Archive

Hélène LE BOUDER

Poste

Maitre de conférences

Localisation

Rennes

Coordonnées :

Tél.

+33 2 99 12 24 04
Biographie
  • 2017-  Maître de conférences IMT-Atlantique
    Equipe IRISA OCIF
  • 2015-2017 Post-doctorat en informatique
    Laboratoire d’accueil : Laboratoire Haute-Sécurité (LHS) de l’INRIA Rennes, équipe TAMIS, projet ANR Cogito.
  • 2014 : Doctorat en Microélectronique appliquée à la cryptologie.
     École Nationale Supérieure des Mines de Saint-Étienne, Centre de Microélectronique de Provence (CMP) site Georges Charpak.
     Un formalisme unifiant les attaques physiques sur circuits cryptographiques et son exploitation afin de comparer et rechercher de nouvelles attaques.

L'augmentation de l'utilisation de systèmes embarqués tels que les cartes à puces et objets connectés dans la vie quotidienne, implique une nécessité de protection des données des utilisateurs. Un algorithme peut être est conçu mathématiquement robuste. Cependant, une fois implémenté dans un circuit, il est possible d'attaquer les failles de ce dernier. Les attaques physiques forment l'ensemble des techniques exploitant le fonctionnement d'un circuit.
Elles se décomposent en deux grandes familles. Les attaques par observation, appelées aussi par canaux auxiliaires, analysent le comportement d'un circuit. En effet, ce dernier a une consommation de courant, un temps de calcul, un rayonnement électromagnétique... Ces paramètres physiques sont liés aux données manipulées.
Ils peuvent être mesurés et exploités pour retrouver des informations sensibles. On parle de fuite d'information. Les attaques par injections de faute(s) perturbent un circuit durant l'exécution d'un calcul. Les moyens d'injections de faute(s) sont nombreux (impulsion laser ou électromagnétique, modification de l'horloge interne...). L'analyse des différences entre le comportement normal et perturbé d'un circuit, peut permettre de retrouver des secrets. C'est dans ce cadre que se situent mes travaux de recherche.

  • Encadrement de la thèse d'Aurélien Palisse "Analyse et détection de logiciels de rançon”
  • Encadrement de la thèse de Routa Moussaileb sur “Analyse de comportement malveillant sur des données systèmes et réseaux”.
  • Encadrement de la thèse de Léopold Ouairy sur “Protection des systèmes face aux attaques par fuzzing”.
  • Co-responsable du Mastère spécialisé en Cyber-sécurité
  • Introduction à la cryptographie
  • Introduction aux attaques physiques
HAL Publications
Communication dans un congrès
Lashermes Ronan, Le Bouder Hélène, Thomas Gaël
Hardware-Assisted Program Execution Integrity: HAPEI
NordSec 2018 - 23rd Nordic Conference on Secure IT Systems, Nov 2018, Oslo, Norway
Bibtext :
@inproceedings{lashermes:hal-01978181,
TITLE = {{Hardware-Assisted Program Execution Integrity: HAPEI}},
AUTHOR = {Lashermes, Ronan and Le Bouder, H{\'e}l{\`e}ne and Thomas, Ga{\"e}l},
URL = {https://hal.inria.fr/hal-01978181},
BOOKTITLE = {{NordSec 2018 - 23rd Nordic Conference on Secure IT Systems}},
ADDRESS = {Oslo, Norway},
YEAR = {2018},
MONTH = Nov,
KEYWORDS = {Program Execution Integrity ; Hardware Fault Attacks ; Control Flow Integrity ; Instruction Set Randomization},
PDF = {https://hal.inria.fr/hal-01978181/file/NordSec2018_5.pdf},
HAL_ID = {hal-01978181},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T Hardware-Assisted Program Execution Integrity: HAPEI
%+ Service Expérimentation et Développement (SED [Rennes])
%+ Objets communicants pour l'Internet du futur (OCIF)
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%+ IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique)
%A Lashermes, Ronan
%A Le Bouder, Hélène
%A Thomas, Gaël
%< avec comité de lecture
%B NordSec 2018 - 23rd Nordic Conference on Secure IT Systems
%C Oslo, Norway
%8 2018-11-28
%D 2018
%K Program Execution Integrity
%K Hardware Fault Attacks
%K Control Flow Integrity
%K Instruction Set Randomization
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X Even if a software is proven sound and secure, an attacker can still insert vulnerabilities with fault attacks. In this paper, we propose HAPEI, an Instruction Set Randomization scheme to guarantee Program Execution Integrity even in the presence of hardware fault injection. In particular, we propose a new solution to the multi-predecessors problem. This scheme is then implemented as a hardened CHIP-8 virtual machine, able to ensure program execution integrity, to prove the viability and to explore the limits of HAPEI.
