French (Network) Security Research Activities Serge Fdida University Paris 6 & CNRS

Serge Fdida – CNRS – Sept’05

French (Network) Security Research Activities

Serge FdidaUniversity Paris 6 & CNRS

Contributions from Michel Riguidel (ENST)

French/Japanese Joint Symposium on Computer Security Tokyo – September 2005


Background

• Research activity on Security in France was quite fragmented

• Some strong communities – Cryptography (Research Action “ACI”)– Proof & Formal methods– Dependability, Reliability

• Industrial / Gov interests• Limited public funding• Security (at large) not recognized as a noble

area and found to be limited in scope!• Lack of programs in Education


Background (2)

• Security is multidisciplinary,• Incentives to bring researchers into this area• Expose this area as a priority• Initiatives launched in 2003 :

– ACI (Joint Incitative Research Action) – Ministry of Research/INRIA/CNRS

• Head by Claude Kirchner

– RNRT (National Research Network in Telecommunications) – special focus

• Monitored by Michel Riguidel (ENST)

– Strong link with Europe IST FPs– STIC/Asia Program– Expert Committee on Security at CNRS


Security Targets

• Homeland (Defense)• Critical Infrastructures (semi public, semi private)

– Trust to fight against cyber terrorism, strong cybercriminality

– Safety, Security, Dependability– Crisis management, public awareness– Resilience

• Cybersecurity (public, private)– Trust to fight against hackers, cybercriminality,

espionage, etc– Security, Dependability– Privacy– Resilience


Emergence of new security challenges

• Critical infrastructure protection – Large scale complex systems (ICT + physical

infrastructure) with interdependencies: Electricity power, water supply, networks, etc

– We need robust and resilient infrastructures to reduce vulnerabilities

• Security of Smart spaces or Ambient Intelligence– Pervasive and ubiquitous computing

• Electronic devices, sensors : disseminated, not supervised

– We need to introduce ambient security• Global Localization Information, Global Identification


Emergence of new security challenges (2)

• Networked communication systems (self-x architectures)– Self organizing networks, architectures of Internet caches &

mirrors, DNS-Sec, – Self healing architecture, privacy in mobile networks

• Grid security– Reconfigurable distributed organization to provide a service

• Spontaneous real time organization– We need

• To secure the grid (components & infrastructure)• To be protected from malicious grids (ethical computations)

• Content protection– Video distribution, DRM, …

• Require– Fundamental research– Application & Test-Beds (measurement, honeyspots, …)


RNRT Security Call For Projects in 2005

http://www.telecom.gouv.fr/rnrt/index.htm


RNRT

• Created in 1998– Fund 212 projects, 200 M€, Cost 440 M€

• Funding to launch calls in the area of Telecommunications and Networking

• Joint projects : Industry, Academia, SMEs• Budget of about 30Me for 2005• Peer with RNTL (Software), RIAM (Multimedia)• Linked with ARA SIASE (C. Kirchner)


Security (1)

• The 2005 Call for Projects addresses the new practices & modern approaches in Security– Security of software & Content Distribution

• Digital Rights Management, Intellectual Property Rights, …

– Security of New Architectures & Paradigms• Grids, P2P, Ad-hoc, …

– ”Just-in-Time” Security• Downloading patches, weekly or daily Software upgrades,

reconfigurability

– Security Crisis Management


Security (2)

• The Call for Projects is focused on security of Complex Systems or Infrastructures– With heterogeneous technologies– Taking into account non functional properties

(mobility, interoperability, flexibility, …)• Infrastructures, Networks, Very Large Information Systems• Networks & Information Systems (enterprise, personal)• Multimedia Content


Security (3)

• IT networksInternet, WiFi, Enterprise LANs, Bluetooth, RFId,

Sensors, …

• Telecom InfrastructuresSatellites constellations, telecom networks, mobile

networks (GSM, GPRS, UMTS, WiMax)

• Broadcast networks (TV, Radio)Content protection, digital movies … (trust digital chain)

• Information SystemsGovernment, Enterprise, Home & Personal Networks


Security (4)

• Security Functions’ point of view– Identity of a physical person

• biometry, with trusted personal entity – smart cards, etc

– Authentication• with digital signature, labeling or watermarking

– Audit• facts accountability, personal accountability, traceability

– Management of rights, privilege, etc– Authorizations

• with security policy

– Security Management• tools administration, overall assessment of the security assurance

level


ARA SIASE

• Follow-on of the ACI Security

• Presentation by Claude Kirchner …


Europe

• National / European projects• French academic & Industry are largely

involved• Integrated Projects• Networks of Excellence• STREPs• Security in FP6• Security in FP7


Security in FP6with France participation


Europe FP6 – some examples

• NoE FP6 - ECRYPT : Cryptography, J Stern (LIENS). INRIA.

