Blog

  • Institut Polytechnique de Paris

    Institut Polytechnique de Paris

    Institut Polytechnique de Paris

    Publié le February 8 2019

    This Thursday, February 7, 2019, the Minister of the Armed Forces, Flor-ence Parly, and the Secretary of State to the Ministry of Economy and Fi-nance, Agnès Pannier-Runacher, visited École Polytechnique to officially unveil the name and brand of the new institution formed by the partner-ship between École Polytechnique, ENSTA ParisTech, ENSAE ParisTech, Télécom ParisTech and Télécom SudParis. All of the partner schools – working in collaboration with Carré Noir and Naemes, an agency special-izing in brand creation – were involved in the process of creating this new institutional identity: the Institut Polytechnique de Paris.

    NewUni 2018 signing

    A simple, explicit, evocative name

    Institut Polytechnique de Paris

    Publié le February 8 2019

    Institut Polytechnique de Paris is a concrete expression of our bold, collective ambitions, conveying our status as a leading global force in higher education, research and innovation. It also capitalizes on the international reputation and standing of École Polytechnique.

    Institut Polytechnique de Paris is a name for the international stage, embracing the French tradition of excellence, our identity as an educator, and the importance of our multi-disciplinary research. The brand evokes the prestige, culture, knowledge and global reach associated with Paris, the City of Lights.

    The new visual identity comprises a symbol and a typeface. The overall impression is one of elegance, universality and prestige. The circular logo represents the world, evoking images of partnership and plenitude: a circle which remains open, embodying our shared ambition and the promise of future collaborations. And in the heart of this symbol sits the stylized IP acronym.

    The symbol, joined with IP PARIS, will be used by each of the partner schools to mark their affiliation with the new entity while also retaining their own identity and branding.

    A new milestone in the formation of a world-leading scientific and techno-logical institution

    In October 2018, École Polytechnique, ENSTA ParisTech, ENSAE ParisTech, Télécom ParisTech and Télécom SudParis signed a new partnership agreement signalling the creation of a new scientific and technological institution of international importance. The process of uniting these five establishments is proceeding to schedule, and our cooperation has been intensified in many domains.

    More than 120 members of staff, divided into 25 working groups, are currently hard at work on the operational deployment of this new structure. Accreditation applica-tions have been submitted for our Master’s and doctoral programmes, enabling us to welcome a first intake of students to Institut Polytechnique de Paris in September 2019. The new institution’s doctoral school is in the process of being established.

    New partnerships will be announced over the coming months, with a host of French and international institutions. The publication of our new statutes in spring 2019 will formally establish the Institut Polytechnique de Paris, ready for the start of our first academic year in September 2019.

  • EIFFEL Excellence Scholarship Program

    EIFFEL Excellence Scholarship Program

    EIFFEL Excellence Scholarship Program

    Publié le January 22 2019

    EIFFEL Excellence Scholarship Program, developed by the Ministry of Europe and Foreign Affairs and managed by Campus France.

     

    Objective: To allow French higher education institutions to host the best foreign students in master’s and PhD programs.

     

    The Eiffel scholarship has 2 components:

     

    – Master degree program which allows to finance a master degree course from 12 to 36 months (1181 € per month)
    – PhD program which allows to finance 10-month mobility, under a co-supervision or a co-supervision of thesis (preferably the 2nd year of doctorate) (scholarship of 1400 € per month).

     

    Foreign students can not apply directly to this scholarship, applications are selected and then presented to Campus France by Telecom SudParis.

     

    Download the flyer English version or French version

    Useful information on Eiffel program

     

  • NewUni : Signing of the cooperation agreement

    NewUni : Signing of the cooperation agreement

    NewUni

    As part of the work being conducted under the supervision of Jean-Lou Chameau, a cooperation agreement has been drawn up by École Polytechnique, ENSTA ParisTech, ENSAE ParisTech, a GENES school, and two IMT schools, Télécom ParisTech and Télécom SudParis. Under this agreement, approved by the Boards of Governors, these “Écoles” have committed to creating a world-class science and technology institution. Éric Labaye, President of École Polytechnique, Élisabeth Crépon, Dean of ENSTA ParisTech, Philippe Cunéo, President of GENES, Pierre Biscourp, Dean of ENSAE ParisTech, Philippe Jamet, President of Institut Mines-Télécom, Yves Poilane, Dean of Télécom ParisTech, and Christophe Digne, Dean of Télécom SudParis, today signed the cooperation agreement between their institutions with a view to establishing “NewUni”.

    NewUni 2018 signing

    A shared ambition to achieve excellence

    NewUni : Signing of the cooperation agreement

    Publié le October 4 2018

    A shared ambition to achieve excellence

    On October 25, 2017, the French President made official the creation of a higher education and research institution through an alliance between five “Grandes Écoles”: École Polytechnique, ENSTA ParisTech, ENSAE ParisTech (a GENES school), Télécom ParisTech and Télécom SudParis (two IMT schools).

    This grouping of five institutions of excellence, provisionally named NewUni, has deliberately adopted an international approach toward higher education and research, and with this in mind aims to develop world-class research as well as clearly defined, attractive training programs which will guarantee a high degree of employability. The programs are targeted at a variety of audiences: those enrolled on Bachelor, Engineering, Master, PhD and lifelong learning courses.

