Projects
-
Project SVP of PEPR Cybersecurity – Verification of Security Protocols
Stéphanie Delaune
2022-2028
The security of a system is based above all on the quality of its primitives and on the way they are assembled to form protocols. While the knowledge of primitive analysis is very advanced, the maturity of the protocol design domain is far below expectations. Breaking and repairing are thus the daily routine of the protocols. In the hyperconnected context of our information systems, the SVP project’s objective is to allow the analysis of protocols deployed or in the process of being deployed, both at the level of the specifications of these protocols and of their implementations. We wish to develop techniques and tools that allow the implementation of solutions whose security will no longer be questioned in a cyclical manner.
-
Project REV of PEPR Cybersecurity – Research and Exploitation of Vulnerabilities
Mohamed Sabt
2022-2028
The REV project (Research and Exploitation of Vulnerabilities), coordinated by Aurélien Francillon (Eurecom), studies attacks on digital systems (such as smartphones and connected devices). These targets are now complex systems, and the project will be interested in all their layers – hardware, software, and communication interfaces (Web and IoT). The results of the project could potentially be applied in forensics, criminology, or even in vulnerability remediation.
-
Project IPOP of PEPR Cybersecurity – Interdisciplinary Project on Privacy
Tristan Allard
2022-2028
Digital technologies provide services that can greatly increase quality of life (e.g. connected e-health devices, location based services or personal assistants). However, these services can also raise major privacy risks, as they involve personal data, or even sensitive data. Indeed, this notion of personal data is the cornerstone of French and European regulations, since processing such data triggers a series of obligations that the data controller must abide by. This raises many multidisciplinary issues, as the challenges are not only technological, but also societal, judiciary, economic, political and ethical. The objectives of this project are thus to study the threats on privacy that have been introduced by these new services, and to conceive theoretical and technical privacy-preserving solutions that are compatible with French and European regulations, that preserve the quality of experience of the users. These solutions will be deployed and assessed, both on the technological and legal sides, and on their societal acceptability. In order to achieve these objectives, we adopt an interdisciplinary approach, bringing together many diverse fields: computer science, technology, engineering, social sciences, economy and law.
-
ANR JCJC DRAMA – Attacks and Analysis of DRMs
Mohamed Sabt
2023-2027
Nowadays, most content providers rely on DRM (Digital Right Management) to protect their media from illegal distribution. Modern DRM systems ship content in an encrypted form, and then control their decryption through authorised modules on users’ devices. Unfortunately, the (in)security of deployed DRMs has a long history of hacking and patching. The design and implementation of secure DRM constitutes a major challenge at the intersection of three areas: complex software analysis, cryptography and protocols verification. Convincing solutions to this challenge would not only benefit industry, but also allows users to protect their own intellectual property, while leveraging open technologies. The DRAMA project aims to advance the state of the art in this area, especially in terms of the security guarantees offered by DRM systems. Indeed, our goal is twofold: (1) identifying common attack vectors within deployed DRMs, and (2) formally studying existing open DRM standards. This would help formalizing previously unstudied security properties (e.g., content piracy), as well as improving software analysis techniques of obfuscated code.
-
Chaire Fondation Université de Rennes “Cybersécurité, protection des données, et droits fondamentaux”
Tristan Allard, Brunessen Bertrand
2024-2027
The main objective of this project is to address the concerns of individuals and organisations that collect data, by providing stronger confidentiality guarantees regarding personal data management and sharing. This project brings together experts in computer science and law, with the goal of proposing concrete solutions: how to protect fundamental rights using personal data protection techniques? This project aims both at designing data protection techniques dedicated to storing and sharing personal data, using modern approaches for anonymisation and encryption; and at analysing legal guarantees that are needed to protect privacy.
-
BPI RESQUE
Joseph Lallemand
2023-2026
Project RESQUE aims at developing protocols and VPN systems that integrate post-quantum cryptographic primitives in an agile way, relying on the algorithms from the PQ NIST standard call for signature and key exchange. The systems produced by the project will be adapted for use by companies and public institutions.