diff --git a/préambule.tex b/préambule.tex new file mode 100644 index 0000000..548e12e --- /dev/null +++ b/préambule.tex @@ -0,0 +1,129 @@ +\documentclass[aspectratio=1610,svgnames,table,x11names]{beamer} +\usetheme{Warsaw} + +\makeatletter +\def\ps@navigation@titlepage{% + \setbeamertemplate{footline}{} + \setbeamertemplate{headline}{} + \setbeamertemplate{navigation symbols}{} + \@nameuse{ps@navigation}} +\addtobeamertemplate{title page}{\thispagestyle{navigation@titlepage}}{} +\makeatother + +\setbeamertemplate{headline} +{% + \leavevmode% + \begin{beamercolorbox}[wd=.4975\paperwidth,ht=2.5ex,dp=1.125ex]{section in head/foot}% + \hbox to .5\paperwidth{\hfil\insertsectionhead\hfil} + \end{beamercolorbox}% + \hspace{0.005\paperwidth}% + \begin{beamercolorbox}[wd=.4975\paperwidth,ht=2.5ex,dp=1.125ex]{subsection in head/foot}% + \hbox to .5\paperwidth{\hfil\insertsubsectionhead\hfil} + \end{beamercolorbox}% +} + +\setbeamertemplate{navigation symbols}{ + \usebeamerfont{footline} + \usebeamercolor[fg]{footline} + \hspace{1em} + \insertframenumber/\inserttotalframenumber +} + +\definecolor{orange_cdl}{RGB}{208, 61, 0} + +\setbeamertemplate{footline}{} +\usefonttheme{serif} +%\setbeameroption{show notes on second screen=right} +\setbeamercolor{palette primary}{fg=white,bg=orange_cdl} +\setbeamercolor{palette secondary}{fg=white,bg=orange_cdl} +\setbeamercolor{palette tiertary}{fg=white,bg=orange_cdl} +\setbeamercolor{palette quaternary}{fg=white,bg=orange_cdl} +\setbeamercolor{navigation symbols}{fg=black, bg=white} +%\setbeamercolor{block title}{bg=white} +%\setbeamercolor{block body}{bg=white} +\setbeamercolor{itemize item}{fg=orange_cdl} +\setbeamercolor{itemize subitem}{fg=orange_cdl} +\setbeamercolor{itemize subsubitem}{fg=orange_cdl} + +\setbeamertemplate{itemize item}[circle] +\setbeamertemplate{itemize subitem}[square] +\setbeamertemplate{itemize subsubitem}[triangle] + +\usepackage[utf8]{inputenc} +\usepackage[francais]{babel} +\usepackage{minted} +\usepackage[outline]{contour} +\usepackage{pgfplots} +\usepackage{ulem} +\usepackage{tabularx} +\usepackage{todonotes} +\usepackage{tikz} +\usetikzlibrary{arrows,arrows.meta} +\usetikzlibrary{decorations.text} +\usetikzlibrary{matrix} +\usetikzlibrary{calc} +\usetikzlibrary{shapes.symbols} +\usetikzlibrary{fit} +\usetikzlibrary{backgrounds} + +\pgfkeys{/pgf/number format/.cd, use comma, 1000 sep={\,}} + +\author{Vincent Giraud} +\title{Des environnements sécurisés indépendants rarement libres dans vos systèmes} +\subtitle{} +\date{Samedi 16 novembre 2024} +\institute{} + +\makeatletter +\defbeamertemplate*{note page}{custom} +{% + {% + \scriptsize + \usebeamerfont{note title}\usebeamercolor[fg]{note title}% + \ifbeamercolorempty[bg]{note title}{}{% + \insertvrule{.25\paperheight}{note title.bg}% + \vskip-.25\paperheight% + \nointerlineskip% + }% + \vbox{ + \hfill\insertslideintonotes{0.25}\hskip-\Gm@rmargin\hskip0pt% + \vskip-0.25\paperheight% + \nointerlineskip + } + \nointerlineskip + \vbox to .25\paperheight{\vskip0.5em + \hbox{\insertshorttitle[width=0.75\textwidth]}% + \setbox\beamer@tempbox=\hbox{\insertsection}% + \hbox{\ifdim\wd\beamer@tempbox>1pt{\hskip4pt\raise3pt\hbox{\vrule + width0.4pt height7pt\vrule width 9pt + height0.4pt}}\hskip1pt\hbox{\begin{minipage}[t]{0.71\textwidth}\def\breakhere{}\insertsection\end{minipage}}\fi% + }% + \setbox\beamer@tempbox=\hbox{\insertsubsection}% + \hbox{\ifdim\wd\beamer@tempbox>1pt{\hskip17.4pt\raise3pt\hbox{\vrule + width0.4pt height7pt\vrule width 9pt + height0.4pt}}\hskip1pt\hbox{\begin{minipage}[t]{0.71\textwidth}\def\breakhere{}\insertsubsection\end{minipage}}\fi% + }% + \setbox\beamer@tempbox=\hbox{\insertshortframetitle}% + \hbox{\ifdim\wd\beamer@tempbox>1pt{\hskip30.8pt\raise3pt\hbox{\vrule + width0.4pt height7pt\vrule width 9pt + height0.4pt}}\hskip1pt\hbox{\insertshortframetitle[width=0.67\textwidth]}\fi% + }% + \vfil}% + }% + \ifbeamercolorempty[bg]{note page}{}{% + \nointerlineskip% + \insertvrule{.75\paperheight}{note page.bg}% + \vskip-.75\paperheight% + }% + \vskip.25em + \nointerlineskip + \insertnote +} +\makeatother + + +%%% Local Variables: +%%% TeX-master: "présentation" +%%% ispell-local-dictionary: "francais" +%%% TeX-command-extra-options: "-shell-escape" +%%% End: diff --git a/présentation.pdf b/présentation.pdf new file mode 100644 index 0000000..a08a0b8 Binary files /dev/null and b/présentation.pdf differ diff --git a/présentation.tex b/présentation.tex new file mode 100644 index 0000000..2e1ce9b --- /dev/null +++ b/présentation.tex @@ -0,0 +1,508 @@ +\input{préambule} + +\begin{document} + +\setbeamertemplate{headline}{} +\setbeamertemplate{navigation symbols}{} + +\begin{frame} + \maketitle +\end{frame} + +\setbeamertemplate{navigation symbols}{ + \usebeamerfont{footline} + \usebeamercolor[fg]{footline} + \hspace{1em} + \insertframenumber/\inserttotalframenumber +} +\setbeamertemplate{headline} +{% + \leavevmode% + \begin{beamercolorbox}[wd=.4975\paperwidth,ht=2.5ex,dp=1.125ex]{section in head/foot}% + \hbox to .5\paperwidth{\hfil\insertsectionhead\hfil} + \end{beamercolorbox}% + \hspace{0.005\paperwidth}% + \begin{beamercolorbox}[wd=.4975\paperwidth,ht=2.5ex,dp=1.125ex]{subsection in head/foot}% + \hbox to .5\paperwidth{\hfil\insertsubsectionhead\hfil} + \end{beamercolorbox}% +} + +\begin{frame} + \centering + Vincent Giraud + + \begin{columns} + \column{0.5\linewidth} + \begin{center} + Chercheur en sécurité informatique + + \vspace{0.75cm} + + Membre de Deuxfleurs + + \vspace{0.75cm} + + \includegraphics[width=3cm]{ressources/deuxfleurs-logo.png} \includegraphics[width=3cm]{ressources/chatons_logo.png} + \end{center} + \column{0.5\linewidth} + \begin{center} + \missingfigure{Photo} + \end{center} + \end{columns} +\end{frame} + +\section{Contexte} +\begin{frame} +\vfill +\centering +\begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title} + \usebeamerfont{title}Contexte\par% +\end{beamercolorbox} +\vfill +\end{frame} + +\subsection{Omniprésence croissante} +\begin{frame} + \begin{center} + \includegraphics[width=11.5cm]{ressources/taux_équipement.png} + + \vspace{0.5cm} + + CRÉDOC, \textit{Baromètre du numérique}, 2023. + \end{center} +\end{frame} + +\subsection{Produits informatiques sur étagère} +\begin{frame} + \begin{block}{} + \textit{La définition admise par tous est qu’un COTS (}Commercial Off The Shelf\textit{) est un composant issu du marché ou plus communément appelé un composant sur étagère.} + + \vspace{0.25cm} + + \scriptsize \rightline{Philippe Roose. \textit{SI-COTS : Aide à l’intégration de COTS Products}, 2009.} + \end{block} + + \begin{block}{} + \textit{A general-purpose mobile computing device (e.g., smartphone or tablet) that is not designed solely for the purposes of payment acceptance.} + + \vspace{0.25cm} + + \scriptsize \rightline{PCI Security Standards Council. \textit{Mobile Payments on COTS}, 2023.} + \end{block} + \note{Citation de PCI intéressante car ça fait le lien avec le phénomène décrit ensuite sur les systèmes embarqués.} +\end{frame} + +\subsection{Attentes autour des systèmes embarqués sur étagère} +\begin{frame} + \begin{columns} + \column{0.5\linewidth} + \begin{itemize} + \item<1-> Communications sécurisées + \item<2-> Stockage sécurisé + \item<3-> Biométrie + \item<4-> Authentification + \item<6-> Transport + \item<7-> Paiement + \end{itemize} + \column{0.5\linewidth} + \begin{minipage}[c][\textheight][c]{\linewidth} + \only<1|handout:0>{ + \begin{center} + \includegraphics[width=2.5cm]{ressources/logo_signal.png} + + \vspace{0.4cm} + + \includegraphics[width=2.5cm]{ressources/logo_whatsapp.png} + + \vspace{0.4cm} + + \includegraphics[width=2.5cm]{ressources/logo_tchap.png} + \end{center} + } + \only<4|handout:0>{ + \begin{center} + \includegraphics[width=3.0cm]{ressources/vitale.png} + + \vspace{0.5cm} + + \includegraphics[width=3.0cm]{ressources/france_identité.png} + \end{center} + } + \only<5|handout:0>{ + \begin{center} + \includegraphics[width=3.5cm]{ressources/WebAuthn.png} + + \vspace{1cm} + + \includegraphics[width=2.5cm]{ressources/KeepassDX.png} + \end{center} + } + \only<6|handout:0>{ + \begin{center} + \includegraphics[width=3.0cm]{ressources/RATP.png} + \end{center} + } + \only<7>{ + \begin{center} + \includegraphics[width=3.0cm]{ressources/apple_pay.png} + + \vspace{1cm} + + \includegraphics[width=3.0cm]{ressources/google_pay.png} + + \vspace{1cm} + + \includegraphics[width=3.0cm]{ressources/samsung_pay.png} + \end{center} + } + \end{minipage} + \end{columns} + \note{Authentification: étatique ou non. Il y a le double facteur d'authentification aussi.\\ Webauthn: prononcer Webauthen en anglais, ouèbe-offène en français.\\ Introduire la suite: pour faire tout ça on a besoin de confiance -> racine de confiance -> point d'ancrage quelconque avec lequel on est serein. SPoC: 2018. CPoC: 2019. MPoC:2022.} +\end{frame} + +\subsection{Systèmes embarqués} +\begin{frame} + \begin{center} + \begin{block}{} + \textit{Embedded microprocessor applications all share one common trait: the end product is not a computer. The user may not realize that a computer is included (...). The teenager watching MTV is unaware that embedded computers control the cable box and the television. (...)\\ +For the purpose of this book, an embedded system is any application where a dedicated computer is built right into the system.