    The grouping will allow these “Écoles” to join forces, develop their already existing cooperation and gain in clarity and visibility, especially on the international scene, by capitalizing on their strengths and leading changes which will align NewUni with international standards.  The “Écoles” all share a history, a set of common values, and the provision of training programs of excellence in French engineering. For many years now, they have been collaborating internationally in training and research, as well as in terms of infrastructure. Being based on the same campus together gives the “Écoles” remarkable potential, allowing them to magnify their strengths and set up joint projects.

    NewUni will focus on intensive rankings such as THE and QS which, as well as evaluating excellence in research and training, also take the success and employability of graduates into account.

    World-leading research

    The goal of the NewUni institutions is to develop world-leading research in close partnership with the national research bodies which jointly supervise laboratories – CNRS, INRIA, CEA, ONERA and INSERM – and in collaboration with industrial actors and academic partners, including the University of Paris-Saclay.

    The privileged relations between NewUni institutions and research bodies will be further strengthened with a view to developing a common research strategy, encompassing major initiatives such as cross-disciplinary research centers promoting multidisciplinary interaction between laboratories.

    The “Écoles” intend to strengthen the close ties they have developed with firms. This will involve an ambitious partnership policy, both in research and training. Research in social sciences will also be bolstered, as this field is essential to innovation and its economic and societal impact.

    NewUni intends to establish an attractive, competitive program for the development and recruitment of faculty members, in line with those of the flagship international institutions. This program will provide support for faculty members in developing their research work and will also help recently-recruited faculty members in their first steps.

    An original and ambitious doctoral program

    Top-level research relies on high-potential doctoral students. Well aware of global competition in attracting talents, NewUni institutions will offer an ambitious doctoral program with a rigorous selection of doctoral students who have completed a Licence or a Bachelor’s degree. This doctoral program, a forerunner in France, will be managed within a unique doctoral school and will attract the most promising students capable of developing original research, thus contributing to the renown of NewUni laboratories. The long-term goal is to double the number of doctoral students in NewUni laboratories.

    The NewUni institutions are convinced that integration between teaching and research at all levels of education is essential, and wish to further encourage the involvement of national research bodies in training and to test innovative programs and exchanges with them.

    Research faculties

    In terms of research strategy, NewUni aims both to strengthen the subject areas in which all of its institutions are renowned and to develop new fields. The five “Écoles” have created a working group in order to define these subject areas and to develop a research strategy based on the collective definition, management and evaluation of the work carried out by their research units in multidisciplinary faculties, in tandem with the national bodies responsible for joint supervision of certain units.

    These faculties will be set up in order to lead research, to boost interaction between disciplines and with firms, and to enhance the visibility of the research work developed by NewUni institutions. These faculties will cover such subject areas as “Natural Sciences and Mathematics”, “Engineering Sciences”, “Data Sciences and Information Technologies” and “Humanities and Social Sciences”.

    This form of organization will allow the “Écoles” to submit coordinated responses to the principal calls for proposals to obtain funding offered by the State, the European Union or private actors. It will also enable coordination between schools in terms of research and faculty job vacancies, in conjunction with national partner research bodies.

    These faculties will foster cross-disciplinary research whilst retaining the agility of research teams, working to provide solutions to challenges in several major fields:

    • energy and climate change: environment and climate, energy
    • security: cybersecurity and safety
    • digital: artificial intelligence, digital simulation and data science, networks and the Internet of Things
    • technology: quantum technologies, plasma, lasers and their uses, innovative materials and nanostructures
    • health: bio-medical engineering.

    Internationally attractive courses

    The NewUni “Écoles” are well-known for the outstanding quality of their courses which are deeply rooted in the core and engineering sciences: top-level, multidisciplinary scientific training in coordination with the corporate world, along with cutting-edge research. These highly competitive “Écoles” are unique in their selective recruitment methods and their graduates’ remarkable employability in the academic and corporate worlds and in government positions. The students they train benefit from an excellent staff-to-student ratio, allowing them to truly take advantage of high-quality teaching.

    These strong characteristics will form the DNA of the programs developed as part of the NewUni framework.

    NewUni intentionally positions itself in the competitive realm of global higher education by developing highly selective training courses which are clearly defined and attractive for international audiences. Going even further than the high-quality training offered through their engineering programs, NewUni institutions will offer unique learning opportunities led by internationally recognized faculty members and experts from the business world, which will enable them to attract the cream of French and international students. This common strategy will be based on the engineering training that the “Écoles” offer both individually and in blended programs and Bachelor, Master and PhD programs from NewUni, as well as lifelong learning opportunities.

    Some of these programs, taught in English and with the potential to attract the best international students, have already been successfully rolled out by several NewUni members.

    The Engineering programs in particular will offer students greater exposure to research and entrepreneurship.

    Priority will be given to social inclusion through a financial support policy and efforts to raise awareness and promote the programs among upcoming generations.

    All the Master’s degree programs for all the disciplines offered by NewUni members have now been defined.

    Throughout their training, NewUni students will come face-to-face with all economic sectors and discover entrepreneurship, innovation and related disciplines. All NewUni graduates will be able to boast a combination of in-depth core knowledge, initial experience in research and creativity, and will have an appetite for entrepreneurship and innovation.

    The “Écoles” will also work to develop and coordinate common continuing education programs and deploy a strategy for creating, enhancing and promoting online training, including MOOCs.

    Top-level employability

     Every student will benefit from specific support to ensure excellent employability, capitalizing on NewUni’s expertise and network of “Écoles” specialized in engineer training.

    Entrepreneurship and joint promotion of research

    Cooperation between the incubators and accelerators of the “Écoles” will be reinforced. This new network will bolster the entrepreneurial approach and will be of benefit to both researchers and students. Detection of spin-offs from the laboratories of the “Écoles” and the support they are provided will be become more mutualized.

