Program
| Time |
Event |
|
|
11:00 - 12:30
|
Registration - Registration |
|
|
12:30 - 14:00
|
Lunch |
|
|
14:00 - 14:30
|
Opening Session -
Mohamed Kaâniche - Mohamed Kaâniche, LAAS-CNRS |
|
|
14:30 - 15:15
|
Introduction to IoT Security -
Marc Dacier - Marc Dacier, Institut Eurécom
In this talk, we will look at the various ways to define IoT systems and what the lessons of 20 years of network security research tell us about the security of emerging of Iot networks |
|
|
15:15 - 16:00
|
Zeroconf protocols and their numerous MITM attacks -
Marc Dacier - Marc Dacier, Institut Eurécom
In this talk, we do present the protocols falling under the umbrella of zeroconf protocols. We explain how pervasive they are and the fact that few people are conscious that they are using them. We also explain why they are so prone to a number of distinct so called man in the middle (MITM) attacks and what to do about that. |
|
|
16:00 - 16:30
|
Coffee break |
|
|
16:30 - 18:00
|
Privacy-preserving mechanisms in wireless networks: the many challenges of address randomization -
Matthieu Cunche - Matthieu Cunche, INSA Lyon, INRIA Grenoble Rhône Alpes
Wireless technologies such as Bluetooth and Wi-Fi are integrated in devices that users are carrying all day long. Signals emitted by those devices contains pieces of information that allow the tracking of users in the physical world. To counter the corresponding privacy threats, device addresses included in Wi-Fi and Bluetooth frames can now by randomized. We will see that this measure alone is not enough to protect against tracking and that other elements of the network stack need to be considered when designing and implementing anti-tracking mechanisms. |
|
| Time |
Event |
|
|
08:30 - 09:00
|
Breakfast |
|
|
09:00 - 10:30
|
Black box reverse engineering of wireless communication protocols -
Romain Cayre and Florent Galtier - Romain Cayre and Florent Galtier, LAAS-CNRS, Apsys Lab
Black box analysis of a wireless keyboard : in this talk, we will present the reverse engineering process of an undocumented proprietary wireless communication protocol used by a wireless keyboard. It describes the methodology allowing to understand the physical and the link layers of the protocol and how to build some custom tools to sniff and inject packets. Multiple proofs of concept will be presented, especially a radio keylogger and a keystrokes injection tool. |
|
|
10:30 - 11:00
|
Coffee break |
|
|
11:00 - 12:30
|
Security of BLE communications -
Romain Cayre and Florent Galtier - Romain Cayre and Florent Galtier, LAAS-CNRS, Apsys Lab
Bluetooth Low Energy (BLE) is nowadays one of the most popular wireless communication protocols for Internet of Things (IoT) devices. As a result, several attacks have targeted this protocol or its implementations in recent years, illustrating the growing interest for this technology. However, some major challenges remain from an offensive perspective, such as injecting arbitrary frames, hijacking the Slave role or performing a Man-in-The-Middle in an already established connection. In this presentation we describe a novel attack called InjectaBLE, allowing to inject malicious traffic into an existing connectionn, and describe some examples of real attack scenarios. |
|
|
12:30 - 14:00
|
Lunch |
|
|
14:00 - 15:00
|
Side Channel Attacks in Embedded Systems -
Florent Bruguier - Florent Bruguier, LIRMM, Montpellier anf Vincent Migliore, INSA Toulouse, LAAS-CNRS
First, we will introduce the principle of side-channel attacks, especially those based on power consumption or electromagnetic emissions. Then, we will propose a practical training based on the implementation of such attacks. The objective of this lab is to implement a correlation attack on a PRESENT 128-bit cryptoprocessor implemented on FPGA. The trainees will have to code the attack (CPA) on the last round of encryption using the Hamming distance method. They will have at their disposal the ciphered texts and the corresponding electromagnetic measurements carried out beforehand on one of the LIRMM attack benches |
|
|
15:00 - 15:30
|
Break |
|
|
15:30 - 18:00
|