%G English
%2 https://hal.inria.fr/hal-01978181/document
%2 https://hal.inria.fr/hal-01978181/file/NordSec2018_5.pdf
%L hal-01978181
%U https://hal.inria.fr/hal-01978181
%~ CNRS
%~ UNIV-UBS
%~ INRIA-RENNES
%~ IRISA_SET
%~ UNIV-RENNES1
%~ INRIA_TEST
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ TEST-UR-CSS
%~ UNIV-RENNES
%~ INRIA-RENGRE
%~ UR1-MATH-STIC
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ IMT-ATLANTIQUE
%~ IMTA_SRCD
%~ IRISA-OCIF-IMTA
%~ IRISA_IMTA
%~ PRACOM
%~ INSA-GROUPE
Communication dans un congrès
Ouairy Léopold, Le Bouder Hélène, Lanet Jean-Louis
Protection des systèmes face aux attaques par fuzzing
2018 - European Cyber Week, Nov 2018, Rennes, France. pp.1-16
Bibtext :
@inproceedings{ouairy:hal-01950822,
TITLE = {{Protection of systems against fuzzing attacks}},
AUTHOR = {Ouairy, L{\'e}opold and Le Bouder, H{\'e}l{\`e}ne and Lanet, Jean-Louis},
URL = {https://hal.inria.fr/hal-01950822},
BOOKTITLE = {{2018 - European Cyber Week}},
ADDRESS = {Rennes, France},
PAGES = {1-16},
YEAR = {2018},
MONTH = Nov,
KEYWORDS = {Attaques par fuzzing ; K-Nearest-Neighbors ; Machine Learning non supervis{\'e}},
PDF = {https://hal.inria.fr/hal-01950822/file/article.pdf},
HAL_ID = {hal-01950822},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T Protection of systems against fuzzing attacks
%+ Confidentialité, Intégrité, Disponibilité et Répartition (CIDRE)
%+ Objets communicants pour l'Internet du futur (OCIF)
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%A Ouairy, Léopold
%A Le Bouder, Hélène
%A Lanet, Jean-Louis
%< avec comité de lecture
%B 2018 - European Cyber Week
%C Rennes, France
%P 1-16
%8 2018-11-19
%D 2018
%K Attaques par fuzzing
%K K-Nearest-Neighbors
%K Machine Learning non supervisé
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X A fuzzing attack enables an attacker to gain access to restricted resources by exploiting a wrong specification implementation. Fuzzing attack consists in sending commands with parameters out of their specification range. Thisstudy aims at protecting Java Card applets against such attacks. To do this, we detect prior to deployment an unexpected behavior of the application without any knowledge of its specification. Our approach is not based on a fuzzing technique. It relies on a static analysis method and uses an unsupervised machine-learningalgorithm on source codes. For this purpose, we have designed a front end tool fetchVuln that helps the developer to detect wrong implementations. It relies on a back end tool Chucky-ng which we have adapted for Java. In order to validate the approach, we have designed a mutant applet generator based on LittleDarwin.The tool chain has successfully detected the expected missing checks in the mutant applets. We evaluate then the tool chain by analyzing five applets which implement the OpenPGP specification. Our tool has discovered both vulnerabilitiesand optimization problems. These points are then explained and corrected.
%X Le but de ce projet est de protéger les applets Java Card contre les attaques par fuzzing. Ces dernières permettent à un attaquant d'accéder à des ressources restreintes en exploitant une mauvaise implémentation d'une machine à états. Pour ce faire, nous créons un outil ChuckyJava. Il vise à détecter les vérifications manquantes (missing-checks) par machine learning non supervisé. Il transforme les fonctions en vecteurs, les comparent et est capable de déterminer si une fonction est vulnérable. Nous exécutons ChuckyJava sur cinq applets implémentant la spécification d'OpenPGP. Nous présentons deux vulnérabilités et un problème d'optimisation.