} + + \vspace{0.25cm} + + \scriptsize \rightline{Jack G. Ganssle. \textit{The Art of Programming Embedded Systems}, 1991.} + \end{block} + + \begin{block}{} + \textit{Embedded systems are computing systems dedicated to specific tasks. In many cases, the work being done was originally done by custom logic.} + + \vspace{0.25cm} + + \scriptsize \rightline{Alfredo Romagosa. \textit{Embedded Systems Journal: Cache}} \rightline{\textit{Coherence Issues for Real-Time Multiprocessing}, 1997.} + \end{block} + \end{center} + \note{Citation de Romagosa: Embedded Systems Journal, Vol.10, No.2} +\end{frame} + +\begin{frame} + \begin{center} + \begin{block}{} + \textit{Un système embarqué est un système informatique logiciel et matériel enfoui dans un objet afin de contrôler son activité et sa sécurité, d'offrir des services à ses utilisateurs et de communiquer avec d'autres objets.} + + \vspace{0.25cm} + + \scriptsize \rightline{Gérard Berry. \textit{Pourquoi et comment le monde devient numérique}, 2008.} + \end{block} + + \begin{block}{} + \textit{Un objet communicant permet à l'utilisateur d'accéder à des services via cet objet grâce à un échange d'informations avec le monde qui l'entoure.\\ Les dispositifs numériques qui permettent d'offrir ces services sont appelés systèmes embarqués.} + + \vspace{0.25cm} + + \scriptsize \rightline{Didier Hallépée. \textit{La sécurité du smartphone et des systèmes embarqués}, 2012.} + \end{block} +\end{center} +\note{Citer la potentielle contrainte de batterie pour préparer la contribution Android. Leçon inaugurale de Berry au Collège de France.} +\end{frame} + +\subsection{Environnements sécurisés} +\begin{frame} + \begin{center} + Hardware Security Modules (HSM) + + \vspace{1cm} + + \includegraphics[width=5.5cm]{ressources/payshield.png} + \hspace{1cm} + \includegraphics[width=3.0cm]{ressources/luna.png} + \end{center} + \note{Introduits à la fin des années 1970, en même temps que DES, pour le secteur militaire. Applications commerciales à partir des années 90 pour le secteur bancaire et le web. Pas présents dans les COTS.} +\end{frame} + +\begin{frame} + \begin{center} + \underline{Secure Elements (SE)} + + \vspace{1cm} + + \includegraphics[width=4cm]{ressources/carte_à_puce.png} + \includegraphics[width=3.0cm]{ressources/SIM.png} + \includegraphics[width=3.5cm]{ressources/SE.png} + \end{center} + \note{Apparition historique avec les cartes à puce dans les années 90. Puis SIM. Puis intégration additionnelle dans les ordiphones, proche du NFC. Secure Enclave chez iPhone: pas sûr que ce soit vraiment un SE, c'est débattable. Présent dans systèmes sur étagère mais pas utilisable par tout le monde. Android Ready SE Alliance.} +\end{frame} + +\begin{frame} + \begin{center} + Trusted Platform Modules (TPM) + + \vspace{1cm} + + \includegraphics[width=4cm]{ressources/TPM.png} + \end{center} + \note{Réellement utilisés à partir des années 2000 même si prémisses pendant les années 90. Quasiment que dans les PC. Essentiellement pensés pour la gestion de flotte en entreprise à l'origine. Devenus bien plus populaires ces dernières années, avec ses fonctions d'attestation et son caractère obligatoire sur Windows 11. Pas présent dans les téléphones.} +\end{frame} + +\begin{frame} + \begin{center} + \underline{Trusted Execution Environments (TEE)} + + \vspace{1.0cm} + + \makebox[\textwidth][c]{\includegraphics[width=15cm]{ressources/TEE.png}} + + \vspace{0.5cm} + + GlobalPlatform, Inc. \textit{TEE Protection Profile}, 2020. + \end{center} + \note{Introduit en 2004 et essentiellement perpétré par Arm. Tentatives de portage vers x86 par la suite pas toujours fructueuses. Pas de puce supplémentaire. Présent dans les systèmes sur étagères mais pas utilisable par tout le monde.} +\end{frame} + +\subsection{Problématique industrielle} +\begin{frame} + \begin{center} + \begin{tikzpicture} + \def\largeurTel{4.70} + \def\limiteGauche{{\largeurTel / (-2.37)}} + \def\limiteDroite{{\largeurTel / (2.37)}} + \def\limiteHaut{{\largeurTel / (1.2)}} + \def\limiteBas{\largeurTel / (-1.15)} + \def\milieuX{0} + \def\milieuY{-2} + \def\marge{0.15} + \pgfmathsetmacro{\largeurLogo}{1.5} + + \node {\includegraphics[width=\largeurTel cm]{ressources/téléphone.png}}; + + \draw [fill=red!25] (\limiteGauche,\marge + \milieuY) rectangle (\limiteDroite, \limiteHaut); + \draw [fill=lime!25] (\limiteGauche,{\limiteBas}) rectangle (\milieuX - \marge, \milieuY - \marge) node[pos=0.5] {TEE}; + \draw [fill=green!25] (\milieuX + \marge, {\limiteBas}) rectangle (\limiteDroite, \milieuY - \marge) node[pos=0.5] {SE}; + + \path (\limiteGauche, \limiteHaut) rectangle (\limiteDroite, \limiteHaut) node [pos=0.5, below, align=center, execute at begin