Side Channel Attacks in Embedded Systems (Lab) -
Florent Bruguier - Florent Bruguier, LIRMM, Montpellier and Vincent Migliore, INSA Toulouse, LAAS-CNRS
First, we will introduce the principle of side-channel attacks, especially those based on power consumption or electromagnetic emissions. Then, we will propose a practical training based on the implementation of such attacks. The objective of this lab is to implement a correlation attack on a PRESENT 128-bit cryptoprocessor implemented on FPGA. The trainees will have to code the attack (CPA) on the last round of encryption using the Hamming distance method. They will have at their disposal the ciphered texts and the corresponding electromagnetic measurements carried out beforehand on one of the LIRMM attack benches |
|
| Time |
Event |
|
|
08:30 - 09:00
|
Breakfast |
|
|
09:00 - 10:00
|
Vehicle Embedded Systems Security -
Guillaume Lussier - Guillaume Lussier, Renault, Toulouse
Cybersecurity is a very new domain for the automotive industry, but it is going very fast. With the revolution of the connected car, cyber is now becoming a critical path for all OEMs and certification is going faster than in any other industry domain previously. The UNECE has challenged the European can industry with strong standards for cybersecurity and they have to be achieved. How to respond to these challenges, from a process, architecture or tooling point of view is what we will try to brush in this presentation. A strong focus will be given to validation and testing, which we will see can be surprisingly lacking in the cyber field. |
|
|
10:00 - 11:00
|
Overview of the Aircraft Security Process -
Bertrand Leconte - Bertrand Leconte, Airbus Defense and Space
In this talk, we will present an outlook of some threats aircraft faces, we will look at what are the obligations and duties for an aircraft manufacturer. We will then show you the Airbus security development process, with a focus on security assurance and risk assessment. We will finish by presenting the security measures we can use to protect aircraft and the architecture principles we apply during design phase. |
|
|
11:00 - 11:30
|
Coffee break |
|
|
11:30 - 12:30
|
Overview of the Aircraft Security Process -
Bertrand Leconte - Bertrand Leconte, Airbus Defense and Space
In this talk, we will present an outlook of some threats aircraft faces, we will look at what are the obligations and duties for an aircraft manufacturer. We will then show you the Airbus security development process, with a focus on security assurance and risk assessment. We will finish by presenting the security measures we can use to protect aircraft and the architecture principles we apply during design phase. |
|
|
12:30 - 14:00
|
Lunch |
|
|
14:00 - 15:15
|
Overview of the Aircraft Security Process -
Bertrand Leconte - Bertrand Leconte, Airbus Defense and Space
In this talk, we will present an outlook of some threats aircraft faces, we will look at what are the obligations and duties for an aircraft manufacturer. We will then show you the Airbus security development process, with a focus on security assurance and risk assessment. We will finish by presenting the security measures we can use to protect aircraft and the architecture principles we apply during design phase. |
|
|
15:15 - 16:30
|
Sateliite Embedded Systems Security -
Benoit Tranier - Benoit Tranier, Thalès Alenia Space
Since the 1960’s space has become a very important issue in many domains : Science, Observation, Weather forecast, Telecommunication, Navigation, Astronomy, etc. More than 2500 active satellites are currently orbiting around the Earth. All these satellites are operated from earth and requires constant attention in order for them to be able to fulfil their initial mission. Many satellites are part of critical infrastructures and must be protected from any threat that may jeopardises their capabilities or integrity. In a more and more interconnected world, space systems must be now security proven and resistant to any direct or indirect cyber-attacks. Even if space system security has always been an important issue, it has become a major issue even for civilian and commercial missions. Many measures has to be considered at many levels to guarantee the security, the safety and the availability of space systems. Over this short presentation the |
