Detailed Program
This is a tentative preliminary schedule subject to change without notice.
Details about the talks are available by clicking the talk titles.
Wednesday, November 20, 2024
13:30 - 13:40Introduction by the General Chair
Gurvan Le Guernic (Program Comity Chair, DGA, France)
13:40 - 14:30Implants, Bootkits, and Boot Protection
Sébastien Brillet (Cybersecurity Expert, DGA, France)
14:30 - 15:00Analysis of access control mechanisms for a dynamic and decentralized approach of data-centric security (DCS)
Etienne Lemonnier (Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR),
Jamal El Hachem (Université Bretagne Sud, IRISA, FR),
Lionel Touseau (Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR),
Jérémy Buisson (Ecole de l'air et de l'espace, CRéA, FR),
Nicolas Belloir (Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR),
Jean-François Wiorek (Thales Group, FR)
15:00 - 15:30Break
15:30 - 16:00Decentralization of Identities in the Blockchain
Ahmed Abid (Université de rennes, FR),
Pierre Alain (Irisa, FR)
16:00 - 17:00EUCLEAK: Side-Channel Analysis of Infineon Secure Elements, Application to the Yubikey 5 Series
Thomas Roche (Co-founder & Security Expert, NinjaLab, France)
Elisa Chiapponi (Security Researcher, Amadeus, France)
Thursday, November 21, 2024
09:00 - 10:00To Be Announced
Olivier Mémin (ANSSI, FR)
10:30 - 11:00Break
11:00 - 12:00The CHERI Alliance
Mike Eftimakis (Founding Director, CHERI Alliance, France)
12:00 - 13:30Lunch
13:30 - 14:30Preparing and Conducting a Major Sporting Event from a Cyber Standpoint: ANSSI and the Paris 2024 Olympics
Bertrand Le Gorgeu (Olympic Games Program Manager, French Cybersecurity Agency (ANSSI), France)
Jean-Philippe Riant (DATASK - Pôle d'excellence cyber Rennes, FR),
Ugo Peyre (DATASK - Pôle d'excellence cyber Rennes, FR)
15:00 - 15:30Break
Coline Chavane (Cyber Threat Analyst, Threat Detection & Research @ Sekoia.io, France),
Amaury-Jacques Garçon (Cyber Threat Analyst, Threat Detection & Research @ Sekoia.io, France)
16:30 - 17:30MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors
Philippe Teuwen (R&D Lead, Quarkslab, France)
17:30 - 17:40Closing by the General Chair
Gurvan Le Guernic (Program Comity Chair, DGA, France)
Strategic cyber threat analyst, Coline Chavane is part of the Threat Detection & Research Team of Sekoia.io. She focuses on state-sponsored threats and geopolitical analysis. She had previous experiences working at the French National Cybersecurity Agency and at Thales.
Amaury-Jacques Garçon is a cybersecurity engineer working as technical Threat Intelligence analyst and focusing on the investigation of state-sponsored threats, currently at Sekoia.io . With professional experience in open source investigation, he has worked for the French Ministry of Armed Forces.
2024 Elections in the Crosshairs: Cyber Threats and Influence Operations
2024 is election year for a number of countries including the US, the EU, Moldova and India. This presentation will provide an analysis and feedback on the cyber threats targeting this year's electoral processes, based on the report "Guarding Democracy: Assessing Cyber Threats to 2024 Worldwide Elections" from Sekoia Threat Intelligence & Research (TDR). We will focus in particular on influence campaigns affecting elections, and deep-dive with our investigation on the DoppelGänger group.
Elisa Chiapponi is a Security Researcher in the Global Security Operations of Amadeus (France). In 2023, she obtained her Ph.D degree in Cryptography and Security from Sorbonne Université (France) with a thesis titled "Detecting and Mitigating the New Generation of Scraping Bots" working on her research project in the Digital Security Department of EURECOM (France). In the spring of 2022 and 2023, she was a visiting researcher at the Resilient Computing and Cybersecurity Center (RC3) of King Abdullah University of Science and Technology (Saudi Arabia). In 2024, she was awarded Microsoft Partners Woman Role Model in the category Young Talent. In 2023, she obtained the second place at the Cyber Woman Researcher European Award by CEFCYS. Her domains of interest and expertise are Network and Application Security, Internet Measurements, Bot Mitigation and Proxy Identification.
