Pascal Urien | Telecom ParisTech (original) (raw)
Papers by Pascal Urien
2018 3rd Cloudification of the Internet of Things (CIoT), 2018
Innovative Countermeasures to Defeat Cyber Attacks Against Blockchain Wallets,, 2021
Blockchain transactions are signed by private keys. Secure key storage and tamper-proof computers... more Blockchain transactions are signed by private keys. Secure key storage and tamper-proof computers are essential requirements for deploying a trusted infrastructure. In this paper, we identify some threats against blockchain wallets and propose a set of physical and logical countermeasures to thwart them. We present the crypto terminal device, operating with a removable secure element, built on open software and hardware architectures, capable of detecting a cloned device or corrupted software. These technologies are based on tamper-resistant computing (javacard), smart card anti-cloning, smart card content attestation, application firewall, bare-metal architecture, remote attestation, dynamic Physical Unclonable Function (dPUF), and programming tokens as a root of trust.
This paper is an extended version of the paper "Innovative Countermeasures to Defeat Cyber Attacks Against Blockchain Wallets," 2021 5th Cyber Security in Networking Conference (CSNet), 2021, pp. 49-54, doi: 10.1109/CSNet52717.2021.9614649.
Wireless Communications and Mobile Computing, 2021
Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communica... more Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. ...
SIM-IP card benefits for a profitable business model
2018 IEEE 87th Vehicular Technology Conference (VTC Spring), 2018
In the near future vehicles will be connected and able to communicate with their environment. Suc... more In the near future vehicles will be connected and able to communicate with their environment. Such technologies - commonly called Cooperative Intelligent Transportation Systems (C-ITS) - aim at improving road safety, traffic efficiency and drivers comfort. To this end the C-ITS community has proposed many different use cases. In this paper, we start by making an inventory of C-ITS use cases. We then extend this list by proposing new use cases mostly related to security and privacy aspects. Finally we propose a classification methodology based on K-means algorithm to classify the use cases according to criteria we defined. We apply the proposed methodology on our use cases list using security and technical criteria. The obtained results enable to extract a subset of representative use cases from the initial list. Such subset can then be used to apply any process/method (e.g. risk analysis) on it.
This document defines a mechanism that ensures EAP-TLS identity protection. The main idea is to e... more This document defines a mechanism that ensures EAP-TLS identity protection. The main idea is to encrypt the client's certificate. Three procedures are proposed in order to determine the certificate encryption mechanism, - Implicit, the client's certificate is encrypted according to a pre-defined algorithm, deduced from the server's certificate. - Notified, the EAP-identity response message, delivered by the client includes information that precise the encryption algorithm to be used. - Negotiated, the client indicates a list of encryption algorithm, the server chooses one of them, and indicates its choice.
Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, 2018
Connected and automated vehicles aim to improve the comfort and the safety of the driver and pass... more Connected and automated vehicles aim to improve the comfort and the safety of the driver and passengers. To this end, car manufacturers continually improve actual standardized methods to ensure their customers safety, privacy, and vehicles security. However, these methods do not support fully autonomous vehicles, linkability and confusion threats. To address such gaps, we propose a systematic threat analysis and risk assessment framework, SARA, which comprises an improved threat model, a new attack method/asset map, the involvement of the attacker in the attack tree, and a new driving system observation metric. Finally, we demonstrate its feasibility in assessing risk with two use cases: Vehicle Tracking and Comfortable Emergency Brake Failure.
2016 13th International Conference on New Technologies for Distributed Systems (NOTERE), 2016
This paper is a first attempt to define a set of security vulnerabilities for the Internet of Thi... more This paper is a first attempt to define a set of security vulnerabilities for the Internet of Things (IoT), in a corporate environment, in order to classify various connected objects based on a taxonomy that was previously proposed. The IoT is a complex infrastructure that we divide in four parts (objects, transport, storage, interfaces). It needs protection and supervision. The object and its ecosystem are surrounded with other devices that can become entry points or targets of attacks, even if they are protected from the outer world but not from their local environment. We study the impact of attacks (such as OS reprogramming that has been recently published) on connected thermostats and their possible consequences on their environment, as a first approach to a threat analysis for the IoT.