node=\setlength{\baselineskip}{0.30cm}] {\scriptsize Environnement d'exécution\\ \scriptsize riche}; + + \newcommand{\bonhomme}[5] + { + \pgfmathsetmacro{\largPers}{####3 * 1.10} + \pgfmathsetmacro{\hautBuste}{####3 * 1.50} + \pgfmathsetmacro{\centreX}{####1 + 0.5*\largPers} + \pgfmathsetmacro{\centreY}{####2} + \pgfmathsetmacro{\rayonTete}{\largPers * 0.80 / 2} + \fill[####4] ({\centreX},{\centreY}) -- ++(-\largPers,0) .. controls +(0,\hautBuste) and +(0,\hautBuste) .. cycle; + \fill[####4] ({\centreX - 0.5*\largPers},{\centreY + \hautBuste}) circle (\rayonTete); + \fill[White] ({\centreX - 0.325*\largPers} , {\centreY + 1.05*\hautBuste}) circle (0.20*\rayonTete); + \fill[White] ({\centreX - 0.675*\largPers} , {\centreY + 1.05*\hautBuste}) circle (0.20*\rayonTete); + \draw [draw=####5, line width=0.75 mm] plot[domain=(3/8)*pi:(5/8)*pi, samples=100, smooth] ({cos(\x r)*\rayonTete + \centreX - 0.5*\largPers}, {sin(\x r)*####3 + \centreY + 0.8*\rayonTete}); + } + \bonhomme{-1.25}{1.70}{0.75}{Gray!10}{none} + \bonhomme{-0.60}{0.5}{1.0}{Gray!35}{none} + \bonhomme{-1.10}{-1.1}{1.10}{Gray!20}{none} + \bonhomme{1.20}{2.00}{0.70}{Gray!30}{none} + \bonhomme{0.5}{1}{0.90}{Gray!15}{none} + \bonhomme{1.25}{-0.9}{1.20}{Gray!20}{none} + \bonhomme{0}{-1.6}{1.6}{Black}{White} + + \pgfmathsetmacro{\bonhommeX}{4.5} + \pgfmathsetmacro{\centreXlogos}{8.5} + \pgfmathsetmacro{\nbLogos}{6} + \pgfmathsetmacro{\hautLogos}{3} + \pgfmathsetmacro{\ecartVert}{2*\hautLogos / (\nbLogos - 1)} + \onslide<2->{\bonhomme{\bonhommeX}{-(0.44 + 1.5)/2}{1.00}{Black}{none}} + \onslide<2->{\node at (\centreXlogos, 2.5*\ecartVert) {\includegraphics[width=1.5cm]{ressources/apple.png}};} + \onslide<3->{\node at (\centreXlogos, 1.5*\ecartVert) {\includegraphics[width=1.5cm]{ressources/google.png}};} + \onslide<4->{\node at (\centreXlogos, 0.5*\ecartVert) {\includegraphics[width=1.5cm]{ressources/samsung.png}};} + \onslide<5->{\node at (\centreXlogos, -0.5*\ecartVert) {\includegraphics[width=1.5cm]{ressources/huawei.png}};} + \onslide<6->{\node at (\centreXlogos, -1.5*\ecartVert) {\includegraphics[width=1.5cm]{ressources/sony.png}};} + \onslide<7->{\node at (\centreXlogos, -2.5*\ecartVert) {\Huge \textbf{...}};} + + \pgfmathsetmacro{\departX}{\bonhommeX + 1.5*\rayonTete} + \pgfmathsetmacro{\arriveeX}{\centreXlogos - 1} + + \onslide<2->{\draw [arrows={Triangle[angle=90:2mm] - Triangle[angle=90:2mm]}] (\departX, 2.5*0.3) -| ({\departX + 1*(\arriveeX - \departX)/4)},2.5*\ecartVert) |- (\arriveeX, 2.5*\ecartVert);} + \onslide<3->{\draw [arrows={Triangle[angle=90:2mm] - Triangle[angle=90:2mm]}] (\departX, 1.5*0.3) -| ({\departX + 2*(\arriveeX - \departX)/4)},1.5*\ecartVert) |- (\arriveeX, 1.5*\ecartVert);} + \onslide<4->{\draw [arrows={Triangle[angle=90:2mm] - Triangle[angle=90:2mm]}] (\departX, 0.5*0.3) -| ({\departX + 3*(\arriveeX - \departX)/4)},0.5*\ecartVert) |- (\arriveeX, 0.5*\ecartVert);} + \onslide<5->{\draw [arrows={Triangle[angle=90:2mm] - Triangle[angle=90:2mm]}] (\departX, -0.5*0.3) -| ({\departX + 3*(\arriveeX - \departX)/4)},-0.5*\ecartVert) |- (\arriveeX, -0.5*\ecartVert);} + \onslide<6->{\draw [arrows={Triangle[angle=90:2mm] - Triangle[angle=90:2mm]}] (\departX, -1.5*0.3) -| ({\departX + 2*(\arriveeX - \departX)/4)},-1.5*\ecartVert) |- (\arriveeX, -1.5*\ecartVert);} + \onslide<7->{\draw [arrows={Triangle[angle=90:2mm] - Triangle[angle=90:2mm]}] (\departX, -2.5*0.3) -| ({\departX + 1*(\arriveeX - \departX)/4)},-2.5*\ecartVert) |- (\arriveeX, -2.5*\ecartVert);} + \end{tikzpicture} + \end{center} + \note{Les acteurs tiers n'ont accès à aucun environnement sécurisé sur les systèmes embarqués sur étagère. Problème de souveraineté industrielle. Pourtant la France n'est pas si mal placée dans ce domaine-là: Ingenico majoritaire sur les paiements, Thalès et STMicroelectronics pour les solutions sécurisées matérielles et logicielles. 65\% de toutes les transactions faites par les citoyens le sont par le schéma de paiement national CB. Mais les systèmes qui contrôlent ces opérations sont de plus en plus inaccessibles par notre industrie. De manière générale, les paiements sur systèmes embarqués sur étagère risquent de n'être gérés que par un club très fermé. Face à ça, les acteurs tiers ont la tentation de se reposer sur l'isolation garantie par les OS et sur des techniques d'obfuscation mathématiques. Investiguer autour de la validité de telles manœuvre est alors nécessaire compte tenu du contexte.