[EVENT] FIC 2020 - International Cybersecurity Forum

Keynote

Do you trust your TLS certificate? (Professor Philippe Elbaz-Vincent - Institut Fourier) - Wednesday, January 29, 2020 10:30 AM - 11:30 AM - Poster area

ABSTRACT - Over the last 20 years, there has been a flurry of vulnerabilities of all types on protocols such as SSL/TLS, SSH, OpenPGP or on certificates meant to protect critical infrastructures. Since 2010 and the advent of the SSL Observatory of the EFF (Electronic Frontier Foundation), systematic analyses have been conducted by research teams around the world on the public cryptographic data of these certificates, most often coming from network components such as routers, firewalls, various connected objects (including video surveillance cameras), and have revealed multiple vulnerabilities that generally lead to the recovery of private keys and, as such, completely compromise the security infrastructure. Similar studies have been conducted on certificates coming from physical components (eg. based on smart cards) with similar results.
These vulnerabilities are often caused by algorithmic errors in the generation of cryptographic parameters or problems related to the random seed used when generating the certificate. Studies on TLS certificates and other cryptographic data are regularly updated and despite numerous notifications to manufacturers and competent authorities (eg. CERT), these vulnerabilities are still massively present, easily exploitable with a minimum of mathematical knowledge and reasonable computational resources, and thus represent a goldmine for cybercriminals!
We will present a state of the art survey by 2020 of these vulnerabilities, which will be illustrated by recent studies of our team over several million different network components, and discuss their practical consequences for infrastructures. We will also present the latest feedback from manufacturers and provide a 10-year review of these analyses and what they illustrate in terms of "bad" cryptographic practices.

The geopolitics behind the routes data travels (Kave Salamatian - Université Savoie Mont-Blanc) - Wednesday, January 29, 2020 4:00 PM - 5:00 PM - Poster area

This presentation examines the geopolitical underpinnings of data routing through some case studies. The Internet is a network of networks where each network is an Autonomous System (ASes). ASes are independent administrative entities controlled by a variety of actors such as governments, companies, universities. Their administrators have to agree on the path followed by packets to travel across the Internet, which is done by the intermediary of the Border Gateway Protocol (BGP). Therefore, BGP requires neighboring ASes to interact in order to coordinate routing, through connectivity update messages announcing the availability (or withdrawal) of a sequence of ASes that can be followed to reach an IP address prefix. BGP hence defines the shape and the topology of the Internet. An AS announces a path through its network that can be taken to reach a destination only if there is a contractual obligation or a benefit for doing so. BGP provides, therefore, a novel setting to observe economic, regulatory and geopolitical tensions which would usually be concealed, but have to surface to enforce concretely political and economic constraints. In this presentation, we will show how the specifics of different BGP structures and connectivity structure enables active measures (such as censorship), both internally and externally, on the network. Through different examples, we will illustrate how routing can reveal hidden economic, political and power relationships between different actors. Combining the dynamic nature of AS graphs and geopolitical analysis, we provide a panoramic view of international's current-day interconnectivity.

Medias

Research in cybersecurity (Philippe Elbaz-Vincent - IF) - Interview for Acteurs Publics TV

Director Philippe Elbaz-Vincent will answer a few questions for Acteurs Publics TV regarding research in cybersecurity on January 29 afternoon. 

Internet-wide Measurements for Cybersecurity: The Case of DNS Zone Poisoning (Maciej Korczynski - LIG) - Article in the FIC Newsletter

ABSTRACT - Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behavior. Therefore, there is a great need for comprehensive Internet-wide measurements for cybersecurity. Critical facts about the Internet security, such as “Which domain registries are abused by the cybercriminals the most?” or "Which Internet Service Providers do not deploy source IP address filtering, facilitating massive DDoS attacks?" remain poorly quantified.
In this paper, we will discuss a number of examples of measurement studies of the domain name space. In particular, we will explore an attack against configuration files of poorly maintained name servers allowing, for example, domain hijacking. We refer to this type of attack as to "zone poisoning". The attack is as simple as sending a single RFC compliant DNS dynamic update packet to a misconfigured server. In the simplest version of an attack, a miscreant could replace an existing A or MX DNS resource record in a zone file of a server and point the domain name to an IP address under control of an attacker. We will present the global measurement study of the vulnerability. To assess the potential impact of non-secure dynamic updates, we scanned 290 million domains worldwide and found that among the vulnerable domains are governments, banks and health care providers, demonstrating that the threat impacts important services.
We have also issued notifications for website owners, DNS service providers, and network operators, suffering from non-secure DNS dynamic updates to assess which mechanisms are more effective at remediating the vulnerability. After the introduction of the General Data Protection Regulation (GDPR) some registration information is, however, no longer displayed in the public WHOIS data. Therefore, we also assessed the effectiveness of alternative communication channels and issued notifications to national CERTs.
Via our study of the zone poisoning attack and subsequent notifications to affected parties and respective intermediaries, we aimed to improve the security of the global DNS ecosystem and test alternative methods to contact affected parties after the introduction of the GDPR regulation.

Demos

Attacking the UWB localization system using forged acknowledge responses (presented by Baptiste Pestourie - LCIS)