Filtrer par type de contenu
Sélectionnez un ou plusieurs filtres. Ce choix permettra de recharger la page pour afficher les résultats filtrés.
669 résultats
-
-
Séminaire
-
SoSysec
Automated verification of privacy-type properties for security protocols
Orateur : Ivan Gazeau (LORIA, Inria Nancy)
The applied pi-calculus is a powerful framework to model protocols and to define security properties. In this symbolic model, it is possible to verify automatically complex security properties such as strong secrecy, anonymity and unlinkability properties which are based on equivalence of processes.In this talk, we will see an overview of a verification method used by a tool, Akiss. The tool is[…] -
-
-
Séminaire
-
SoSysec
A Compositional and Complete approach to Verifying Privacy Properties using the Applied Pi-calculus
Orateur : Ross Horne (University of Luxembourg)
The pi-calculus was introduced for verifying cryptographic protocols by Abadi and Fournet in 2001. They proposed an equivalence technique, called bisimilarity, useful for verify privacy properties. It is widely acknowledged (cf. Paige and Tarjan 1987), that bisimilarity is more efficient to check than trace equivalence; however, surprisingly, tools based on the applied pi-calculus typically still[…] -
-
-
Séminaire
-
SoSysec
How to decrypt without keys with GlobalPlatform SCP02 protocol
Orateur : par Loic Ferreira (Orange Labs, IRISA)
The GlobalPlatform SCP02 protocol is a security protocol implemented in smart cards, and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). We describe how to perform a padding oracle attack against SCP02. The attack allows an adversary to efficiently retrieve plaintext bytes from an encrypted data field. We provide results of our experiments done[…] -
-
-
Séminaire
-
SoSysec
Breaking and fixing HB+DB: A Short Tale of Provable vs Experimental Security and Lightweight Designs
Orateur : Ioana Boureanu (University of Surrey)
HB+ is a well-know authentication scheme purposely designed to be lightweight. However, HB+ is vulnerable to a key-recovery, man-in-the-middle (MiM) attack dubbed GRS. To this end, at WiSec2015, the HB+DB protocol added a distance-bounding dimension to HB+, which was experimentally shown to counteract the GRS attack.In this talk, we will exhibit however a number of security flaws in the HB+DB[…] -
-
-
Séminaire
-
SoSysec
Reasoning over leaks of information for Access Control of Databases
Orateur : Pierre Bourhis (CNRS, CRISTAL)
Controlling the access of data in Database management systems is a classical problem and it has been solved through different mechanisms. One of the most common mechanism implemented in most Database management systems is the mechanism of views, i.e defining the accessible data of a user as the result of a query. This mechanism is also used in principle in other systems such as in social networks.[…] -
-
-
Séminaire
-
SoSysec
Les cyberopérations: entre technique et droit international. Attribution, preuve et responsabilité.
Orateur : Anne-Thida Norodom (Professeur de droit public, Université de Paris)
L’objet de cette intervention est de montrer à quel point le juridique est dépendant du technique lorsqu’il s’agit de réguler les cyberopérations. L’approche choisie sera celle du droit international public, c’est-à-dire du droit applicable entre Etats. Alors qu’il existe un consensus au niveau international sur l’applicabilité du droit international dans le domaine numérique, les négociations en[…] -