%G French
%2 https://hal.inria.fr/hal-01950822/document
%2 https://hal.inria.fr/hal-01950822/file/article.pdf
%L hal-01950822
%U https://hal.inria.fr/hal-01950822
%~ CNRS
%~ UNIV-UBS
%~ INRIA-RENNES
%~ IRISA_SET
%~ UNIV-RENNES1
%~ INRIA_TEST
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ SUP_CIDRE
%~ TEST-UR-CSS
%~ UNIV-RENNES
%~ INRIA-RENGRE
%~ UR1-MATH-STIC
%~ CENTRALESUPELEC-SACLAY-VP
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ CENTRALESUPELEC-SACLAY
%~ UNIV-PARIS-SACLAY
%~ IMT-ATLANTIQUE
%~ IMTA_SRCD
%~ IRISA-OCIF-IMTA
%~ IRISA_IMTA
%~ PRACOM
Communication dans un congrès
Ouairy Léopold, Le Bouder Hélène, Lanet Jean-Louis
Protection of systems against fuzzing attacks
FPS 2018 - 11th International Symposium on Foundations & Practice of Security, Nov 2018, Montréal, Canada. pp.1-16
Bibtext :
@inproceedings{ouairy:hal-01976753,
TITLE = {{Protection of systems against fuzzing attacks}},
AUTHOR = {Ouairy, L{\'e}opold and Le Bouder, H{\'e}l{\`e}ne and Lanet, Jean-Louis},
URL = {https://hal.inria.fr/hal-01976753},
BOOKTITLE = {{FPS 2018 - 11th International Symposium on Foundations \& Practice of Security}},
ADDRESS = {Montr{\'e}al, Canada},
PAGES = {1-16},
YEAR = {2018},
MONTH = Nov,
KEYWORDS = {unsupervised machine-learning ; ChuckyJava ; Java Card ; fuzzing attacks ; vulnerability detec-tion ; k-Nearest-Neighbors},
PDF = {https://hal.inria.fr/hal-01976753/file/paper_32%20%281%29.pdf},
HAL_ID = {hal-01976753},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T Protection of systems against fuzzing attacks
%+ Confidentialité, Intégrité, Disponibilité et Répartition (CIDRE)
%+ Objets communicants pour l'Internet du futur (OCIF)
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%A Ouairy, Léopold
%A Le Bouder, Hélène
%A Lanet, Jean-Louis
%< avec comité de lecture
%B FPS 2018 - 11th International Symposium on Foundations & Practice of Security
%C Montréal, Canada
%P 1-16
%8 2018-11-13
%D 2018
%K unsupervised machine-learning
%K ChuckyJava
%K Java Card
%K fuzzing attacks
%K vulnerability detec-tion
%K k-Nearest-Neighbors
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X A fuzzing attack enables an attacker to gain access to restricted resources by exploiting a wrong specification implementation. Fuzzing attack consists in sending commands with parameters out of their specification range. This study aims at protecting Java Card applets against such attacks. To do this, we detect prior to deployment an unexpected behavior of the application without any knowledge of its specification. Our approach is not based on a fuzzing technique. It relies on a static analysis method and uses an unsupervised machine-learning algorithm on source codes. For this purpose, we have designed a front end tool fetchVuln that helps the developer to detect wrong implementations. It relies on a back end tool Chucky-ng which we have adapted for Java. In order to validate the approach, we have designed a mutant applet generator based on LittleDar-win. The tool chain has successfully detected the expected missing checks in the mutant applets. We evaluate then the tool chain by analyzing five applets which implement the OpenPGP specification. Our tool has discovered both vulnerabil-ities and optimization problems. These points are then explained and corrected.
%G English
%2 https://hal.inria.fr/hal-01976753/document
%2 https://hal.inria.fr/hal-01976753/file/paper_32%20%281%29.pdf
%L hal-01976753
%U https://hal.inria.fr/hal-01976753
%~ CNRS
%~ UNIV-UBS
%~ INRIA-RENNES
%~ IRISA_SET
%~ UNIV-RENNES1
%~ INRIA_TEST
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ SUP_CIDRE
%~ TEST-UR-CSS
%~ UNIV-RENNES
%~ INRIA-RENGRE
%~ UR1-MATH-STIC
%~ CENTRALESUPELEC-SACLAY-VP
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ CENTRALESUPELEC-SACLAY
%~ UNIV-PARIS-SACLAY
%~ IMT-ATLANTIQUE
%~ IMTA_SRCD
%~ IRISA-OCIF-IMTA
%~ IRISA_IMTA
%~ PRACOM
Communication dans un congrès
Ouairy Léopold, Le Bouder Hélène, Lanet Jean-Louis
Normalization of Java source codes
SECITC 2018 - 11th International Conference on Security for Information Technology and Communications, Nov 2018, Bucarest, Romania. pp.1-11
Bibtext :
@inproceedings{ouairy:hal-01976747,
TITLE = {{Normalization of Java source codes}},
AUTHOR = {Ouairy, L{\'e}opold and Le Bouder, H{\'e}l{\`e}ne and Lanet, Jean-Louis},
URL = {https://hal.inria.fr/hal-01976747},
BOOKTITLE = {{SECITC 2018 - 11th International Conference on Security for Information Technology and Communications}},
ADDRESS = {Bucarest, Romania},
PAGES = {1-11},
YEAR = {2018},
MONTH = Nov,
