CYBERSECURITY option

3rd year - Engineering School

Context and objectives


Cybersecurity, security, hacking, concealment, deep internet, illegal internet, cyberattack, cyberwar ... Behind these terms that occupy the media: what reality? More than 40% of the world's population is connected tothe Internet. Access to mobile internet doubles every year, 144 billion emails are exchanged each day, 4 million searches are made on Google every minute ... and it is estimated that 432 million is the number of hackers around the world.

Cybersecurity is becoming a key issue for businesses in an environment where connections continue to proliferate, where the risks associated with the Internet of Things create new potential  vulnerabilities, where cybercrime and cyberwar are among the daily risks.

The more IT is used in companies, the greater the associated risks and the more interested cybercriminals are. With digital becoming more and  more important in our society, cyberattacks are becoming more important, both in number and intensity. It has therefore become essential to protect all circulating data on the web. Indeed, the omnipresence of computing  in our daily lives, as well as the extension of the Internet to all forms of everyday objects (known as the Internet of Things, or IoT ), have promoted the development and deploying a new generation of interconnected objects. The increasing volume of these connected objects raises many questions related to the security of information and communication systems, especially for companies that must protect themselves against attacks and the hijacking of their  systems.

A guarantee of confidence for customers and partners, the security of information systems is the set of technical, organizational, legal and human means intended to secure the information system of the company and to  guarantee its reliability on three items : Availability, Integrity and Confidentiality. The problem requires expert approaches integrating a global vision that our “Cybersecurity option” proposes to address. The aim is to cope with the strong heterogeneity and dynamicity of the environment, in order to provide the most relevant answers possible to the following questions :

  • How to make the choice of your system creation (hardware & software) your first security decision ?
  • How to measure the evolution of attacks: hackers evolve and invest, attacks number increases, they become more destructive and target the computer system in the front line ?
  • How to grasp the issue of Security by design ?

The goal of the cybersecurity option is to rethink and adapt the tools, processes and methods in the field of cybersecurity of objects and systems. The options opt for a “secure by design” approach, which consists of  making the security aspect a key element in the development of the system itself. It involves designing, implementing and simulating software components and dynamic systems to evaluate and optimize appropriate solutions “Intelligent Systems” while following a method that takes into account, from the beginning, all identified risks related to the development of hardware and software aspects of a Smart System. The goal is to train engineers able to detect security vulnerabilities induced by the orchestration of communicating objects they have developed themselves from scratch. And propose choices of improvements to be made to connected solutions.

This option trains the evaluation, management and optimization of the IT security of an organization as a whole (confidentiality, reliability, security, legality), at the technical level (networks, software, data, systems,  etc.). ), legal and organizational.

 

 

 

Possible Sectors

The sectors of activity include home automation, telecommunications, transport, aeronautics, health, building, energy, environment, defense, nuclear or trade...

 

Professionalization contract / double degree

The Cybersecurity option offers the possibility of making a professionalization contract with a company (alternation) or to follow one of the following courses in parallel :

  • Master 2 Research “Réseaux” (RES) of the University Pierre and Marie Curie (Paris 6) in co-accreditation with TELECOM ParisTech
  • Master 2 Research “Informatique : Systèmes Intelligents” (ISI) at Paris Dauphine University in co-habilitation with AgroParisTech
  • Master 2 Research “Interaction” at Paris-Saclay University
  • Master 2 Research “Systèmes Intelligents et Communicants” (SIC) at ENSEA in co-habilitation with the University of Cergy-PontoiseJobs

The cybersecurity option leads to all business related to the network, security, mobility and Internet of Things sectors, whether it is engineering, architecture, consulting or audit, for example : security engineer, architect and developer applications, research and development engineer, project manager, auditor, controller, evaluator, trainer, instructor, information systems security expert, security developer, security architect, pentester  expert, analyst, Consultant, Crisis Management Specialist, Information Systems Security Manager.

Training / Teaching

The educational content of the Cybersecurity option is articulated around four axes :

Fundamentals of cyber security

  • Security Basics
  • Cryptography

System and application

  • Protection of an operating system (Windows, Linux, Mobile ...)
  • Protection of software developments and platforms
  • Artificial Intelligence for Cyber-Security
  • Reverse engineering
  • Digital Vulnerability Analysis - Malware Analysis
  • PenTest
  • Forensic

Infrastructure and networks

  • Network security
  • Cybersecurity for IoT and B5G
  • Physical security
  • Smart card security (Programming on card: SmartCard, rasberry, Java card…)
  • Blockchain

Management of Cyber-Security, Law and Regulation

  • ISO / IEC 27001: Information security management
  • ISO / IEC 27005: Risk management in system security information
  • Law and Regulation in Cybersecurity
  • Anticipation and systemic threat
  • Strategic management
  • Response strategy to attacks

Innovation & initiation to research

  • Cyber ​​Innovation (Big Data - Connected Objects - Industry 4.0 - 5G)
  • Knowledge of the professional context and international openness
  • Environmental Scanning/Competitive Intelligence (specific to the option)
  • Opening to search
  • Conferences / seminar: news related to cyber-security

Transverse

  • The teachings mentioned above are completed by
  • A crisis management exercise
  • A team management module (Human Resources)
  • A graduation project
  • A 6-month internship in a company

Projects and Mini-projects :

Homomorphic encryption Botnets analysis and detection
Biometric authentication using finger veins network Steganography
Disk obfuscation Detection of suspicious sequences (anti-virus)
Detection of useful sequences (return in 'libc') Buffer overflow detection
Certificate Chain Automatic Sentinel (Zero-knowledge protocol)
Detection of software robots (captcha) Door knocking
Encryption Proxies Kerberos mechanism (trusted third party)
"Onion" mechanism  

 

Heads of option

Mohamed Maachaoui & Besma Zeddini