2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016
This demonstration presents an innovative platform for IoT services managed by Mobile Network Ope... more This demonstration presents an innovative platform for IoT services managed by Mobile Network Operators (MNO), based on DTLS/TLS security modules, detailed by an IETF draft. It demonstrates a COAP/DTLS server lock, interacting with a COAP/DTLS client key running in a SIM module. The SIM module also comprises a TLS stack for securely downloading key from a dedicated server.
2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), 2015
This demonstration presents a new and innovative open platform whose goal is to enable secure mob... more This demonstration presents a new and innovative open platform whose goal is to enable secure mobile applications. Secure Elements (SE) are hosted in dedicated servers, whose protocol (RACS) is detailed by an IETF draft. They are remotely used from mobiles via secure TLS channels. These channels are booted from TLS NFC (Near Field Communication) smartcards that are tapped against tablets equipped with NFC interface. Thereafter cryptographic procedures hosted by remote SEs are available. Thanks to the Host Card Emulation (HCE) facility, tablets become EMV payment cards. Administration centers, based on the Global Platform standards, remotely manage the software content of secure elements hosted in RACS servers.
The future Internet will rely heavily on virtualization and cloud networking. The project Securit... more The future Internet will rely heavily on virtualization and cloud networking. The project Security for Future Networks proposes the design of a framework providing secure identification and authentication, secure data transfer and secure virtualized infrastructure. In this paper, we present a comparative study should examine some models and frameworks of Identity Management (IdM). Initially, we had identified OpenID, Higgins and Shibboleth frameworks as those providing facilities that are the closest to our proposals. However, with the literature prospection more frameworks have being included in our study, which has allowed to expand our state of the art on IdM. In the study, presented in this paper, some OpenId features are highlighted and related with our objectives.
This paper presents the technical foundations for a new generation of NFC secure mobile services.... more This paper presents the technical foundations for a new generation of NFC secure mobile services. It introduces trusted mobile applications based on secure elements such as SIM modules or NFC external cards, and uses services built over the OpenMobileAPI framework, the Host Card Emulation (HCE) environment from Android, and the emerging Remote APDU Call Secure (RACS) protocol. Keywords—Cloud of Secure Elements; HCE; TLS; Security.
Smartcards are becoming increasingly popular as a means for personal identification and authentic... more Smartcards are becoming increasingly popular as a means for personal identification and authentication in many secure application areas such as e-Banking and e-Commerce. Millions of users have a smart card in their pocket without even knowing it. The SecFuNet project proposes solutions for integrating secure microcontrollers in order to develop a security framework for Cloud Computing and virtual environment. This framework introduces, among its many services: authentication and authorization functions for virtual environments, based on Remote Grid of Secure Elements (RG0SE). The objective is to implement an open standard framework, based on smart cards and OpenSSL. This framework provides TLS secure channels for establishing trust relationships among Users, Virtual Machines (VMs), Hypervisor (XEN) and RG0SE. The authentication is done directly between smart cards (owned by users or associated to VM) and SecFuNet Identity Management (IdM). This framework concerns a highly secure aut...
2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC)
Security is a critical issue for new car generation targeting intelligent transportation systems ... more Security is a critical issue for new car generation targeting intelligent transportation systems (ITS), involving autonomous and connected vehicles. In this work we designed a low cost CAN probe and defined analysis tools in order to build attack scenarios. We reuse some threats identified by a previous work. Future researches will address new security protocols.
