Hugo BOURREAU (PhD Student)
Contact
You can reach me at hugo.bourreau@imt-atlantique.fr.
My research
PhD Student at IMT Atlantique
I'm a PhD Student working on digital twins and AI for cybersecurity.
Latest posts by Hugo Bourreau (see all)
My publications
2020
Navas, Renzo E; Sandaker, Håkon; Cuppens, Frédéric; Cuppens, Nora; Toutain, Laurent; Papadopoulos, Georgios Z
IANVS: A Moving Target Defense Framework for a Resilient Internet of Things Journal Article
In: Proceedings - IEEE Symposium on Computers and Communications, vol. 2020-July, 2020, ISSN: 15301346.
Abstract | Links | BibTeX | Tags: attack, ChaCha20, CoAP, design, framework, hping3, IoT, LoPy4, Moving Target Defense, MTD, port-hopping, reconnaissance, Security, stream-cipher
@article{Navas2020,
title = {IANVS: A Moving Target Defense Framework for a Resilient Internet of Things},
author = {Renzo E Navas and Hr{a}kon Sandaker and Fr\'{e}d\'{e}ric Cuppens and Nora Cuppens and Laurent Toutain and Georgios Z Papadopoulos},
doi = {10.1109/ISCC50000.2020.9219728},
issn = {15301346},
year = {2020},
date = {2020-01-01},
journal = {Proceedings - IEEE Symposium on Computers and Communications},
volume = {2020-July},
abstract = {The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.},
keywords = {attack, ChaCha20, CoAP, design, framework, hping3, IoT, LoPy4, Moving Target Defense, MTD, port-hopping, reconnaissance, Security, stream-cipher},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.
2018
Navas, Renzo E; Bouder, Hélène Le; Cuppens, Nora; Cuppens, Frédéric; Papadopoulos, Georgios Z
Demo: Do not trust your neighbors! a small iot platform illustrating a man-in-the-middle attack Journal Article
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11104 LNCS, pp. 120–125, 2018, ISSN: 16113349.
Abstract | Links | BibTeX | Tags: CoAP, E2E security, IoT, IPv6, MITM attack, RPL
@article{Navas2018,
title = {Demo: Do not trust your neighbors! a small iot platform illustrating a man-in-the-middle attack},
author = {Renzo E Navas and H\'{e}l\`{e}ne Le Bouder and Nora Cuppens and Fr\'{e}d\'{e}ric Cuppens and Georgios Z Papadopoulos},
doi = {10.1007/978-3-030-00247-3_11},
issn = {16113349},
year = {2018},
date = {2018-01-01},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
volume = {11104 LNCS},
pages = {120--125},
abstract = {This demonstration defines a small IoT wireless network that uses TI CC2538-OpenMote as hardware platform and state-of-the-art IETF network standards such as 6LoWPAN, RPL, and CoAP implemented by ContikiOS. The IoT nodes are controlled from outside the IoT network using end-to-end connectivity provided by IPv6-CoAP messages. We implement a man-in-the-middle attack that disrupts the normal behavior of the system. Our attack leverages on the inherent hierarchical routing topology of RPL-based IoT networks. The demonstration aims at highlighting the need for end-to-end source-authentication and authorization enforcement of information even inside a trusted IoT network. We also provide some insights on how these services can be offered in a IoT-friendly way.},
keywords = {CoAP, E2E security, IoT, IPv6, MITM attack, RPL},
pubstate = {published},
tppubtype = {article}
}
This demonstration defines a small IoT wireless network that uses TI CC2538-OpenMote as hardware platform and state-of-the-art IETF network standards such as 6LoWPAN, RPL, and CoAP implemented by ContikiOS. The IoT nodes are controlled from outside the IoT network using end-to-end connectivity provided by IPv6-CoAP messages. We implement a man-in-the-middle attack that disrupts the normal behavior of the system. Our attack leverages on the inherent hierarchical routing topology of RPL-based IoT networks. The demonstration aims at highlighting the need for end-to-end source-authentication and authorization enforcement of information even inside a trusted IoT network. We also provide some insights on how these services can be offered in a IoT-friendly way.
Kome, Marco Lobe; Cuppens, Frederic; Cuppens-Boulahia, Nora; Frey, Vincent
CoAP Enhancement for a better IoT centric protocol: CoAP 2.0 Journal Article
In: 2018 5th International Conference on Internet of Things: Systems, Management and Security, IoTSMS 2018, pp. 139–146, 2018, ISBN: 9781538695852.
Abstract | Links | BibTeX | Tags: CoAP, Discovery, IoT, Publish/Subscribe, Security
@article{Kome2018,
title = {CoAP Enhancement for a better IoT centric protocol: CoAP 2.0},
author = {Marco Lobe Kome and Frederic Cuppens and Nora Cuppens-Boulahia and Vincent Frey},
doi = {10.1109/IoTSMS.2018.8554494},
isbn = {9781538695852},
year = {2018},
date = {2018-01-01},
journal = {2018 5th International Conference on Internet of Things: Systems, Management and Security, IoTSMS 2018},
pages = {139--146},
publisher = {IEEE},
abstract = {The need to connect things is skyrocketing and the Internet of Things is drawing a clear pattern of the need for smarter things. We are proposing an upgrade of Constrained Application Protocol (CoAP) built upon the 3 main networking needs of a connecting thing: The discovery, the synchronous and asynchronous communications and the publish/subscribe. CoAP 2.0 as we call it, will allow building smart things independently of the use-case, with a single protocol, fewer lines of codes and with less impact on the memory.},
keywords = {CoAP, Discovery, IoT, Publish/Subscribe, Security},
pubstate = {published},
tppubtype = {article}
}
The need to connect things is skyrocketing and the Internet of Things is drawing a clear pattern of the need for smarter things. We are proposing an upgrade of Constrained Application Protocol (CoAP) built upon the 3 main networking needs of a connecting thing: The discovery, the synchronous and asynchronous communications and the publish/subscribe. CoAP 2.0 as we call it, will allow building smart things independently of the use-case, with a single protocol, fewer lines of codes and with less impact on the memory.
