{"id":424,"date":"2021-03-25T16:53:00","date_gmt":"2021-03-25T15:53:00","guid":{"rendered":"http:\/\/scpo-cybersecurityassociation.com\/?p=424"},"modified":"2022-01-08T17:16:24","modified_gmt":"2022-01-08T16:16:24","slug":"25-03-2021-messagerie-chiffree-une-necessite-avec-cedric-sylvestre","status":"publish","type":"post","link":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/2021\/03\/25\/25-03-2021-messagerie-chiffree-une-necessite-avec-cedric-sylvestre\/","title":{"rendered":"25\/03\/2021: Messagerie chiffr\u00e9e : une n\u00e9cessit\u00e9? avec C\u00e9dric Sylvestre"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"489\" src=\"https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2021\/03\/signal-2021-12-12-154813_001-1024x489.jpeg\" alt=\"\" class=\"wp-image-435\" srcset=\"https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2021\/03\/signal-2021-12-12-154813_001-1024x489.jpeg 1024w, https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2021\/03\/signal-2021-12-12-154813_001-300x143.jpeg 300w, https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2021\/03\/signal-2021-12-12-154813_001-768x367.jpeg 768w, https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2021\/03\/signal-2021-12-12-154813_001.jpeg 1256w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\u00ab\u00a0La d\u00e9centralisation pour une meilleure s\u00e9curit\u00e9 au plus proche des utilisateurs\u00a0\u00bb, c\u2019\u00e9tait le th\u00e8me et la conclusion de cette nouvelle masterclasse organis\u00e9e par l\u2019\u00e9quipe de la Cybersecurity Student Association ce jeudi 26 mars. A cette occasion, nous recevions C\u00e9dric Sylvestre, l\u2019un des quatre cofondateurs d\u2019Olvid, la messagerie instantan\u00e9e 100% French touch, r\u00e9put\u00e9e la plus s\u00fbre au monde.\u00a0Dipl\u00f4m\u00e9 de l\u2019IEP de Lyon, d\u2019un 3e cycle de droit international, et de l\u2019ESCP-Europe, C\u00e9dric Sylvestre est actuellement charg\u00e9 du\u00a0<em>business development<\/em>\u00a0d\u2019Olvid.\u00a0\u00a0<\/p>\n\n\n\n<p>WhatsApp est la messagerie la plus utilis\u00e9e, y compris dans le milieu professionnel. Cette utilisation professionnelle est ce que C\u00e9dric Sylvestre appelle du \u00ab&nbsp;Shadow IT&nbsp;\u00bb (l\u2019adoption d\u2019une pratique issue vie priv\u00e9e dans les milieux professionnels). L\u2019application est effectivement attrayante&nbsp;du fait de la simplicit\u00e9 de son utilisation et du fait qu\u2019elle propose une m\u00eame interface pour les amis, la famille et les coll\u00e8ges. Sa gratuit\u00e9 est \u00e9galement un facteur important, bien que probl\u00e9matique du fait du mod\u00e8le \u00e9conomique de Whatsapp bas\u00e9 sur l\u2019exploitation des donn\u00e9es et m\u00e9tadonn\u00e9es.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Pourtant, aujourd\u2019hui, les fuites de donn\u00e9es en entreprise proviennent majoritairement d\u2019une n\u00e9gligence (et bien moins d\u2019un acte de malveillance). A 95% des cas, cette n\u00e9gligence provient d\u2019un tiers (sous-traitants, partenaires, consultants, avocats) et concerne donc tous les niveaux (top management, consultant, RH, R&amp;D).&nbsp;<\/p>\n\n\n\n<p><strong>Comment fonctionne Whatsapp?<\/strong><\/p>\n\n\n\n<p>La s\u00e9curit\u00e9 de la messagerie Whatsapp se base sur deux \u00e9l\u00e9ments centraux&nbsp;:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>l\u2019encryption de bout en bout<\/strong>, qui permet de transmettre via des serveurs de distribution des messages chiffr\u00e9s d\u2019un utilisateur \u00e0 l\u2019autre<\/li><li>un \u2018<strong>annuaire des utilisateurs\u2019<\/strong>, qui regroupe sur un autre serveur les 2,5 milliards de num\u00e9ros de t\u00e9l\u00e9phone des utilisateurs de WhatsApp associ\u00e9s \u00e0 leurs cl\u00e9s de chiffrement (qui sont syst\u00e9matiquement distribu\u00e9es aux num\u00e9ros de t\u00e9l\u00e9phone) .