Security Seminar at LORIA
Join seminar with the Master of Computer Security of the Lorraine University

Security Seminar at LORIA

If you want to receive annoucements for future seminars, feel free to subscribe to the seminaire-securite@loria.fr mailing-list.
A link to an ical file is available, for your digital calendars.

Talks 2016 – 2017

Tuesday November 15 2016

Viktor Fischer (Université Jean Monnet (Saint-Etienne))
New directions in random number generation for cryptography
Amphi C, 13:30
The main objective of the talk is to show recent advances in random number generator (RNG) design and evaluation. Starting with the analysis of the contemporary RNG design, we will further present RNG design strategies adopted in the Hubert Curien laboratory. Finally, we will critically compare strategies of RNG evaluation and testing in Europe and United States.

Tuesday December 6 2016

Marine Minier (LORIA)
Some results on security in Wireless Sensor Networks (WSNs)
B11-B13, 13:30
After a short introduction on security issues in WSNs, we will present two research results. The first one, published in 2008, is a distributed solution based on neighbor links consistency to detect wormhole attacks in a WSN.
The second one is a dedicated library of lightweight block ciphers targeting a 16-bit micro controller (the popular MSP430 which is present in many washing-machines or refrigerators). We will present several performance results for those block ciphers.

Tuesday January 24 2017

Marie-Laure Potet (Verimag)
Sécurité des applications : quels outils ? quelles techniques ?
Amphi C, 13:30

Tuesday February 7 2017

Aurélien Francillon (Eurecom)
A systemization of fraud in telephony networks, illustrated by a study of Over-The-Top Bypass
B11-B13, 13:30
Telephone networks form the oldest large scale network that has grown to touch over 7 billion people. Telephony is now merging many complex technologies and because numerous services enabled by these technologies can be monetized, telephony attracts a lot of fraud. This talk aims to systematically explore the fraud in telephony networks, by differentiating between the root causes, the vulnerabilities, the exploitation techniques, the fraud types and finally the way fraud benefits to the fraudsters. As a concrete example, we will present the Over-The-Top (OTT) bypass fraud, where the regular international phone calls (originated from PSTN or cellular networks) are hijacked and terminated over a smartphone application, instead of being terminated over the normal telecom infrastructure. We will evaluate the possible techniques to detect and measure this fraud and analyze its real impact on a small European country through a case study.

Bio: Aurélien is an assistant professor in the System and Software Security group of the Digital Security department at EURECOM. He is mainly interested in systems security and, in particular, security of embedded systems and telephony networks. The work presented here is in cooperation with Merve Sahin, a PhD student at EURECOM.

Thursday March 23 2017

Nicolas Anciaux (Inria Saclay)
A new Approach for the Secure Personal Cloud
B11-B13, 13:30
In the current Web model, individuals delegate the management of their data to online applications, each storing and exploiting the data into their own Web data silo. No concrete guarantee is offered to the individual regarding the usage and dissemination of their personal information, which often lack of transparency and depend on the underlying business models. An economical and political consensus emerges today to reestablish the control of the individuals on their data and improve trust. The current centralized approach seems by essence incapable of closing the gap. The PETRUS team addresses this issue through the paradigm of the ``Personal Cloud'', where individuals manage their digital life on a personal platform under control. Our research investigates secure architectures for the personal cloud, new adminstration and data sharing models, secure data management techniques based on secure hardware and societal questions around data privacy from a multi-disciplinary angle.

Bio: Nicolas Anciaux is a researcher at INRIA, head of the PETRUS project which focuses on the PErsonal and TRUSted cloud. Nicolas research interests lie in the area of data management on specific hardware architecture, and more precisely on secure chips and embedded systems. He proposes architectures using secure hardware and data structures and algorithms to manage personal data with strong privacy guarantees using tamper resistant hradware. He is a co-designer of PlugDB, a secure and personal database device. He also studies the link between individuals' empowerment and privacy in the context of multi-disciplinary research activities, bringing together economists, jurists and computer scientists.

Tuesday April 11 2017

Axel Legay (Inria Rennes)
Modelling Attack-Defense Trees using Timed Automata
B11-B13, 13:30
Performing a thorough security risk assessment of an organisation has always been challenging, but with the increased reliance on outsourced and off-site third-party services, i.e., ``cloud services'', combined with internal (legacy) IT-infrastructure and -services, it has become a very difficult and time-consuming task. One of the traditional tools available to ease the burden of performing a security risk assessment and structure security analyses in general is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this talk we study an extension of traditional attack trees, called attack-defense trees, in which not only the attacker's actions are modelled, but also the defensive actions taken by the attacked party. In this work we use the attack-defense tree as a goal an attacker wants to achieve, and separate the behaviour of the attacker and defender from the attack-defense-tree. We give a fully stochastic timed semantics for the behaviour of the attacker by introducing attacker profiles that choose actions probabilistically and execute these according to a probability density. Lastly, the stochastic semantics provides success probabilitites for individual actions. Furthermore, we show how to introduce costs of attacker actions. Finally, we show how to automatically encode it all with a network of timed automata, an encoding that enables us to apply state-of-the-art model checking tools and techniques to perform fully automated quantitative and qualitative analyses of the modelled system.

Tuesday April 25 2017

N. Asokan (Aalto University and University of Helsinki)
Securing cloud-assisted services
Amphi C, 10:30
All kinds of previously local services are being moved to a cloud setting. While this is justified by the scalability and efficiency benefits of cloud-based services, it also raises new security and privacy challenges. Solving them by naive application of standard security/privacy techniques can conflict with other functional requirements. In this talk, I will outline some cloud-assisted services and the apparent conflicts that arise while trying to secure these services. Taking the case of cloud-assisted malware scanning as an example scenario, I will discuss the privacy concerns that arise and how we can address them effectively.

Bio: N. Asokan is a professor at Aalto University and the University of Helsinki. Prior to joining academia, he spent over 15 years in industrial research with Nokia and IBM. His research interests center on understanding how to build systems that are simultaneously secure, easy to use and inexpensive to deploy. Asokan directs the Helsinki-Aalto Center for Information Security and is the lead academic PI for Intel Collaborative Research Institute for Secure Computing in Finland. He is an IEEE Fellow and an ACM Distinguished Scientist. He received education at the University of Waterloo, Syracuse University and IIT Kharagpur. More information on Asokan's work is available at his website.

Thursday June 8 2017

Deepak Garg (MPI Saarbrücken)
TBA
B11-B13, 13:30
© 2013 - 2016 Pierrick Gaudry, Marion Videau and Emmanuel Thomé ; XHTML 1.0 valide, CSS valide