KEYWORDS = {applet security ; identifier renaming ; ChuckyJava ; Java Card},
PDF = {https://hal.inria.fr/hal-01976747/file/paper_32.pdf},
HAL_ID = {hal-01976747},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T Normalization of Java source codes
%+ Confidentialité, Intégrité, Disponibilité et Répartition (CIDRE)
%+ Objets communicants pour l'Internet du futur (OCIF)
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%A Ouairy, Léopold
%A Le Bouder, Hélène
%A Lanet, Jean-Louis
%< avec comité de lecture
%B SECITC 2018 - 11th International Conference on Security for Information Technology and Communications
%C Bucarest, Romania
%P 1-11
%8 2018-11-08
%D 2018
%K applet security
%K identifier renaming
%K ChuckyJava
%K Java Card
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X Security issues can be leveraged when input parameters are not checked. These missing checks can lead an application to an unexpected state where an attacker can get access to assets. The tool Chucky-ng aims at detecting such missing checks in source code. Such source codes are the only input required for Chuck-yJava. Since it is sensible to the identifier names used in these source codes, we want to normalize them in order to improve its efficiency. To achieve this, we propose an algorithm which works in four steps. It renames constant, parameter , variable and method names. We evaluate the impact of this renaming on two different experiments. Since our results are concluding, we show the benefits of using our tool. Moreover, we suggest another new way to improve Chucky-ng
%G English
%2 https://hal.inria.fr/hal-01976747/document
%2 https://hal.inria.fr/hal-01976747/file/paper_32.pdf
%L hal-01976747
%U https://hal.inria.fr/hal-01976747
%~ CNRS
%~ UNIV-UBS
%~ INRIA-RENNES
%~ IRISA_SET
%~ UNIV-RENNES1
%~ INRIA_TEST
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ SUP_CIDRE
%~ INRIA-RENGRE
%~ UR1-MATH-STIC
%~ CENTRALESUPELEC-SACLAY-VP
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ CENTRALESUPELEC-SACLAY
%~ TEST-UR-CSS
%~ UNIV-RENNES
%~ UNIV-PARIS-SACLAY
%~ IMT-ATLANTIQUE
%~ IMTA_SRCD
%~ IRISA-OCIF-IMTA
%~ IRISA_IMTA
%~ PRACOM
Communication dans un congrès
Le Bouder Hélène, Thomas Gaël, Lashermes Ronan, Linge Yanis, Robisson Bruno, Tria Assia
An Evaluation Tool for Physical Attacks
ADHOC-NOW 2018 - International Conference on Ad-Hoc Networks and Wireless, Sep 2018, Saint-Malo, France. Springer, ADHOC-NOW 2018: Ad-hoc, Mobile, and Wireless Networks, 11104, pp.112-119, 2018, LNCS. 〈10.1007/978-3-030-00247-3_10〉
Bibtext :
@inproceedings{lebouder:hal-01894517,
TITLE = {{An Evaluation Tool for Physical Attacks}},
AUTHOR = {Le Bouder, H{\'e}l{\`e}ne and Thomas, Ga{\"e}l and Lashermes, Ronan and Linge, Yanis and Robisson, Bruno and Tria, Assia},
URL = {https://hal.archives-ouvertes.fr/hal-01894517},
BOOKTITLE = {{ADHOC-NOW 2018 - International Conference on Ad-Hoc Networks and Wireless}},
ADDRESS = {Saint-Malo, France},
PUBLISHER = {{Springer}},
SERIES = {LNCS},
VOLUME = {11104},
PAGES = {112-119},
YEAR = {2018},
MONTH = Sep,
DOI = {10.1007/978-3-030-00247-3\_10},
PDF = {https://hal.archives-ouvertes.fr/hal-01894517/file/Formalism.pdf},
HAL_ID = {hal-01894517},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T An Evaluation Tool for Physical Attacks
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%+ IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique)
%+ Objets communicants pour l'Internet du futur (OCIF)
%+ Direction générale de l'armement [Bagneux] (DGA)
%+ Inria Rennes – Bretagne Atlantique
%+ STMicroelectronics [Rousset] (ST-ROUSSET)
%+ DPACA [Gardanne]
%+ École des Mines de Saint-Étienne (Mines Saint-Étienne MSE)
%A Le Bouder, Hélène
%A Thomas, Gaël
%A Lashermes, Ronan
%A Linge, Yanis
%A Robisson, Bruno
%A Tria, Assia
%< avec comité de lecture
%( ADHOC-NOW 2018: Ad-hoc, Mobile, and Wireless Networks
%B ADHOC-NOW 2018 - International Conference on Ad-Hoc Networks and Wireless
%C Saint-Malo, France
%I Springer
%3 LNCS
%V 11104
%P 112-119
%8 2018-09-05
%D 2018
%R 10.1007/978-3-030-00247-3_10
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X The security issues of devices, used in the Internet of Things (IoT) for example, can be considered in two contexts. On the one hand, these algorithms can be proven secure mathematically. On the other hand, physical attacks can weaken the implementation. In this work, we want to compare these attacks between them. A tool to evaluate and compare different physical attacks, by separating the theoretical attack path and the experimental parts of the attacks, is presented.