Abstract- The increase of authenticating solutions based on RADIUS servers questions the complexi... more Abstract- The increase of authenticating solutions based on RADIUS servers questions the complexity of their administration whose security and confidentiality are often at fault especially within Cloud Computing architectures. More specifically, it raises the concern of server administration in a secure environment for both the granting access ’ company and its clients. This paper aims to solve this issue by proposing an innovative paradigm based on a grid of smart cards built on a context of SSL smart cards. We believe that EAP-TLS server smart cards offer the security and the simplicity required for an administration based on distributed servers. We specify the design of a RADIUS server in which EAP messages are fully processed by SSL smart cards. We present the scalability of this server linked to smart card grids whose distributed computation manages the concurrence of numerous authenticating sessions. Lastly, we relate the details of the first experimental results obtained with...
2017 IEEE Symposium on Computers and Communications (ISCC), 2017
This paper introduces security modules for IoT frameworks. Many IoT legacy infrastructures use th... more This paper introduces security modules for IoT frameworks. Many IoT legacy infrastructures use the TLS/DTLS protocols for communication security. Security modules are tamper resistant microcontrollers implementing open TLS/DTLS applications, with small memory footprint (less than 30KB) and modest RAM sizes (<1KB), and which perform strong mutual authentications based on symmetric or asymmetric cryptographic procedures. When a pair of security modules is used at both communication ends, this architecture is called SAM (Secure Access Module), by analogy with systems involving secure elements communications. We detail the software design of such modules for javacards, and present some performance figures. Three implementations are commented running on different platforms such as, Raspberry Pi, smartphones and Arduino boards.
This paper presents an innovative concept for the Internet of Things (IoT), in which objects work... more This paper presents an innovative concept for the Internet of Things (IoT), in which objects work over TLS stacks running in secure elements. We notice that most of today IoT architectures are secured by the DTLS or TLS stack. Furthermore, tamper resistance, secure communications and storage are consensual requests for the emerging IoT frameworks. We demonstrate that it is possible to design cheap secured and trusted systems based on Javacards plugged in commercial nano-computers. Finally we detail the structure of an innovative JAVA framework able to provide trusted operated services, in a way similar to mobile network operators (MNO) managing smartphone fleets thanks to Subscriber Identity Modules (SIMs). Keywords-. IoT; Secure Elements; TLS; DTLS; Security.
2018 3rd Cloudification of the Internet of Things (CIoT), 2018
Innovative Countermeasures to Defeat Cyber Attacks Against Blockchain Wallets,, 2021
Blockchain transactions are signed by private keys. Secure key storage and tamper-proof computers... more Blockchain transactions are signed by private keys. Secure key storage and tamper-proof computers are essential requirements for deploying a trusted infrastructure. In this paper, we identify some threats against blockchain wallets and propose a set of physical and logical countermeasures to thwart them. We present the crypto terminal device, operating with a removable secure element, built on open software and hardware architectures, capable of detecting a cloned device or corrupted software. These technologies are based on tamper-resistant computing (javacard), smart card anti-cloning, smart card content attestation, application firewall, bare-metal architecture, remote attestation, dynamic Physical Unclonable Function (dPUF), and programming tokens as a root of trust.
This paper is an extended version of the paper "Innovative Countermeasures to Defeat Cyber Attacks Against Blockchain Wallets," 2021 5th Cyber Security in Networking Conference (CSNet), 2021, pp. 49-54, doi: 10.1109/CSNet52717.2021.9614649.
Wireless Communications and Mobile Computing, 2021
Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communica... more Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. ...
SIM-IP card benefits for a profitable business model
2018 IEEE 87th Vehicular Technology Conference (VTC Spring), 2018
In the near future vehicles will be connected and able to communicate with their environment. Suc... more In the near future vehicles will be connected and able to communicate with their environment. Such technologies - commonly called Cooperative Intelligent Transportation Systems (C-ITS) - aim at improving road safety, traffic efficiency and drivers comfort. To this end the C-ITS community has proposed many different use cases. In this paper, we start by making an inventory of C-ITS use cases. We then extend this list by proposing new use cases mostly related to security and privacy aspects. Finally we propose a classification methodology based on K-means algorithm to classify the use cases according to criteria we defined. We apply the proposed methodology on our use cases list using security and technical criteria. The obtained results enable to extract a subset of representative use cases from the initial list. Such subset can then be used to apply any process/method (e.g. risk analysis) on it.