    To promote the research findings, the “Écoles” will develop a common policy for patents, contract management and equity participation in start-ups.

    A welcoming campus

    The five “Écoles” will soon share the same campus. The goal is for the campus to remain on a human scale, for it to be attractive and to have a strong international feel. Beyond its position as a recognized academic institution, NewUni needs to offer a welcoming environment, a pleasant place to study, live, be entertained, experience culture and engage in sports activities. The architectural layout must be coherent in order to foster a sense of community belonging. Meeting areas will be created to promote dialogue and mobility within the campus.

    Coordination of operational activities

    To achieve these goals, operational activities will progressively be dovetailed, especially in the development of teaching and research programs, recruiting international students, hosting international faculty members, optimizing research and developing interactions with the corporate world. A network will be created to offer support for start-ups. Support services, such as infrastructure management, community life (especially housing and food services), communication, information systems, such as those used for training purposes, will also become increasingly coordinated. Fundraising campaigns will be developed and will take into account the ongoing work of the foundations.

    Incorporation of NewUni

    Status

    In accordance with the principles already agreed concerning its organization and operation, this group’s status will be in line with the new legislative provisions that will be introduced by the ordinance on new forms of alliances, groupings and mergers of higher education and research institutions.

    Agreements with other higher education and research institutions

    HEC has made the decision to partner with NewUni. Working groups from the “Écoles” and HEC have been set up to develop cooperation which will be finalized by means of a framework agreement.

    The “Écoles” will benefit from the opportunities offered by GENES and IMT, particularly in the areas of distance and lifelong learning programs and industrial relations.

    NewUni is also examining the possibility of building partnerships with other institutions and organizations.

    The brand 

    This grouping must be supported by an ambitious communication strategy. The priority is to create a striking international brand. The agency Carré Noir (Publicis Group) has agreed to assist the “Écoles” in their search for a brand name and the creation of a visual identity.

    The unveiling of the brand is scheduled for early 2019.

    Organization – Management board and working groups

    A management board has been established to launch and monitor the cooperation efforts. It ensures the proper completion of all initiated actions.

    This management board, a precursor to the NewUni Executive Committee, consists of executive directors from the “Écoles” and is chaired by Eric Labaye, President of École Polytechnique.

    At the same time, operational working groups involving personnel and students from the “Écoles” are being put in place.

    promo-telecomsudparis

    Join us to Télécom SudParis

    A school of NewUni

  • GDPR: Managing consent with the blockchain ?

    GDPR: Managing consent with the blockchain ?

    GDPR: Managing consent with the blockchain ?

    Blockchain and GDPR: two of the most-discussed keywords in the digital sector in recent months and years. At Télécom SudParis, Maryline Laurent has decided to bring the two together. Her research focuses on using the blockchain to manage consent to personal data processing.

    GDPR: Managing consent with the blockchain ?

    Publié le September 4 2018
    The GDPR has come into force at last! Six years have gone by since the European Commission first proposed reviewing the personal data protection rules. The European regulation, which came into force in April 2016, was closely studied by companies for over two years in order to ensure compliance by the 25 May 2018 deadline. Of the 99 articles that make up the GDPR, the seventh is especially important for customers and users of digital services. It specifies that any request for consent “must be presented in a manner which is clearly distinguishable from the other matters, in an intelligigble and easily accessible form, using clear and plain language.” Moreover, any company (known as a data controller) responsible for processing customers’ personal data “shall be able to demonstrate that consent was given by the data subject to the processing of their personal data.” Although these principles seem straightforward, they introduce significant constraints for companies. Fulfilling both of these principles (transparency and accounting) is not an easy task. Maryline Laurent, a researcher at Télécom SudParis with network security expertise, is tackling this problem. As part of her work for IMT’s Personal Data Values and Policies Chair — of which she is the co-founder — she has worked on a solution based on the blockchain in a B2C environment1. The approach relies on smart contracts recorded in public blockchains such as Ethereum. Maryline Laurent describes the beginning of the consent process that she and her team have designed between a customer and a service provider: “The customer contacts the company through and authenticated channel and receives a request from the service provider containing the elements of consent that shall be proportionate to the provided service.” Based on this request, customers can prepare a smart contract to specify information for which they agree to authorize data processing. “They then create this contract in the blockchain, which notifies the service provider of the arrival of a new consent,” continues the researcher. The company verifies that this corresponds to its expectations and signs the contract. In this way, the fact that the two parties have approved the contract is permanently recorded in a block of the chain. Once the customer has made sure that everything has been properly carried out, he may provide his data. All subsequent processing of this data will also be recorded in the blockchain by the service provider.  
    GDPR Schéma
    A smart contract approved by the Data Controller and User to record consent in the blockchain

