1 Passwords the server side A tour of decreasingly bad ideas regarding server-side password handling. Thomas EuroPython 2013 Disclaimer I am not a crypto or security expert, just a caring developer taking a look from a practical point of view.
2 About me Thomas Waldmann doing Python stuff since 2001 long-term MoinMoin Wiki core developer / project admin loves FOSS, Linux, Python and Wikis own small company near Stuttgart, Germany admin stuff, services, training, SW development
3 Why this talk? MoinMoin issue CVE remote code execution some wiki sites compromised, python wiki erased incident management of that / aftermath awareness raising responsibility for users' (passwords) safety shit will happen be prepared, have a plan!
4 How to authenticate users/clients? userid + password covered in this talk Other ways not covered here SSL client certificate LDAP OpenID OAuth Mozilla Persona CAS
5 userid + password You will need to store user profiles somehow (in a database, in some on-disk file,...). The profile usually contains: username something (P) you need to verify the clear-text password (CTP) the user enters at login time address other properties / settings
6 Storing plain-text passwords P = CTP When registering, the user enters the clear-text password (CTP) plus other stuff (name, ). You just store everything into the user profile, including P. Popular method in the last millennium! But...
8 CTP storage = users globally owned! profile storage access == knowing all userids, E- Mail addresses and passwords! admins (legitimately? accidentally? evil admins?) everyone else getting access (some security issue will happen, sooner or later) Users re-use passwords for multiple sites. If the userid for login is the address, that's usually the same everywhere also.
9 Let's obfuscate. P = obfuscate(ctp) obfuscate == rot13, xor, base64, Not quickly readable any more, but: This is obscurity, not security. Can easily be reversed and you have the CTP. Useless. Double-Facepalm applies here, too.
10 Let's encrypt! Obfuscation bad, so let's use real encryption: P = encrypt(key, CTP) encrypt == aes, des, (any symetric crypto) To verify a password at login time, decrypt P and compare with CTP. But...
12 It's symetric! You need to have the crypto key somewhere on the server (on disk, in database, in RAM,...) to: encrypt the CTP when a new password is set decrypt P to verify the given CTP at login time Thus: an attacker (who hacks into your server) can have the crypto key, too. Your encrypted passwords are as safe as your crypto key storage and your crypto algorithm unsafe in many cases.
13 One-way crypto hashes FTW! P = cryptohash(ctp) cryptohash == md5, apr1, sha1, ntlm, One-way crypto hashes can only be easily computed in one direction (CTP P), but not in reverse direction (P CTP). Popular methods, even in 2013! But...
15 Algorithms, bitlengths, rainbows! same CTP same P bad! Some algorithms are weak (e.g. md5). Some create hashes of short bitlength. For some, so-called rainbow tables can get precomputed to break pw hashes just by a table lookup (P CTP). Byebye one-way. So let's spoil the rainbow table based attacks, take many bits, a good algorithm and...
16 Add some Salt (plus Pepper?) salt = compute_random_bytestring(32) P = salt + crypto_hash(salt, CTP) crypto_hash = sha256, sha512, same CTP, different salt different P good! (pepper is similar to salt, just kept elsewhere) many bits, many different salts rainbow tables impractical (impossible?) But...
18 Who needs rainbow tables nowadays? Computes sha256 hashes every SECOND! So just brute-force, start with password = , iterate to zzzzzzz until your computed hash value matches the given one. 1-2 cards = owned by many gamers cards = owned by whoever has enough money to buy Details: (NVidia works too!)
19 Beyond simple brute force. Use dictionaries of words / names / passwords, combine them, mutate them using popular rules:... leetspeak l3375p34k insert / append /delete chars add some numbers ( maybe?) do same stuff humans usually try Feed back broken passwords into the dictionary.
21 NO need for speed. Hashes like sha* are optimized for speed, not designed for password storage. Speed is: good for brute forcing, not needed at login time (users tolerate 250ms). Thus, we need something slower, optimized for password storage needs. (we will come back to that later)
22 Unexpected other troubles For simplicity, we assume: stored cleartext passwords they won't ever get disclosed / stolen successful_login = (entered_pw == stored_pw) Looks OK? Too trivial code to have an issue? Nope...
23 Time is not on your side (1) Assume comparing one char takes time T on your CPU (left: attacker's guess, right: real pw): 0000 == 1234 # False after T 1000 == 1234 # False after 2T (jumped!) 1100 == 1234 # False after 2T 1200 == 1234 # False after 3T (jumped!) Python's speed-optimized == for strings can't keep a secret, jumps up happily for every correctly guessed character! use a constant time comparison function.