%G English
%2 https://hal.archives-ouvertes.fr/hal-01894517/document
%2 https://hal.archives-ouvertes.fr/hal-01894517/file/Formalism.pdf
%L hal-01894517
%U https://hal.archives-ouvertes.fr/hal-01894517
%~ CNRS
%~ UNIV-UBS
%~ INSTITUT-TELECOM
%~ IRISA_SET
%~ UNIV-RENNES1
%~ CEA
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ IMT-ATLANTIQUE
%~ IMTA_SRCD
%~ DRT
%~ TEST-UR-CSS
%~ IRISA-OCIF-IMTA
%~ UNIV-RENNES
%~ UR1-MATH-STIC
%~ INRIA-RENNES
%~ INRIA_TEST
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ IRISA_IMTA
%~ INRIA-RENGRE
%~ PRACOM
Communication dans un congrès
Navas Renzo Efrain, Le Bouder Hélène, Cuppens-Boulahia Nora, Cuppens Frédéric, Papadopoulos Georgios
Demo: Do not trust your neighbors! A small IoT platform illustrating a man-in-the-middle attack
ADHOC-NOW: International Conference on Ad Hoc Networks and Wireless, Sep 2018, Saint-Malo, France. Proceedings ADHOC-NOW: International Conference on Ad Hoc Networks and Wireless, pp.1-6, 2018
Bibtext :
@inproceedings{navas:hal-01893999,
TITLE = {{Demo: Do not trust your neighbors! A small IoT platform illustrating a man-in-the-middle attack}},
AUTHOR = {Navas, Renzo Efrain and Le Bouder, H{\'e}l{\`e}ne and Cuppens-Boulahia, Nora and Cuppens, Fr{\'e}d{\'e}ric and Papadopoulos, Georgios},
URL = {https://hal.archives-ouvertes.fr/hal-01893999},
BOOKTITLE = {{ADHOC-NOW: International Conference on Ad Hoc Networks and Wireless}},
ADDRESS = {Saint-Malo, France},
HAL_LOCAL_REFERENCE = {19251},
PAGES = {1-6},
YEAR = {2018},
MONTH = Sep,
KEYWORDS = {IoT ; MITM attack ; IPv6 ; CoAP ; RPL ; E2e security},
PDF = {https://hal.archives-ouvertes.fr/hal-01893999/file/iot-mitm-2018-07-05-1229.pdf},
HAL_ID = {hal-01893999},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T Demo: Do not trust your neighbors! A small IoT platform illustrating a man-in-the-middle attack
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%+ Lab-STICC_IMTA_CID_IRIS
%+ Objets communicants pour l'Internet du futur (OCIF)
%A Navas, Renzo Efrain
%A Le Bouder, Hélène
%A Cuppens-Boulahia, Nora
%A Cuppens, Frédéric
%A Papadopoulos, Georgios
%< avec comité de lecture
%Z 19251
%( Proceedings ADHOC-NOW: International Conference on Ad Hoc Networks and Wireless
%B ADHOC-NOW: International Conference on Ad Hoc Networks and Wireless
%C Saint-Malo, France
%P 1-6
%8 2018-09-05
%D 2018
%K IoT
%K MITM attack
%K IPv6
%K CoAP
%K RPL
%K E2e security
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X This demonstration defines a small IoT wireless network that uses TI CC2538-OpenMote as hardware platform and state-of-the-art IETF network standards such as 6LoWPAN, RPL, and CoAP implemented by ContikiOS. The IoT nodes are controlled from outside the IoT network using end-to-end connectivity provided by IPv6-CoAP messages. We implement a man-in-the-middle attack that disrupts the normal behavior of the system. Our attack leverages on the inherent hierarchical routing topology of RPL-based IoT networks. The demonstration aims at highlighting the need for end-to-end source-authentication and authorization enforcement of information even inside a trusted IoT network. We also provide some insights on how these services can be offered in a IoT-friendly way.
%G English
%2 https://hal.archives-ouvertes.fr/hal-01893999/document
%2 https://hal.archives-ouvertes.fr/hal-01893999/file/iot-mitm-2018-07-05-1229.pdf
%L hal-01893999
%U https://hal.archives-ouvertes.fr/hal-01893999
%~ IMT-ATLANTIQUE
%~ CNRS
%~ UNIV-BREST
%~ UNIV-UBS
%~ INSTITUT-TELECOM
%~ IRISA_SET
%~ ENIB
%~ LAB-STICC
%~ UNIV-RENNES1
%~ IMTA_SRCD
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ LAB-STICC_IMTA_CID_IRIS
%~ IRISA-OCIF-IMTA
%~ UR1-MATH-STIC
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ TEST-UR-CSS
%~ LAB-STICC_IMTA
%~ IRISA_IMTA
%~ UNIV-RENNES
%~ INRIA-AUT
%~ PRACOM
Communication dans un congrès
Moussaileb Routa, Bouget Benjamin, Palisse Aurélien, Le Bouder Hélène, Cuppens-Boulahia Nora, Lanet Jean-Louis
Ransomware's Early Mitigation Mechanisms
ARES 2018 - 13th International Conference on Availability, Reliability and Security, Aug 2018, Hambourg, Germany. 2018, Proceedings of the 13th International Conference on Availability, Reliability and Security. 〈10.1145/3230833.3234691〉
Bibtext :
@inproceedings{moussaileb:hal-01894500,
TITLE = {{Ransomware's Early Mitigation Mechanisms}},
AUTHOR = {Moussaileb, Routa and Bouget, Benjamin and Palisse, Aur{\'e}lien and Le Bouder, H{\'e}l{\`e}ne and Cuppens-Boulahia, Nora and Lanet, Jean-Louis},
URL = {https://hal.archives-ouvertes.fr/hal-01894500},
BOOKTITLE = {{ARES 2018 - 13th International Conference on Availability, Reliability and Security}},
ADDRESS = {Hambourg, Germany},
SERIES = {Proceedings of the 13th International Conference on Availability, Reliability and Security},
YEAR = {2018},
MONTH = Aug,
DOI = {10.1145/3230833.3234691},
KEYWORDS = {Monitoring ; Intrusion Detection System ; Ransomware ; File System Traversal},
HAL_ID = {hal-01894500},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T Ransomware's Early Mitigation Mechanisms
%+ IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique)
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%+ Confidentialité, Intégrité, Disponibilité et Répartition (CIDRE)
%+ Laboratoire de Haute Sécurité (LHS - Inria)
%+ Objets communicants pour l'Internet du futur (OCIF)
%A Moussaileb, Routa
%A Bouget, Benjamin
%A Palisse, Aurélien
