Abstract: Cryptology, code making and code breaking have progressed from hand calculation, books and tables, through the period of cipher machines 1915...1968, and to electromechanical and electronic hardware since WWII. Today’s encryption uses specialized chips and software, but the principles remain exactly the same. We will trace this interesting timeline of theory, inventions and personalities, and the direct connections to our modern cyber world.
The origin of cryptology and InfoSec is based on mathematics, information theory and speech science, especially the work of Fourier (1807), Vernam (1917), Dudley (1930s) and Shannon (1942). We discuss the invention, significance and cracking of rotor machines like Enigma, Purple and Hagelin, including the Polish Enigma cracking in 1932, Turing and Friedman.
Speech and signal analysis, and their encryption and compression are based on Fourier transforms of 1807, the vocoder compressor of 1939, and the top secret 1942 SIGSALY speech scrambler. The huge machines of WWII were the forerunners of all audio and video codecs, encryption and compression. We shall listen to the original vocoder and the only known sample of SIGSALY decrypted voice.
Finally we demonstrate the first reconstruction of the heart of 1942 SIGSALY, the quantizer, and a precise Enigma simulator machine.
Biography: Jon Paul is an inventor, electronic engineer and businessman from Manhattan. He received BSEE and MSEE degrees at CCNY in 1968 and 1971. In 1967, Jon worked at Lawrence Berkeley (nuclear) Laboratories. In 1968 he was designing real time spectrum analyzers for agencies like NSA and US Navy Underwater Sound Laboratories. In 1971, Jon worked in telecommunications and patent license engineering. In 1972, he was designing the first digital studio sound effects processors. In 1976, Jon worked at Dolby Laboratories. In 1986, Jon worked for Lucasfilm on THX theatre sound.
Since 1983, Jon was a consultant in power electronics, digital audio, and high voltage, e.g. 12,000 W arc lights at the 1984 LA Olympics.
Jon is the holder of seven US Patents. His 1989 US patent 5,051,799 was the world’s first digital microphone, litigated and licensed to 160 mobile companies. Jon has written many Audio Engineering Society papers, and has presented invited papers at the NAB, SBE broadcast and SMPTE cinema engineering conferences.
Since the 1980s, Jon is an internationally recognized researcher, writer and speaker on WWII cipher machines, speech encryption and the links to modern digital technology. Since 2010, Jon is an active member of the Association des Réservistes du Chiffre et de la Sécurité de l'Information (ARCSI) in Paris. He presented lectures and papers at Bletchley Park, Musée de l'Armée (Invalides), Val-de-Grâce (Paris), ENST, Musée des Transmissions (Rennes), AES (Berlin), Google (Zurich) and DZNE (Bonn). Since 2010, the non-profit Paul Foundation has funded research into Parkinson's disease. Jon travels extensively in Europe and has studied French language since 2015. He is an avid photographer.
Abstract: The technology that underpins the Internet is full of flaws and vulnerabilities. But there are also malicious actors and many other actors —none the least states- developing offensive capabilities that create conditions of instability. This proliferation puts the benefits of cyberspace and the future of the digital economy in jeopardy. Cyber stability is at risk.
The attacks against Dyn in 2016 or the rapid and dramatic propagation the malwares WannaCry and NotPetya emphasized the systemic risk to which our companies and societies are exposed. The NotPetya attack was designed to look like a ransomware but turned out to be a obviously politically motivated wiper designed for sabotage. The uncontrolable propagation of the attack randomly affected a wide range of companies and public facilities, including telecommunication and hospitals that were not even initially a target.
These attacks reveal the cybersecurity dilemma we are caught in when dealing with offensive actions in cyberspace. On the one hand we recognize cyberthreats as new security challenge that create a systemic risk and it is in everybody's interest to stop the contagion that could be disastrous. But on the other hand, cyber capabilities are also used as a tool for nations and non state actors to increase their own power, they can be used for intelligence, espionage, warfare, influence... The 2018 Cyber Strategy of the United States even allows offensive cyber operations for deterrence purspose. So we also view cyberthreats as a traditional geopolitical threat emanating from rival powers and economic competitors.
This perception of risks tends to prevail today. It creates distrust between states and limits their ability to reach agreement on international norms of responsible behavior to ensure the security and stability of cyberspace. And this, in turn, increases the systemic risk for the general availability and integrity of the Internet. This is the reason why the Global Commission on the Stability of Cyberspace was established. This talk explores the work of the Commission and the different ways in which multilateral organizations and multiskateholder forums can act in order to reduce the risk of cyber instability.
Biography: Frédérick Douzet is Professor of Geopolitics at the University of Paris 8 and Castex Chair of Cyberstrategy (www.cyberstrategie.org). She is a Commissioner of the Global Commission on the Stability of Cyberspace (cyberstability.org). In 2017, she was part of the drafting committee for the Strategic Review of Defense and National Security.
