The High Security Computing Laboratory (LHS): at the forefront of IT security
Located in a closed environment with an isolated Internet network and protected premises, accessible by biometric recognition, the LHS provides an ultra-secure technological and regulatory environment in which to carry out sensitive experiments and practical work in digital security.
The High Security Computing Laboratory (LHS) is destined to host decisive research work to secure the network, exchanges on the Internet and related telecommunications equipment. It provides the technological and regulatory environment necessary for the scientific advances that accompany evolutions in our digital society, in particular via the implementation of analysis and control systems to fight against security breaches. Open to industry partners, the LHS also offers an environment that is conducive to the reliability tests that are required prior to any commercialisation of technological products or solutions (resistance to different types of attacks or threats, etc.).
The Inria Nancy - Grand Est centre LHS has benefited from funding from the ERDF, the Lorraine region, the Greater Nancy Urban Community and from the French Ministry of Higher Education and Research via the Regional Delegation for Research and Technology (DRTT). The research undertaken is carried out in partnership with the Lorraine universities, the CNRS and the French Defence Procurement Agency (DGA).
- Neutralisation of botnet networks.
- Analysis of malicious codes.
- Digital backups for secure remote collaborative work.
- Large-scale scan and research of exposed industrial equipment.
- Automatic vulnerability search on IP telephony or domotics.
- Analysis of the diversity of life patterns and use of smartphones and tablets.
- Observation of a network's activity via the positioning of probes.
Three major fields of expertise:
- Virology: how can we recognise the viruses of tomorrow?
Researchers from the Carte team are analysing malicious codes and developing the anti-viruses of the future.
They have developed a new method of virus detection that takes into account a fundamental parameter: the capacity of viruses to mutate, just like living viruses. Recipients of an award at the French national competition to help create innovative technology businesses in the "Emergence" category in 2009, their method makes it possible to extract the signature or skeleton of the virus, i.e. the part of the program that does not change despite the mutations.
The CARTE team is also working on the neutralisation of botnets, infected computer networks that are used to send spam but which could also be used to attack Internet services. The researchers also focus on other vulnerable technological platforms, such as telephones and embedded systems (e.g. cars, etc.)
- Network supervision: how can exchanges on the network be analysed and made secure?
Researchers from the Madynes team are studying the major communication systems in order to understand how they work and to put in place analysis and control systems, in particular to tackle security breaches.
Their most recent results include the design of an algorithm that allows probes to be placed on a large peer-to-peer network and to observe the activity on this network. The researchers have succeeded in analysing traffic on a network of four million machines, by placing around 20 probes and without resorting to large computation capacities.
- Detection of vulnerabilities in communicating systems: enabling manufacturers to carry out reliability tests
In the design and certification phase, parts manufacturers need to be able to test the reliability of their equipment and assess their resistance to different types of attacks or threats. With an isolated Internet network and ultra-secure equipment, the LHS provides an environment that is conducive to carrying out this type of testing.
Of the risks identified are, notably, internet telephony providers. In this field, the researchers from the Madynes team have developed a software suite called KIF that enables the automatic detection of breaches on IP telephony.