    Facilitating audits

    This solution is not only advantageous for customers. Companies also benefit from the use of consent based on the blockchain. Due to the transparency of public registers and the unalterable time-stamped registration that defines the blockchain, service providers can comply with the auditing need. Article 24 of the GDPR requires the data controller to “implement appropriate technical and organizational measures to ensure and be able to demonstrate that the  processing of personal data is performed in compliance with this Regulation.” In short, companies must be able to provide proof of compliance with consent requirements for their customers. “There are two types of audits,” explains Maryline Laurent. “A private audit is carried out by a third-party organization that decides to verify a service provider’s compliance with the GDPR.” In this case, the company can provide the organization with all the consent documents recorded in the blockchain, along with the associated operations. A public audit, on the other hand, is carried out to ensure that there is sufficient transparency for anyone to verify that everything appears to be in compliance from the outside. “For security reasons, of course, the public only has a partial view, but that is enough to detect major irregularities,” says the Télécom SudParis researcher. For example, any user may ensure that once he/she has revoked consent, no further processing is performed on the data concerned. In the solution studied by the researchers, customers are relatively familiar with the use of the blockchain. They are not necessarily experts, but must nevertheless use software that allows them to interface with the public register. The team is already working on blockchain solutions in which customers would be less involved. “Our new work2 has been presented in San Francisco at the 2018 IEEE 11th Conference on Cloud Computing, which hold from 2 to 7 July 2018. It makes the customer peripheral to the process and instead involves two service providers in a B2B relationship,” explains Maryline Laurent. This system better fits a B2B relationship when a data controller outsources data to a data processor and enables consent transfer to the data processor. “Customers would no longer have any interaction with the blockchain, and would go through an intermediary that would take care of recording all the consent elements.” Between applications for customers and those for companies, this work paves the way for using the blockchain for personal data protection. Although the GDPR has come into force, it will take several months for companies to become 100% compliant. Using the blockchain could therefore be a potential solution to consider. At Télécom SudParis, this work has contributed to “thinking about how the blockchain can be used in a new context, for the regulation,” and is backed up by the solution prototypes. Maryline Laurent’s goal is to continue this line of thinking by identifying how software can be used to automate the way GDPR is taken into account by companies.  

    1 N. Kaâniche, M. Laurent, “A blockchain-based data usage auditing architecture with enhanced privacy and availability“, The 16th IEEE International Symposium ong Network Computing and Applications, NCA 2017, ISBN: 978-1-5386-1465-5/17, Cambridge, MA USA, 30 Oct. 2017-1 Nov. 2017.  

    N. Kaâniche, M. Laurent, “BDUA: Blockchain-based Data Usage Auditing“, IEEE 11th Conference on Cloud Computing, San Francisco, CA, USA, 2-7 July 2018


    Source :  @I’MTech
  • Soft-Landing in Paris, getting to know La French Tech

    Soft-Landing in Paris, getting to know La French Tech

    Discover the French startup ecosystem

    In May, IMT starter, the Soft-Landing French partner, welcomed in Paris a delegation of startups, scaleups and ecosystem builders with the goal to discover the French startup ecosystem during a one week Mission.

    During the Mission, participants experienced the French entrepreneurial environment, and had the opportunity to connect with investors and funding organizations, as well as to work with business mentors who challenged the startups’ business ideas.

    Discover the French startup ecosystem

    Start-up launching

    Publié le July 13 2018

    Work with the Frenchs & Europeans actors of the startup ecosystem

    The week was varied at the level of the missions. The first day, there was a session “launch of start-ups and of scaleups”. The principle was to find ideas for help the young companies to be accelerated and to survive in the European ecosystem.

    The first day

    There was a session “launch of start-ups and of scaleups”. The principle was to find ideas for help the young companies to be accelerated and to survive in the European ecosystem.

    The second day

    One-on-one mentoring session for each company with successful entrepreneurs. The mentors challenged the participant’s business ideas and explored discussion on policy-making, ecosystem leaders, political and social aspects in expanding to the French market, other European countries and eventually, to Silicon Valley

    The third day

    The IMT Starter’s team received 15 ecosystem builders in Paris and soon after, headed to IMT Starter Incubator. Startups, ecosystem builders and speakers had the chance to network together. After this, they took a short trip to Genopole, a first biocluster in the France entirely dedicated to biotherapies, genetic research and development of biotechnology industries.

    In the afternoon, they had the luck to visit the world’s biggest startup campus, STATION F.

    The fourth day

    Even there, the participants had more luck. Indeed, they had guest the participants access to VivaTech, the world’s meeting point for startups and leaders.

    The fifth day

    In addition to the networking, discussions about Research & Developement, financing tools and business opportunities, they had a meeting with La French Tech and Systematic Cluster who introduced the community of entrepreneurs and startups in France and abroad.

     

  • Soft Landing: A partnership between European incubators for developing international innovation

    Soft Landing: A partnership between European incubators for developing international innovation

    Soft Landing: A partnership between European incubators for developing international innovation

    How can European startups be encouraged to reach beyond their countries’ borders to develop internationally? How can they come together to form new collaborations? The Soft Landing project, in which business incubator IMT Starter is participating, allows growing startups and SMEs to discover the ecosystems of different European incubators. The goal is to offer them support in developing their business internationally. 

    Publié le April 11 2018

    Europe certainly acknowledges the importance of each country developing its own ecosystem of startups and SMEs, yet each ecosystem is developing independently,” explains Augustin Rads, business manager at IMT Starter. The Soft Landing project, which receives funding from the European Union’s Horizon 2020 program, seeks to find a solution to this problem. “The objective is, on the one hand to promote exchanges between the different startup and SME ecosystems, and on the other hand to provide these companies with a more global vision of the European market beyond their borders,” he explains.

    Soft Landing resulted from collaboration between five European incubators: Startup Division in Lithuania, Crosspring Lab in the Netherlands, GTEC in Germany,  F6S Network in the UK, and IMT Starter, the incubator run by Télécom SudParis and Télécom École de Management in Évry, France. As part of the project, each of these stakeholders must first discover the startup and SME ecosystems developing in their partners’ countries. Next, interested startups that see a need for this support will be able to temporarily join an incubator abroad, for a limited period.