} +\end{frame} + +\section{Propositions} +\begin{frame} +\vfill +\centering +\begin{beamercolorbox}[sep=8pt,center,shadow=true,rounded=true]{title} + \usebeamerfont{title}Propositions\par% +\end{beamercolorbox} +\vfill +\end{frame} + +\subsection{Constat} +\begin{frame} + \begin{center} + \begin{tikzpicture} + \def\largeurTel{4.5} + \def\limiteGauche{{\largeurTel / (-2.37)}} + \def\limiteDroite{{\largeurTel / (2.37)}} + \def\limiteHaut{{\largeurTel / (1.2)}} + \def\limiteBas{\largeurTel / (-1.15)} + \def\milieuX{0} + \def\milieuY{0} + \def\marge{0.15} + \pgfmathsetmacro{\largeurLogo}{1.5} + + \node {\includegraphics[width=\largeurTel cm]{ressources/téléphone.png}}; + + \draw [fill=red!25] (\limiteGauche,\marge + \milieuY) rectangle (\limiteDroite, \limiteHaut) node[pos=0.5,align=center] {\Large Environnement\\ \Large d'exécution\\ \Large riche}; + \draw [fill=lime!25] (\limiteGauche,{\limiteBas}) rectangle (\milieuX - \marge, \milieuY - \marge) node[pos=0.5] {\huge TEE}; + \draw [fill=green!25] (\milieuX + \marge, {\limiteBas}) rectangle (\limiteDroite, \milieuY - \marge) node[pos=0.5] {\huge SE}; + + \newcommand{\bonhomme}[5] + { + \pgfmathsetmacro{\largPers}{####3 * 1.10} + \pgfmathsetmacro{\hautBuste}{####3 * 1.50} + \pgfmathsetmacro{\centreX}{####1 + 0.5*\largPers} + \pgfmathsetmacro{\centreY}{####2} + \pgfmathsetmacro{\rayonTete}{\largPers * 0.80 / 2} + \fill[####4] ({\centreX},{\centreY}) -- ++(-\largPers,0) .. controls +(0,\hautBuste) and +(0,\hautBuste) .. cycle; + \fill[####4] ({\centreX - 0.5*\largPers},{\centreY + \hautBuste}) circle (\rayonTete); + \fill[####5] ({\centreX - 0.325*\largPers} , {\centreY + 1.05*\hautBuste}) circle (0.20*\rayonTete); + \fill[####5] ({\centreX - 0.675*\largPers} , {\centreY + 1.05*\hautBuste}) circle (0.20*\rayonTete); + \draw [draw=####5, line width=0.75 mm] plot[domain=(3/8)*pi:(5/8)*pi, samples=100, smooth] ({cos(\x r)*\rayonTete + \centreX - 0.5*\largPers}, {sin(\x r)*####3 + \centreY + 0.8*\rayonTete}); + } + + \bonhomme{-4}{-1.5}{1.6}{Black}{Black} + \node[align=center, anchor=south] at (-4,1.7) {Utilisateur et\\ propriétaire de\\ la plateforme}; + \end{tikzpicture} + \end{center} +\end{frame} + +\subsection{Gestion des pouvoirs et racines de confiance} +\begin{frame} + \begin{center} + \vspace{-0.50cm} + + \hspace*{-0.55cm} + \begin{tikzpicture} + \def\largeurTel{2.35} + \pgfmathsetmacro{\limiteGauche}{\largeurTel / (-2.25)} + \pgfmathsetmacro{\limiteDroite}{\largeurTel / (2.25)} + \pgfmathsetmacro{\limiteHaut}{\largeurTel / (1.2)} + \def\limiteBas{\largeurTel / (-1.15)} + \def\milieuX{0} + \def\milieuY{0} + \def\marge{0.025} + \pgfmathsetmacro{\largeurLogo}{1.5} + + \node {\includegraphics[width=\largeurTel cm]{ressources/téléphone.png}}; + + \draw [fill=red!25] (\limiteGauche,\marge + \milieuY) rectangle (\limiteDroite, \limiteHaut) node[pos=0.5,align=center] {\scriptsize Environnement\\ \scriptsize d'exécution\\ \scriptsize riche}; + \draw [fill=lime!25] (\limiteGauche,{\limiteBas}) rectangle (\milieuX - \marge, \milieuY - \marge) node[pos=0.5] {\small TEE}; + \draw [fill=green!25] (\milieuX + \marge, {\limiteBas}) rectangle (\limiteDroite, \milieuY - \marge) node[pos=0.5] {\small SE}; + + \newcommand{\bonhomme}[5] + { + \pgfmathsetmacro{\largPers}{####3 * 1.10} + \pgfmathsetmacro{\hautBuste}{####3 * 1.50} + \pgfmathsetmacro{\centreX}{####1 + 0.5*\largPers} + \pgfmathsetmacro{\centreY}{####2} + \pgfmathsetmacro{\rayonTete}{\largPers * 0.80 / 2} + \fill[####4] ({\centreX},{\centreY}) -- ++(-\largPers,0) .. controls +(0,\hautBuste) and +(0,\hautBuste) .. cycle; + \fill[####4] ({\centreX - 0.5*\largPers},{\centreY + \hautBuste}) circle (\rayonTete); + \fill[####5] ({\centreX - 0.325*\largPers} , {\centreY + 1.05*\hautBuste}) circle (0.20*\rayonTete); + \fill[####5] ({\centreX - 0.675*\largPers} , {\centreY + 1.05*\hautBuste}) circle (0.20*\rayonTete); + \draw [draw=####5, line width=0.75 mm] plot[domain=(3/8)*pi:(5/8)*pi, samples=100, smooth] ({cos(\x r)*\rayonTete + \centreX - 0.5*\largPers}, {sin(\x r)*####3 + \centreY + 0.8*\rayonTete}); + } + + \bonhomme{-2.40}{-1.5}{1}{Black}{Black} + \node[align=center, anchor=south] at (-2.40,0.4) {\footnotesize Utilisateur et\\ \footnotesize propriétaire de\\ \footnotesize la plateforme}; + + \onslide<4->{\node[draw, minimum width=1.75*\largeurTel cm, minimum height=0.75cm] (a) at (2.75* \largeurTel,0.75* \largeurTel) {\small Entreprise A};} + \onslide<4->{\node[draw, minimum width=1.75*\largeurTel cm, minimum height=0.75cm] (b) at (3.10* \largeurTel,0.35* \largeurTel) {\small Institution publique B};} + \onslide<4->{\node[align=center] at (4.25* \largeurTel,0.85* \largeurTel) {Développeurs\\ d'exécutables};} + + \onslide<2->{\node[draw, minimum width=1.75*\largeurTel cm, minimum height=0.75cm] (c) at (3.30* \largeurTel,-1.40* \largeurTel) {\small Entreprise C};} + \onslide<2->{\node[draw, minimum width=1.75*\largeurTel cm, minimum height=0.75cm] (d) at (2.20* \largeurTel,-1.80* \largeurTel) {\small