Security and Content Protection Lab de
Transcription
Security and Content Protection Lab de
Madame, Monsieur, Vous trouverez ci-joint les propositions de stage du Security and Content Protection Lab de Technicolor R&D France pour l’année 2012 Nous vous remercions d’adresser vos candidatures à : [email protected] en indiquant la référence mentionnée en rouge en haut à gauche de chaque sujet de stage (sans cette référence nous ne serons pas en mesure de donner une suite à votre candidature). Veuillez agréer, Madame, Monsieur, l’expression de nos salutations les meilleures Le responsable des stages www.technicolor.com Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 1 Liste des stages du SCP lab / SCP lab internship list Ref. SCP/001: Experimenting and detecting home network attacks .................................................... 3 Ref. SCP/002: Improvement of 802.11 fingerprinting diversity ............................................................ 5 Ref. SCP/003: Analyse et reconstruction de modèles 3D protégés ...................................................... 7 Ref. SCP/004: Practical signature schemes from mild assumptions in the standard model ................ 9 Ref. SCP/005: Techniques d’obfuscation pour les algorithmes de chiffrement par bloc .................. 10 Ref. SCP/006: Evaluation et implémentation de système de vérification de filesystem sous Linux .. 11 Ref. SCP/007: Camcorder Path ............................................................................................................ 13 Ref. SCP/008: Extracting Salient Points from Fingerprint Trajectories ............................................... 15 Ref. SCP/009: Two-step Video Watermarking .................................................................................... 17 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 2 Ref. SCP/001: Experimenting and detecting home network attacks Context The present internship deals with home network security. Objective The present internship consists in experimenting and detecting home network attacks Subject of the internship (detailed description) Home networks are subject to attacks, such as attacks on WEP and WPA but also malware installation on devices of the home network. We suspect that today many of these attacks stay undiscovered by a normal user. In the future, home networks will become increasingly complex and grow in size. Therefore, in terms of security we suspect that home networks will be increasingly subject to attacks. The objective of this internship is to: Test a set of known home network attacks. Possibly discover new home network attacks. Investigate whether the observation of certain network parameters reveals the presence of aforementioned attacks. A non exhaustive list of network attacks tested during the internship is as follows: Attacks on WEP and WPA, rogue AP, MAC address spoofing, key retrieval from previously connected devices, malware installation … For each attack, the intern will have to observe a set of network parameters by passively listening to the home network traffic. Indeed, changes of some network parameters might occur in the presence of an attack. Namely the observed parameters are i) the sequence of frames sent during boot or wake-up of a device and ii) the DNS traffic generated by a device. Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 3 Working environment The intern will work with the home network security team composed of three research engineers. Development platforms are Linux but target hosts also include Windows. Profile of the applicant MSc. student specialized in networking and/or security. Hacker minded. Prerequisites Network security. Fluent English. Internship period & duration 6 months. Feb/March– July/August 2012 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 4 Ref. SCP/002: Improvement of 802.11 fingerprinting diversity Context The present internship deals with home network security. Objective The present internship consists in implementing and experimenting a 802.11 fingerprint diversity software Subject of the internship (detailed description) 802.11 fingerprinting is the process of collecting some measurable characteristics of 802.11 devices in order to identify or differentiate different 802.11 devices. Such characteristics may depend on the running application, the driver, the chipset or the Operating System of the target device. In some cases, these characteristics are distinctive enough to recognize precisely one device. In other cases, only the type or the manufacturer of the device can be recognized. Technicolor uses 802.11 fingerprinting to improve the security of home networks. In this context, fingerprinting thwarts MAC spoofing attacks and helps detecting rogue access points. The internship will investigate a method that increases the accuracy of existing fingerprinting methods. It involves installing dedicated software on fingerprinting targets. The method ensures that, without using a shared secret between the fingerprinter and the target, the accuracy of the fingerprinting method increases. The internship contains three main stages 1. Experimenting of state-of-art 802.11 fingerprinting methods, including a method patented by Technicolor. 2. Prototyping of generic software module increasing the fingerprint diversity. 