|
|
16:30 - 17:00
|
Coffee break |
|
|
17:00 - 18:00
|
Rump Session -
This rump session is dedicated to very short presentations of 5mn maximum, by any person who attend this summer school, about any topic related to cybersecurity. This presentation may concern a PhD work, a short demonstration of a tool, the advertising of an event, or many other things, as far as it concerns cybersecurity. The persons who want to participate should apply before July 21st, 2pm |
|
| Time |
Event |
|
|
08:30 - 09:00
|
Breakfast |
|
|
09:00 - 10:30
|
Security Challenge -
S. Duverger, B. Camredon, B. Morgan - S. Duverger, B. Camredon, B. Morgan, Airbus, INP/ENSEEIHT, IRIT
We present the Airbus Embedded Challenge. Participants will have the opportunity to face a security server in an unknown context: systems and protocols are custom-built. Any previous experience on CTF(s) is a plus but absolutely not mandatory. Participants only need some basic computer/programming skills and obviously system/network and applications security principles. Good luck ! |
|
|
10:30 - 11:00
|
Coffe Break |
|
|
11:00 - 12:30
|
Security Challenge -
S. Duverger, B. Camredon, B. Morgan - S. Duverger, B. Camredon, B. Morgan, Airbus, INP/ENSEEIHT, IRIT
We present the Airbus Embedded Challenge. Participants will have the opportunity to face a security server in an unknown context: systems and protocols are custom-built. Any previous experience on CTF(s) is a plus but absolutely not mandatory. Participants only need some basic computer/programming skills and obviously system/network and applications security principles. Good luck ! |
|
|
12:30 - 14:00
|
Lunch |
|
|
14:00 - 16:00
|
Security Challenge -
S. Duverger, B. Camredon, B. Morgan - S. Duverger, B. Camredon, B. Morgan, Airbus, INP/ENSEEIHT, IRIT
We present the Airbus Embedded Challenge. Participants will have the opportunity to face a security server in an unknown context: systems and protocols are custom-built. Any previous experience on CTF(s) is a plus but absolutely not mandatory. Participants only need some basic computer/programming skills and obviously system/network and applications security principles. Good luck ! |
|
|
16:00 - 16:30
|
Coffee break |
|
|
16:30 - 18:00
|
Security Challenge -
S. Duverger, B. Camredon, B. Morgan - S. Duverger, B. Camredon, B. Morgan, Airbus, INP/ENSEEIHT, IRIT
We present the Airbus Embedded Challenge. Participants will have the opportunity to face a security server in an unknown context: systems and protocols are custom-built. Any previous experience on CTF(s) is a plus but absolutely not mandatory. Participants only need some basic computer/programming skills and obviously system/network and applications security principles. Good luck ! |
|
| Time |
Event |
|
|
08:30 - 09:00
|
Breakfast |
|
|
09:00 - 10:30
|
Security Challenge -
S. Duverger, B. Camredon, B. Morgan - S. Duverger, B. Camredon, B. Morgan, Airbus, INP/ENSEEIHT, IRIT
We present the Airbus Embedded Challenge. Participants will have the opportunity to face a security server in an unknown context: systems and protocols are custom-built. Any previous experience on CTF(s) is a plus but absolutely not mandatory. Participants only need some basic computer/programming skills and obviously system/network and applications security principles. Good luck ! |
|
|
10:30 - 11:00
|
Coffee break |
|
|
11:00 - 12:30
|
Security Challenge -
S. Duverger, B. Camredon, B. Morgan - S. Duverger, B. Camredon, B. Morgan, Airbus, INP/ENSEEIHT, IRIT
We present the Airbus Embedded Challenge. Participants will have the opportunity to face a security server in an unknown context: systems and protocols are custom-built. Any previous experience on CTF(s) is a plus but absolutely not mandatory. Participants only need some basic computer/programming skills and obviously system/network and applications security principles. Good luck ! |
|
|
12:30 - 14:00
|
Lunch |
|
|
14:00 - 14:30
|
Closing Session - V. Nicomette |
|
|
Loading...