This document defines a mechanism that ensures EAP-TLS identity protection. The main idea is to e... more This document defines a mechanism that ensures EAP-TLS identity protection. The main idea is to encrypt the client's certificate. Three procedures are proposed in order to determine the certificate encryption mechanism, - Implicit, the client's certificate is encrypted according to a pre-defined algorithm, deduced from the server's certificate. - Notified, the EAP-identity response message, delivered by the client includes information that precise the encryption algorithm to be used. - Negotiated, the client indicates a list of encryption algorithm, the server chooses one of them, and indicates its choice.
Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, 2018
Connected and automated vehicles aim to improve the comfort and the safety of the driver and pass... more Connected and automated vehicles aim to improve the comfort and the safety of the driver and passengers. To this end, car manufacturers continually improve actual standardized methods to ensure their customers safety, privacy, and vehicles security. However, these methods do not support fully autonomous vehicles, linkability and confusion threats. To address such gaps, we propose a systematic threat analysis and risk assessment framework, SARA, which comprises an improved threat model, a new attack method/asset map, the involvement of the attacker in the attack tree, and a new driving system observation metric. Finally, we demonstrate its feasibility in assessing risk with two use cases: Vehicle Tracking and Comfortable Emergency Brake Failure.
2016 13th International Conference on New Technologies for Distributed Systems (NOTERE), 2016
This paper is a first attempt to define a set of security vulnerabilities for the Internet of Thi... more This paper is a first attempt to define a set of security vulnerabilities for the Internet of Things (IoT), in a corporate environment, in order to classify various connected objects based on a taxonomy that was previously proposed. The IoT is a complex infrastructure that we divide in four parts (objects, transport, storage, interfaces). It needs protection and supervision. The object and its ecosystem are surrounded with other devices that can become entry points or targets of attacks, even if they are protected from the outer world but not from their local environment. We study the impact of attacks (such as OS reprogramming that has been recently published) on connected thermostats and their possible consequences on their environment, as a first approach to a threat analysis for the IoT.
2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016
This demonstration presents an innovative platform for IoT services managed by Mobile Network Ope... more This demonstration presents an innovative platform for IoT services managed by Mobile Network Operators (MNO), based on DTLS/TLS security modules, detailed by an IETF draft. It demonstrates a COAP/DTLS server lock, interacting with a COAP/DTLS client key running in a SIM module. The SIM module also comprises a TLS stack for securely downloading key from a dedicated server.
2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), 2015
This demonstration presents a new and innovative open platform whose goal is to enable secure mob... more This demonstration presents a new and innovative open platform whose goal is to enable secure mobile applications. Secure Elements (SE) are hosted in dedicated servers, whose protocol (RACS) is detailed by an IETF draft. They are remotely used from mobiles via secure TLS channels. These channels are booted from TLS NFC (Near Field Communication) smartcards that are tapped against tablets equipped with NFC interface. Thereafter cryptographic procedures hosted by remote SEs are available. Thanks to the Host Card Emulation (HCE) facility, tablets become EMV payment cards. Administration centers, based on the Global Platform standards, remotely manage the software content of secure elements hosted in RACS servers.
The future Internet will rely heavily on virtualization and cloud networking. The project Securit... more The future Internet will rely heavily on virtualization and cloud networking. The project Security for Future Networks proposes the design of a framework providing secure identification and authentication, secure data transfer and secure virtualized infrastructure. In this paper, we present a comparative study should examine some models and frameworks of Identity Management (IdM). Initially, we had identified OpenID, Higgins and Shibboleth frameworks as those providing facilities that are the closest to our proposals. However, with the literature prospection more frameworks have being included in our study, which has allowed to expand our state of the art on IdM. In the study, presented in this paper, some OpenId features are highlighted and related with our objectives.
