Practical challenge

Cyber In Normandy 2024 is not just a list of interesting lectures in CyberSecurity.

Can you solve real Cybersecurity cases given by French companies? Each afternoon, you will work as a team on a real subject. The last afternoon, you will present in front of a jury the results of your work. The best project will be selected by the jury!

Ready to meet the challenge?

Cases to solve

Company: FIME (https://www.fime.com/) is a provider of training solutions and technical services, technology, test tools and certifications. FIME enables its customers to address their market efficiently and confidently through secure solutions embedded on smart cards or in the cloud, incorporating the latest authentication technologies including biometrics. With 11 offices worldwide serving more than 3,000 customers, FIME is active in the payment, telecommunications, transportation and e-ID industries.

Main objectives

Biometrics is an emerging technology used as cyber-security solution. It is present in diverse applications such as logical access, user authentication, ID documents, legal, etc. Biometric solutions have to be tested prior to their industrial production. These tests are done in certification laboratories. To assess the usability and security of biometric products, mainly two tests are done. The first test is focusing on the performance of the product under test. It measures metrics such false match rate and false non-match rates observed on the system on a test dataset. The second one is measuring the robustness of the product to presentation, e, g presentation attack detection.

Considering a complete biometric system as represented in the following figure, the objective is to attack a biometric system by interfering in the verification process and injecting a photo or a video to the biometric application as if it was captured live by the data capture subsystem.

These attacks are named injection attacks and use digital biometric data to modify the biometric sample or override the signal processor output.

The objective is to create a documented, practical methodology of biometric injection attacks of different levels and on different devices.

Case to solve

National Cyber Unit

National Cyber Unit is part of to the “Direction des opérations et de l'emploi de la ‌Gendarmerie nationale” (French Police forces) and is composed of digital investigators working to prevent and combat specialized, organized or transnational forms of cybercrime.

Context

Artificial Intelligence (AI) is a powerful tool for many applications in medical imaging, computer vision, natural language processing… Unfortunately, AI can also be used to attack computer systems. As for example, “the COVID pandemic has led to the wide adoption of online video calls in recent years. However, the increasing reliance on video calls provides opportunities for new impersonation attacks by fraudsters using the advanced real-time DeepFakes” [1].

We focus in this project on two main open questions within this context:

-       How is it easy to impersonate an individual during a videoconferencing?

-       How can we detect such deepfake attacks?

Objective

The goal of this project is to provide a state of the art and an operational testing of solutions for realizing/detecting deepfake attacks in videoconferencing.

Case to solve

Téïcée company

Based in Caen (Normandy) and Vitré (Brittany), téïcée provides expertise in the integration and development of Web and Mobile solutions, Systems & Networks Infrastructure and Telecoms. téïcée offers a complete and coherent range of services, including website development, virtualization, supervision, systems administration, data backup, network architecture deployment, VoIP, fiber optic and ethernet network installation, etc. téïcée has expertise in Linux solutions and Open Source products. téïcée company brings together high-level contributors, each with recognized skills and a wealth of experience. téïcée has joint research work with the GREYC research lab on this topic, especially on phishing detection.

Context

Digital forensics is a branch of forensic science that focuses on identifying, acquiring, processing, analyzing, and reporting on data stored electronically. Electronic evidence is a component of almost all criminal activities and digital forensics support is crucial for law enforcement investigations. Many others use cases can be concerned such as analyzing digital traces for privacy, culture heritage… In this project, we focus on emails that could reveal many information:

-       Email database description (number of emails, period…)

-       Email content (size, sentiment analysis, explicit content detection, geolocation, URL link…)

-       Personal user behavior (work period, intensity…)

-       Relationships between users (relational graph, professional/personal interaction…)

The benefit of using this tool is its ability to identify suspicious interactions between individuals, detect irregular patterns in exchanges, and so on.

Objective

The goal of this project is to provide a software having high-level features for email forensics. Many functionalities (from simplest to most difficult) can be present with a usable graphical user interface such as:

-       Database description [1-5]

-       Keyword query [12]

-       User analytics

-       Relational graph

-       Geolocation analysis

-       Sentiment analysis

-       Natural language query (expected functionality) [6-11]