Countering Residential IP Proxies: Detection Techniques and Strategic Insights
Residential IP Proxies (RESIPs) enable proxying requests through large networks of residential devices used concurrently by genuine users. These proxies are attractive to malicious actors because of their advantages in automated campaigns, including access to reputable residential IPs and integrated services like automated CAPTCHA solving. In this talk, we will showcase various types of attacks that exploit these proxies and introduce new methods to detect and prevent their activity on the server side. We will present successful results from applying these techniques in both semi-controlled and real-world environments. Additionally, we will offer new insights into the inner working and modus operandi of RESIPs, derived from our data collections.
Mike Eftimakis has an extensive background in the electronics industry with 30 years in senior technical and business roles. He has been innovating with companies like VLSI Technology, NewLogic or Arm. He is now VP Strategy and Ecosystem at Codasip, where he drives the long-term vision and its day-to-day implementation. In parallel, he is a Founding Director of the CHERI Alliance.
The CHERI Alliance
The worldwide cost of cyberattacks now reaches an estimated $10 trillion per year. Memory safety issues continue to be the main source of cyber security problems and have consistently represented ~70% of vulnerabilities over the past 20 years. Therefore, there is a strong and increasing interest in CHERI (Capability Hardware Enhanced RISC Instructions), a technology that mitigates memory safety vulnerabilities by design. It provides security features at the hardware level that can be leveraged by the software to provide more robust security. It has been developed by University of Cambridge and other research labs, and after 14 years of improvement and tuning, it is now ready to go into products. However, getting the industry to adopt a new security technology requiring new hardware, is not something that will happen without a proactive and coordinated effort. This is the goal of the CHERI Alliance, a non-profit organisation created to accelerate the adoption of the technology. This talk provides an overview of the CHERI technology: the benefits it provide, an overview of how it works, and the constraints associated with its integration. It also introduces the CHERI Alliance: its objectives, its means and its roadmap.
Sébastien Brillet
Cybersecurity Expert DGA France
Cybersecurity Expert DGA France
After gaining experience in industrial R&D (Mitsubishi, Renesas) and academic research (Inria), Sébastien Brillet joined the French Ministry of Armed Forces' Defense Procurement Agency (DGA) in 2015. His work focuses on the internal architecture of the Windows operating system, as well as the security mechanisms involved in PC boot processes.
Implants, Bootkits, and Boot Protection
Modern computers are equipped with a significant amount of low-level software, commonly known as firmware, which often initializes before the processor and operating system. This presentation will focus on the UEFI boot firmware, a frequent target for sophisticated cyberattacks. We will explore real-world threats that exploit vulnerabilities in the boot process and discuss the security measures and mitigations designed to defend against these evolving risks.
Philippe Teuwen (@doegox) is R&D Lead at Quarkslab, happily sailing across the frontier between hardware and software security, having enabled new vector attacks and open source tools such as adaptation of side-channel techniques towards whitebox cryptography, EEPROM tear-off attacks defeating various RFID security features, etc. He's in the editorial team of the International Journal of PoC||GTFO and loves organizing Hardware CTFs.
MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors
We will present our latest research on a next-generation MIFARE Classic compatible card manufactured by Shanghai Fudan Microelectronics, designed to resist all known card-only attacks. We uncovered several critical vulnerabilities, including a hardware backdoor that enables unauthorized key authentication and user key cracking within minutes. Our findings reveal that a common backdoor key is shared among all FM11RF08S cards, entirely compromising their security. These troubling findings do not stop there, as we also identified similar backdoors in other Fudan and legacy cards, raising further questions.
Thomas Roche is co-founder and security expert at NinjaLab (ninjalab.io). His research interests lie in all aspects of cryptography with a focus on implementation issues. Thomas hobby these last years: trying to find side-channel vulnerabilities inside the most secure chips available on the market. After his PhD in applied mathematics from Grenoble University and a short postdoc at the university of Paris 8 and Oberthur Technologies (now IDEMIA), Thomas worked 4 years at ANSSI (French Cybersecurity Agency) and 2 years at APPLE prior to founding NinjaLab with Victor Lomné in 2017.
EUCLEAK: Side-Channel Analysis of Infineon Secure Elements, Application to the Yubikey 5 Series
The work presented in this talk reveals a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the biggest secure element manufacturers. This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion. Moreover it is shown to be exploitable in practice on a widespread 2FA FIDO security keys: the Yubikey 5 Series. The full technical details of this work were made public on September 3rd 2024 (https://ninjalab.io/eucleak/), we will go over them and what they can tell us about the current state of secure elements and security certifications.
Bertrand Le Gorgeu is deputy chief of the industry and technology division of ANSSI, the French national cyber agency. Prior to that he was program manager for the Olympics at the agency. For 4 years he coordinated the agency internal and external resources to secure an ecosystem made of over 500 entities. Games time, he was part of the agency strategic operation centre.