Association D};} + \onslide<2->{\node[draw, minimum width=1.75*\largeurTel cm, minimum height=0.75cm] (e) at (1.20* \largeurTel,-2.20* \largeurTel) {\small Individu E};} + \onslide<2->{\node[align=center] at (3.65* \largeurTel,-1.90* \largeurTel) {Délégués\\ de sécurité};} + + \onslide<5->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, blue] (a.west) -| node[pos=0.40, above, align=center, yshift=0.05 cm] {\textbf{Installe}\\ \textbf{applications}\\ \textbf{et contenus}} ++(-1.75,-0.25) |- (0.5*\largeurTel, 0.35*\limiteHaut);} + \onslide<5->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, blue] (b.west) -| ++(-2.0,-0.25) |- (0.5*\largeurTel, 0.10*\limiteHaut);} + + \onslide<3->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, ForestGreen] (c.west) -| ({- \marge + 0.5*\limiteGauche + 0.35}, {\limiteBas});} + \onslide<3->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, ForestGreen] (d.west) -| ({- \marge + 0.5*\limiteGauche + 0.0}, {\limiteBas});} + \onslide<3->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, ForestGreen] (e.west) -| node[pos=0.75, left] {\textbf{Supervise}} ({- \marge + 0.5*\limiteGauche - 0.35}, {\limiteBas});} + \onslide<3->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, ForestGreen] ([yshift=-0.15cm] c.north west) -| ({\marge + 0.5*\limiteDroite + 0.35}, {\limiteBas});} + \onslide<3->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, ForestGreen] ([yshift=-0.15cm] d.north west) -| ({\marge + 0.5*\limiteDroite + 0.0}, {\limiteBas});} + \onslide<3->{\draw [arrows={ - Triangle[angle=90:3mm]}, line width=0.1cm, ForestGreen] ([yshift=-0.15cm] e.north west) -| ({\marge + 0.5*\limiteDroite - 0.35}, {\limiteBas});} + + \onslide<6->{\draw [arrows={Triangle[angle=90:3mm] - Triangle[angle=90:3mm]}, line width=0.1cm, red] (b.south) .. controls +(0.75,-1.25) and +(0,0) .. node[pos=0.35, right, align=center] {\textbf{Fait}\\ \textbf{confiance}\\ \textbf{ou non}} (c.north);} + \onslide<6->{\draw [arrows={Triangle[angle=90:3mm] - Triangle[angle=90:3mm]}, line width=0.1cm, red] ([xshift=-0.5cm] b.south) .. controls +(-1.0,-1.5) and +(0,0) .. (d.north);} + \onslide<6->{\draw [arrows={Triangle[angle=90:3mm] - Triangle[angle=90:3mm]}, line width=0.1cm, red] ([xshift=0.50cm] a.south west) .. controls +(-0.75,-1) and +(0,0) .. ([xshift=-0.5cm] e.north);} + \end{tikzpicture} + \end{center} +\end{frame} + +\begin{frame} + \begin{center} + \vspace{-0.35cm} + + \hspace*{-0.40cm} + \begin{tikzpicture} + \pgfmathsetmacro{\Ya}{3} + \pgfmathsetmacro{\Yb}{0} + \pgfmathsetmacro{\Yc}{-3} + \pgfmathsetmacro{\Xa}{2.0} + \pgfmathsetmacro{\Xb}{3.25} + \pgfmathsetmacro{\Xc}{2.0} + \pgfmathsetmacro{\extLigneG}{-2.0*\Xb} + \pgfmathsetmacro{\extLigneD}{1.4*\Xb} + \pgfmathsetmacro{\labelXgauche}{-1.75*\Xb} + \pgfmathsetmacro{\labelXdroite}{1.90*\Xb} + \pgfmathsetmacro{\espaceFleche}{0.1} + + \node[draw, minimum width= 2 cm, minimum height= 1 cm] (a1) at (- \Xa, \Ya) {\includegraphics[width=1.5cm]{ressources/Thales.png}}; + \node[draw, minimum width= 2 cm, minimum height= 1 cm] (a2) at (+ \Xa, \Ya) {\includegraphics[width=1.5cm]{ressources/Qualcomm.png}}; + + \node[draw, minimum width= 2 cm, minimum height= 1 cm] (b1) at (- \Xb, \Yb) {\small Entreprise C}; + \node[draw, minimum width= 2 cm, minimum height= 1 cm] (b2) at (0, \Yb) {\small Association D}; + \node[draw, minimum width= 2 cm, minimum height= 1 cm] (b3) at (+ \Xb, \Yb) {\small Individu E}; + + \node[draw, minimum width= 2 cm, minimum height= 1 cm] (c1) at (- \Xc, \Yc) {\small Entreprise A}; + \node[draw, minimum width= 2 cm, minimum height= 1 cm, align=center] (c2) at (+ \Xc, \Yc) {\small Institution\\ \small publique B}; + + \draw [dotted, line width=0.2cm, Gray!20] (\extLigneG, 0.5*\Ya) -- (\extLigneD, 0.5*\Ya); + \draw [dotted, line width=0.2cm, Gray!20] (\extLigneG, 0.5*\Yc) -- (\extLigneD, 0.5*\Yc); + + \onslide<2->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (a1.south) -- (b1.north);} + \onslide<2->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (a1.south) -- ([xshift=-\espaceFleche cm] b2.north);} + \onslide<2->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (a1.south) -- ([xshift=-\espaceFleche cm] b3.north);} + \onslide<2->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (a2.south) -- ([xshift=\espaceFleche cm] b2.north);} + \onslide<2->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (a2.south) -- ([xshift=\espaceFleche cm] b3.north);} + + \onslide<3->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (b1.south) -- ([xshift=-\espaceFleche cm] c1.north);} + \onslide<3->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (b2.south) -- ([xshift=\espaceFleche