ECOSSIAN – European Control System Security Incident Analysis Network (2014 – 2017)

The protection of critical infrastructures in Europe is of critical importance and requires shared governmental responsibility and high-level cooperation between Essential Service Operators. However, despite a growing awareness in recent years of the need for coordination, there is still a clear lack of available solutions.

With the backing of the European Commission (FP7), the ECOSSIAN project is aimed at improving the detection and management of cyber attacks against critical infrastructures, thanks to a pan-European warning system and a shared collaborative knowledge base. It promotes an approach combining technological and political issues so as to ensure that competencies are put to the good of common interests.

Bertin IT’s role in ECOSSIAN

Bertin IT lends its expertise to the management of data exchange between different computer environments of varying sensitivity levels and also participates in the definition of ECOSSIAN’s architecture and its security functions.

The division is also experimenting with secure gateways that will enable the interconnection of systems of differing sensitivity levels and guarantee the security and anonymity of exchanges between critical infrastructures and national or European SOCs (Security Operating Centers).

ECOSSIAN contributes in particular to the global initiative regarding cyber-security of Industrial Control Systems and the intelligent networks monitored by ENISA (European Network & Information Security Agency).

Learn more about ECOSSIAN

CRYPTOCOMP (2014 – 2017)

CRYPTOCOMP is an inter-ministry funded research project which aims to set up the very first cryptocalculation platform for cloud computing, so as to ensure an absolute guarantee of data confidentiality even when service is malfunctioning or is compromised by an intrusion.

Conception of new specifically optimized homomorphic cryptosystems, automation of applications development through the use of source-to-source compilation techniques, real-life simulation with full-scale testing and validation of the homomorphic approach through experiential feedback have all been identified as essential elements and are as such an integral part of the project’s work schedule.

Learn more about CRYPTOCOM

Bertin IT’s role in CRYPTOCOMP

Bertin IT has been assigned to experiment with and assess the performance of homomorphic encryption techniques and to propose a fully-integrated mechanism that will make it possible to divert certain processing operations to calculation resources offered by a public cloud server, while guaranteeing data and program confidentiality at all times.

Via several virtual machines, Bertin IT will integrate two of its solutions: MediaSpeech®, an automatic speech-to-text engine developed by its subsidiary Vecsys, and PolyXene®, a proprietary high-security software platform. For the purposes of this demonstration model, the division will develop a trusted encryption module for outsourcing a part of its calculations to a homomorphic processing module hosted on a public cloud server.

PISCO – Plateforme d’Intégration de Services de COnfiance (2013 – 2014)

PISCO is an inter-ministry funded research project that aims to create an international-scale technology for making communications and IT applications more secure.
The solution developed during this project is composed of a high-security appliance (operational solution combining fully-integrated hardware and software), grouping together in one single unit the cryptographic module and all applications so as to prevent the risk of data hacking during exchanges between the server and the HSM (Hardware Security Module).

Learn more about PISCO

Bertin IT’s role in PISCO

The appliance combines Bull’s TrustWay Proteccio HSM and Bertin IT’s high-security hypervisor, PolyXene®.

PolyXene® enables the partitioned hosting of different trusted services (certificates, signature, timestamping, evidential value, data encryption) using HSM partitioning to isolate the cryptographic data of the different services (creation of separate cryptographic partitions).

Bertin IT is involved in the development of two demonstration models: the trusted applications server and the appliance integrating the ETERNITY timestamping application with the Universign service.

OpenDTex – Open Dynamic Trusted Execution (2012 – 2013)

OpenDTeX is a joint innovation project with the DGA that focuses on ways of ensuring secure protection of client workstations when executing critical applications. The primary objective is to protect the platform against hardware or software attacks, theft or alteration of sensitive data and retro-analysis of sensitive programs.

The project implements Trusted Computing Group (TCG) technologies, such as TPM (Trusted Platform Module) and DRTM (Dynamic Root of Trust for Measurement).

Learn more about OpenDTeX

Bertin IT’s role in OPENDTEX

As an expert in OS security and a contributing member of the Trusted Computing Group (TCG), Bertin IT provided key input in the definition, design and development of an operational security solution.

The division provided PolyXene®, its high-security software module for sensitive information systems, for the integrity management of the platform (updating of software and hardware components) along with a remote graphic administration interface for integrity certification.

SINAPSE – Solution Informatique à Noyau Avancé Pour une Sûreté Elevée (2004 – 2014)

In Defence Information Systems, the partitioning of different classes of information (e.g. non-classified, restricted, confidential, secret, top secret) is achieved by physical network separation. Although this technique of air-gapping does effectively reduce the risk of leakage, it is not without non-negligible constraints (e.g. data exchange via removable devices, long data transmission lead times, sub-standard ergonomics…) and is also costly (ownership/running/upkeep).

SINAPSE, an upstream research program launched by the DGA, the French arms procurement agency, is aimed at developing a high-security software layer that enables safe and secure cohabitation of data and applications of differing levels of sensitivity on one single and same work station, so as to overcome the aforementioned constraints. This solution meets three key demands, i.e.: security, efficiency and resource optimization.

Press Realease about PolyXene’s certification (FR)

Bertin IT’s role in SINAPSE

Project Manager.

SINAPSE 1 (2004 – 2009) resulted in version 1.1 of the multi-level security hypervisor, PolyXene®, which was awarded CC-EAL 5 certification in 2009.

SINAPSE 2 (2009 – 2014) focused on additional developments aimed at facilitating the generation, installation and administration of the system. New cryptographic elements were implemented and hardware support extended. The solution was rolled out in the form of a version that could be exported to other NATO partners.

Version 2 of PolyXene® is currently undergoing assessment for CC EAL 5+ certification.

At the end of 2013, Bertin IT was awarded a further contract for maintaining the solution in operational conditions. This new agreement included the delivery of two multilevel demonstration models using the functionalities and features of PolyXene® for the needs of the armed forces’ future information systems.

Since May 2014, PolyXene® has been used by the Headquarters of the French army as part of a pilot program with a view to full deployment at a later date.