<\/li><\/ul>\n\n\n\n<p><strong>Pourquoi est-ce probl\u00e9matique?<\/strong><\/p>\n\n\n\n<p>Pour C\u00e9dric Sylvestre, 2 \u00e9l\u00e9ments posent probl\u00e8me&nbsp;: d\u2019une part, la centralisation de ce syst\u00e8me de s\u00e9curit\u00e9 sur un m\u00eame serveur, et d\u2019autre part le fait que l\u2019identit\u00e9 d\u2019une personne soit seulement bas\u00e9e sur le num\u00e9ro de t\u00e9l\u00e9phone. Comme il l\u2019explique, un num\u00e9ro ne peut pas pleinement certifier l\u2019identit\u00e9 d\u2019un interlocuteur \u2013 Whatsapp peut certes chiffrer une conversation entre deux num\u00e9ros mais ne peut garantir ni une identification ni une authentification des interlocuteurs.&nbsp;<\/p>\n\n\n\n<p><strong>Comment fonctionne Olvid&nbsp;?<\/strong><\/p>\n\n\n\n<p>A l\u2019inverse de Whatsapp, Olvid ne centralise pas les cl\u00e9s de chiffrement et ne demande aucune donn\u00e9e aux utilisateurs (la messagerie ne se base pas sur le num\u00e9ro de t\u00e9l\u00e9phone), en r\u00e9inventant les proc\u00e9d\u00e9s cryptographiques. Olvid fonctionne avec des cl\u00e9s d&#8217;API anonymes.&nbsp;La messagerie n&#8217;op\u00e8re donc aucun serveur annuaire des identit\u00e9s num\u00e9riques de ses utilisateurs. Sa principale diff\u00e9rence avec les autres applications telles que Signal ou Telegram r\u00e9side dans le fait que les donn\u00e9es des utilisateurs ne sont pas h\u00e9berg\u00e9es sur un serveur ou sur le cloud.<\/p>\n\n\n\n<p>Le mod\u00e8le \u00e9conomique d\u2019Olvid se base pour l\u2019instant exclusivement sur la vente en B2B aux entreprises de la formule payante de la messagerie (disposant de davantage d\u2019options que la formule gratuite).<\/p>\n\n\n\n<p>En mai 2019, Mark Zuckerberg a dit : \u00ab&nbsp;the future is private&nbsp;\u00bb.&nbsp;En mars 2021, C\u00e9dric Sylvestre lui a r\u00e9pondu : \u00ab&nbsp;the future is decentralization&nbsp;\u00bb.<\/p>\n\n\n\n<p>Ressources&nbsp;:<\/p>\n\n\n\n<p><a href=\"https:\/\/olvid.io\/fr\/\">https:\/\/olvid.io\/fr\/<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Messagerie chiffr\u00e9e : une n\u00e9cessit\u00e9 ?- avec C\u00e9dric Sylvestre et Christine Samandel\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/_PndMgjS1AE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<hr class=\"wp-block-separator is-style-wide\"\/>\n\n\n\n<p>&#8220;Decentralization for better and closer security &#8221; was the topic and the final words of this last masterclass organized by the Cybersecurity Student Association team this Thursday, March 26<sup>th<\/sup>. For this occasion, we welcomed C\u00e9dric Sylvestre, one of the four co-founders of Olvid, a 100% French touch instant messenger app, \u2018the safest in the world\u2019 for some. Graduated from the Lyon IEP and ESCP-Europe, C\u00e9dric Sylvestre is currently in charge of the business development&nbsp;&nbsp;at Olvid.<\/p>\n\n\n\n<p>WhatsApp is the most widely used messaging system, including inside most workplaces. This work usage is what C\u00e9dric Sylvestre calls &#8220;Shadow IT&#8221; (the adoption of a private life practice in a professional environment). The app is actually attractive because of its simplicity of use and the fact that it offers a single interface for friends, family and colleges. Its free access is also an important factor, although problematic due to WhatsApp&#8217;s business model based on the exploitation of data and metadata.