3. Experiment of the accuracy gain and choice of optimal parameter range. Prototyping and experimenting will focus on 802.11 stations as target platform. A version for 802.11 access points may also be implemented but is not the initial target. According to the result, this work may result in a scientific publication. Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 5 Working environment The intern will work with the home network security team composed of three research engineers. Development platforms are Linux but target hosts also include Windows. Profile of the applicant MSc. student specialized in networking and/or security. Prerequisites Network security. Fluent English. Internship period & duration 6 months. Feb/March– July/August 2012 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 6 Ref. SCP/003: Analyse et reconstruction de modèles 3D protégés Contexte Les effets spéciaux et films d’animation sont basés sur des modèles 3D. Ces modèles 3D, utilisés à différents moments de la chaine de production, sont des données critiques qui doivent être sécurisées. Notre équipe a développé plusieurs techniques de sécurisation permettant de protéger la confidentialité de ces objets 3D, définis par des ensembles de points, en altérant leur structure géométrique de manière réversible. Ces techniques ont été implémentées et testées dans un outil de rendu propriétaire Technicolor et dans Google Sketchup. Modèle 3D original et exemples de modèles protégés avec différentes techniques But Le but du stage est de tester la robustesse de nos approches en analysant les différentes techniques de protection des modèles 3D afin de définir une ou plusieurs attaques de reconstruction permettant de retrouver les modèles originaux en se basant sur les données. Les aspects cryptographiques ne font pas partie du stage. Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 7 Sujet de stage Le stage se déroulera en deux étapes. Une première phase consistera à analyser les modifications apportées aux modèles par nos techniques de protection afin de déterminer quelles heuristiques pourraient être utilisées pour reconstruire les modèles originaux. La seconde phase s’attachera à mettre en œuvre ces mécanismes de reconstruction au sein d’un outil. Environnement de travail VRML ou autre Windows Outils 3D Profil du stagiaire Intérêt pour la 3D et la modélisation Esprit curieux ou hacker Compétences requises Développement logiciel Conception et modélisation d’objets 3D Durée et période du stage 6 mois. Fév/Mars– Juillet/août 2012 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 8 Ref. SCP/004: Practical signature schemes from mild assumptions in the standard model Context Digital Signatures constitute a fundamental brick in many cryptographic systems. Unfortunately, there is a consequent gap between security and efficiency in these primitives. In fact, the practical signature schemes that are based on mild, and thus well-studied, assumptions can only be proven secure in the Random Oracle Model which has known limitations. Objective The goal of the internship is the design of efficient signature schemes that are secure under popular (or weaker) assumptions in the standard model. Subject of the internship (detailed description) This internship will consist in: Studying the classical paradigms used to build signature schemes, namely hash-then-sign and tree-based signatures. Studying and improving the constructions of hash functions that mimic the random oracle model. Improving the recently proposed RSA-based signatures. Working environment The intern will be integrated to the cryptography team of the Security and Content Protection Labs which is composed of 4 researchers. Profile of the applicant Master II Research Prerequisites Cryptography and security proofs, Technical English is mandatory Internship period & duration: 6 months; start between February and April 2011 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 9 Ref. SCP/005: Techniques d’obfuscation pour les algorithmes de chiffrement par bloc Contexte Dans de nombreux cas d’utilisation, les systèmes de protection sont sujets à des attaques sur les machines hôtes sur lesquels les services de protection sont assurés. C’est le cas sur un PC par exemple, où les clés secrètes peuvent être facilement accessibles lorsque celles-ci transitent dans la mémoire vive. La protection des clés est un aspect essentiel de la sécurité de ces systèmes. Différentes techniques d’obfuscation ont été développées dans la littérature. Elles apportent une solution pratique et permettent d’atteindre, dans certains cas, un niveau de sécurité acceptable. But Le but du stage est l’implémentation de façon obfusquée d’un algorithme de chiffrement par bloc ainsi qu’une analyse de la robustesse de cette implémentation. Sujet de stage Le stage consiste à identifier un ou plusieurs algorithmes de chiffrement par bloc et d’étudier différentes techniques d’obfuscation ainsi que leurs performances. Cela impliquera notamment le choix de l’algorithme de chiffrement, du corps sous-jacent et de sa représentation, de l’arithmétique, ainsi que des techniques de masquage choisies. Environnement de travail Le stagiaire sera intégré à la cellule cryptographie du laboratoire sécurité composée de 4 chercheurs. Les développements seront faits sur une plateforme Linux. Profil du stagiaire Etudiant Master Recherche ou Pro en fin de cycle Compétences requises Cryptographie, programmation en C, anglais technique Durée et période du stage: 6 mois, début entre février et avril 2011. Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 10 Ref. SCP/006: Evaluation et implémentation de système de vérification de filesystem sous Linux Contexte Sous linux différents mécanismes de vérification d’intégrité et de confidentialité des filesystem existent. Ceux-ci ont pour but de contrôler qu’aucune modification n’a été effectuée par un programme malveillant. Les contraintes liées au monde de l’embarqué, différentes du monde PC, font que ces outils doivent être adaptés typiquement aux politiques de sécurité fortes et aux problèmes des performances. But Etudier les différents mécanismes existants en intégrité et en chiffrement de système de fichier Linux, proposer des améliorations si nécessaire afin d’obtenir un niveau de sécurité maximal sur des appareils de type set-top-box ou gateway. Ces mécanismes se situent pour partie au niveau du noyau Linux et devront être adaptés à la plateforme hardware. Les composants à étudier seront par exemple IMA, EMV, DM-crypt, SMACK. Sujet de stage Système de protection des filesystem sous linux pour l’embarqué Environnement de travail Security & Content Protection lab de Technicolor Profil du stagiaire Ingénieur développement logiciel embarqué. Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 11 Compétences requises Langages C OS Linux Une connaissance du développement sur OS type Android ou MEEGO est un plus. Des connaissances en cryptographie sont un plus. Durée et période du stage 6 mois à partir de février/mars Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 12 Ref. SCP/007: Camcorder Path Context: Digital watermarking is a technology that is complementary to conventional cryptography-based content protection. It basically consists in modifying multimedia content (image, video, audio etc) in an imperceptible manner so as to convey additional information in a robust fashion. In other words, the detector is expected to retrieve the watermark even if the protected content has been modified after the embedding process with routinely used signal processing primitives such as noise addition, filtering, lossy compression, etc. A key feature of digital watermarking is that is should survive the ‘analogue hole’. Indeed, human beings only comprehend analogue signals in plain text which induces that any cryptography-based protection technique has to be removed at some point, hence leaving the content vulnerable. In contrast, digital watermarking should be robust to D/A-A/D conversion e.g. print-and-scan, play-and-record, display-and-camcord… Today, watermarking techniques are used in application such as playback control, broadcast monitoring, audience measurement, traitor tracing, metadata binding, etc. Objective: Understand the impact of the camcorder path on the watermarking channel. Subject of the internship: Although robustness to D/A-A/D conversion is a key feature of watermarking system, it has been relatively understudied in video compared to audio (acoustic path) or image (print-and-scan). Previous studies often reduce camcording to a combination of a global geometrical transform (e.g. homographic transform) and a global illumination transform (e.g. gamma correction). However, recent investigations have clearly revealed the existence of time varying distortion due to the interplay between the rendering device and the acquisition device. During the internship, the selected candidate will: Review existing literature on rendering and acquisition devices in order to better understand the artefacts observed after D/A-A/D conversions for a variety of device combinations; Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 13 Survey the impact of such artefacts on state-of-the-art video watermarking performances and explore means to compensate or at least attenuate such effects; Investigate how to model the camcording path in order to design an efficient simulation tool to facilitate large-scale benchmarking campaigns. All the algorithms will be implemented in C/C++ on the current platform and extensively benchmarked. Working environment: The selected candidate will join the Security & Content Protection Labs of Technicolor, located in Rennes, France (26 employees), and Hanover, Germany (4 employees). The SCP Labs are made of 30 researchers and engineers working on several security related topics e.g. cryptography, network security, security assessment, security engineering, multimedia security. The internship will be based in Rennes, France. Profile of the applicant: 3rd year engineer or master, specialized in signal processing Prerequisites: C++ programming; Matlab; Signal processing; Optics; English. Internship period & duration: 6 months, April-September 2012 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 14 Ref. SCP/008: Extracting Salient Points from Fingerprint Trajectories Context: Fingerprinting consists in extracting and recording some DNA-like elementary features from a piece of content in order to be able to automatically recognize the content wherever the same features are extracted. This technology is most useful for applications such as content indexing, nearduplicate detection, metadata binding, monitoring and surveillance, etc. Objective: Isolate salient points from