• IP FP6 - SEINIT : Network Security. M Riguidel (LTCI) head of the project

• IP FP6 - SECOQC : Quanta cryptography. Philippe Grangier (CNRS, Laboratoire C Fabry de l’Institut d’Optique) and M Riguidel involved

• IP FP6 - PRIME : Privacy (Privacy) and Identity management. Y Deswarte (CNRS) and R Molva (GET) involved.

• IP FP6 - e-JUSTICE : Common secured exchange platform for administrative information's. R Molva (GET).

• IP FP6 – INSPIRED : Personal data authentication. INRIA involved.

• NoE FP6 – Biosecure : Biometry (GET).


• To define, develop, teach, test and prepare the deployment of a complete and innovative system to improve security of the communities and the privacy of the bearers, and to provide interoperable keys to digital information.

• Research on security will focus on smart identity cards, on-chip combined biometrics, cryptography and PKI interoperability, and rights management.

• Eurecom, Thales, Greffe Tribunal Paris

e-JUSTICE : Towards a global security and visibility framework for Justice in Europe


INSPIRED : Integrated Secure Platform for Interactive Personal Devices

• To specify and develop a new generation of secure portable devices called Trusted Personal Device (TPD), addressing the main requirements for trust and security of the information society

• The TPD technology can provide devices that will combine a fully integrated security architecture (HW, SW, OS, communications…) with ultra-portability, low-cost, and advanced networking and mobile communication features.

• INRIA, Gemplus, Schlumberger, …


PRIME : Privacy and Identity Management for Europe

• To research and develop approaches and solutions for privacy-enhancing identity management,

• The project will address foundational technologies (human-computer interface, ontologies, authorisation, cryptology), assurance and trust, and architectures.

• Application scenarios, including on-line healthcare systems, location based services, privacy preserving customer databases, anonymous access to infrastructure for mobile workers, privacy enhancing ambient intelligence.

• IBM fr, LAAS-CNRS, Eurecom


s-BORDER : Privacy respectful and threat tuneable traveller smart monitoring system

• To promote the early adoption of Automated Travel Document Control and Risk Assessment systems during the various phases of the travel, including the border control,

• Technologies such as advanced biometrics, contactless chip circuits, digital certificates and scoring systems to both automate the flow of no-risk passengers and allow detecting potential risky ones,

• France Telecom, Gemplus, Sagem


SECOQC : Development of a Global Network for Secure

Communication based on Quantum Cryptography

• To specify, design and validate the feasibility of an open Quantum Key Distribution (QKD) infrastructure dedicated to secure communication as well as to fully develop the basic enabling technology.

• The S&T objectives are: to design physical devices ready to allow applicable Quantum Key Distribution

• University Nice, Thales, Laboratoire d’Optique, ENST


SEINIT : Security Expert INITiative

• To ensure a trusted and dependable security framework, ubiquitous, working across multiple devices, heterogeneous networks, being organization independent (interoperable) and centered on the ambient intelligence around an end-user.

• The project will explore new security models and build the architecture and components to address the nomadic, pervasive, multi-players communicating world (IPv6)

• Thales, ENST, 6Wind


ECRYPT : European Network of Excellence in

Cryptology

• To ensure a durable integration of European research in both academia and industry and to maintain and strengthen the European excellence in these areas.

• 35 leading players will integrate their research capabilities within 5 virtual labs focused on : symmetric key algorithms, public key algorithms, protocols, implementation, watermarking. These labs will advance the state of the art in their domains and develop common tools,

• ENS, Gemplus, Cryptolog, CNRS


Security in FP7

• A proposal for Strategic Objectives of the FP7 : “embracing all the security paradigms of the past 30 yrs and the next 10 years”

• Security, Trust & Dependability of– the new pervasive digital landscape & ambient

intelligence• Infrastructures of the digital urbanization

– Interdependencies, survivability, robustness, resilience, maintenance of trust

• Massive passive and low-energy wireless autonomous computers (RFIds, etc)

• Peer to peer and new spontaneous architectures (grids…)– Security of distributed virtual operating systems

– embedded systems & end-user terminals• Security of hardware (smart cards, low energy, …)• Security of new nanokernels & operating systems


Security in FP7 (con’t)

• Privacy of European citizens – with a set of profiles of virtual identities

• Biometry, personal attributes• History elements (Tracing activities to be checked, that can

be deactivated)– And with trusted personal entities

• Security of complex and/or massive computing & services & data & knowledge– Large databases, web services, semantic web– Grids of computations– Distribution of content, mobile code– Virtual communities


ThanksBabel Tower : Security Management

How to secure & to manage the security infrastructure ?


