This research axis of the Sotern team focuses on security-related mechanisms that have to be embedded into cyberphysical elements such as smartphones or sensor network nodes. As a consequence, the mechanisms have to deal with constraints of these elements, such as low storage capacity, limited energy, CPU, or communication bandwidth. These cyberphysical nodes may be part of a global distributed system. The service provided by a given considered system can either be established by a set of equivalent nodes, in a peer-to-peer way, or on the contrary, by the cooperation between different nodes. This diversity has to be taken into account as well to provide security at system level. Finally, the considered cyberphysical elements are prone to fail. As a result, the provided security mechanisms have to be reliable, in the sense that security is still provided in spite of failures, for instance in case of node compromise or network attack.
In this context, this axis of the Sotern team especially tackles the following challenges, whose identifiers can be retrieved in the overall picture of the Sotern team activities:
C1-1: Overcoming the static nature of resource-constrained systems
Instead of relying on (re)active security like systems’ hardening (e.g., bug-fixing and firmware updating), we tackle this challenge using a proactive cyber defense approach called Moving Target Defense (MTD). MTD proposes to perpetually randomize systems’ components –including their vulnerabilities– which makes attackers/attacks constrained by time. Sotern works at designing and implementing lightweight MTD mechanisms suitable for IoT systems. We tackle from the Physical (e.g., anti-jamming) to the Application layers. We also leverage autonomous monitoring mechanisms as inputs to explore adaptive MTDs.
This challenge is currently tackled within the PhD thesis of Van Tien Nguyen, cofunded by IMT Atlantique and the french Institut of Cybersecurity of Occitany research grant in collaboration with the TSF and MINC research groups at the french LAAS laboratory.
C1-2: Addressing emerging constraints of future network and services
As part of the novel constraints induced by future network and services, the Sotern team emphasizes security issues relating to communications in very low latency architectures. We consider a primarily experimental approach, to the extent of the availability of tools, which will consist in measuring the impact of malicious behavior on low latency architectures on legitimate flows. The main subsequent challenge relies in the design of security solutions adapted to the novel constraints exposed by the low-latency bound feature of these networks. Integration of protection mechanisms in timely components are considered as a primary solution but in case they require monitoring approaches, they require fast detection and recovery algorithmic solutions adapted to the very low latency expected. The solutions are developed and validated via prototypes when the technological elements are available or by simulations.
This challenge is explored in the context of (1) the national ANR MOSAICO project, especially within the PhD of Marius Letourneau and in the national Superviz project taking part of PEPR Cyber.
C1-3: Building lightweight and scalable identity services
Being able to robustly identify users, processes, terminals or components taking part in a distributed system is the foundation of trust. It is traditionally managed centrally within a given perimeter. On the contrary, Self-Sovereign Identities (SSI) are digital identities that are managed in a decentralized manner. Applied to people for instance, this technology especially allows users to self-manage their digital identities without depending on third-party providers to store and centrally manage the data, including the creation of new identities. However, these identities are more than simple identifiers: they need to be checked by the service provider via, for instance, verifiable claims. Public Blockchain technology is a strong candidate to deploy SSI and store verifiable claims. However, current ledgers’ designs suffer from various limitations among which some of them will durably become a major impediment for services leveraging blockchains. We will focus on three main limitations, namely lightweight replication, so as to make SSI based on public blockchain available on users smartphones, design of alternatives to PoW security proofs to avoid energy waste and limit battery consumption, and finally scalability issues due to avoid congestion in the communication. These approaches aims at drastically reducing memory footprint, and energy consumption while increasing throughput allowing to adapt SSI to several contexts.
This challenge is addressed in the context of the national ANR BC4SSI project.