%A Le Bouder, Hélène
%A Cuppens-Boulahia, Nora
%A Lanet, Jean-Louis
%< avec comité de lecture
%B ARES 2018 - 13th International Conference on Availability, Reliability and Security
%C Hambourg, Germany
%3 Proceedings of the 13th International Conference on Availability, Reliability and Security
%8 2018-08-27
%D 2018
%R 10.1145/3230833.3234691
%K Monitoring
%K Intrusion Detection System
%K Ransomware
%K File System Traversal
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X Ransomware remains a modern trend. Attackers are still using cryptovirology forcing victims to pay. Notable attacks have been spreading since 2012, starting with Reveton's ran-somware attack to the more recent 2017 WannaCry, Petya and Bad Rabbit cyberattacks. This Ransomware as a Service (RaaS) can lure criminals into developing tools to perform an attack without previous knowledge of the cryptosystem itself. We present in this paper a graph-based ransomware countermeasure to detect malicious threads. It is a new mechanism that doesn't rely on previously used metrics in the literature to detect ransomware such as Shannon's entropy or system calls. An accurate detection is achieved by our solution. The per-thread file system traversal is sufficient to highlight the malicious behaviors. To the best of our knowledge , no previous study has been conducted in this area. The ransomware collection used in our experiments contains more than 700 active examples of ransomware, that were analyzed in our bar metal sandbox environment.
%G English
%L hal-01894500
%U https://hal.archives-ouvertes.fr/hal-01894500
%~ CNRS
%~ UNIV-UBS
%~ INRIA-RENNES
%~ IRISA_SET
%~ UNIV-RENNES1
%~ INRIA_TEST
%~ UR1-HAL
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ IMT-ATLANTIQUE
%~ SUP_CIDRE
%~ IMTA_SRCD
%~ TEST-UR-CSS
%~ IRISA-OCIF-IMTA
%~ UNIV-RENNES
%~ INRIA-RENGRE
%~ UR1-MATH-STIC
%~ CENTRALESUPELEC-SACLAY-VP
%~ UR1-UFR-ISTIC
%~ CENTRALESUPELEC-SACLAY
%~ IRISA_IMTA
%~ UNIV-PARIS-SACLAY
%~ PRACOM
Communication dans un congrès
Le Bouder Hélène, Thomas Gaël, Bourget Edwin, Graa Mariem, Cuppens-Boulahia Nora, Lanet Jean-Louis
Theoretical security evaluation of the Human Semantic Authentication protocol
SECRYPT 2018 - 15th International Conference on Security and Cryptography, Jul 2018, Porto, Portugal. 1, pp.332-339, Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. 〈10.5220/0006841704980505〉
Bibtext :
@inproceedings{lebouder:hal-01894470,
TITLE = {{Theoretical security evaluation of the Human Semantic Authentication protocol}},
AUTHOR = {Le Bouder, H{\'e}l{\`e}ne and Thomas, Ga{\"e}l and Bourget, Edwin and Graa, Mariem and Cuppens-Boulahia, Nora and Lanet, Jean-Louis},
URL = {https://hal-imt-atlantique.archives-ouvertes.fr/hal-01894470},
BOOKTITLE = {{SECRYPT 2018 - 15th International Conference on Security and Cryptography}},
ADDRESS = {Porto, Portugal},
SERIES = {Proceedings of the 15th International Joint Conference on e-Business and Telecommunications},
VOLUME = {1},
PAGES = {332-339},
YEAR = {2018},
MONTH = Jul,
DOI = {10.5220/0006841704980505},
KEYWORDS = {dynamic password ; Human Semantic Authentication protocol ; PIN code ; authentication ; shoulder surfing attack ; graphical password},
PDF = {https://hal-imt-atlantique.archives-ouvertes.fr/hal-01894470/file/main.pdf},
HAL_ID = {hal-01894470},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T Theoretical security evaluation of the Human Semantic Authentication protocol
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%+ IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique)
%+ Objets communicants pour l'Internet du futur (OCIF)
%+ DGA Maîtrise de l'information (DGA.MI)
%+ Confidentialité, Intégrité, Disponibilité et Répartition (CIDRE)
%A Le Bouder, Hélène
%A Thomas, Gaël
%A Bourget, Edwin
%A Graa, Mariem
%A Cuppens-Boulahia, Nora
%A Lanet, Jean-Louis
%< avec comité de lecture
%B SECRYPT 2018 - 15th International Conference on Security and Cryptography
%C Porto, Portugal
%3 Proceedings of the 15th International Joint Conference on e-Business and Telecommunications
%V 1
%P 332-339
%8 2018-07-26
%D 2018
%R 10.5220/0006841704980505
%K dynamic password
%K Human Semantic Authentication protocol
%K PIN code
%K authentication
%K shoulder surfing attack
%K graphical password
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X Using a secret password or a PIN (Personal Identification Number) code is a common way to authenticate a user. Unfortunately this protection does not resist an attacker that can eavesdrop on the user (shoulder surfing attack). The Human Semantic Authentication (HSA) protocol proposes a solution against this attack. The main idea is to have concept passwords and to propose images that the user must correctly select in order to authenticate. A concept can be represented by different pictures, so one observation is not enough to retrieve the secret. In this paper, the security/efficiency trade-off in the HSA protocol is evaluated. A probabilistic approach is used. Under the assumption that the picture/concept database is known to the attacker, we show that HSA is barely more resistant to shoulder surfing attacks than a PIN code. More precisely we show that the probability to retrieve the secret concept password increases rapidly with the number of observations. Moreover the constraints on the size of the picture/concept database are very difficult to satisfy in practice.