24 Time is not on your side (2) For failed logins, you are of course not telling: your username was wrong, or your password was wrong. But... if username not in valid_usernames: fail # after T1 if not validate(password): fail # after T2 Your normal code execution timing will tell it! Evaluate both expressions, try to use similar code or even always adjust timing to worst-case-timing.
25 Lessons learned Don't use home-grown password code: you can easily do it wrong, it is work to write and... to continually review, improve and maintain. Use such code from a good password library: done right, less work, enables collaboration, contribute to it (use it, test it, fix it, review it, improve it, ).
27 or other good lib / framework Django has own code for password handling does not use passlib (why not?) uses strong algorithm (pbkdf2) by default Specific hash code (flexibility?) py-bcrypt (not pure python) python-pbkdf2 (maintenance?) Any other good stuff suggested by audience?
28 passlib Main author: Eli Collins, BSD License Pure Python (2 and 3) for all password needs. Offers multiple strong algorithms via one API: bcrypt (needs additional C code / binaries) pbkdf2 sha512_crypt (not the same as sha512!) Written with care, easy to use, good docs,...
29 passlib hello world # fastest route is to use a preconfigured context: from passlib.apps import custom_app_context as pwd_ctx # creating a password hash: hash = pwd_ctx.encrypt("somepass") # <- normal user hash = pwd_ctx.encrypt("somepass", category="admin") # verifying a password: ok = pwd_ctx.verify("somepass", hash) # hash looks like: # $5$rounds=160397$8kDQgoNHYhPc5lGw$jLsSM/87lvESBACxg0e7VuTTw4m5s3k0R6OjZYuB0/2 # identifying a hash: algo = pwd_ctx.identify(hash) # algo == 'sha256_crypt'
30 passlib offerings The strong algorithms offered by passlib are: slow (~ times slower as sha) tunable (e.g. rounds parameter) configurable, with good defaults constant time comparison done automatically hash upgrades done comfortably password and random byte string generator also weaker popular algorithms for compatibility
31 passlib - more control and options from passlib.context import CryptContext # do this once, import pwd_ctx whereever it's needed: pwd_ctx = CryptContext( schemes = ["sha512_crypt", "hex_sha256", ], default = "sha512_crypt", deprecated = [ hex_sha256, ], # vary rounds randomly when creating new hashes all vary_rounds = 0.1, ) # set the number of rounds that should be used sha512_crypt default_rounds = ,
32 passlib hash upgrade password = foo # deprecated hex_sha256 hash: old_hash = '2c26b46b68ffc68ff...fa0f98a5e886266e7ae' ok, new_hash = pwd_ctx.verify_and_update("wrong", old_hash) # (False, None) ok, new_hash = pwd_ctx.verify_and_update(password, old_hash) # (True, '$6$rounds=92367$GC3oiYRJ0oqZQI3i$kDHkk...jdAVi00') # new_hash now has the upgraded hash (sha512_crypt) if new_hash is not None: save_to_profile(new_hash) ok, new_hash = pwd_ctx.verify_and_update(password, new_hash) # (True, None)
33 Weak hashes for compatibility? You could import these weak old md5 (or other) hashes from some legacy system to have happy users who don't need to reset their passwords. You could upgrade the hashes at login time to something really strong. But: if some users never log in, you keep the weak hashes forever, endangering these users. Either just DON'T or use double-hashing...
34 Double Hashing, the rough idea Make sure that the legacy system did not have bigger security issues or even security breaches, otherwise taking the old weak hashes is no option anyway as you have to consider them already being exposed/broken. If you made sure: Import weak hashes WH, but hash them again using strong algorithm: P = strong(wh) Login time: you have the CTP available (must be impossible to give WH), so re-write: P = strong(ctp) Run production systems in this mode for a while frequent users will have a strong P then. To get rid of the double-hashing and the inner weak hash: invalidate all remaining double-hashes (will only affect infrequent users) send these users a password-reset link, publish contact info for cases of trouble user still interested will just reset the password not interested any more won't do anything in any case no double-hashes in password storage any more Disable support for double-hashing in the site configuration. Later: first deprecate, then remove support for double-hashing in the software to simplify it.
