43 : UTC’s PhDs: our key players for innovation

Dans un monde où l’innovation – en particulier technologique – occupe une place croissante, les compétences des docteurs spécialistes des sciences de l’ingénieur et notamment des docteurs ingénieurs apparaissent de plus en plus stratégiques. L’UTC entend préparer ses étudiants à cette nouvelle donne.

43 : UTC’s PhDs: our key players for innovation

His flagship theme: Cybersecurity

Mohamed Sabt is one of the 4 laureates of the annual Guy Deniélou 2017 Prize for UTC’s PhDs. His research work has already led to practical fall-out applications, throwing light on the loopholes in the security of two systems (one of which is Android) and opened the way for him to join a start-up company.

Mohamed Sabt hails from Bahrein and came to Compiegne. He first followed intensive French language classes for 6 months, studied for his engineering diploma majoring in computer sciences and their applications, a Master’s degree on ‘smart’ transportation systems … Then, in 2013, he joined Orange Labs (Orange’s R&D Centre), doing a CIFRE contract PhD, under the academic supervision of Prof. Abdelmadjid Bouabdallah, UTC-Heudiasyc Lab.

He presented his thesis in December 2016, on smartphone security for sensitive apps such as on-line payments. “To begin with, I studied the limits of today’s technologies using a proven security protocol – a sub-branch of applied maths which enabled me to determine if a system is “safe” or not and to identify its loopholes. With this method, I was able to identify several vulnerabilities in two largely used systems – the key warehouse of Android (which houses the cryptographic keys for the OS) and the SCP secret protocols of GlobalPlateform, a consortium of smartcard leaders. Six months before I published my results – I informed the Security Team at Android so they could fix the loophole(s) and also contacted and GlobalPlatforme, who immediately set up a task force to take my analyses into account”.

 A profile that makes all the difference

It nevertheless remains true that proving the safety factor (or lack of) for a complex system using only mathematics is a time-consuming operation. Again, modern mobile phone technologies evolve very fast. Mohamed Sabt therefore chose to explore a complementary path. “In order to offer better protection for some of the smartphone’s sensitive apps, it is possible to run them on a TEE, short in English for trusted execution environment), implemented on a specific component and which runs in parallel with the main OS (for instance, Android). In this way, if the main system comes under attacked the parallel system is not and the data/functions are preserved.  To optimize the process, I proposed a methodology based on a very advanced cryptographic protocol which enables the users to make “apps” running in a TEE to be even more secure”.  

So, what did Sapt learn from this work? “Gaining new in-depth knowledge, of course but more than that: doing my PhD is a way to have  a go at a problem nobody before you has done; managing a first big project lasting 3 years; building up a critical cultural outlook by analysing numerous and often contradictory scientific papers on the subject; learning to draft one’s own high-level articles”. These are among the skills that Mohamed Sabt chose to offer to a star-up founded by some former employees of Orange Labs: Dejamobile, developing secure on-line payment protocols. “My mission with them is to offer an expert’s eye on short term apps for Dejamobile and to anticipate technological progress in the field to preserve our lead in security issues and solutions. In a business company context, you cannot afford to do just basic research. And, for the time being this is what I wanted to do – applied research, with the advantage that this is exactly what start-ups do, viz., they take risks to rapidly deploy innovative solutions”.

Professor Abdelmadjid Bouabdallah, Director of UTC’s Computer Science Department and research scientist at the UTC-Heudiasyc Lab, answers our questions

 From UTC-Heudiasyc’s standpoint, what was the challenge of Mohamed Sapt’s PhD thesis?

Cybersecurity is a strategic theme where UTC-Heudiasyc scientists have a set of world-class skills that have been recognized over the past 15 years. The research team has designed several innovative solutions in this field, one of which is currently under development with a start-up project. Mohamed Sapt’s thesis (which covered several challenges in a new domain) reinforced our team’s expertise and the importance of our collaboration with Orange Labs, a partner with whom we have been working since 1998 and who recruit PhD graduates, notably from those we have trained at UTC.

 How can you encourage student engineers to become interested in pursuing their studies with a doctoral thesis?

My belief is that they should be induced to look at research activities far before envisaging to sign up for a PhD. In this light, Mohamed Sabt is a good example. To begin with, we proposed that Mohamed take on a small research project on smartphone transactional security in the framework of a collaboration with Orange followed by an in-house placement with Orange. And to the extent that he displayed a high degree of interest for research activities, we drew up a thesis subject with Orange Labs that we thought would interest him. This is an approach we have employed with several of our obviously talented students.