Security Seminar at LORIA

Security Seminar at LORIA

If you want to receive announcements for future seminars, feel free to subscribe to the seminaire-securite@loria.fr mailing-list.
A link to an ical file is available, for your digital calendars.

Talks 2018 – 2019

Thursday September 27 2018

Clémentine Maurice (CNRS, IRISA)
Evolution of microarchitectural attacks
A008, 13:30
Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for covert or side-channel attacks. In this presentation, we will cover the evolution of microarchitectural attacks. We will first have a look at a historical recap of past attacks and how the field evolved in the last years. We will focus on two recent trends, that are practical attacks (by demonstrating robust covert channels in the cloud) and the increase of the attack surface. We will conclude with the different challenges and open questions that the field is facing.

Thursday October 11 2018

Bryan Ford (EPFL)
Coins, Clubs, and Crowds: Scaling and Decentralization in Next-Generation Blockchains and Cryptocurrencies
Amphi C, 13:30
Building secure systems from independent, mutually distrustful parties is an old topic in computer science. But despite its attendant hype and misinformation, today's “blockchain bandwagon” has successfully brought the gospel of decentralization - both a realization of its possibility and an appreciation for its value - to mainstream society. Currently-deployed blockchains, however, are slow, unscalable, weakly consistent, profligate in energy use, and have effectively re-centralized due to market pressures. We will explore ongoing challenges and progress in rethinking blockchain architecture to improve scalability, efficiency, functionality, privacy, and decentralization. We will explore how decentralized building blocks such as collective signatures and scalable distributed randomness enable architecturally modular solutions to challenges such as scalable Byzantine consensus, horizontal sharding, proof-of-stake, and blockchain-managed secrets. Finally, we explore challenges in fairness and democratization in decentralized systems, how “proof-of-personhood” blockchains could enable information forums and anonymous reputation systems resistant to propaganda campaigns, and how democratic cryptocurrencies could offer a permissionless analog of universal basic income.

Bio: Prof. Bryan Ford leads the Decentralized/Distributed Systems (DEDIS) research laboratory at the Swiss Federal Institute of Technology in Lausanne (EPFL). Ford focuses broadly on building secure decentralized systems, touching on topics including private and anonymous communication, scalable decentralized systems, blockchain technology, Internet architecture, and operating systems. Ford earned his B.S. at the University of Utah and his Ph.D. at MIT, then joined the faculty of Yale University where his work received the Jay Lepreau Best Paper Award and grants from NSF, DARPA, and ONR, including the NSF CAREER award. His continuing work receives support from EPFL, the AXA Research Fund, and numerous industry partners. He has served on numerous prestigious advisory boards including on the DARPA Information Science and Technology (ISAT) study group, the Swiss FinTech Innovations (SFTI) advisory board, and the Swiss Blockchain Taskforce.

Thursday November 15 2018

Corinna Schmitt (Universität der Bundeswehr München)
Authentication in IoT Networks
C005, 14:00
Today over 35 billion devices are connected with each other building the Internet of Things (IoT). The device diversity ranges from constrained devices (e.g., sensor, Smartwatches) over Tables and Smartphone to resource-rich devices like notebooks and servers. In parallel the stack in IoT shows also diversity and includes usage of many standards and third-party services at the same time from collection point to the application. Manifold data is collected all the time and the users have less knowledge about it, but their awareness of misuse rises.
Based on this quite complex situation, authentication in IoT networks is important. But which authentication are we speaking of here? In general two opportunities exist: (1) authentication within the deployed network (e.g., between the devices using encryption and handshakes) and (2) authentication from the user side controlling the access. In this talk the focus is placed on the second opportunity, namely user authentication. Most techniques are smartcard based, but the Web-based approach developed within SecureWSN is different: It is based on credentials and automatically handled requests without involvement of third-parties giving data owner full control of access. Thus, first features of the GDPR strengthening ownership are included in SecureWSN.