     

    Discovering each country’s unique characteristics

    Over the course of the two-year project, representatives from each country will visit partner incubators to discover and learn about the startup ecosystem that is developing there. The representatives are also seeking to identify specific characteristics, skills, and potential markets in each country that could interest startups in their own country. “Each country has its specific areas of interest: the Germans work a lot on the theme of the industry, whereas in the Netherlands and Lithuania, the projects are more focused on FinTech, “Augustin Radu adds. “At IMT Starter, we are more focused on information technologies.”

    Once they have completed these discovery missions, the representatives will return to their countries’ startups to present the potential opportunities. “At IMT Starter, we have planned a mission in Germany in March, another in the Netherlands in April, in May we will host a foreign representative, and in June we will go to Lithuania,” Augustin Radu explains. “There may be other missions outside the European Union as well, in the Silicon Valley and in India.

     

    Hosting foreign startups in the incubators

    Once each incubator’s specific characteristics and possibilities have been defined, the startups can request to be hosted by a partner ecosystem for a limited period. “As an incubator, we will host startups that will benefit from our customized support.” says Augustin Radu. “They will be able to move into our offices, take advantage of our network of industrial partners, and work with our researchers and laboratories. The goal is to help them find talent to help grow their businesses.

    Of course, there is a selection process for startups that want to join an incubator,” the business manager adds. “What are their specific needs? Does this match the host country’s areas of specialization?” In addition, the startup or SME should ideally have an advanced level of maturity, be well rooted in its country of origin and have a product that is already finalized. According to Augustin Radu, these are the prerequisites for a company to benefit from this opportunity to continue its development abroad.

     

    Remove barriers that separate startups and research development

    While all four of the partner structures are radically different, they are all very well-rooted in their respective countries,” the business manager explains. IMT Starter is in fact the only incubator participating in this project that is connected to a higher education and research institution, IMT. A factor that Augustin Radu believes will greatly enhance the French incubator’s visibility.

    In addition to fostering the development of startups abroad, the Soft Landing project also removes barriers between companies and the research community by proposing that researchers at schools associated with IMT Starter form partnerships with the young foreign companies. “Before this initiative, it was difficult to imagine a French researcher working with a German startup! Whereas today, if a young European startup joins our incubator because it needs our expertise, it can easily work with our laboratories.”

    The project therefore represents a means of accelerating the development of innovation, both by building bridges between the research community and the startup ecosystem, as well as by pushing young European companies to seek an international presence. “For those of us in the field of information technology, if we don’t think globally we won’t get anywhere!” Augustin Radu exclaims. “When I see that in San Francisco, companies immediately think about exporting outside the USA, I know our French and European startups need to do the same thing!” This is a need the Soft Landing project seeks to fulfill by broadening the spectrum of possibilities for European startups. This could allow innovations produced in the Old World to receive the international attention they deserve.

  • Passwords : security, vulnerability and constraints

    Passwords : security, vulnerability and constraints

    Passwords : security, vulnerability and constraints

    Publié le March 12 2018

    What is a password?

    A password is a secret linked to an identity. It associates two elements, what we own (a bank card, badge, telephone, fingerprint) and what we know (password or code).

    Passwords are very widely used, for computers, telephones, banking. The simplest form is the numerical code (PIN), with 4 to 6 numbers. Our smartphones therefore use two PIN codes, one to unlock the device, and another associated with the SIM card, to access the network. Passwords are most commonly associated with internet services (email, social networks, e-commerce, etc.).

    Today, in practical terms, identity is linked to an email address. A website uses it to identify a person. The password is a secret, known by both the server and the user, making it possible to “prove” to the server that the identity provided is authentic. Since an email address is often public, knowing this address is not enough for recognizing a user. The password is used as a lock on this identity. Therefore, passwords are stored on the websites we log in to.

    What is the risk associated with this password?

    The main risk is password theft, in which the associated identity is stolen. A password must be kept hidden, so that it remains secret, preventing identity theft when incidents arise, such as the theft of Yahoo usernames.

    Therefore, a website doesn’t (or shouldn’t) save passwords directly. It uses a hash function to calculate the footprint, such as the bcrypt function Facebook uses. With the password, it is very easy to calculate the footprint and verify that it is correct. On the other hand, it is very difficult mathematically to find the code if only the footprint is known.

    Searching for a password by following the footprint

    Unfortunately, technological progress has made brute force password search tools, like “John the Ripper” extremely effective. As a result, an attacker can find passwords fairly easily using footprints.

    The attacker can therefore capture passwords, for example by tricking the user. Social engineering (phishing) causes users to connect to a website that imitates the one they intended to connect to, thus allowing the attacker to steal their login information (email and password).

    Many services (social networks, shops, banks) require user identification and authentication. It is important be sure we are connecting to the right website, and that the connection is encrypted (lock, green color in the browser address bar), to prevent these passwords from being compromised.

    Can we protect ourselves, and how?

    For a long time, the main risk involved sharing computers. Writing your password on a post-it note on the desk was therefore prohibited. Today, in a lot of environments, this is a pragmatic and effective way of keeping the secret.

    The main risk today involves to the fact that an email address is associated with the passwords. This universal username is therefore extremely sensitive, and naturally it is a target for hackers. It is therefore important to identify all the possible means an email service provider offers to protect this address and connection. These mechanisms can include a code being sent by SMS to a mobile phone, a recovery email address, pre-printed one-time use codes, etc. These methods control access to your email address by alerting you of attempts to compromise your account, and help you regain access if you lose your password.