35 Acceptable Passwords? Too simple / short / common passwords will get cracked instantly, no matter how good your password hash algorithm is. Thus: give instant feedback about password strength allow very long passwords accept all characters, so users can generate passwords without running into issues If you offer a password generator: avoid chars 1lIO05S6G8B... in random password for better readability
36 PW Strength Measurement (1) Simple checks are not good enough: length check: aaaaaaaaaa set size check: usual upper/lower/digit/punctuation requirement: Thomas.Waldmann.2013 But what else can we use? dictionaries are language dependent and big check shouldn't take too much time / resources
37 PW Strength Measurement (2) Self-entropy / information content (Shannon)? not good for PWs as they are relatively short, so the whole original character set isn't as obvious as in a much longer text. all symbols are equally difficult - unrelated to brute-forcing character ranges (like a..z, A..Z, 0..9, special, non-ascii chars) Idea: modified shannon self-entropy, consider required brute-force scan-ranges. Your idea?
38 PW Strength Measurement (3) Likely you can never tell if something is a good password, so rather say maybe good. E.g. correct horse battery staple (famous due to xkcd) is not a good password any more. Avoid the worst passwords by a strength meter. Educate users.
39 (Interactive) Login Behaviour Slowing down / disallowing login after bad attempts: useless against distributed attacks in some scenarios: risk of DOS one would notice if someone tries to get in except if attacker is trying slowly/distributed won't help if someone gets the hashes If you use some slow & strong hash algorithm: tune the rounds, so it is neither too slow nor too fast frequent logins will cost some CPU time
40 Shit happens If someone steals PW hashes (and usernames and s) from your site: react quickly! Attacker might have passwords rather soon (depending on algorithm and pw quality). Will try them at your site (if useful) and elsewhere. Inform your users! Do a global password hash invalidation at your site(s) before the attacker can do real damage.
41 Password resetting P = INVALID_VALUE # never verifies! Note: setting the same super-secret long password for all users, then sending a password reset link is not a good idea for all users not doing the reset: break one of them, break all of them! Notify users by and other means: send them a link to redefine their passwords, never send users a password via , give an admin contact for trouble cases.
42 Password recovery insecurities Your mother's maiden name is not secret: multiple sites you use might know the answer to that question except if you lied differently to each of them. for some people, one can even find the answer on wikipedia or somewhere else on the internet. As is often used to reset a password, make sure your account is rather safe or it might make you vulnerable everywhere else also.
43 Two-Factor Authentication First do a normal username / password check. If successful (and user has setup 2FA), let the user enter a 6 digit number generated by an app like Google Authenticator (RFC 4226) e.g. on a smartphone: device and server share a random secret (can be easily shared via QR code) secret is per account and per site timed OTP only valid for 30s Libs for Python: pyotp, python-oath,
44 Comments? Questions? Talk content (c) 2013 by: Thomas Waldmann (MoinMoin Wiki Development) License: CC-BY-SA 3.0 Pictures: Thanks to memegenerator.net and original creators!
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
Better PHP Security Learning from Adobe Quickly, about me Consultant! Senior Engineer! Developer! Senior Developer! Director of Tech! Hosting Manager! Support Tech 2014: Digital Director Lunne Marketing
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
2006-331: PASSWORD AUDITING TOOLS Mario Garcia, Texas A&M University-Corpus Christi American Society for Engineering Education, 2006 Page 11.985.1 Password Auditing Tools Abstract A goal of computer system
29 Oct 2015 CSCD27 Computer and Network Security Authenticating Humans CSCD27 Computer and Network Security 1 Authenticating Computers and Programs Computers and programs need to authenticate one another:
SESSION ID: PDAC-W05 The State of Modern Password Cracking Christopher Camejo Director of Threat and Vulnerability Analysis NTT Com Security @0x434a Presentation Overview Password Hashing 101 Getting Hashes
NETWORK SECURITY: How do servers store passwords? Servers avoid storing the passwords in plaintext on their servers to avoid possible intruders to gain all their users passwords. A hash of each password
VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY AUTHOR: Raúl Siles Founder and Security Analyst at Taddong Hello and welcome to Intypedia. Today we will talk about the exciting world of security
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
Securing Remote Desktop for Windows XP http://www.mobydisk.com/./techres/securing_remote_desktop.html Remote Desktop, Unsafely Many people use the Windows XP Professional remote desktop feature to gain
PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Web-based Attack: SQL Injection SQL Injection January 23, 2013 Authored By: Stephanie Reetz, SOC Analyst Contents Introduction Introduction...1 Web applications are everywhere on the Internet. Almost Overview...2
AutoCrypt 2.1 User Guide We Make Software - TensionSoftware.com AutoCrypt 2011-2013 Tension Software all rights reserved Every effort has been made to ensure that the information in this manual is accurate.