%G English
%2 https://hal-imt-atlantique.archives-ouvertes.fr/hal-01894470/document
%2 https://hal-imt-atlantique.archives-ouvertes.fr/hal-01894470/file/main.pdf
%L hal-01894470
%U https://hal-imt-atlantique.archives-ouvertes.fr/hal-01894470
%~ IMT-ATLANTIQUE
%~ CNRS
%~ UNIV-UBS
%~ INRIA-RENNES
%~ IRISA_SET
%~ UNIV-RENNES1
%~ INRIA_TEST
%~ CENTRALESUPELEC
%~ IRISA
%~ INRIA
%~ SUP_CIDRE
%~ IMTA_SRCD
%~ TEST-UR-CSS
%~ IRISA-OCIF-IMTA
%~ UNIV-RENNES
%~ INRIA-RENGRE
%~ UR1-MATH-STIC
%~ CENTRALESUPELEC-SACLAY-VP
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ CENTRALESUPELEC-SACLAY
%~ IRISA_IMTA
%~ UNIV-PARIS-SACLAY
%~ PRACOM
Article dans une revue
Le Bouder Hélène, Palisse Aurélien
Quand les malwares se mettent à la cryptographie
Bibtext :
@article{lebouder:hal-01827607,
TITLE = {{Quand les malwares se mettent {\`a} la cryptographie}},
AUTHOR = {Le Bouder, H{\'e}l{\`e}ne and Palisse, Aur{\'e}lien},
URL = {https://hal.inria.fr/hal-01827607},
JOURNAL = {{Interstices}},
PUBLISHER = {{INRIA}},
YEAR = {2018},
MONTH = Feb,
KEYWORDS = {s{\'e}curit{\'e} informatique ; cryptographie ; antivirus ; malware ; ransomware ; logiciel malveillant},
HAL_ID = {hal-01827607},
HAL_VERSION = {v1},
}
Endnote :
%0 Journal Article
%T Quand les malwares se mettent à la cryptographie
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%+ Threat Analysis and Mitigation for Information Security (TAMIS)
%A Le Bouder, Hélène
%A Palisse, Aurélien
%< sans comité de lecture
%@ 2270-6224
%J Interstices
%I INRIA
%8 2018-02-07
%D 2018
%K sécurité informatique
%K cryptographie
%K antivirus
%K malware
%K ransomware
%K logiciel malveillant
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Journal articles
%X Monsieur Raoul commence sa journée devant son ordinateur tout en sirotant son café : il consulte ses mails, parcourt des sites d’actualité, joue à un petit jeu en ligne gratuit... Un peu plus tard, une fenêtre apparaît à l’écran, lui indiquant que ses données sont prises en otage et qu’il doit payer une rançon pour les récupérer !
