Geopolitical monitoring of BGP (presented by Kavé Salamatian - University Savoie Mont-Blanc) Interdomain connections and routes taken by packets are key elements for the security of any network. These elements are managed using the Boarder Gateway Protocol (BGP). Despite an increasing number of security events related to BGP in recent years, there exist only a handful of monitoring solutions for this protocol. We present our tool - BGPGeopolitics - which allows for a real-time monitoring of BGP and the geopolitical structure of its interactions. This collection tool is then coupled with a system capable of analyzing huge graphs in order to study the dynamics of BGP and to detect large scale attacks or anomalies. This tool can also help determine the source of an attack. |
MP Hell Library (presented by Cyril Hugounenq – Univ. Grenoble Alpes) MP Hell is a library - working on x86, X86-64, ARM 32bits and STM32 architectures - which proposes cryptographic primitives such as scalar multiplication of points on an elliptic curve. These operations are implemented on standard curves - with good performance and security against SPA with respect to existing libraries (Intell PPCP, libSodium, MbedTLS, OpenSSL, libECC) - and are also opened to others curves for which fast and secure implementations are possible. Our demo illustrates a test case of the library, from the specification of a curve to the computation of scalar multiplication. |
Deobfuscation based on Semantic Equivalence (presented by Ramtine Tofighi Shirazi – Univ. Grenoble Alpes/Trusted Labs) DoSE is an IDA Pro extension allowing reverse engineers to static deobfuscate binaries. Based on the reverse engineering tool Miasm2, DoSE implements several techniques based on semantic equivalence. With DoSE, we aim to improve and complement DSE-based deobfuscation techniques by statically eliminating obfuscation transformations (built on code-reuse). Our method’s novelty comes from the transposition of existing binary diffing techniques, namely semantic equivalence checking, to the purpose of the deobfuscation of untreated techniques, such as two-way opaque constructs, that we encounter in surreptitious software. This demo uses IDA Pro to illustrate the static simplification of the control flow graph of a malware. The result will be shown as a visual identification of cloned functions, followed by the simplified graph. |
Secure RTL (presented by Athanasios Papadimitriou – Univ. Grenoble Alpes/LCIS) Secure RTL is a set of tools for the early evaluation of secure and reliable integrated circuits against localized fault attacks (Laser, EM, High energy particles). They consist of a realistic RTL fault model extractor from the RTL description - experimentally validated by performing Laser attacks on various IC technologies and designs, a fault simulator capable of performing statistical fault injection and a FPGA-based fault emulator allowing to control fault injection and to monitor fault propagation in real time. The benefits of SECURE RTL is that it allows the security evaluation early in the design flow which can lead to the design of efficient and low cost countermeasures. |
HackMyMCU - IoT Security Evaluation Platform (presented by Cyril Bresch – Univ. Grenoble Alpes/LCIS) In order to first evaluate and demonstrate security threats and then validate appropriate countermeasures, we provide a realistic open source use case emulating a medical connected pump. The application includes all the software services usually found in medical connected device. This use case comes along with the open source application, the associated hardware and a dedicated environment for hardware and software security evaluation. It allows to demonstrate how such an application can be corrupted with both hardware and software exploits. Then, thanks to the open source nature of the demonstrator, it can be used by the security community to validate countermeasures at both software and hardware levels. HackMyMCU is an easy to use security evaluation platform designed to assist software developers to evaluate their implementations against hardware attacks. Currently it is comprised by a module which can perform accurate and fast evaluations of embedded systems and FPGAs concerning Side Channel Attacks. The board includes multiple instrumentation amplifiers featuring high noise rejection capabilities to measure the power consumption of embedded devices. The acquired signal is then digitized by means of analog to digital converters and led to an FPGA to perform real-time Correlation Power Analysis (CPA) attacks. Currently, HackMyMCU platform is being extended to include the capability for performing accurate fault injection by means of clock-glitch, power-glitch and ElectroMagnetic (EM) attacks. |
Lazart: code evaluation against fault injection (presented by Romain Xu-Darme – Univ. Grenoble Alpes) We present Lazart, a tool based on symbolic execution allowing to evaluate the robustness of a source code against fault injections. This state-of-the-art tool handles multiples fault injections and is meant to be used by both developers and evaluators. It also allows to evaluate the effectiveness of countermeasures aiming at detecting such attacks. Finally, this tool is presented along the first public benchmark on fault injection - called FISCC - which was developed as part of the ANR project Astrid Sertif. |
Cyberdefense of industrial systems (presented by Stéphane Mocanu – Univ. Grenoble Alpes/LIG) We present a set of attack/defense scenarios on SCADA systems using the remote platform G-ICS. With close to a hundred of programable logic controlers, industrial HMIs and I/O modules representing the main vendors and communication protocols on the market, the G-ICS platform allows the design of complex architectures covering several industrial sectors: SCADA communication (Modbus, S7, CAN, Ethernet/IP), power grids (IEC 60870 et IEC 61850), supervision (including OPC UA et DA), building power distribution and automation (KNX/IP) as well as cybersecurity products. Studies on cybersecurity include vulnerability research, the test of attack tool and IDS calibration. This demo has been designed with the support of the ANR project ASTRID SACADE. |