Her current research deals with the geopolitics of cyberspace, as cyberspace has become the object of power rivalries between stakeholders, a scene of confrontation, and a highly powerful tool in geopolitical conflicts. Conflicts for and through cyberspace are both the expression and a new dimension of traditional geopolitical rivalries. Frederick Douzet work aims at replacing cyber conflicts within their geopolitical context and training young researchers to take into account the cyber dimension of the geopolitical conflicts and regions they study. She manages a multidisciplinary team of graduate students at the University of Paris 8 and the Castex Chair of Cyberstrategy and covers a wide range of topics.
She studied political science at the Institute of Political Studies of Grenoble and Oxford Brookes University. She earned a Master’s degree from the Graduate School of Journalism at UC Berkeley in 1993 then joined the graduate school of geopolitics at the University of Paris 8 where she did her PhD under the supervision of Béatrice Giblin. She has been a member of the editorial board of the review Hérodote since 1994.
Frédérick Douzet was nominated junior member of the Institut Universitaire de France in 2006 and has received several awards for her research : International Forum on Cybersecurity (FIC) Book Prize for strategic thinking (2015) ; France-Berkeley Fund Award for Outstanding Young Scholar (2014) ; Alphonse Milne Edwards book prize from the Society of Geography (2008); Ernest Lemonon book prize from the Academy of Moral and Political Sciences (2008) ; Best paper award from the Urban Affairs Association (2009). She has also received scholarships from the Fulbright Program and the Georges Lurcy Foundation. In 2015, she received the title of "Chevalier de l'ordre national du Mérite" in recognition for public service.
Abstract: Security has always been a concern in the ship industry, because of the values of the conveyed goods and the impact of wreckage on the fragile maritime environment. From the early days, piracy has plagued ancient Egypt or Phoenicia and was initiated by individuals or groups, to ensure control of the commercial traffic or to rob valuable cargoes. Piracy is still active in specific regions of the globe, but ship piracy has also evolved with the information and communication technologies. New forms of threats arise due to the ubiquitous internet on board the vessels: a ’remote’ pirate can gain control and operate a ship from the distance; a pirate can also forge and send false signals (e.g.; GPS) or alter electronic navigation maps so that a ship can be trapped. These new forms of piracy have raised concerned at the international level (e.g.; IMO or International Maritime Organization and the insurance companies).The IMO indicates in particular that ”Risks can result from improper integration of cyber systems, the unexpected and unintended consequences of system updates, the interactions between the cyber systems of ships and ports, or the malicious attacks and threats from outside sources”.
In this context, 2 academic institutions (the French Naval Academy and IMT Atlantique) and 2 major industries (Thales and Naval Group) have joined their forces in order to investigate new approaches for detecting and preventing cyber attacks in the maritime context, to implement them as prototypes and to evaluate them. The objectives of this venture are twofold: a research concern in order to enhance security for ships and naval infrastructure, and an educational target in order to raise awareness for the current and future maritime stakeholders (e.g.; officers, crew, and students in training).
During this talk, we shall present the research activities that are performed within the the cybersecurity R&D group for naval systems, their outcomes and how the results have been applied with success.
Biography: Yvon Kermarrec is Professor of computer sciences at IMT Atlantique, an engineering graduate school and a leading research / innovation center, located in Brest, France. Yvon holds a PhD degree and an Habilitation in computer science, in the topics of software engineering, distributed and reliable systems.
He worked at the Courant Institute of New York U, Raytheon in Vancouver, Telecom ParisTech and Telecom Bretagne (now IMT Atlantique). He is currently the team lead of ‘Chaire de cybersécurité des systèmes navals’ (cyber security R&D group for naval systems), which is a joined lab between Thales, Naval Group, Ecole Navale (French Naval academy) and IMT Atlantique.
Abstract: There’s no single day unless the term Artificial Intelligence (AI) is used by someone that will explain you how wonderful AI is. All your issues would be solved thanks to a Jack-of-all-trades technology. But beyond the marketing hype, what’s the real value?
As a service & telecom company we believe that machine learning will have a growing impact on cybersecurity. Nonetheless, it’s just another opportunity to improve defense and unfortunately attack?. For example in SOC context, machine learning (ML) allows us improving SOC efficiency. ML accuracy is dependent on learning/creating continuously new models and maintaining it up to date. Thus, we use adaptable frameworks able to integrate new sources and features, to build and test new models directly in production environment. Data context & temporality is the key of ML performance.
Future of machine learning & security is still about man & machine. We need to leverage on what Machines can perform best, like data collection/ processing and handling complexity, to provide a manageable number of insights and enhance decision making by humans and sometimes machines. From new opportunities to new risks & operational concerns, we will explore challenges that companies will have to face in order to benefit from ML in the security field.
Biography: Sylvain Labetoule has 15+ years of hands-on experience in computer and network security spanning government, aerospace & telecommunication environment. He currently works as a Datacenter Technical Leader in Orange focusing on hosting infrastructure, cloud & SDN and teaches security in several French universities. He’s also exploring Artificial Intelligence security as part of Orange Expert security community (top 100 security experts in Orange).Sylvain’ work experience includes penetration testing, forensics analysis and network & security operations. Over the years he has spoken at a number of security conferences, taught kids code & hacking and tried to improve at go before AlphaZero arrives on his pc.