The core cybersecurity tools which protect our business functions, network architectures and information assets from cyber threats rely almost exclusively on cryptographic tools and standards that will be broken by emerging quantum technologies.

In December 2016, the NIST 15 has initiated a process to develop and standardize additional public-key cryptographic algorithms, resilient to quantum computers, in order to maintain reliable information systems and protect our security and privacy chain (confidentiality, integrity, authentications and signature schemes). One of the goals of the Cybersecurity Institute is to evaluate and improve different quantum-safe NIST candidates and to develop hardware quantum-safe crypto primitives “secure by design” for both low-cost and/or low-power devices.

In the field of cryptography, our research interests also focus on:

  • symmetric encryption
  • cryptographic mechanisms and security models
  • secure distributed computations
  • zero-knowledge protocols
  • blockchain technology
  • random number generation
  • detection of image falsification

MPHELL is a versatile ECC library, written in C, based on unified arithmetics with a focus on protection against simple power analysis and an abstract layer for easy customisations.

See more

Resilient critical infrastructures

In the context of the factory of the future, the technological evolution of industrial control systems (ICS) has led to the digitization of production systems, their connection with the company's information systems and the rise of industrial IoT.

This evolution makes these systems as well as nationwide infrastructures such as transport, energy and telecommunication networks very vulnerable to computer malicious acts.

Taking into account the inherent legal, political, economic and technical factors of the industry, the Cybersecurity Institute aims to deliver a comprehensive solution for the enhancement of the resilience of the “Factory 4.0” against cyberattacks including “secure by design” infrastructures, components and processes.

G-ICS Sandbox (it is pronounced Geeks Sandbox) is an industrial communication systems learning workshop and a control systems cybersecurity exploration lab.

See more

IoT & Hardware protections

With the rise of the Internet Of Things (IoT), billions of interconnected objects will soon be in the hands of billions of users, controlling many aspects of our everyday lives.

These systems represent a great opportunity but they are also a challenge for security and privacy.

The goal of the Cybersecurity Institute is to provide low-cost hardware solutions implementing security services and improving the resilience of IoT devices against cyberattacks.

CADP ("Construction and Analysis of Distributed Processes") is a popular toolbox for the design and verification of asynchronous concurrent systems, such as communication protocols, distributed systems, asynchronous circuits , multiprocessor architectures, web services, etc. CADP offers a wide set of functionalities, ranging from step-by-step simulation to massively parallel model-checking

See more

SERENE-IoT addresses the needs of patients remotely followed by professional caregivers by developing advanced smart e-health IoT devices and architecture in Europe.

SERENE-IoT will contribute to the evaluation of the secured end-to-end IoT system platform in real scenarios including the proposed healthcare data structure, demonstrating in such way the achieved benefits.

See more

Prevention & reaction to attacks

The Cybersecurity Institute takes on a global approach to the problem of the prevention and reaction to cyberattacks, from a both a technical and legal standpoints. This includes:

  • methodologies and tools supporting vulnerability analysis, producing defensive systems which can be physically attacked, executed into hostile environment or reversed
  • the study of the problems of "active cyberdefense" and "hack-back" from the point of view of international, european and comparative law

The CYBIS project aims to make indicators and tools available to the general public and researchers to analyze recent and current conflicts ( in a broad sense including cybersecurity), in order to facilitate the understanding and analysis of cyberattacks, terrorism and armed conflicts.

Ultimately, the project will closely combine various types of media, such as databases, an interactive website, software, training, conferences and seminars, articles, reports and files in publications.

See more

B4MSecure is an Eclipse platform dedicated to formally reason about data models and associated access control policies. The platform acts on three steps :

  • Graphical data modeling with UML class diagrams using the Papyrus tool
  • Modeling of security policies using a UML profile (SecureUML) for the Role Based Access Control (RBAC) model
  • Translation of both models into B specifications in order to formally reason about them and find possible insider threats.

The B4MSecure platform is distributed under the LGPL v3 licence.

See more

Software vulnerabilities

Nowadays, dynamic and static evaluation of software robustness against all forms of attacks is mandatory for building trust and ensuring a given level of security.

The Cybersecurity Institute aims at developing innovative certification and protection methods for embedded software.

LAZART is a tool based on concolic execution that evaluates the robustness of LLVM code against multi- fault attacks.

See more

FISSC is a collection of C codes with countermeasures against fault injections associated to attack scenarios.

See more

BISM is a bytecode-level instrumentation tool for Java-bytecode based language that features an expressive yet high-level control-flow-aware instrumentation API. BISM can be used for static and dynamic analysis of programs.

In particular, BISM was used to instrument programs to detect test inversion and arbitrary jump attacks.

See more

The CLAM project aims at securing the software components (e.g., microprocessors and microcontrollers) intended for the IoT market, as well as for critical Cyber Physical Systems.

It requires, on the one hand, analyzing their vulnerabilities and, on the other hand, defining hardware and software countermeasures at the most appropriate cost.

See more