SAFE

The biometrics theme has three historical scientific axes: the definition, the evaluation of biometric systems and the protection of biometric data.

The axis consisting of designing new biometric systems will be enriched by working on the creation of new sensors in interaction with manufacturers. The objective is thus to increase recognition performance and above all to avoid presentation attacks (gelatin copy of a fingerprint for example). Several scientific obstacles will be addressed such as updating the biometric model using a minimum of data or adapting the functioning of the system according to the user in the continuity of Abir Mehnni’s thesis (supervised by C. Rosenberger and E. Cherrier). Another aspect which will also be developed during the five-year term (with possible interactions with the Forensics theme) is the exploitation of biometric data for forensic applications and the enrichment of biometric systems with language processing (in particular recognition of an individual by its keyboard typing dynamics and a semantic analysis of the content entered).

The evaluation axis of the theme will focus on two important aspects in biometrics, namely the quality of biometric data and the evaluation of presentation attacks. The team has been working for many years on measuring the quality of biometric data on modalities such as fingerprints and veins. We also intend to extend this approach to the face and in particular to 3D reconstructions of faces, as well as to behavioral modalities (e.g. keyboard typing dynamics) which are by nature less intrusive but also less efficient. The second aspect concerns the evaluation of presentation attacks. A new thesis (Abdarahmane Wone supervised by C. Rosenberger and C. Charrier) began in October 2019 on the problem of the resistance of biometric systems to presentation attacks. The context is the certification of biometric systems using repeatable protocols. One area of work concerns the generation of biometric databases of synthetic attacks from real data using approaches based on generative adversarial networks (GAN). Brice Wandji’s thesis starting in September 2020 (supervised by C. Rosenberger and C. Charrier) addresses the same problem but on behavioral biometric data. The EVABIO software platform developed within the team aimed at automating the evaluation of biometric systems is central in this context and allows us both to collaborate with manufacturers but also to provide the team with an efficient validation tool. and automated.

There are numerous interactions with the Forensics theme, particularly when we approach the notion of personal data protection within the framework of the GDPR (General Data Protection Regulation). The third axis of the biometrics theme concerns the protection of biometric data, including the use of original non-invertible transformation schemes. Tanguy Gernot’s thesis started in October 2019 (and supervised by Patrick Lacharme) concerns the evaluation of these transformations for the design of more robust solutions. The specificity of GREYC at the international level on this theme is very important for our industrial collaborations because these transformations allow centralized processing in compliance with the GDPR.

Head of research axis:  Christophe Rosenberger

This theme integrates several important aspects related to the design and validation of security architectures and models. In order to continue existing work, new attack detection methods and associated countermeasures will be developed as well as new security proofs using security primitives that can be formalized.

The first area of research concerns securing future SDN/5G/6G network technologies, via on-demand security approaches to cope with the variation in data security requirements depending on the services supported. The recruitment of the new professor Lyes Khoukhi in 2020 bringing skills in securing mobile and SDN networks (1 thesis in progress and 1 thesis defended in 2019 supervised by Lyes Khoukhi) and on the use of Blockchains (1 thesis in progress and 1 supported by Lyes Khoukhi) will make it possible to propose innovative architectures and models for SDN/5G/6G, in accordance with standardization standards and recommendations (ETSI, 3GPP, etc.). For this component, collaborations with Orange Labs will be established. What’s more, the problem of deploying security functions in Internet networks will continue to be modeled using first-order logic and graph theory, which will lead to new generic solutions, in the continuity of already existing work initiated by Jean-Marie Le Bars and Morgan Barbier. One of the security challenges lies at the junction of the physical and cyber worlds, or how it is possible to link an event in the physical world (energy distribution networks and ITS for example) and an event in the cyber world (IoT, industrial computing devices, etc.). To this end, it will be necessary to exploit a new way of managing these aspects of cybersecurity. Collaborations will be established with industrial operators (such as NXP, EDF).

A second axis will address the detection of attacks and associated countermeasures. This axis will also respond to security vulnerabilities and potential attacks against the systems and architectures studied. New models based on the exploitation of statistical biases using statistical learning or even deep learning techniques will be studied. Interactions with Theme 1 and in particular on the problems of detection of attacks by presentation could be highlighted. Countermeasure mechanisms will also be developed and combined with attack detection models, the objective of which is to respond to attacks in real time. Tests will be carried out on the forensic platform with real data linked to the Investigative Science Theme.

A third axis will focus on the study and modeling of Boolean functions for security purposes, continuing the work started by Jean-Marie Le Bars and Morgan Barbier. One of the objectives is to evaluate the security of systems based on corrective codes by studying the complexity of code theory problems; such as linking the Fuzzy Vault system and the Reed-Solomon code decoding problem. A second objective will be to determine the properties that the system data must verify so that security can be guaranteed. Indeed, the proper functioning of decoding requires that the data be well distributed in relation to the code words. Thanks to this study and the theoretical tools of corrective codes, the work will be able to focus on a formal study of the security of systems and architectures and show that security is reduced to difficult problems (NP-difficult, NP-complete) by example.