    For personal use

    Another danger involves passwords being reused for several websites. Attacks on websites are very common, and levels of protection vary greatly. Reusing one password on several websites therefore very significantly increases the risk of it being compromised. Currently, the best practice is to therefore to use a password manager, or digital safe (like KeePass or Password Safe, free and open software), to save a different password for each website.

    The automatic password generation function offered by these managers provides passwords that are more difficult to guess. This greatly simplifies what users need to remember and significantly improves security.

    It is also good to keep the database on a flash drive, and to save it frequently. There are also cloud password management solutions. Personally, I do not use them, because I want to be able to maintain control of the technology. That could prevent me, for example, from using a smart phone in certain environments.

    For professionals

    Changing passwords frequently is often mandatory in the professional world. It is often seen as a constraint, which is amplified by the required length, variety of characters, the impossibility of using old passwords, etc. Experience has shown that too many constraints lead users to choose passwords that are less secure.

    It is recommended to use an authentication token (chip card, USB token, OTP, etc.). At a limited cost, this offers a significant level of security and additional services such as remote access, email and document signature, and protection for the intranet service.

    Important reminders to avoid password theft or limit its impact

    Passwords, associated with email addresses, are a critical element in the use of internet services. Currently, the two key precautions recommended for safe use is to have one password per service (if possible generated randomly and kept in a digital safe) and to be careful to secure sensitive services, such as email addresses and login information (by using the protective measures provided by these services, including double authentication via SMS or recovery codes, and remaining vigilant if anything abnormality is detected). You can find more recommendations on the ANSSI website.

    Hervé Debar, Head of the Telecommunications Networks and Services department at Télécom SudParis, Télécom SudParis – Institut Mines-Télécom, Université Paris-Saclay

    The original version of this article was published in French on The Conversation France.

  • When the internet goes down

    When the internet goes down

    Hervé DebarTélécom SudParis – Institut Mines-Télécom, Université Paris-Saclay

    “A third of the internet is under attack. Millions of network addresses were subjected to distributed denial-of-service (DDoS) attacks over two-year period,” reports Warren Froelich on the UC San Diego News Center website. A DDoS is a type of denial-of-service (DoS) attack in which the attacker carries out an attack using many sources distributed throughout the network.But is the journalist justified in his alarmist reaction? Yes and no. If one third of the internet was under attack, then one in every three smartphones wouldn’t work, and one in every three computers would be offline. When we look around, we can see that this is obviously not the case, and if we now rely so heavily on our phones and Wikipedia, it is because we have come to view the internet as a network that functions well.

    Still, the DDoS phenomenon is real. Recent attacks testify to this, such as botnet Mirai’s attack on the French web host OVH, and the American web host DynDNS falling victim to the same botnet.

    The websites owned by customers of these servers were unavailable for several hours.

    What the article really looks at is the appearance of IP addresses in the traces of DDoS attacks. Over a period of two years, the authors found the addresses of two million different victims, out of the 6 million servers listed on the web.

    Traffic jams on the information superhighway

    Units of data, called packets, circulate on the internet network. When all of these packets want to go to the same place or take the same path, congestion occurs, just like the traffic jams that occur at the end of a workday.

    It should be noted that in most cases it is very difficult, almost impossible, to differentiate between normal traffic and denial of service attack traffic. Traffic generated by “Flash crowd” and “slashdot effect” phenomena is identical to the traffic witnessed during this type of attack.

    However, this analogy only goes so far, since packets are often organized in flows, and the congestion on the network can lead to these packets being destroyed, or the creation of new packets, leading to even more congestion. It is therefore much harder to remedy a denial-of-service attack on the web than it is a traffic jam.

    attaques
    Diagram of a deny of service attack. Everaldo Coelho and YellowIcon

     

    This type of attack saturates the network link that connects the server to the internet. The attacker does this by sending a large number of packets to the targeted server. These packets can be sent directly if the attacker controls a large number of machines, a botnet.

    Attackers also use the amplification mechanisms integrated in certain network protocols, such as the naming system (DNS) and clock synchronization (NTP). These protocols are asymmetrical. The requests are small, but the responses can be huge.

    In this type of attack, an attacker contacts the DNS or NTP amplifiers by pretending to be a server that has been attacked. It then receives lots of unsolicited replies. Therefore, even with a limited connectivity, the attacker can create a significant level of traffic and saturate the network.

    There are also “services” that offer the possibility of buying denial of service attacks with varying levels of intensity and durations, as shown in an investigation Brian Krebs carried out after his own site was attacked.

    What are the consequences?

    For internet users, the main consequence is that the website they want to visit is unavailable.

    For the victim of the attack, the main consequence is a loss of income, which can take several forms. For a commercial website, for example, this loss is due to a lack of orders during that period. For other websites, it can result from losing advertising revenue. This type of attack allows an attacker to use ads in place of another party, enabling the attacker to tap into the revenue generated by displaying them.

    There have been a few, rare institutional attacks. The most documented example is the attack against Estonia in 2007, which was attributed to the Russian government, although this has been impossible to prove.

    Direct financial gain for the attacker is rare, however, and is linked to the ransom demands in exchange for ending the attack.

    Is it serious?

    The impact an attack has on a service depends on how popular the service is. Users therefore experience a low-level attack as a nuisance if they need to use the service in question.

    Only certain large-scale occurrences, the most recent being the Mirai botnet, have impacts that are perceived by a much larger audience.

