3rd year - Engineering School
Context and objectives
Cybersecurity, security, hacking, concealment, deep internet, illegal internet, cyberattack, cyberwar ... Behind these terms that occupy the media: what reality? More than 40% of the world's population is connected tothe Internet. Access to mobile internet doubles every year, 144 billion emails are exchanged each day, 4 million searches are made on Google every minute ... and it is estimated that 432 million is the number of hackers around the world.
Cybersecurity is becoming a key issue for businesses in an environment where connections continue to proliferate, where the risks associated with the Internet of Things create new potential vulnerabilities, where cybercrime and cyberwar are among the daily risks.
The more IT is used in companies, the greater the associated risks and the more interested cybercriminals are. With digital becoming more and more important in our society, cyberattacks are becoming more important, both in number and intensity. It has therefore become essential to protect all circulating data on the web. Indeed, the omnipresence of computing in our daily lives, as well as the extension of the Internet to all forms of everyday objects (known as the Internet of Things, or IoT ), have promoted the development and deploying a new generation of interconnected objects. The increasing volume of these connected objects raises many questions related to the security of information and communication systems, especially for companies that must protect themselves against attacks and the hijacking of their systems.
A guarantee of confidence for customers and partners, the security of information systems is the set of technical, organizational, legal and human means intended to secure the information system of the company and to guarantee its reliability on three items : Availability, Integrity and Confidentiality. The problem requires expert approaches integrating a global vision that our “Cybersecurity option” proposes to address. The aim is to cope with the strong heterogeneity and dynamicity of the environment, in order to provide the most relevant answers possible to the following questions :
- How to make the choice of your system creation (hardware & software) your first security decision ?
- How to measure the evolution of attacks: hackers evolve and invest, attacks number increases, they become more destructive and target the computer system in the front line ?
- How to grasp the issue of Security by design ?
The goal of the cybersecurity option is to rethink and adapt the tools, processes and methods in the field of cybersecurity of objects and systems. The options opt for a “secure by design” approach, which consists of making the security aspect a key element in the development of the system itself. It involves designing, implementing and simulating software components and dynamic systems to evaluate and optimize appropriate solutions “Intelligent Systems” while following a method that takes into account, from the beginning, all identified risks related to the development of hardware and software aspects of a Smart System. The goal is to train engineers able to detect security vulnerabilities induced by the orchestration of communicating objects they have developed themselves from scratch. And propose choices of improvements to be made to connected solutions.
This option trains the evaluation, management and optimization of the IT security of an organization as a whole (confidentiality, reliability, security, legality), at the technical level (networks, software, data, systems, etc.). ), legal and organizational.
The sectors of activity include home automation, telecommunications, transport, aeronautics, health, building, energy, environment, defense, nuclear or trade...
Professionalization contract / double degree
The Cybersecurity option offers the possibility of making a professionalization contract with a company (alternation) or to follow one of the following courses in parallel :
- Master 2 Research “Réseaux” (RES) of the University Pierre and Marie Curie (Paris 6) in co-accreditation with TELECOM ParisTech
- Master 2 Research “Informatique : Systèmes Intelligents” (ISI) at Paris Dauphine University in co-habilitation with AgroParisTech
- Master 2 Research “Interaction” at Paris-Saclay University
- Master 2 Research “Systèmes Intelligents et Communicants” (SIC) at ENSEA in co-habilitation with the University of Cergy-PontoiseJobs
The cybersecurity option leads to all business related to the network, security, mobility and Internet of Things sectors, whether it is engineering, architecture, consulting or audit, for example : security engineer, architect and developer applications, research and development engineer, project manager, auditor, controller, evaluator, trainer, instructor, information systems security expert, security developer, security architect, pentester expert, analyst, Consultant, Crisis Management Specialist, Information Systems Security Manager.
Training / Teaching
The educational content of the Cybersecurity option is articulated around four axes :
Fundamentals of cyber security
- Security Basics
System and application
- Protection of an operating system (Windows, Linux, Mobile ...)
- Protection of software developments and platforms
- Artificial Intelligence for Cyber-Security
- Reverse engineering
- Digital Vulnerability Analysis - Malware Analysis
Infrastructure and networks
- Network security
- Cybersecurity for IoT and B5G
- Physical security
- Smart card security (Programming on card: SmartCard, rasberry, Java card…)
Management of Cyber-Security, Law and Regulation
- ISO / IEC 27001: Information security management
- ISO / IEC 27005: Risk management in system security information
- Law and Regulation in Cybersecurity
- Anticipation and systemic threat
- Strategic management
- Response strategy to attacks
Innovation & initiation to research
- Cyber Innovation (Big Data - Connected Objects - Industry 4.0 - 5G)
- Knowledge of the professional context and international openness
- Environmental Scanning/Competitive Intelligence (specific to the option)
- Opening to search
- Conferences / seminar: news related to cyber-security
- The teachings mentioned above are completed by
- A crisis management exercise
- A team management module (Human Resources)
- A graduation project
- A 6-month internship in a company
Projects and Mini-projects :
|Homomorphic encryption||Botnets analysis and detection|
|Biometric authentication using finger veins network||Steganography|
|Disk obfuscation||Detection of suspicious sequences (anti-virus)|
|Detection of useful sequences (return in 'libc')||Buffer overflow detection|
|Certificate Chain||Automatic Sentinel (Zero-knowledge protocol)|
|Detection of software robots (captcha)||Door knocking|
|Encryption Proxies||Kerberos mechanism (trusted third party)|
Heads of option
Mohamed Maachaoui & Besma Zeddini