<\/p>\n\n\n\n<p>But most corporate data breaches today are the result of negligence (and much less of malicious intent). In 95% of cases, this negligence comes from a third party (subcontractors, partners, consultants, lawyers) and therefore concerns all levels (top management, consultant, HR, R&amp;D).<\/p>\n\n\n\n<p><strong>How does Whatsapp work?<\/strong><\/p>\n\n\n\n<p>The security of Whatsapp messaging is based on two central elements:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>end-to-end encryption, which enables encrypted messages to be transmitted from one user to another via distribution servers<\/li><li>a &#8220;user directory&#8221;, which groups together on another server the 2.5 billion telephone numbers of WhatsApp users associated with their encryption keys (which are systematically distributed to telephone numbers).<\/li><\/ul>\n\n\n\n<p><strong>Why is this problematic?<\/strong><\/p>\n\n\n\n<p>For C\u00e9dric Sylvestre, there are two problems: on the one hand, the centralization of this security system on one sole server, and on the other hand the fact that a person&#8217;s identity is only based on the telephone number. As he explains, a number cannot fully certify the identity of a caller &#8211; Whatsapp can encrypt a conversation between two numbers but cannot guarantee the caller identification or authentication.<\/p>\n\n\n\n<p><strong>How does Olvid work?<\/strong><\/p>\n\n\n\n<p>Unlike Whatsapp, Olvid does not centralize encryption keys and does not request any data from users (the app does not need a phone number to work), reinventing cryptographic processes. Olvid works with anonymous API keys.&nbsp;&nbsp;Therefore, Olvid does not have any directory server for the digital identities of its users. Its main difference from other apps like Signal or Telegram is that user data is not hosted on a server or in the cloud.<\/p>\n\n\n\n<p>Olvid&#8217;s business model is currently based exclusively on B2B sales of the paid messaging plan (which offers more options than the free formula).<\/p>\n\n\n\n<p>In May 2019, Mark Zuckerberg said: \u201cthe future is private\u201d. In March 2021, C\u00e9dric Sylvestre replied: \u201cthe future is decentralization\u201d.<\/p>\n\n\n\n<p>Resources:<\/p>\n\n\n\n<p><a href=\"https:\/\/olvid.io\/fr\/\">https:\/\/olvid.io\/fr\/<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00ab\u00a0La d\u00e9centralisation pour une meilleure s\u00e9curit\u00e9 au plus proche des utilisateurs\u00a0\u00bb, c\u2019\u00e9tait le th\u00e8me et la conclusion de cette nouvelle masterclasse organis\u00e9e par l\u2019\u00e9quipe de la Cybersecurity Student Association ce jeudi 26 mars. A cette occasion, nous recevions C\u00e9dric Sylvestre, l\u2019un des quatre cofondateurs d\u2019Olvid, la messagerie instantan\u00e9e 100% French touch, r\u00e9put\u00e9e la plus s\u00fbre [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":435,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-424","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-events"],"_links":{"self":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts\/424","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/comments?post=424"}],"version-history":[{"count":3,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts\/424\/revisions"}],"predecessor-version":[{"id":436,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts\/424\/revisions\/436"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/media\/435"}],"wp:attachment":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/media?parent=424"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/categories?post=424"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/tags?post=424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}