Cybersecurity Breakfast - March 25th

We are excited to announce the next edition of Les Petits-Déjeuners de la Cybersécurité, taking place on Tuesday, March 25th, at 09:30 AM. The event will be held in the MACI Auditorium located at 339 avenue centrale, 38400 Saint-Martin-d'Hères.

This morning session will feature two presentations, each lasting approximately 20 minutes, followed by a Q&A session and informal discussions over coffee and croissants.

Program Highlights

1. PHOENIX : the first crypto-agile hardware solution for ML-KEM and HQC, by Antonio RAS (in english)
The security of public-key cryptography protecting today's and future communications is threatened by the advent of quantum computers. To address this challenge, post-quantum cryptography is being used to design new cryptographic systems that are resistant to quantum attacks. The National Institute of Standards and Technology (NIST), leading the transition to quantum-secure cryptography, has already standardized the first Key Encapsulation Mechanism (KEM) based on Euclidean lattices, known as ML-KEM, and has identified three KEMs based on error-correcting codes, including HQC, as potential candidates for future standardization.

The relative immaturity of current post-quantum cryptosystems encourages a crypto-agile approach, ensuring security through an easy transition between systems. Smart crypto-agility requires identifying and implementing efficient resource-sharing strategies, which is particularly challenging when dealing with cryptosystems from different cryptographic families. Since the last update from the HQC team, polynomial multiplication has become the primary bottleneck of the algorithm. A state-of-the-art alternative to replace this operation is the Frobenius Additive Fast Fourier Transform (FAFFT), a type of FFT applied in the binary domain.

This presentation introduces PHOENIX, the first efficient crypto-agile hardware strategy for sharing polynomial multiplication operations in ML-KEM and HQC. Specifically, the two targeted operations for mutualization are the Number Theoretic Transform (NTT) for ML-KEM and the Frobenius Additive FFT (FAFFT) for HQC. To achieve agility, PHOENIX employs a hardware design called the SuperButterfly unit, which can be configured to execute all processing elements—known as butterfly structures—contained within the selected multiplication operations. Finally, the discussion will cover the cost of agility in terms of resource utilization and the performance of the selected cryptosystems when using PHOENIX in a real FPGA-based system-on-chip scenario.

➜ Click here to access the video

2. Navigating the Android App Ecosystem: Overcoming Adversarial Methods to understand AdTech, by Ivan Baheux-Blin (in french)
This presentation explores security and privacy challenges within the Android ecosystem, where users have limited means to control the personal data shared with AdTech actors. Through an in-depth study, we detail our methodology for analyzing data exfiltration flows by applications, revealing the extent of non-essential background traffic, particularly for advertising and tracking purposes. We highlight adversarial techniques, such as certificate pinning, used to hinder these analyses. This technique, employed by popular applications, blocks traffic inspection via proxy, emphasizing the need for new approaches to ensure transparency and privacy compliance in an increasingly opaque mobile environment.

➜ Click here to access the video (in french)