cm] c1.north);} + \onslide<3->{\draw [arrows={ - Triangle[angle=90:2mm]}, line width=0.75mm] (b2.south) -- (c2.north);} + + \node[align=center] at (\labelXgauche, \Ya) {Constructeurs\\ de composants\\ sécurisés}; + \node[align=center] at (\labelXgauche, \Yb) {Délégués\\ de sécurité}; + \node[align=center] at (\labelXgauche, \Yc) {Développeurs\\ d'exécutables}; + + \onslide<2->{\node[align=center, Gray] at (\labelXdroite, 0.5*\Ya) {Signe et\\ embarque les\\ certificats};} + \onslide<3->{\node[align=center, Gray] at (\labelXdroite, 0.5*\Yc) {Modère et signe\\ les exécutables\\ et contenus};} + + \onslide<4-|handout:2>{\node[draw,fill=White, fill opacity=1.00, minimum width=12cm, minimum height=6.5cm, rounded corners=0.5cm,] at (0,0) {};} + \onslide<4-|handout:2>{\node[] at (0,0) {\raisebox{-0.5\height}{\includegraphics[width=4cm]{ressources/UEFI.png}} \hspace{1cm} \raisebox{-0.5\height}{\includegraphics[width=4cm]{ressources/GSMA.png}}};} + \end{tikzpicture} + \end{center} + \note{Ne concerne pas que les TEE et SE, mais aussi la politique de sécurité dans Android.} +\end{frame} + +\end{document} + + +%%% Local Variables: +%%% ispell-local-dictionary: "francais" +%%% TeX-command-extra-options: "-shell-escape" +%%% eval: (flyspell-mode) +%%% End: diff --git a/ressources/GSMA.png b/ressources/GSMA.png new file mode 100644 index 0000000..01fd2b8 Binary files /dev/null and b/ressources/GSMA.png differ diff --git a/ressources/KeepassDX.png b/ressources/KeepassDX.png new file mode 100644 index 0000000..00fe4f8 Binary files /dev/null and b/ressources/KeepassDX.png differ diff --git a/ressources/NXP.png b/ressources/NXP.png new file mode 100644 index 0000000..b29b4bf Binary files /dev/null and b/ressources/NXP.png differ diff --git a/ressources/PKI.jpg b/ressources/PKI.jpg new file mode 100644 index 0000000..777e263 Binary files /dev/null and b/ressources/PKI.jpg differ diff --git a/ressources/Qualcomm.png b/ressources/Qualcomm.png new file mode 100644 index 0000000..7ec3a89 Binary files /dev/null and b/ressources/Qualcomm.png differ diff --git a/ressources/RATP.png b/ressources/RATP.png new file mode 100644 index 0000000..d28b76b Binary files /dev/null and b/ressources/RATP.png differ diff --git a/ressources/SE.png b/ressources/SE.png new file mode 100644 index 0000000..93f5221 Binary files /dev/null and b/ressources/SE.png differ diff --git a/ressources/SIM.png b/ressources/SIM.png new file mode 100644 index 0000000..adbe9fb Binary files /dev/null and b/ressources/SIM.png differ diff --git a/ressources/SPoC.png b/ressources/SPoC.png new file mode 100644 index 0000000..7a07f3f Binary files /dev/null and b/ressources/SPoC.png differ diff --git a/ressources/STM.png b/ressources/STM.png new file mode 100644 index 0000000..3126707 Binary files /dev/null and b/ressources/STM.png differ diff --git a/ressources/TEE.png b/ressources/TEE.png new file mode 100644 index 0000000..3a90eb0 Binary files /dev/null and b/ressources/TEE.png differ diff --git a/ressources/TPM.png b/ressources/TPM.png new file mode 100644 index 0000000..1b5d8f5 Binary files /dev/null and b/ressources/TPM.png differ diff --git a/ressources/Thales.png b/ressources/Thales.png new file mode 100644 index 0000000..adc2dee Binary files /dev/null and b/ressources/Thales.png differ diff --git a/ressources/UEFI.png b/ressources/UEFI.png new file mode 100644 index 0000000..4fdafc8 Binary files /dev/null and b/ressources/UEFI.png differ diff --git a/ressources/WebAuthn.png b/ressources/WebAuthn.png new file mode 100644 index 0000000..ac165a9 Binary files /dev/null and b/ressources/WebAuthn.png differ diff --git a/ressources/apple.png b/ressources/apple.png new file mode 100644 index 0000000..420dd8f Binary files /dev/null and b/ressources/apple.png differ diff --git a/ressources/apple_pay.png b/ressources/apple_pay.png new file mode 100644 index 0000000..45cdb84 Binary files /dev/null and b/ressources/apple_pay.png differ diff --git a/ressources/appli_cible.png b/ressources/appli_cible.png new file mode 100644 index 0000000..048532f Binary files /dev/null and b/ressources/appli_cible.png differ diff --git a/ressources/bq27421.png b/ressources/bq27421.png new file mode 100644 index 0000000..3a4e9d3 Binary files /dev/null and b/ressources/bq27421.png differ diff --git a/ressources/capture.mp4 b/ressources/capture.mp4 new file mode 100644 index 0000000..9c02862 Binary files /dev/null and b/ressources/capture.mp4 differ diff --git a/ressources/carte_à_puce.png b/ressources/carte_à_puce.png new file mode 100644 index 0000000..e21f19d Binary files /dev/null and b/ressources/carte_à_puce.png differ diff --git a/ressources/chatons_logo.png b/ressources/chatons_logo.png new file mode 