Sites Inria

Version française

Telecoms, networks, multimedia

A multi-theme research field involving numerous Inria project-teams

Equipe-projet Carte et Madynes

Around 50 Inria research teams are conducting research work connected with computer security, an issue that is central to the work of around 15 of these teams.

This field contains several aspects that correspond to different research disciplines and the teams address a number of themes:

  • Cryptography
  • Cryptographic protocols
  • Formal methods and verification for security
  • Code analysis, information flow control, failures
  • Secure communication in networks and on grids
  • Intrusion prevention and detection, virology
  • Data security and protection
  • Identification and protection of the individual: biometry, video surveillance
  • Digital voting
  • Digital security and society: respect for privacy, legislation

Guaranteeing the security of cryptographic systems - Cracking the RSA 768 key

Inria team CARAMEL– Inria Nancy - Grand Est Centre

Cryptographic systems guarantee the security of data exchanges over the Internet and are at the heart of e-commerce. It is therefore essential to ensure their reliability. Cracking the protection codes of a cryptographic system triggers the search for new solutions and provides arguments in favour of adopting more secure systems.

The RSA algorithm (which stands for Rivest, Shamir and Adleman) forms part of the family of public-key systems that enable confidential information to be exchanged or documents to be electronically signed.

The CARAMEL team at Inria Nancy - Grand-Est (a joint team together with Nancy University and the French National Centre for Scientific Research) and its Swiss, Japanese, Dutch and German partners (EPFL, CWI, NTT, University of Bonn) have pooled different computing capabilities to successfully factorise a 768-bit RSA key. By combining the result of extensive work carried out in algorithms with computing capabilities at their disposal for the last two and a half years, they managed to crack this 232-digit key by finding its main constituent factors. This new record is a superb illustration of the effectiveness of distributed computing systems and confirms the recommendations of the French National Agency of Information System Security by demonstrating the vulnerability of a 768-bit RSA key.

To carry out this large-scale calculation, Inria used a section of the Grid’5000 infrastructure that links 1,544 machines in France, or more than 5,000 core processors. In total, together with the involvement of the other partners, the equivalent of 1,700 core processors used for one year were utilised, amounting to 425 quad-core PCs for one year.

Optimising the reliability of electronic signatures: the Shabal cryptographic algorithm

Inria project-team involved: SECRET - Inria Paris - Rocquencourt Centre

The various cryptographic algorithms in existence include those used for the electronic signatures that guarantee document authenticity, among other uses.

To build these algorithms, scientists use hash functions that enable very large files (software, long texts) to be reduced to a fingerprint, i.e. a small version of a fixed size (for example 256 bits). This fingerprint allows files to be authenticated and an electronic signature to be rapidly produced.

In 2004, hash standards came under fire and were destroyed one after the other by attacks that uncovered unacceptable flaws.

In 2008, America's National Institute of Standards and Technology launched an international competition to find the solution to these failures and to define the future cryptographic hash standard, which will be called SHA-3 (which stands for Secure Hash Algorithm).

The 14 proposed algorithms still in the running in the competition include Shabal. The SECRET team at Inria, which specialises in the study and development of functions that, when combined, form large cryptographic protocols, participated in its development. The main benefits of this algorithm are its speed of execution and its operating mode (the way it divides the file up into fixed-sized blocks and processes these in turn to calculate the fingerprint), which is based on a new construction whose security can be proved.

Shabal is the fruit of work by a team of 14 researchers from seven academic and industrial research teams working as part of a project financed by the French National Research Agency. There are expected to be five finalists left in August 2010, with the winner being named in 2012.

Remaining in control of your personal data: the personalised medical and welfare record

SMIS project-team - Inria Paris - Rocquencourt Centre

To address the vulnerability of database servers and the difficulties in establishing confidence in the protection of personal data that they manage, researchers from the SMIS team devise personal database servers on chips. The latest major application is the French personalised medical and welfare record, which facilitates the coordination of healthcare for dependent persons.

So how does it do this? By using a solution that gives patients a secure USB stick incorporating a new generation of smart card with a large storage capacity. This stick contains a person's entire medical records managed by an embedded personal data server. This server can therefore be used to store a full set of medical records, allowing interaction through a dedicated application and synchronisation with a central server, all with strong safeguards to ensure confidentiality. Patients can also place some of their records on a central server to make them available online to health professionals, who in turn have a secure USB card that utilises cryptographic protocols for the exchange of data.

Patients have input on the data access policy, giving them control over which parties can access their personal data. 
Several organisations are working on this project: Santeos, a company specialising in information systems, is developing the solution for the central server, while Inria and Gemalto, the world leader in smart cards, are developing the secure USB stick and its embedded software.

The personalised medical and welfare records project is being conducted in collaboration with the PlugDB project coordinated by Inria and supported by the French National Research Agency.

Developing the protocols that guarantee security in electronic voting

CASSIS project-team - Inria Nancy - Grand Est Centre, and SECSI project-team - Saclay –Île de France Centre

To ensure that electronic voting is reliable and controllable, certain aspects need to be respected, such as anonymity, voting confidentiality, giving voters the possibility to verify that their vote has actually been counted, that their identity has not been stolen, etc. However, paperless voting and the absence of ballot papers, see-through ballot boxes and voting certificates make the process non-transparent.
 Since the beginning of 2008, the CASSIS and SECSI teams at Inria, in collaboration with the Verimag laboratory (joint research teams from the French National Centre for Scientific Research/Grenoble Institute of Technology/Joseph Fourier University), have been participating in the French National Research Agency's Avoté project, which aims to offer tools to verify protocols in electronic voting, particularly online. Their work is expected to create solutions for identifying faults in electronic voting systems and stating the guaranteed properties.

The difficulties to overcome include providing precise and formal definitions of the various security properties that a protocol must meet, then being capable of formally verifying that these protocols actually comply with the requested properties. The researchers are expected to provide a convincing response within two years.

Keywords: Security Laboratory Software Anti-virus Virus Attack Botnet