%G French
%L hal-01827607
%U https://hal.inria.fr/hal-01827607
%~ INRIA-MECSCI
%~ CNRS
%~ UNIV-UBS
%~ INRIA-RENNES
%~ IRISA_SET
%~ UNIV-RENNES1
%~ INRIA_TEST
%~ CENTRALESUPELEC
%~ INTERSTICESTEST
%~ IRISA
%~ INRIA
%~ CHAIRE-CYBERSECURITE
%~ TEST-UR-CSS
%~ UNIV-RENNES
%~ INRIA-RENGRE
%~ UR1-MATH-STIC
%~ UR1-HAL
%~ UR1-UFR-ISTIC
%~ IMT-ATLANTIQUE
%~ IMTA_SRCD
%~ IRISA_IMTA
Communication dans un congrès
Couroussé Damien, Barry Thierno, Robisson Bruno, Belleville Nicolas, Jaillon Philippe, Potin Olivier, Le Bouder Hélène, Lanet Jean-Louis, Heydemann Karine
All paths lead to Rome: Polymorphic Runtime Code Generation for Embedded Systems
Fifth Workshop on Cryptography and Security in Computing Systems, Jan 2018, Manchester, United Kingdom. ACM, pp.17-18, 〈10.1145/3178291.3178296〉
Bibtext :
@inproceedings{courousse:emse-02011053,
TITLE = {{All paths lead to Rome: Polymorphic Runtime Code Generation for Embedded Systems}},
AUTHOR = {Courouss{\'e}, Damien and Barry, Thierno and Robisson, Bruno and Belleville, Nicolas and Jaillon, Philippe and Potin, Olivier and Le Bouder, H{\'e}l{\`e}ne and Lanet, Jean-Louis and Heydemann, Karine},
URL = {https://hal-emse.ccsd.cnrs.fr/emse-02011053},
BOOKTITLE = {{Fifth Workshop on Cryptography and Security in Computing Systems}},
ADDRESS = {Manchester, United Kingdom},
PUBLISHER = {{ACM}},
PAGES = {17-18},
YEAR = {2018},
MONTH = Jan,
DOI = {10.1145/3178291.3178296},
HAL_ID = {emse-02011053},
HAL_VERSION = {v1},
}
Endnote :
%0 Conference Proceedings
%T All paths lead to Rome: Polymorphic Runtime Code Generation for Embedded Systems
%+ Département d'Architectures, Conception et Logiciels Embarqués-LIST (DACLE-LIST)
%+ Département Systèmes et Architectures Sécurisés (SAS-ENSMSE)
%+ École des Mines de Saint-Étienne (Mines Saint-Étienne MSE)
%+ Institut Henri Fayol (FAYOL-ENSMSE)
%+ Département Informatique et systèmes intelligents ( FAYOL-ENSMSE)
%+ Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD)
%+ DMI
%+ Architecture et Logiciels pour Systèmes Embarqués sur Puce (ALSOC)
%A Couroussé, Damien
%A Barry, Thierno
%A Robisson, Bruno
%A Belleville, Nicolas
%A Jaillon, Philippe
%A Potin, Olivier
%A Le Bouder, Hélène
%A Lanet, Jean-Louis
%A Heydemann, Karine
%< avec comité de lecture
%B Fifth Workshop on Cryptography and Security in Computing Systems
%C Manchester, United Kingdom
%I ACM
%P 17-18
%8 2018-01-24
%D 2018
%R 10.1145/3178291.3178296
%Z Computer Science [cs]/Modeling and SimulationConference papers
%X In the landscape of cybersecurity, a large field of research is dedicated to physical attacks since the publication of the first attacks in the early 1990s. Side-channel attacks can reveal the secret values processed in a circuit by observing physical quantities (power consumption, electromagnetic emissions, execution time, etc.). Physical attacks constitute an important threat against embedded systems; in particular, they are the most effective way to break implementations of cryptography. The Smart Cards industry is up with the design of countermeasures, and high security products embed a large set of hardware and software countermeasures. With the emergence of the Internet of Things, we observe a rapid increase of the number of communicating devices, which present various security needs, but also unequal levels of security [7]. Hence, we advocate for the design of tools to automate the application of Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. In the COGITO project, we focused on the use of runtime code generation to introduce behavioural variability in embedded systems. Indeed, behavioural variability is often used as a protection against physical attacks [6]. Security products embed hardware and software desynchronisation mechanisms to achieve variability in side-channels: for example clock jitters in hardware or dummy loops of random duration in software. We defined code polymor-phism as the capacity of a program component to vary its observable behaviour, at runtime, without altering its functional properties. Code polymorphism can be considered as a hiding countermeasure: the information leakage, which is observable physical quantities during the secured computation, is hidden in the information noise produced by the behavioural variability generated by the poly-morphism. However, code polymorphism alone does not remove information leakage as it would be the case with masking countermeasures. We implemented code polymorphism with runtime code generation of machine binary instructions (Fig. 1): the polymorphic component is composed of (1) dedicated runtime code generators, specialised for the targeted component so that it presents a low memory footprint and a short code generation time, and (2) of polymorphic instances which are the many code variants produced by the polymorphic code generator at runtime. In order to produce many code variants of the same functional component, the runtime code generator is driven by a source of random data. The successive execution of many polymorphic instances, which are all functionally equivalent but composed of different series of machine instructions, will induce a strong variability in the observable behaviour of the polymorphic component.
%G English
%L emse-02011053
%U https://hal-emse.ccsd.cnrs.fr/emse-02011053
%~ EMSE
%~ FAYOL-ENSMSE
%~ ISCOD-ENSMSE
%~ CNRS
%~ UNILIM
%~ INSTITUT-TELECOM
%~ TDS-MACS
%~ CEA
%~ XLIM-DMI
%~ CEA-UPSAY
%~ CEA-UPSAY-SACLAY
%~ DRT
%~ LIST
%~ SORBONNE-UNIVERSITE
%~ UNIV-PARIS-SACLAY
%~ SORBONNE-UNIV
%~ IMT-ATLANTIQUE
%~ IMTA_SRCD
Voir toutes les publications