Research in progress: cybersecurity a major issue… to prevent security breaches!
Research in progress: cybersecurity a major issue… to prevent security breaches!
In an ultra-connected world in which more and more new technologies are coming together, cybersecurity must be a top priority. In order to keep up with the times and remain on the cutting-edge of innovation, researchers are constantly working around the world, including at EPITA – the school that even has its own research team dedicated to cybersecurity.
Behind the scenes of the new video episode of the “Recherche en cours, EPITA Laboratoire d’innovation” (Research in progress, EPITA Laboratory of Innovation) series, devoted to decentralized architectures to provide adapted security, Badis Hammi, a teacher-researcher at EPITA and member of the Cybersecurity team, agrees to speak about his job. This is quite remarkable for a specialist whose role is normally to prevent intrusion!
As a researcher, what are you working on?
Badis Hammi: My research theme is the proposal of decentralized approaches to improve the security of systems and networks. This is naturally integrated into the cybersecurity of computer networks. To understand this theme, you must already be somewhat familiar with computer security. Indeed, everyone uses the Internet today. The Internet is a global network where information is exchanged between machines and servers – which are also machines, but much more powerful. These networks function thanks to computer systems. As information circulates through these networks and systems, they can be attacked by malicious people. Part of our role in cybersecurity is to propose approaches to defend against these different types of attacks.
What approaches are we talking about?
In fact, my research theme includes two sub-themes in which I am particularly interested. The first is the proposed approach itself, which ensures the authentication and integrity of users, whether they are systems or people. For example, when you access your mailbox, you type in a login and password: this is known as authentication. However, in the computer world, there are several other authentication methods, such as when machines seek to authenticate themselves to other machines or when people seek to authenticate themselves to different systems. Therefore, our research work in this sub-theme consists in always looking for new approaches to ensure the security of users via cryptography. We can propose modifications of existing approaches to make them more robust or try new, original approaches.
The second element is the fact that it offers defense mechanisms against attacks. To visualize this aspect, imagine a medieval city without walls. Attackers can easily enter and take control of it. If the city has a wall and ramparts, the task of the enemies will become much more difficult, if not impossible. My job is to think about these walls at the computer level. Of course, there are many parameters to take into account: one can make holes in a wall, the latter can also wear out with time or even have been badly built at the beginning… Moreover, when they create protocols, developers and researchers sometimes also make mistakes – nobody is infallible – and they only realize it afterwards. These mistakes are loopholes that malicious people can fall through. Fortunately, if these loopholes are discovered, they can be plugged by creating patches that change the security approach to support the new constraint. However, sometimes the entire wall must be torn down to create a new one with other norms and standards
When we talk about cybersecurity, we often think about computers, but we forget that it affects more and more aspects of our daily lives. Is that correct?
Yes, it is. A good example is the automobile: today’s cars are not the same as those of the 1970s. They now have communication capabilities and can exchange messages via vehicle networks, also known as vehicular networks or intelligent transportation network systems. These networks connect vehicles to each other, but also to the infrastructure (on the roads, there are terminals that are part of these vehicular networks). Vehicles exchange information for three reasons: flow (to predict if there is a traffic jam via the number of messages exchanged on an application such as Waze, for example), safety (if the emergency brake of a vehicle is activated, a message is sent to all vehicles behind it so that they can brake automatically – the speed of these communications is much faster than the human brain, hence the interest of automation) and leisure (to allow passengers to be connected to the Internet, for example). As these communications are wireless, they are transmitted by radio waves through the air. Therefore, anyone with the right equipment could potentially be able to capture these communications and broadcast their own on the vehicular network. Without cybersecurity, we can imagine the threat that these vehicles could face from hackers or malicious people!
Why is research so important to you?
From our smartphones to Wi-Fi, almost all the technological advances we know and use today come from the world of research. Of course, manufacturers also play an important role in their development, as they are often the ones who adapt these ideas to the specific needs of end users. But at the beginning, there is always the researcher, whose role is to innovate by starting with the unknown to constantly improve the existing. In my opinion, researchers can clearly be compared to modern-day adventurers or explorers.
At EPITA, students can also participate in the activities of research teams and laboratories. What does this mean for them?
It brings them many things…. and us too! Indeed, teamwork in research is essential. Each person with whom we work has his or her own vision and it is precisely thanks to these different views that we, as researchers, can better understand the world and our own research. Staying alone in your own bubble can help you focus, of course, but it doesn’t allow you to see everything either. Another view is obtained from taking a step back, and very often this allows us to go further. On our Cybersecurity team, we have both professors and students who, later on, may work in research. Generally speaking, there are two types of students at EPITA: those who are interested in research, who show an adventurous side, and those who are more interested in the business world. Although complementary, these worlds are very different and an internship in a research laboratory has nothing to do with an internship in a company. Moreover, students who do a research internship are considered as colleagues by the other researchers with whom they discuss the different subjects and problems. They are fully part of the team. This is why I advise students interested in this sector to do an initial internship in the field to get a better idea of what research consists of. Some will really like it and will want to work in a laboratory, do a doctorate and write a thesis. Others will prefer to work in other areas, but they will definitely grow from this experience. It is important to remember that what students see in the lab is different from what they see in the classroom. If in the classroom, one generally follows the program to the letter, this is not the case in research where the goal is, above all, to explore and to find new ideas.