    Many servers and services are located in private environments, and therefore are not accessible from the outside. Enterprise servers, for example, are rarely affected by this kind of attack. The key factor for vulnerability therefore lies in the outsourcing of IT services, which can create a dependence on the network.

    Finally, an attack with a very high impact would, first of all, be detected immediately (and therefore often blocked within a few hours), and in the end would be limited by its own activities (since the attacker’s communication would also blocked), as shown by the old example of the SQL Slammer worm.

    Ultimately, the study shows that the phenomena of denial-of-service attacks by saturation have been recurrent over the past two years. This news is significant enough to demonstrate that this phenomenon must be addressed. Yet this is not a new occurrence.

    Other phenomena, such as routing manipulation, have the same consequences for users, like when Pakistan Telecom hijacked YouTube addresses.

    Good IT hygiene

    Unfortunately, there is no surefire form of protection against these attacks. In the end, it comes down to an issue of cost of service and the amount of resources made available for legitimate users.

    The “big” service providers have so many resources that it is difficult for an attacker to catch them off guard.

    Still, this is not the end of the internet, far from it. However, this phenomenon is one that should be limited. For users, good IT hygiene practices should be followed to limit the risks of their computer being compromised, and hence used to participate in this type of attack.

    It is also important to review what type of protection outsourced service suppliers have established, to ensure sure they have sufficient capacity and means of protection.

    Hervé Debar, Head of Department Networks and Telecommunications services, Télécom SudParis – Institut Mines-Télécom, Université Paris-Saclay

    The original version of this article (in French) was published on The Conversation.

  • Data&Musée – Developing data science for cultural institutions

    Data&Musée – Developing data science for cultural institutions

    Télécom SudParis and Télécom ParisTech are taking part in Data&Musée, a collaborative project led by Orpheo, launched on September 27, 2017. The project’s aim is to provide a single, open platform for data from cultural institutions in order to develop analysis and forecasting tools to guide them in developing strategies and expanding their activities.

     

    Data science is a recent scientific discipline concerned with extracting information, analyses or forecasts from a large quantity of data. It is now widely used in many different industries from energy and transport to the healthcare sector.

    However, this discipline has not yet become a part of French cultural institutions’ practices. Though institutions collect their data on an individual level, until now there had been no initiative to aggregate and analyze all the data from French museums and monuments. And yet, gathering this data could provide valuable information for institutions and visitors alike, whether to establish analyses of cultural products in France, measure institutions’ performance or provide visitors with helpful recommendations for museums and monuments to visit.

    The Data&Musée project will serve as a testing ground for exploring the potential of data analysis for cultural institutions and determining how this data can help institutions grow. The project is led by the Orpheo group, a provider of guide systems (audio-guide systems, multimedia guides, software etc.) for cultural and tourist sites, and has brought together researchers and a team of companies specialized in data analysis such as Tech4TeamKernixMyOrpheo. The Centre des Monuments Nationaux, an institution which groups together nearly 100 monuments, and Paris Musées, an organization which incorporates 14 museums in Paris, have agreed to test the project on their sites.

    A single, open platform for centralizing data

    The Data&Musée project strives to usher museums into the data age by grouping together a great number of cultural institutions on Teralab, IMT and GENES’s shared data platform. “This platform provides a neutral, secure and sovereign storage hosting space. The data will be hosted on the IMT Lille Douai site in France,” explains Antoine Garnier, the head of the project at IMT. “Teralab can host sensitive data in accordance with current regulations and is already recognized as a trustworthy tool.

    In addition, highly sensitive data can be anonymized if necessary. The project could enlist the help of Lamane, a startup specializing in these technical issues, which was created through IMT Atlantique incubators.

    Previously-collected individual data from each institution, such as ticketing data or web site traffic, will be combined with new sources collected by Data&Musée and created by visitors using a smart guestbook (currently being developed by the corporate partner GuestViews), social media analysis and an indoor geolocation system.

    Orpheo seeks to enhance the visitor journey but is not certain whether it should be up to the visitor or carried out automatically,” explains Nel Samama, whose research laboratory at Télécom SudParis is working with Orpheo on the geolocation aspect. “Analyzing flows in a fully automatic way means using radio or optical techniques, which function correctly in demonstration mode but are unreliable in real use. Having the visitor participate in this loop would simplify it tremendously.

    Developing tools for indications, forecasting and recommendations

    Based on an analysis of this data, the goal is to develop performance indicators for museums and build tools for personalizing the visitor experience.

    Other project partners including Reciproque, a company that provides engineering services for cultural institutions, and the UNESCO ITEN chair (Innovation, Transmission and Digital Publishing), will use the data collected to work on modeling aesthetic taste in order to determine typical visitor profiles and appropriate recommendations for content based on these profiles. This tool will therefore increase visitors’ awareness of the rich offerings of French cultural institutions and therefore boost the tourism industry. Jean-Claude Moissinac, a research professor at Télécom ParisTech, is working on this aspect of the project in partnership with Reciproque. “I’m especially interested in data semantics, or web semantics,” explains the researcher. “The idea is to index all the data collected in a homogenous way, then use it to make a graph in order to interlink the information. We can then infer groups, which may be works or users. After that, we use this knowledge to propose different paths.”

    The project plans to set up an interface through which partner institutions may view their regional attendance, visitor seasonality, and segmentation compared to other institutions with similar themes. Performance indicators will also be developed for the museums. The various data collected will be used to develop analytical and predictive models for visiting cultural sites in France and for providing these institutions with recommendations to help them determine strategies for expanding their activities.

