[EVENT] FIC '19 - International Cybersecurity Forum - Security & Privacy by Design

from January 22, 2019 to January 23, 2019

FIC'19 Announcement & Strategy Challenge results

Direct access

Announcement of FIC '19


During this event, we will be presenting some of our work on the field of deobfuscation, efficient algorithm implementations, fault-injection, intrusion detection and cyber-warfare.
Geopolitical monitoring of BGP (presented by Kavé Salamatian - University Savoie Mont-Blanc)
Interdomain connections and routes taken by packets are key elements for the security of any network. These elements are managed using the Boarder Gateway Protocol (BGP). Despite an increasing number of security events related to BGP in recent years, there exist only a handful of monitoring solutions for this protocol. We present our tool - BGPGeopolitics - which allows for a real-time monitoring of BGP and the geopolitical structure of its interactions. This collection tool is then coupled with a system capable of analyzing huge graphs in order to study the dynamics of BGP and to detect large scale attacks or anomalies. This tool can also help determine the source of an attack.
MP Hell Library (presented by Cyril Hugounenq – Univ. Grenoble Alpes)
MP Hell is a library - working on x86, X86-64, ARM 32bits and STM32 architectures - which proposes cryptographic primitives such as scalar multiplication of points on an elliptic curve. These operations are implemented on standard curves - with good performance and security against SPA with respect to existing libraries (Intell PPCP, libSodium, MbedTLS, OpenSSL, libECC) - and are also opened to others curves for which fast and secure implementations are possible. Our demo illustrates a test case of the library, from the specification of a curve to the computation of scalar multiplication.
Deobfuscation based on Semantic Equivalence (presented by Ramtine Tofighi Shirazi – Univ. Grenoble Alpes/Trusted Labs)
DoSE is an IDA Pro extension allowing reverse engineers to static deobfuscate binaries. Based on the reverse engineering tool Miasm2, DoSE implements several techniques based on semantic equivalence. With DoSE, we aim to improve and complement DSE-based deobfuscation techniques by statically eliminating obfuscation transformations (built on code-reuse). Our method’s novelty comes from the transposition of existing binary diffing techniques, namely semantic equivalence checking, to the purpose of the deobfuscation of untreated techniques, such as two-way opaque constructs, that we encounter in surreptitious software. This demo uses IDA Pro to illustrate the static simplification of the control flow graph of a malware. The result will be shown as a visual identification of cloned functions, followed by the simplified graph.
Secure RTL (presented by Athanasios Papadimitriou – Univ. Grenoble Alpes/LCIS)
Secure RTL is a set of tools for the early evaluation of secure and reliable integrated circuits against localized fault attacks (Laser, EM, High energy particles). They consist of a realistic RTL fault model extractor from the RTL description - experimentally validated by performing Laser attacks on various IC technologies and designs, a fault simulator capable of performing statistical fault injection and a FPGA-based fault emulator allowing to control fault injection and to monitor fault propagation in real time. The benefits of SECURE RTL is that it allows the security evaluation early in the design flow which can lead to the design of efficient and low cost countermeasures.
HackMyMCU - IoT Security Evaluation Platform (presented by Cyril Bresch – Univ. Grenoble Alpes/LCIS)
In order to first evaluate and demonstrate security threats and then validate appropriate countermeasures, we provide a realistic open source use case emulating a medical connected pump. The application includes all the software services usually found in medical connected device. This use case comes along with the open source application, the associated hardware and a dedicated environment for hardware and software security evaluation. It allows to demonstrate how such an application can be corrupted with both hardware and software exploits. Then, thanks to the open source nature of the demonstrator, it can be used by the security community to validate countermeasures at both software and hardware levels. HackMyMCU is an easy to use security evaluation platform designed to assist software developers to evaluate their implementations against hardware attacks. Currently it is comprised by a module which can perform accurate and fast evaluations of embedded systems and FPGAs concerning Side Channel Attacks. The board includes multiple instrumentation amplifiers featuring high noise rejection capabilities to measure the power consumption of embedded devices. The acquired signal is then digitized by means of analog to digital converters and led to an FPGA to perform real-time Correlation Power Analysis (CPA) attacks. Currently, HackMyMCU platform is being extended to include the capability for performing accurate fault injection by means of clock-glitch, power-glitch and ElectroMagnetic (EM) attacks.
Lazart: code evaluation against fault injection (presented by Romain Xu-Darme – Univ. Grenoble Alpes)
We present Lazart, a tool based on symbolic execution allowing to evaluate the robustness of a source code against fault injections. This state-of-the-art tool handles multiples fault injections and is meant to be used by both developers and evaluators. It also allows to evaluate the effectiveness of countermeasures aiming at detecting such attacks. Finally, this tool is presented along the first public benchmark on fault injection - called FISCC - which was developed as part of the ANR project Astrid Sertif.
Cyberdefense of industrial systems (presented by Stéphane Mocanu – Univ. Grenoble Alpes/LIG)
We present a set of attack/defense scenarios on SCADA systems using the remote platform G-ICS. With close to a hundred of programable logic controlers, industrial HMIs and I/O modules representing the main vendors and communication protocols on the market, the G-ICS platform allows the design of complex architectures covering several industrial sectors: SCADA communication (Modbus, S7, CAN, Ethernet/IP), power grids (IEC 60870 et IEC 61850), supervision (including OPC UA et DA), building power distribution and automation (KNX/IP) as well as cybersecurity products. Studies on cybersecurity include vulnerability research, the test of attack tool and IDS calibration. This demo has been designed with the support of the ANR project ASTRID SACADE.