100644 index 0000000..890cf17 Binary files /dev/null and b/ressources/chatons_logo.png differ diff --git a/ressources/deuxfleurs-logo.png b/ressources/deuxfleurs-logo.png new file mode 100644 index 0000000..4a5e086 Binary files /dev/null and b/ressources/deuxfleurs-logo.png differ diff --git a/ressources/ens-psl.png b/ressources/ens-psl.png new file mode 100644 index 0000000..1ab24a7 Binary files /dev/null and b/ressources/ens-psl.png differ diff --git a/ressources/france_identité.png b/ressources/france_identité.png new file mode 100644 index 0000000..dbba171 Binary files /dev/null and b/ressources/france_identité.png differ diff --git a/ressources/front-bg.jpg b/ressources/front-bg.jpg new file mode 100644 index 0000000..4a62744 Binary files /dev/null and b/ressources/front-bg.jpg differ diff --git a/ressources/google.png b/ressources/google.png new file mode 100644 index 0000000..392601b Binary files /dev/null and b/ressources/google.png differ diff --git a/ressources/google_pay.png b/ressources/google_pay.png new file mode 100644 index 0000000..3fea8aa Binary files /dev/null and b/ressources/google_pay.png differ diff --git a/ressources/huawei.png b/ressources/huawei.png new file mode 100644 index 0000000..672633f Binary files /dev/null and b/ressources/huawei.png differ diff --git a/ressources/ingenico.png b/ressources/ingenico.png new file mode 100644 index 0000000..0098846 Binary files /dev/null and b/ressources/ingenico.png differ diff --git a/ressources/kigen.png b/ressources/kigen.png new file mode 100644 index 0000000..d9b2904 Binary files /dev/null and b/ressources/kigen.png differ diff --git a/ressources/logo_signal.png b/ressources/logo_signal.png new file mode 100644 index 0000000..5761865 Binary files /dev/null and b/ressources/logo_signal.png differ diff --git a/ressources/logo_tchap.png b/ressources/logo_tchap.png new file mode 100644 index 0000000..6b2dbd3 Binary files /dev/null and b/ressources/logo_tchap.png differ diff --git a/ressources/logo_whatsapp.png b/ressources/logo_whatsapp.png new file mode 100644 index 0000000..62cdd51 Binary files /dev/null and b/ressources/logo_whatsapp.png differ diff --git a/ressources/luna.png b/ressources/luna.png new file mode 100644 index 0000000..f6945c9 Binary files /dev/null and b/ressources/luna.png differ diff --git a/ressources/payshield.png b/ressources/payshield.png new file mode 100644 index 0000000..474815a Binary files /dev/null and b/ressources/payshield.png differ diff --git a/ressources/précision.png b/ressources/précision.png new file mode 100644 index 0000000..2dc9298 Binary files /dev/null and b/ressources/précision.png differ diff --git a/ressources/relevé_1.png b/ressources/relevé_1.png new file mode 100755 index 0000000..9b18b0e Binary files /dev/null and b/ressources/relevé_1.png differ diff --git a/ressources/relevé_2.png b/ressources/relevé_2.png new file mode 100755 index 0000000..352ddfc Binary files /dev/null and b/ressources/relevé_2.png differ diff --git a/ressources/samsung.png b/ressources/samsung.png new file mode 100644 index 0000000..718eb9c Binary files /dev/null and b/ressources/samsung.png differ diff --git a/ressources/samsung_pay.png b/ressources/samsung_pay.png new file mode 100644 index 0000000..e8d17a4 Binary files /dev/null and b/ressources/samsung_pay.png differ diff --git a/ressources/schéma_brouillon.jpg b/ressources/schéma_brouillon.jpg new file mode 100644 index 0000000..48ab74d Binary files /dev/null and b/ressources/schéma_brouillon.jpg differ diff --git a/ressources/script.mp4 b/ressources/script.mp4 new file mode 100644 index 0000000..243baed Binary files /dev/null and b/ressources/script.mp4 differ diff --git a/ressources/sony.png b/ressources/sony.png new file mode 100644 index 0000000..9b4bb53 Binary files /dev/null and b/ressources/sony.png differ diff --git a/ressources/taux_équipement.png b/ressources/taux_équipement.png new file mode 100644 index 0000000..5b6a3cc Binary files /dev/null and b/ressources/taux_équipement.png differ diff --git a/ressources/toucher.png b/ressources/toucher.png new file mode 100644 index 0000000..549a6ba Binary files /dev/null and b/ressources/toucher.png differ diff --git a/ressources/téléphone.png b/ressources/téléphone.png new file mode 100644 index 0000000..3506984 Binary files /dev/null and b/ressources/téléphone.png differ diff --git a/ressources/téléphone_haut.png b/ressources/téléphone_haut.png new file mode 100644 index 0000000..bd0b5da Binary files /dev/null and b/ressources/téléphone_haut.png differ diff --git a/ressources/vitale.png b/ressources/vitale.png new file mode 100644 index 0000000..c9377a4 Binary files /dev/null and b/ressources/vitale.png differ