    With a subscription or contribution system, this structured data could eventually be transmitted to institutions that do not produce data or to third parties with the consent of institutions and users. A business model could therefore emerge, allowing Data&Musée to live on beyond the duration of the project.

    Project supported by Cap Digital and Imaginove, with funding from Bpifrance and Région Île-de-France.

  • GreenTropism, the start-up making matter interact with light

    GreenTropism, the start-up making matter interact with light

    The start-up GreenTropism, specialists in spectroscopy, won an interest-free loan from the Fondation Mines-Télécom last June. It hopes to use this to reinforce its R&D and develop its sales team. Its technology is based on automatic learning and is intended for both industrial and academic use, offering application perspectives ranging from the environment to the IoT.

     

    Is your sweater really cashmere? What is the protein and calorie content of your meal? Perhaps the answers to these questions come from one single field of study: Spectroscopy. Qualifying and quantifying material is at the heart of the mission of GreenTropism, a start-up incubated at Télécom SudParis. To do this, innovators use spectroscopy. “The discipline studies interactions between light and matter”, explains Anthony Boulanger, CEO of GreenTropism. “We all do spectroscopy without even knowing it, because our eyes actually work as spectrometers: they are light-sensitive and send out signals which are then analyzed by our brains. At GreenTropism, we play the role of the brain for classic spectrometers using spectral signatures, algorithms and machine learning.

    The old becoming the new

    GreenTropism is based on two techniques implemented in the 1960’s: spectroscopy and machine learning. Getting to grips with the first of these requires an acute knowledge of what a photon is and how it interacts with matter. Depending on the kind of light rays used (i.e. X-rays, ultra-violet, visible, infrared, etc.) the spectral responses are not the same. According to what we are wanting to observe, the nature of a radiation type will be more or less suitable. Therefore, UV rays detect, amongst other things, organic molecules in aromatic cycles, whilst close infrared allows the assessment of water content, for example.

    The machine learning element is managed by data scientists working hand in hand with geologists and biochemists from the R&D team at GreenTropism. “It’s important to fully understand the subject we are working on and not to simply process data”, specifies Anthony Boulanger. The start-up has been developing machine learning in the hope of processing several types of spectral data. “Early on, we set up an analysis lab within Irstea. Here, we assess samples with high-resolution spectrometers. This allows us to supplement our database and therefore create our own algorithms. In spectroscopy, there is great variation of data. These come from the environment (wood, compost, waste, water, etc.), from agriculture, from cosmetics, etc. We can study all types of organic matter”, explains the innovator.

    GreenTropism’s knowledge goes even further than this. Their deep understanding of infrared, visible and UV radiation, as well as laser beams (LIBS, Raman), allows them to provide a platform for software and agnostic models. This means they are adjustable to various types of radiation and independent to the spectrometer used. Anthony Boulanger adds: “our system allows results to be obtained in real time, whereas traditional analyses in a lab can take several hours over several days.

    Real-time analysis technology for all levels of expertise

    Our technology consists in a machine learning platform allowing for the creation of spectrum interpretation models. In other words, it’s software transforming a spectrum into a value which is of interest to a manufacturer that has already mastered spectrometry. This allows them to achieve an operational result since in this way they can control and improve the overall quality of their process”, explains the CEO of GreenTropism. By using a traditional spectrometer in association with the GreenTropism software, a manufacturer can verify the quality of the raw material at the time of its delivery and ensure that its specification is fulfilled for example. Continued analysis also ensures the monitoring of the entire production chain in real time and in a non-destructive way. The result is that all finished products, as well as those in the transformation process, are open to systematic analysis. In this case, the objective is to characterize the material of a product. It is used for example to dissociate materials or two essences of wood. GreenTropism also receives support from partnership with academics such as Irstea or Inrea. These partnerships allow them to extend their fields of expertise, whilst also deepening their understanding of matter.

    GreenTropism technology is also aimed at novices wanting to instantly analyze samples. “In this case, we depend on our lab to construct a database in a proactive way, before putting the machine learning platform in place”, adds Anthony Boulanger. It is therefore a question of matter qualification. Obtaining details about the composition of an element such as the nutritional content of a food item is a direct application. “The needs linked to spectroscopy are still vague since we have been processing organic matter. We can measure the widespread parameters such as the level of ripeness of a piece of fruit, as well as other, more concrete details such as the quantity of glucose or saccharine a product contains.

    Towards the democratization of spectroscopy

    The fields of application are vast: environment, industry, the list goes on. But GreenTropism technology also adapts to general public usage through the Internet of Things, mass market electrical technology and household electronic items. “The advantage of spectroscopy is that there is no need to create close contact between light and matter. This allows for potential combinations between daily life devices and spectrometers where the user doesn’t have to worry about technical aspects such as calibration for example. Imagine coffee machines that allow you to select the caffeine level in your drink. We could also monitor the health status of our plants through our smartphone”, explains Anthony Boulanger. This last usage would function like a camera. After a flash of light is emitted, the program will receive a spectral response. Rather than receiving a photograph, the user would for example find out the water level in their flower pot.

    In order to make these functions possible, GreenTropism is working on the miniaturization of its spectrometers. “Today, spectrometers in labs are 100% reliable. A new, so-called ‘miniaturized’ generation (hand-held) is entering the market. However, these devices lack scientific publication about their reliability, casting doubt on their value. This is why we are working on making this technology reliable at a software level. This is a market which opens up a lot of doors for us, including one which leads to the general public”, Anthony Boulanger concludes.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.