This paper presents the technical foundations for a new generation of NFC secure mobile services.... more This paper presents the technical foundations for a new generation of NFC secure mobile services. It introduces trusted mobile applications based on secure elements such as SIM modules or NFC external cards, and uses services built over the OpenMobileAPI framework, the Host Card Emulation (HCE) environment from Android, and the emerging Remote APDU Call Secure (RACS) protocol. Keywords—Cloud of Secure Elements; HCE; TLS; Security.
Smartcards are becoming increasingly popular as a means for personal identification and authentic... more Smartcards are becoming increasingly popular as a means for personal identification and authentication in many secure application areas such as e-Banking and e-Commerce. Millions of users have a smart card in their pocket without even knowing it. The SecFuNet project proposes solutions for integrating secure microcontrollers in order to develop a security framework for Cloud Computing and virtual environment. This framework introduces, among its many services: authentication and authorization functions for virtual environments, based on Remote Grid of Secure Elements (RG0SE). The objective is to implement an open standard framework, based on smart cards and OpenSSL. This framework provides TLS secure channels for establishing trust relationships among Users, Virtual Machines (VMs), Hypervisor (XEN) and RG0SE. The authentication is done directly between smart cards (owned by users or associated to VM) and SecFuNet Identity Management (IdM). This framework concerns a highly secure aut...
2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC)
Security is a critical issue for new car generation targeting intelligent transportation systems ... more Security is a critical issue for new car generation targeting intelligent transportation systems (ITS), involving autonomous and connected vehicles. In this work we designed a low cost CAN probe and defined analysis tools in order to build attack scenarios. We reuse some threats identified by a previous work. Future researches will address new security protocols.
Abstract- The increase of authenticating solutions based on RADIUS servers questions the complexi... more Abstract- The increase of authenticating solutions based on RADIUS servers questions the complexity of their administration whose security and confidentiality are often at fault especially within Cloud Computing architectures. More specifically, it raises the concern of server administration in a secure environment for both the granting access ’ company and its clients. This paper aims to solve this issue by proposing an innovative paradigm based on a grid of smart cards built on a context of SSL smart cards. We believe that EAP-TLS server smart cards offer the security and the simplicity required for an administration based on distributed servers. We specify the design of a RADIUS server in which EAP messages are fully processed by SSL smart cards. We present the scalability of this server linked to smart card grids whose distributed computation manages the concurrence of numerous authenticating sessions. Lastly, we relate the details of the first experimental results obtained with...
2017 IEEE Symposium on Computers and Communications (ISCC), 2017
This paper introduces security modules for IoT frameworks. Many IoT legacy infrastructures use th... more This paper introduces security modules for IoT frameworks. Many IoT legacy infrastructures use the TLS/DTLS protocols for communication security. Security modules are tamper resistant microcontrollers implementing open TLS/DTLS applications, with small memory footprint (less than 30KB) and modest RAM sizes (<1KB), and which perform strong mutual authentications based on symmetric or asymmetric cryptographic procedures. When a pair of security modules is used at both communication ends, this architecture is called SAM (Secure Access Module), by analogy with systems involving secure elements communications. We detail the software design of such modules for javacards, and present some performance figures. Three implementations are commented running on different platforms such as, Raspberry Pi, smartphones and Arduino boards.
This paper presents an innovative concept for the Internet of Things (IoT), in which objects work... more This paper presents an innovative concept for the Internet of Things (IoT), in which objects work over TLS stacks running in secure elements. We notice that most of today IoT architectures are secured by the DTLS or TLS stack. Furthermore, tamper resistance, secure communications and storage are consensual requests for the emerging IoT frameworks. We demonstrate that it is possible to design cheap secured and trusted systems based on Javacards plugged in commercial nano-computers. Finally we detail the structure of an innovative JAVA framework able to provide trusted operated services, in a way similar to mobile network operators (MNO) managing smartphone fleets thanks to Subscriber Identity Modules (SIMs). Keywords-. IoT; Secure Elements; TLS; DTLS; Security.