Demo schedule

Tuesday January 22nd 2019
  • 10:00am – MPHell
  • 11:00am – DoSE
  • 02:00pm – Secure-RTL
  • 02:30pm – HackMyMCU
  • 03:00pm – Secure Pump
  • 03:30pm – BGPGeopolitics
  • 04:00pm – Lazart
  • 05:00pm – G-ICS
Wednesday January 23rd 2019
  • 09:00am – G-ICS
  • 11:30am – Secure Pump
  • 02:00pm – MPHell
  • 03:00pm – DoSE
  • 03:30pm – BGPGeopolitics
  • 04:00pm – Secure-RTL
  • 04:30pm – HackMyMCU
  • 05:00pm – Lazart
Note: Individual demo sessions can be scheduled depending on speaker availability.

Follow-Up Meeting of the Paris Call for Trust and Security in Cyberspace

Karine Bannelier will participate to a closed-door and high-level exchange on the follow-up of the Paris Call for Trust and Security in Cyberspace which is organized by the French Ministry for Europe and Foreign Affairs. This meeting will take place on Wednesday January 23rd and will be chaired by M. Henri Verdier, French Ambassador for Digital Affairs.

Panel on Cloud Act, E-Evidence and Cross Border Access to Data

On January 22nd 2019, Theodore Christakis will organize and chair a panel called "Cloud Act, E-Evidence and Cross Border Access to Data"
The European Commission estimates that more than half of all criminal investigations today involve a cross-border request to access electronic evidence. The globalization of criminal evidence is creating significant challenges for law enforcement. Countries around the world are responding with new laws and legal proposals, which often raise important questions in relation with privacy, human rights, national security and the relations between States. Prominent among them, the Cloud Act, adopted by the US Congress in March 2018, authorizes US law enforcement authorities to obtain from Internet and Cloud providers electronic evidence regardless of the location of data. The EU Commission also presented in April 2018 an important legislative package called “E-Evidence” as a European version of the “Cloud Act”. Which are the legal and policy issues created by these two instruments, and what are the prospects for the conclusion of bilateral data sharing agreements, including between the USA and the EU ?

Forensic Challenge

We wish the best of luck for the students of the Master CSI participating in the CDAISI and/or the EPITA Forensic Challenges.
Team name Team composition
Chrisentin Chris Allard, Corentin Aulagnier
CSI-1 Margaux Celle, Alexandre Vérine
Daniela's Team Daniela Pizzuti, Denis Lamoureux
7R13ND5 David Bozon, Franck Muraton
Pain-gouin Baptiste Gouin, Georges Schwing

Strategy Challenge

We wish the best of luck for the interdisciplinary team (Master CSI/Master SID) participating in the Strategy Challenge.
Team name Team composition
CyberAvengers Corentin Aulagnier, Denis Lamoureux, Amelle Moussa-Esper, Faustine Saugnier, Romain Xu-Darme (coach)

Feedback on FIC '19

On January 22-23 2019, in addition to its traditional technical challenges, the International Cybersecurity Forum (FIC) hosted the first edition of the Strategy Challenge focusing on an evolving international (and fictional) cybersecurity crisis taking place during the 2024 Summer Olympics in Paris.

Starting with rumors of a botnet taking root in the IoT devices of the brand new olympic village and with several unexplained power brownouts in the area surrounding the village (Qualifying round), the situation quickly escalated to a full scale power crisis at national level coupled with civil unrest, a heatwave, misinformation on social medias and evidence pointing to Hezbollah and Iran (Semi-Finals). Finally, the botnet and its effects spread to other european countries, increasing the death toll (Finals).

Teams of four students were asked to brief and advise high officials at each stage of the crisis during a 10min oral session in english and provide the jury with a written brief describing their main recommendations. Congratulations to Corentin Aulagnier (Master CSI), Cédric Joie (Master SID), Denis Lamoureux (Master CSI), Amelle Moussa-Esper (Master SID) and Faustine Saunier (Master SID) of the Cyber Avengers team for making it to the semi-finals and for embodying the interdisciplinary values of the Cybersecurity Institute.

Published on August 5, 2020