Security Seminar at LORIA

Security Seminar at LORIA

If you want to receive annoucements for future seminars, feel free to subscribe to the mailing-list.
A link to an ical file is available, for your digital calendars.

Talks 2017 – 2018

Friday September 15 2017

David Basin (ETH Zurich)
Verified Secure Routing: The Verified Scion Project
Amphi C, 13:30
This talk is part of LORIA's colloquium series.

October 23-25 2017

Véronique Cortier — Krishna Gummadi — Florian Kerschbaum
FPS 2017 Keynote Talks
Amphi C, 09:00
The 10th International Symposium on Foundations & Practice of Security (FPS 2017) will be held at LORIA. The keynote talks are:
  • Monday October 23, 9:30am: Véronique Cortier (CNRS, Loria)
    Electronic voting: how logic can help.
  • Tuesday October 24, 9:30am: Krishna Gummadi (MPI Saarbrücken)
    Privacy and Fairness Concerns with PII-based Targeted Advertising on Social Media.
  • Wednesday October 25, 9:30am: Florian Kerschbaum (University of Waterloo, Canada)
    Building Secure Applications Using Intel’s SGX.
The abstracts are available at the FPS 2017 website.

Tuesday November 21 2017

Jean-Louis Lanet (Inria Rennes)
How Secure Containers in a Secure Element are Secure?
A008, 13:30
Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the Non Volatile Memory (NVM) area but also the algorithms executed. Thus, the condentiality of binary code embedded in that device in the Read Only Memory (ROM) must be protected. In some of the secure elements, a part of the instruction set is unknown and dynamically translated during the loading phase. We present a new approach for reversing a binary program when the Instruction Set Architecture (ISA) is partially unknown. Then, we discover many of the native functions that bypass several security checks accessing directly the resources leading to retrieve in plain text the assets. We demonstrate the ability to use them at the Java level to retrieve sensitive assets whatever the protections are like the firewall. Then, we suggest several possibilities to mitigate these attacks.

Tuesday December 5 2017

Deepak Garg (MPI Saarbrücken)
Qapla: Policy compliance for database-backed systems
A008, 13:30
Many database-backed systems store confidential data that is accessed on behalf of users with different privileges. Policies governing access are often fine-grained, being specific to users, time, accessed columns and rows, values in the database (e.g., user roles), and operators used in queries (e.g., aggregators, group by, and join). Today, applications are often relied upon to issue policy compliant queries or filter the results of non-compliant queries, which is vulnerable to application errors. Qapla provides an alternate approach to policy enforcement that neither depends on application correctness, nor on specialized database support. In Qapla, policies are specific to rows and columns and may additionally refer to the querier's identity and time. They are specified in SQL, and stored in the database itself. The talk will cover the design of Qapla, a prototype implementation and its application to the HotCRP conference management system.

Monday February 19 2018

Peter Schwabe (Radboud University, Nijmegen)
The transition to post-quantum cryptography
A008, 13:30
In 1994, Shor presented an algorithm that is able to efficiently break all cryptographic key-agreement protocols, public-key encryption, and digital signatures that are in wide use today. The catch with this algorithm is that it requires a large universal quantum computer to run and up until today, no such computer exists. However, massive amounts of money are being invested into building such a computer, and is seems quite plausible that these efforts will succeed within the next 2 or 3 decades.
This "quantum threat" for today's cryptography means that we will have to transition cryptography to so-called post-quantum cryptography, i.e., primitives that resist attacks also by large quantum computers. This need has been recognized also by the US National Institute for Standards and Technologies (NIST), who started a multi-year program to identify suitable candidate algorithms and eventually standardize those. In the first part of my talk I will give a bit of an overview of the space of proposals in this project.
In the second part of the talk I will raise the question whether transitioning to post-quantum cryptography should be using post-quantum primitives as drop-in replacements for the primitives that are currently in use. I will give several examples that show why this is at best sub-optimal and that we should start re-thinking cryptographic protocols and systems today, to achieve much better performance and security for post-quantum crypto.

Friday March 23 2018

Valérie Viet Triem Tong — Olivier Pereira — Cas Cremers
Series of 3 talks by the jury of the PhD defense of Alicia Filipiak
A008, 14:00
  • Valérie Viet Triem Tong (Centrale Supélec, Rennes). 14h00 – 14h45
    Android Malware Analysis
    During this seminar we will present how to combine static and dynamic analysis to automatically execute suspicious code contained by Android applications. More precisely, with a first static analysis we locate suspicious pieces of code and compute all the executions paths that start from an entry point and reach these suspicious pieces code. In a second part we drive the execution of the application on one of these executions paths in order to observe the effect of the malware on the operating system.
  • Olivier Pereira (Université Catholique de Louvain). 14h45 – 15h30
    STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System
    STAR-Vote is a voting system that results from a collaboration between a number of academics and Travis County's elections office in Texas. STAR-Vote represents a rare opportunity for a variety of sophisticated technologies, such as end-to-end cryptography and risk limiting audits, to be designed and combined into a new voting system, designed from scratch, with a variety of real-world constraints, such as election-day vote centers that must support thousands of ballot styles and run all day in the event of a power failure. We present and motivate the design of the STAR-Vote system, and the benefits that we expect from it.
    This is based on joint work with Josh Benaloh, Mike Byrne, Philip Kortum, Neal McBurnett, Ron Rivest, Philip Stark, Dan Wallach and the Office of the Travis County Clerk
  • Cas Cremers (University of Oxford). 15h30 – 16h15
    On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees
    In the past few years secure messaging has become mainstream, with over a billion active users of end-to-end encryption protocols through apps such as WhatsApp, Signal, Facebook Messenger, Google Allo, Wire and many more. While these users' two-party communications now enjoy very strong security guarantees, it turns out that many of these apps provide, without notifying the users, a weaker property for group messaging: an adversary who compromises a single group member can intercept communications indefinitely.
    One reason for this discrepancy in security guarantees is that most existing group messaging protocols are fundamentally synchronous, and thus cannot be used in the asynchronous world of mobile communications. In this paper we show that this is not necessary, presenting a design for a tree-based group key exchange protocol in which no two parties ever need to be online at the same time, which we call Asynchronous Ratcheting Tree (ART). ART achieves strong security guarantees, in particular including post-compromise security.
    We give a computational security proof for ART's core design as well as a proof-of-concept implementation, showing that ART scales efficiently even to large groups. Our results show that strong security guarantees for group messaging are achievable even in the modern, asynchronous setting, without resorting to using inefficient point-to-point communications for large groups. By building on standard and well-studied constructions, our hope is that many existing solutions can be applied while still respecting the practical constraints of mobile devices.
    ART is currently being used as the starting point for Messaging Layer Security (MLS), a proposed new IETF standard for secure messaging.
    Based on joint work with Katriel Cohn-Gordon, Luke Garratt, Keving Milner (University of Oxford) and Jon Millican (Facebook), and many others by now.

Tuesday June 12 2018

Daniel Augot (Inria Saclay)
A008, 13:30

Tuesday June 26 2018

Pierre Parrend (ECAM Strasbourg-Europe)
B013, 13:00
© 2013 - 2017 Pierrick Gaudry, Marion Videau and Emmanuel Thomé ; XHTML 1.0 valide, CSS valide