Preparing and Conducting a Major Sporting Event from a Cyber Standpoint: ANSSI and the Paris 2024 Olympics
This keynote will focus on ANSSI’s preparation for the Paris 2024 Olympics, covering key milestones since 2018 and the agency's approach to securing such a major event. It will also address how ANSSI has mobilized a diverse ecosystem, including competition venues, event organizers, and private sector actors, to improve cyber maturity and readiness. Finally, the presentation will provide an overview of incidents and events during the Games, sharing important lessons learned to enhance future cybersecurity strategies.
Decentralization of Identities in the Blockchain
The use of blockchain technology has been widespread globally for over a decade. Primarily oriented towards decentralized applications, this technology enables information exchange, particularly through the use of smart contracts, without requiring trust between different parties. In this paper, we explore several approaches for storing, securing, and controlling access to personal data by users. Specifically, the use of smart contracts allows for the on-demand deployment and provision of a portion of the information system containing the user's personal data.
Ahmed Abid
(Université de rennes, FR)
;
Pierre Alain
(Irisa, FR)
An IT system built with cybersecurity best practice: a utopia?
Best practice defines all the professional practices that must be respected to ensure that work is carried out correctly. Transposed to the world of cybersecurity, this includes ANSSI technical guidelines. At a time when cyber threats are multiplying their targets and intensifying, and when the pace of deployment of digital services is driven by business and costs, is it a utopia of experts to build (or rebuild) an IS according to cybersecurity best practice? Through concrete technical subjects (e.g. IT administration, nomadism) illustrated by feedback from recent years, ANSSI presents an introspection on the creation of a technical doctrine and its deployment in operational reality. Finally, in a context where the number of regulated players is growing and collective awareness of cyber risk is more or less advanced, ANSSI proposes ways of completing this doctrine, making it more widely accessible, and implementing it gradually in a variety of contexts (e.g. limited resources, low exposure to the targeted cyber threat).
Olivier Mémin
(ANSSI, FR)
Towards the use of the DISARM matrix as a lever for raising awareness and protecting audiences targeted by disinformation operations
The emergence of vocabulary previously reserved for military conflicts within the field of communication highlights how information has become a key issue in current confrontations. The increasing importance of information in these conflicts has been made possible by recent transformations in adoption, production, and dissemination practices driven by digital tools and social networks. Democracies, where information and opinions are free, are destabilized by campaigns spreading false information or deliberate misinformation orchestrated by authoritarian regimes, for which disinformation is part of a strategy targeting adversaries. We propose to acknowledge this ongoing information warfare and, after conducting an inventory of media literacy and awareness programs, to assess the level of protection or resistance capabilities among the audiences targeted by these disinformation campaigns. To model what is happening at different scales—strategy, moderation, influence, reception, and sharing—a parallel will be drawn with air defense systems intended to protect populations from asymmetrical saturation attacks. Beyond this comparison, the cognitive mechanisms employed by individuals when confronted with new information on social networks will be described. Similarly, influence and propagation models on social networks will be compared to identify leverage points within individuals that could be acted upon. Various frameworks, analysis models, and particularly the DISARM matrix will be examined to determine how they could drive the development of new tools for raising awareness and protecting social network users of all ages. The potential for creating engaging scenarios or serious games for adults based on the DISARM matrix will also be discussed.
Jean-Philippe Riant
(DATASK - Pôle d'excellence cyber Rennes, FR)
;
Ugo Peyre
(DATASK - Pôle d'excellence cyber Rennes, FR)
Analysis of access control mechanisms for a dynamic and decentralized approach of data-centric security (DCS)
Today, in many domains, stakeholders handle sensitive data that needs to be protected according to their confidentiality level. Among existing security paradigms, data-centric security (DCS) places security as close as possible to the data, to ensure confidentiality on any network, communication channel or storage server. To achieve this, DCS requirements are implemented through access control mechanisms. These mechanisms need to be (1) dynamic, to enable actors in a secure system to join it opportunistically and (2) decentralized, to guarantee data availability. However, existing approaches only partially address these challenges. In this article, we illustrate these challenges using two examples and discuss the limitations of existing approaches in addressing them.
Etienne Lemonnier
(Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR)
;
Jamal El Hachem
(Université Bretagne Sud, IRISA, FR)
;
Lionel Touseau
(Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR)
;
Jérémy Buisson
(Ecole de l'air et de l'espace, CRéA, FR)
;
Nicolas Belloir
(Académie Militaire de Saint-Cyr Coëtquidan, CReC Saint-Cyr, FR)
;
Jean-François Wiorek
(Thales Group, FR)