over it and design dedicated protection mechanisms. In particular, we define a novel generic framework for search-based blackbox deobfuscation encompassing prior work and highlighting key components; we are the first to point out that the search space underlying code deobfuscation is too unstable for simulation-based methods (e.g., Monte Carlo Tree Search used in prior work) and advocate the use of robust methods such as S-metaheuristics; we propose the new optimized search-based blackbox deobfuscator Xyntia which significantly outperforms prior work in terms of success rate (especially with small time budget) while being completely immune to the most recent anti-analysis code obfuscation methods; and finally we propose two novel protections against search-based blackbox deobfuscation, allowing to counter Xyntia powerful attacks.
This work has been published at CCS 2021. [Slides]