a fingerprint trajectory to pinpoint video frames that are stable enough to enable accurate registration. Subject of the internship: Technicolor developed a global fingerprint for still images and analyzes the dynamics of this compact descriptor over time to isolate key frames. These key frames are then used as anchor points to guide the resynchronization process of Technicolor’s video watermark detector. Due to the specific nature of this watermarking system, it is of paramount importance for the resynchronization to be frame accurate. During the internship, the selected candidate will: Define new types of key points when analyzing the trajectory made by the global fingerprint in the multi-dimensional feature space; Assess the stability of the key frames associated to the extracted key points against a wide array of signal processing primitives e.g. noise addition, spatial/temporal filtering, gamma correction, lossy compression, D/A-A/D conversion; Analyze the positive (or negative) impact of these new stable frames over the performances of the full existing resynchronization framework. All the algorithms will be implemented in C/C++ on the current platform and extensively benchmarked. Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 15 Working environment: The selected candidate will join the Security & Content Protection Labs of Technicolor, located in Rennes, France (26 employees), and Hanover, Germany (4 employees). The SCP Labs are made of 30 researchers and engineers working on several security related topics e.g. cryptography, network security, security assessment, security engineering, multimedia security. The internship will be based in Rennes, France. Profile of the applicant: 3rd year engineer or master, specialized in signal processing Prerequisites: C++ programming; Matlab; Signal processing; Dynamic programming; English. Internship period & duration: 6 months, April-September 2012 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 16 Ref. SCP/009: Two-step Video Watermarking Context: With the ease of distribution of digital contents, the risk of piracy remains a big concern for copyright holders. Digital watermarking is a technology that is complementary to conventional cryptography-based content protection and can be exploited to serialize content at delivery or rendering time. In other words, each customer is being served with a slightly different version of the content that uniquely identifies her. As a result, should the customer decide to share a pirate version of some content on the Internet, the copyright holder would be in a position to identify her and to take appropriate remedial actions. Such traitor tracing mechanisms are routinely used on content production chains and pre-release distribution (e.g. screeners) today and are likely to be soon extended to wider ecosystems in an attempt to create new business opportunities. Objective: Improve and/or incorporate new features to Technicolor’s existing video watermarking system Subject of the internship: In recent years, Technicolor developed its own watermarking solution following an innovative paradigm. In order to lower the complexity of the watermarking operation, it has been separate in two steps: a computationally expensive pre-processing step which identifies where and how to modify the bit stream and a blitz fast embedding step that reduces to a byte swapping operation in the bit stream. Depending on the profile of the candidate, the internship will explore one or several of the following research axes: Extend the current algorithm, which is dedicated to h264 AVC CABAC video, in order to support other codecs e.g. VC1, h264 MVC, etc; Understand the impact of modifying the bit stream in terms of temporal propagation (aka. watermark drift) in order to be able to watermark other frames than non-reference B frames; Investigate the pros and cons of alternate selection strategies in an attempt to maximize the number of embedding positions; Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 17 Understand the effect of the different parameters of the system on the final perceptual degradation induced by the watermarking operation. All the algorithms will be implemented in C/C++ on the current platform and extensively benchmarked. Working environment: The selected candidate will join the Security & Content Protection Labs of Technicolor, located in Rennes, France (26 employees), and Hanover, Germany (4 employees). The SCP Labs are made of 30 researchers and engineers working on several security related topics e.g. cryptography, network security, security assessment, security engineering, multimedia security. The internship will be based in Rennes, France. Profile of the applicant: 3rd year engineer or master, specialized in signal processing Prerequisites: C++ programming; Video compression (codecs, containers, etc); General signal processing knowledge; Algorithmic; English. Internship period & duration: 6 months, April-September 2012 Propositions de stage 2012 - Security and Content Protection Lab Technicolor R&D France 1, avenue de Belle Fontaine – CS 17616 35576 Cesson-Sévigné cedex, France tél. : +33 (0)2 99 27 30 00 - fax : +33 (0)2 99 27 30 01 SNC au capital de 152 000 euros Siège social : 1-5, rue Jeanne d’Arc 92130 Issy-les-Moulineaux, France 341 399 558 R.C.S. de Nanterre www.technicolor.com 18