Title: Digital Responsibility in Action
Looking at the past few years both in terms of security incidents and public policies we must acknowledge our society is steadily but surely drifting towards a dystopian digital society. People are blissfully enjoying a rampant invasion of their rights aggressively promoted by an industry having no interest in changing their business models, hence a situation of general resilience of people and a form of economic cynicism of the industry. Self-regulation has clearly shown its limits leaving no other choice than involving public policies in order to shape the debate and structure the necessary frameworks supporting a sustainable digital society.
Starting from a brief situation analysis and two examples supporting the argument, this talk describes a concrete approach to address the issue through the design of an actionable Digital Responsibility approach.
(University of Geneva, Switzerland)
Title: On the Utility of SwissCovid
In Switzerland, the DP-3T poject initiated an automated contact tracing tool which resulted in the SwissCovid app. In this presentation, we deviate from the mainstream position by shedding light on the dark side of SwissCovid. We review how it works and some of the problems it faced.
We also discuss on the utility to fight the pandemics.
Title: New security paradigms for IoT : Remote attestation, Dynamic PUF, TLS1.3, Secure Elements. A blockchain use case
The talk deals with security issues, integrity insurance for embedded software and micro-controller unit (MCU) authentication. How to you know that the right software runs in the right device?.We designed the BMAC remote attestation algorithm based on the hash of embedding memories (FLASH and SRAM) in a pseudo random order fixed by a permutation. We use “exponential permutation” whose computing time is dependent on the permutation. The security insurance relies on two pillars, the memory size is finite, and the computing time is dependent on key. The input of BMAC is a permutation key. The output of BMAC is a hash value and a computing time. Another issue is the MCU identity. We introduce SRAM dynamic PUF (Physical Unclonable Function), which relies on flipping-bits. The input is a power-up waveform; the output is a SRAM content, dependent on this waveform. Flipping-bits are created at low voltage, before MCU might work. Flipping-bits can be included in the remote attestation process. We present a use case, a hardware module managing a secure element. The firmware of the board is checked by BMAC and the MCU is authenticated by dynamic PUF. We recently introduced TLS-SE, i.e. TLS13 PSK server embedded in secure element. TLS-SE is running for example an application managing cryptographic keys for blockchain services. TLS-SE and associated hardware module are plugged in TCP/IP node.
(Telecom ParisTech, France )
Pascal Urien is professor at Telecom Paris. He graduated from Ecole Central de Lyon, and holds a PhD in computer science. His area of research is Information Technology security, especially secure elements. Applications include networks, cloud computing infrastructure, mobile applications, the Internet of Things, blockchain systems. He has authored more than 100 scientific publications and 15 patents. In 2009, Pascal was one the winners of the national competition to support the creation of businesses with innovative technologies, organized by the French Ministry of Higher Education, Research and Innovation. He co-founded the Ethertrust startup