CNRS STIC

Presentation



Key elements

• Around 26 000 employees of whom 11 600 are researchers 14 400 are engineers and administrative staff

• 1 170 research units (85 % are associated with universities)

• An annual budget of 2,6 billion euros


Board of Trustees

President

General DirectorRegional Director

IDF

DeputyGeneral

Secretary

Strategic Planning Mission

Scientific department V - 3

National council on scientific research

Regional DirectorNE

Regional DirectorNW

General SecretaryAnd DRH

General ScientificDirector

Regional DirectorSE

Regional DirectorSW

Regional EuropeanInternational

Director

Director of industrialand technology transfer

Communication director

Institute – IN2P3 - 1

Institute - INSU - 2

Scientific department - HS - 4

Scientific department C - 2

Scientific department - MIPPU - 1

Transversal Department EDD – 1

Transversal Department I – 2

(for 2006)


The STIC Department

http://www.cnrs.fr/STIC/


Our partners

• Universities

• INRIA (The French national institute for research

in computer science and control

• CEA (Atomic Energy Commission)

• GET (Education et Research in Information and

Communication Technologies)

• etc.


Staff in the STIC Labs May 2005

• CNRS researchers 813

• Researchers from other organizations 326 5334

• Permanent university staff 4195

• Ph.Ds. 4778

• Post-docs 321 5099

• CNRS engineering and

administrative support staff 809

• from organizations 353 1746

• from universities 584

• TOTAL 12 179


Regional centers

Brest

Besançon

Compiègne

Strasbourg

Orléans

Rouen

Troyes

Tours

Dijon

Avignon

Belfort

Poitiers

Vannes

Le Mans

Amiens

Ile de France

Grenoble

Toulouse

Brest

LensLille Valenciennes

Nancy

Metz

LyonSaint-

Etienne

Lannion

Bordeaux

Nice

Montpellier

Nantes

Marseille

Angers

Main centersMain centers

Secondary centersSecondary centers


Resources

• 23 M€ total budget (excluding salaries)

• 30 to 35 new permanent research positions per year

• 40 new engineering and administrative positions per

year

• 16 short-term positions (typically 3 years)

• 40 post-doc positions (1 year)

• 40 Ph.D. grants

• 60 research positions for university staff


Research units

• 114 laboratories

• 9 federations

++

• 14 joint laboratories with industry

• 10 international laboratories


International priorities of STIC department

• Europe

• Asia China India Japan

• North America


Amérique du NordUn laboratoire mixte international

GEORGIA TECH (Atlanta)1 PICS

Amérique centrale2 Laboratoiresmixtes: LAFMI-

LAFMAA

Europe communautaire

2 LEA(Suisse Belgique)

RUSSIE1 Laboratoire Commun1 jumelage1 PICS

HORS JAPON

3 Laboratoires communs -

IPAL: SingapourLIAMA: ChineMICA :Vietnam

1 PICS

AUSTRALIE1 PICS

JAPONLIMMS/CIRMM

JRL1 PICS

Main International Institutional CooperationMain International Institutional Cooperation

Russia1 common lab1 twinning program1 scientist exchange program

North AmericaInternational common lab

Georgia Tech (Atlanta)Scientist exchange program

European communauty

2 european associated laboratoriesSwitzeland and Belgium

Central America2 Associated

LaboratoratoriesLAFMI LAFMAA

3 years term

Asia Outside Japan

3 commons labsIPAL : Singapore

LIAMA : ChinaMICA : Vietnam

1 Scientist exchange program

JapanLIMMS/CIRMM2 Common labs

JRL (project)1 Scientist exchange

program

Australia1 scientist exchange

program

Information and Communication Sciences and Technologies


Partnerships in Japan

JRL : Joint Robotic Laboratory

– AIST: National Institute of Advanced Industrial Science and

Technology with CNRS

– ISRI : Intelligent Systems Research Institute with STIC

LIMMS : Laboratory for Integrated Micro-Mechatronic Systems

– IIS : Institute of Industrial Science, The University of Tokyo

– CNRS

CIRMM : Center for International Research on Micro-Mechatronics

– IIS : Institute of Industrial Science

Documents

French (Network) Security Research Activities Serge Fdida University Paris 6 & CNRS