More generally, following on from the CAEN 2018 conference (Cryptography and Algorithmic Number Theory), the team is participating in the ArCoCrypt project (Arithmetic, Codes and Cryptography) with the Norman laboratories LITIS and LMNO; and JSecIN (Norman Computer Security Day).

Head of research axis:  Lyes Khoukhi

In our context, forensics brings together all the methods of analyzing digital traces in order to be used for investigative work in a broad manner. Digital traces can be used to profile people, identify behavior (fraud for example), to conduct an investigation either criminal (recovery of evidence in a criminal case) or in the event of an incident (identification of the reason of a failure linked for example to a virus) or finally to measure the invasion of a user’s privacy (to what extent is an individual identifiable?). This research theme corresponds to a growing interest of the team, an activity close to the biometrics theme and already covered in several theses from the past five years (thesis by Thomas Gougeon on the analysis of memory dumps or by Mathieu Valois on the security of passwords). pass). This expertise that we wish to develop will be useful for fraud detection applications (for example in the CIFRE thesis of Safa El Ayeb started in 2020 and supervised by E. Cherrier and C. Charrier), investigation within the framework of our collaboration with the gendarmerie (digital crime research section of Caen) and the IRCGN, for the identification of personal data (private life) or to better authenticate/identify an individual (in connection with the team’s Biometrics theme).

The team’s first line of research concerns automatic language processing, an essential component of the analysis of digital textual traces. With the arrival of Marc Spaniol and Emmanuel Giguet within the SAFE team, questions of automatic classification, search and automatic extraction of information will be studied through the different types of documents encountered (exchanges by email , message from discussion forums, instant conversation, mail, document, data from browser software, etc.) and through different file formats or digital traces, whether in a known format (e.g., PDF , Word, OpenDocument, …), or unknown (from carving techniques). Particular attention will be paid to the detection, analysis and linking of named entities (name, address, telephone, bank identifiers, digital identifiers, etc.) when aggregating this data.

A second line of work is the development of a forensic platform for the implementation or evaluation of digital trace analysis methods. We will capitalize on the professional knowledge of Emmanuel Giguet (former judicial expert for the Caen Court of Appeal for 10 years, specialized in the fight against child pornography). We will develop solutions for extracting information, exploring large heterogeneous collections, analyzing logs and even approaches linking digital identity and the real identity of individuals. The analysis of societal interactions in cyber space should allow us to better understand the mutual dependencies between Web content and the users who create and access it. Based on trust models (attack detection, primitives, etc.) developed in the team’s Security Architectures & Models theme, a varied solution for analyzing network packets (behavioral analysis of data flows, analysis of sources of IP packets, etc.) can also be integrated into this unifying platform.

Finally, we also wish to continue working in the field of personal data protection by continuing our participation in the APVP conference (program committee and scientific contribution) and jointly with the field of biometric data protection of the Biometrics theme. The scientific contributions in the first two areas of work will allow us to respond to privacy protection issues: can I identify the author of a document or a tweet? Do technical data (IP packet) or media allow personal information about an individual to be revealed?

Head of research axis:  Emmanuel Giguet

BARBIER Morgan – Associate professor at ENSICAEN

CHARRIER Christophe – Associate professor HDR at the University of Caen Normandie

CHERRIER-PAWLOWSKI Estelle – Associate professor at ENSICAEN

DIEN Matthieu – Associate Professor at IUT Grand Ouest Normandie

GERNOT Tanguy – Research engineer, CNRS

GIGUET Emmanuel – Research fellow HDR, CNRS

KHOUKHI Lyes – Professor of universities at ENSICAEN

LACHARME Patrick – Associate professor HDR at ENSICAEN

LE BARS Jean-Marie – Associate professor HDR at University Of Caen Normandie

REYNAUD Joan – Research engineer at ENSICAEN

ROSENBERGER Christophe – Professor of universities at ENSICAEN

SPANIOL Marc – Professor of universities at the University of Caen Normandie

SCHWARTZMANN Jean-Jacques – Orange

VERNOIS Sylvain – Research engineer at ENSICAEN

Armand Florent PIUGIE TSAFACK – Phd Student (CIFRE Teicée)

Neily SANON – Phd Student (CIFRE FIME)

Lilian BOUR – Phd Student (Région Normandie – St-Lô Agglo)

Olivier ATANGANA – Phd Student (CIFRE FIME)

Adam KADI – Phd Student (CIFRE 6cure)

Sara MAJBOUR – Phd Student

Zaineb IBORK – Phd Student (with Université Ibn Tofail de Kénitra)

Maxence MORIN – Phd Student (CIFRE Orange Innovation)

Aymene SELAMNIA – Phd Student (CIFRE Numeryx)

