SODA-IIoT4CriticalNetworks: Keep your Trusted Gateway for sensitive infrastructure up-to-date with Blockchain

International audienceFounded on a trusted computing base EAL5+ certified and labelled “France Cybersecurity”, CrossingG ® meets the requirements of partitioning and filtering to which Information Systems of Vital Importance are subject.★Enable the controlled exchange between networks of different domains or levels of confidentiality. ★Neutralize attacks on sensitive or remote systems by controlling data flows.★Prevent data leak.★Code-designed with Bertin IT, SODA-IIoT4CriticalNetworks offers a secure way to update engine and rules

SODA-IIoT4RailTransport: Application to Railway Signalling System to ensure correct configuration through secure updates

Co-designed with Alstom Transport, SODA-IIoT4RailTransport offers a secure way to update the configuration of the railway signalling systemInternational audienceRailway urban systems are complex interconnected systems combining heterogeneous components (Control system based on some hardware and software components, communication devices and physical plant)One important maintenance function for Alstom is to update a coherent configuration in a secure manner. In this work, this function is performed by the SODA-IIoT infrastructure developed within IRT SystemX.The configuration parameters (firmware, OS, drivers, applications, operation parameters...) of these computational nodes are updated through a blockchain infrastructure (with redundant nodes) and secure gateways (manage access rights and secure communications). In this manner, the integrity of a new configuration is ensured and with high availability

SODA-IIoT4Energy: Blockchain-based Access Control to manage smart meter credentials & access rights for Smart Grids

International audienceCo-designed with Engie and Gemalto, SODA-IIoT4Energy offers an access control paradigm whereby access rights are granted to smart meters through the use of security policies stored inside a blockchain.The demonstrator is specific in that it mostly relies on entities deployed at Engie customer premises (the smart meters), which gain uplink connectivity through concentrators, each serving an entire cluster. The smart meters use highly robust, low throughput, wide-range communications to exchange data with the concentrator. For example, LoRaWAN, Sigfox, NB-IoT,... , 6LoWPAN over power-line communication, and/or WiFi mesh can be used to form clusters and transmit various data including consumption reports, alarms (uplink), software updates or reconfiguration commands (downlink)

SODA-IIoT4ConnectedCars: Spread updates between cars with limited Internet access

International audienceA blockchain infrastructure, combined with cryptographic signatures, can improve availability and accountability for the deployment of IoT updates.However, cars with limited or intermittent Internet access may have difficulties in downloading full updates fromthe blockchain. Therefore, we allow cars that successfully downloaded updates to share them with other cars by means of a Peer-to-Peer (P2P) mechanism

Towards Better Availability and Accountability for IoT Updates by means of a Blockchain

International audienceBuilding the Internet of Things requires deploying a huge number of devices with full or limited connectivity to the Internet. Given that these devices are exposed to attackers and generally not secured-by-design, it is essential to be able to update them, to patch their vulnerabilities and to prevent hackers from enrolling them into botnets. Ideally, the update infrastructure should implement the CIA triad properties, i.e., confidentiality, integrity and availability. In this work, we investigate how the use of a blockchain infrastructure can meet these requirements, with a focus on availability

Authentification par reconnaissance de visages en chiffrement homomorphe

International audienc

SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection System up-to-date

International audienceCo-designed with FPC Ingénierie, SODA-IIoT4Factory offers a secure way to update CyPRES rule engines & cyber security/attack models.CyPRES is an intelligent IDS that strengthens industrial information systems. It learns then verifies the operation and behaviour of the system to the lowest level of detail. It detects the first signs of attacks before damage is incurred

SODA-IIoT4Factory: Blockchain to keep the A.I. of your Intrusion Detection System up-to-date

International audienceCo-designed with FPC Ingénierie, SODA-IIoT4Factory offers a secure way to update CyPRES rule engines & cyber security/attack models.CyPRES is an intelligent IDS that strengthens industrial information systems. It learns then verifies the operation and behaviour of the system to the lowest level of detail. It detects the first signs of attacks before damage is incurred

An architecture for practical confidentiality-strengthened face authentication embedding homomorphic cryptography

International audienceIn this paper, we propose and experiment a system architecture which intends to significantly strengthen the security of biometric authentication with respect to the confidentiality(by design) of the users' references needed to perform such a function. Our architecture has been designed to ensure that these biometric references are permanently encrypted and that the (single) server processing them has no decryption capability (in particular, does not have access to any decryption key). In order to do so, we use homomorphic encryption techniques which allow to perform calculations directly over encrypted data. We report on the careful architectural choices and agressive optimizations we had to make in order to be able to deploy an off-the-shelf face recognition module into this architecture. As the performance results presented in the paper demonstrate, we claim to have achieved practically relevant levels of performance and security in a realistic setting

An architecture for practical confidentiality-strengthened face authentication embedding homomorphic cryptography

International audienceIn this paper, we propose and experiment a system architecture which intends to significantly strengthen the security of biometric authentication with respect to the confidentiality(by design) of the users' references needed to perform such a function. Our architecture has been designed to ensure that these biometric references are permanently encrypted and that the (single) server processing them has no decryption capability (in particular, does not have access to any decryption key). In order to do so, we use homomorphic encryption techniques which allow to perform calculations directly over encrypted data. We report on the careful architectural choices and agressive optimizations we had to make in order to be able to deploy an off-the-shelf face recognition module into this architecture. As the performance results presented in the paper demonstrate, we claim to have achieved practically relevant levels of performance and security in a realistic setting