Bio: Corinna Schmitt holds a Diploma in Bioinformatics (Dipl. Informatik (Bioinformatik)) from the Eberhard-Karls University of Tübingen (Germany) and a Doctor in Computer Science (Dr. rer. nat.) from the Technische Universität München (Germany). She established an efficient data transmission protocol - called TinyIPFIX - with additional features for aggregation, compression, and secure transmission, complementing it with an user-friendly and flexible GUI (CoMaDa).
From spring 2013 to May 2018 she was employed at the University of Zurich (Switzerland) as "Head of Mobile and Trusted Communications" at the Communication Systems Group (CSG) of Prof. Dr. B. Stiller. Her focus was on constrained networks, security and privacy issues, as well as on Internet of Things related issues. After several years of visiting status at the goup of Prof. Dr. Gabi Dreo-Rodosek at the Universität der Bundeswehr München (Germany) she joint the affiliated Research Institute CODE as researcher and laboratory supervisor. Her research focuses is the same as at the CSG-Group with expands to the application area of military communication and Smart City.
Her work is documented in more than 30 publications, including 8 book chapters, the RFC 8272 on "TinyIPFIX for Smart Meters in Constrained Networks", and the ITU-T recommendation Y.3013 on "Socio-economic Assessment of Future Networks by Tussle Analysis". She contributes / contributed to several EU projects (e.g., CONCORDIA, AutHoNe, SmartenIT, FLAMINGO, symbIoTe) and different standardization organizations (IETF, ITU, ASUT) until now and continues with these activities and recruits research funds continuously. She is active in ACM and IEEE as TCP member, as well as reviewer for several journals and organizer of conferences.

Thursday December 20 2018

Tayssir Touili (LIPN (Laboratoire d'Informatique de Paris Nord))
On static malware detection
C005, 13:30
The number of malware is growing extraordinarily fast. A malware may bring serious damage. Thus, it is crucial to have efficient up-to-date virus detectors. A robust malware detection technique needs to check the behavior (not the syntax) of the program without executing it. We show in this talk how using behavior signatures allow to efficiently detect malwares in a completely static way. We applied our techniques to detect several malwares. Our tool was able to detect more than 800 malwares. Several of these malwares could not be detected by well-known anti-viruses such as Avira, Avast, Norton, Kaspersky and McAfee

Thursday February 28 2019

Aurore Guillevic (INRIA - LORIA)
Discrete logarithm computation in finite fields GF(p^k) with NFS variants and consequences in pairing-based cryptography
A008, 13:30
Pairings on elliptic curves are involved in signatures, NIZK, and recently in blockchains (ZK-SNARKS). These pairings take as input two points on an elliptic curve E over a finite field, and output a value in an extension of that finite field. Usually for efficiency reasons, this extension degree is a power of 2 and 3 (such as 12,18,24), and moreover the characteristic of the finite field has a special form. The security relies on the hardness of computing discrete logarithms in the group of points of the curve and in the finite field extension.
In 2013-2016, new variants of the function field sieve and the number field sieve algorithms turned out to be faster in certain finite fields related to pairing-based cryptography. Now small characteristic settings (with GF(2^(4*n)), GF(3^(6*m))) are discarded, and the situation of GF(p^k) where p is prime and k is small (in practice from 2 to 54) is unclear. The asymptotic complexity of the Number Field Sieve algorithm in finite fields GF(p^k) (where p is prime) and its Special and Tower variants is given by an asymptotic formula of the form A^(c+o(1)) where A depends on the finite field size (log p^k), o(1) is unknown, and c is a constant between 1.526 and 2.201 that depends on p, k, and the choice of parameters in the algorithm.
In this work we improve the approaches of Menezes-Sarkar-Singh and Barbulescu-Duquesne to estimate the cost of a hypothetical implementation of the Special-Tower-NFS in GF(p^k) for small k (k ≤ 24), and update some parameter sizes for pairing-based cryptography.
This is a joint work with Shashank Singh, IISER Bhopal, India.

Thursday April 4 2019

Gilles Barthe (MPI (Bochum) and IMDEA (Madrid))
TBA
A008, 13:30
TBA
© 2013 - 2018 Pierrick Gaudry, Marion Videau and Emmanuel Thomé ; XHTML 1.0 valide, CSS valide