ABBAD Kamel – PhD Student (CIFRE NEAC INDUSTRY)

Abdarahmane Wone (2020-2023)
Abir Mehnni (2014-2019)
Anass Nouri (2013-2016)
Antoine Cabana (2015-2018)
Aude Plateaux (2010-2013)
Benoît Vibert (2013-2017)
Benoit Vibert (2014-2017)
Denis Migdal (2016-2019)
Germain Jollly (2012-2016)
Joannes Falade (2017-2020)
Johanne Vincent (2010-2013)
Julien Hatin (2014-2017)
Mathieu Valois (2017-2020)
Merly Hugo (2019-2022)
Mohamed El Abed (2008-2011)
Rima Belguechi (2009-2015)
Romain Giot (2010-2012)
Safa El Ayeb (2020-2023)
Syed Zulkarnain Syed Idrus (2010-2014)
Tanguy Gernot (2019-2022)
Tanguy Godquin (2017-2020)
Thomas Gougeon (2014-2017)
Vincent Alimi (2009-2012)
Xinwei Liu (2015-2018)
Yris Brice Wandji Piugie (2021-2023)
Zhigang Yao (2012-2015)

The SAFE team has several collaborations:

• national academic: IRISA, XLIM, LITIS…
• international academic: University of Toronto (Canada), University of Oslo (Norway), ENI de Sousse (Tunisia), University of Trondheim (Norway)…
• industrial: Orange Labs, FIME, TestWe, IN groupe, United Biometrics, Teicee…

Several software developed within the SAFE team for scientific mediation or as demonstrators of know-how: GREYC Keystroke (analysis of keyboard typing dynamics), GREYC Star (Which star do you look like?) …

The SAFE team actively participates in the GREYC “Cryptology & Security” seminar organized jointly with the LMNO and Orange Labs in Caen.

2024. Fingerprints of the same person look the same. Quotes from Christophe Rosenberger from 01/18/2024 written by Alexandra Delbot.

2023. Porn: with AI, the worrying boom in fake videos. Quote from Christophe Charrier in the Lexpress.fr article dated 05/04/2023, written by Anne Cagan.

2023. Six months later, what can we learn from the cyberattack on the IT department of the city of Caen? Quote from Tanguy Gernot in the Ouest-France.fr article dated 03/26/2023 written by Antonin Besnard [link]

2023. “A huge surface to attack”: municipalities, easy targets for hackers. Quote from Tanguy Gernot in the Lexpress.fr article dated 03/04/2023, written by Célia Cuordifede. [link]

2022. Understanding how cybersecurity works. Radio phenix podcast, show C’est pas faux. Interview with Tanguy Gernot and Emmanuel Giguet. 15/11/2022 [link] [audio]

2022. Cyberattack: why would a hacker target a town hall? Quote from Tanguy Gernot in the France 3 Région article dated 09/28/2022 written by Kanwaljit Singh.

2022. Caen Town Hall victim of a cyberattack: “they introduce software into the servers to encrypt the data and then demand a ransom. Quote from Tanguy Gernot in the France 3 Région article dated 09/27/2022 written by Jean-Yves Gelebart [link] [pdf]

2022. Cyberattack against the city of Caen. Interview on France 3 television news with Tanguy Gernot. [mp4]

2022. True or False: Is it better to store your data on a remote server? True or False, expert words. Interview with Christophe Rosenberger. Video broadcast on France 3 in October 2022

2022. True or False: A well-equipped computer is completely secure? True or False, expert words. Interview with Christophe Rosenberger. Video broadcast on France 3 in October 2022

2022. True or False: Computer attack, all data lost? True or False, expert words. Interview with Christophe Rosenberger. Video broadcast on France 3 in October 2022

2022. True or False: A complicated password guarantees security? True or False, expert words. Interview with Christophe Rosenberger. Video broadcast on France 3 in October 2022

2022. True or False: Are Cell Phones Ultra Secure? True or False, expert words. Interview with Christophe Rosenberger. Video broadcast on France 3 in October 2022

2022. Cyberattack: No one is safe from a hackerwritten by Karine Lepainteur.

2021. Passwords – the good and the badwith Michael Virgone and Christophe Rosenberger

2021. Behavioral biometricswith Michael Virgone and Christophe Rosenberger

2020. Biometric data, fingerprints scare mewith Christophe Rosenberger

2019. White paw yesterday, biometrics today. Quote from Christophe Rosenberger.

2018. Biometrics, identity at the finger and the eye. Quote from Christophe Rosenberger.

2017. What future for passwords?. Quote from Christophe Rosenberger.

2016. Biometrics: Identification in Action. Quote from Christophe Rosenberger.

2016. “Frappology”, when your keyboard says a lot about you. Quote from Christophe Rosenberger.

2016. Behavioral Profiling: The password you can’t change. Quote from Christophe Rosenberger.