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted
User Identity and Authentication WordPress, 2FA, and Single Sign-On Isaac Potoczny-Jones firstname.lastname@example.org http://tozny.com About the Speaker Galois, Inc. - @galoisinc. Research & Development for computer
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
How can I keep my account safe from hackers, scammers and spammers? The question is a good one and especially important if you've purchased shared hosting (such as HostDime offers) since what effects your
Analysis of FileVault 2: Apple's full disk encryption Omar Choudary Felix Grobert Joachim Metz FileVault 2 Project Overview Goal reverse engineer and analyse Apple's full disk encryption (aka File Vault)
Disk encryption... (not only) in Linux Milan Brož email@example.com FDE - Full Disk Encryption FDE (Full Disk Encryption) whole disk FVE (Full Volume Encryption) just some volumes (dis)advantages? + for
Lesson 10: Attacks to the SSL Protocol Luciano Bello - firstname.lastname@example.org Chalmers University Dr. Alfonso Muñoz - email@example.com T>SIC Group. Universidad Politécnica de Madrid Security of the SSL
Java-Web-Security Anti-Patterns Entwicklertag 20.05.2015 Dominik Schadow bridgingit Failed with only the best intentions Design Implement Maintain Design Ignoring threat modeling defense in depth Threat
A Standards-based Approach to IP Protection for HDLs John Shields Staff Engineer, Modelsim Overview Introduction A Brief Status First Look at The Flow Encryption Technology Concepts Key Management Second
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
Hacking Database for Owning your Data 1 Introduction By Abdulaziz Alrasheed & Xiuwei Yi Stealing data is becoming a major threat. In 2012 alone, 500 fortune companies were compromised causing lots of money
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
The Password Problem Will Only Get Worse New technology for proving who we are Isaac Potoczny-Jones Galois & SEQRD firstname.lastname@example.org @SyntaxPolice Goals & Talk outline Update the group on authentication
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
YubiKey Authentication Module Design Guideline Yubico Application Note Version 1.0 May 7, 2012 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
Online Backup by Mozy Common Questions Document Revision Date: June 29, 2012 Online Backup by Mozy Common Questions 1 What is Online Backup by Mozy? Online Backup by Mozy is a secure online data backup
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
CMSC 414 (Spring 2015) 1 Symmetric and Public-key Crypto Due April 14 2015, 11:59PM Updated April 11: see Piazza for a list of errata. Sections 1 4 are Copyright c 2006-2011 Wenliang Du, Syracuse University.
Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting email@example.com Copyright 2006 - The OWASP
A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
NESCO/NESCOR Common TFE Analysis: CIP-007 R5.3 Password Complexity National Electric Sector Cybersecurity Organization (NESCO)/NESCO Resource (NESCOR) DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITIES
Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main
SQL SERVER Anti-Forensics Cesar Cerrudo Introduction Sophisticated attacks requires leaving as few evidence as possible Anti-Forensics techniques help to make forensics investigations difficult Anti-Forensics
Presentation on Black Hat Europe 2003 Conference Security Analysis of Microsoft Encrypting File System (EFS) Microsoft Encrypting File System Encrypting File File System System (EFS) (EFS) is is a a new
C H A P T E R9 Application Design and Development Practice Exercises 9.1 What is the main reason why servlets give better performance than programs that use the common gateway interface (CGI), even though
Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.
Enterprise Keeper Password Manager & Digital Vault Contact Sales (312) 226-5544 firstname.lastname@example.org r 8.19.15 Enterprise Keeper is the world s most secure digital vault. Contact Sales (312) 226-5544
FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology
The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email
November 2014 Security for mobile apps This white paper provides education on security considerations and requirements for mobile apps. 1 Contents Authentication & security for mobile apps 3 Securing mobile
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
Password regulations for Karolinska Institutet Dnr 1-213/2015 Version 2.0 Applicable from 2015-05-18 Password regulations for Karolinska Institutet - Summary Purpose The main purpose of these regulations
Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your
Java Web Security Antipatterns JavaOne 2015 Dominik Schadow bridgingit Failed with nothing but the best intentions Architect Implement Maintain Architect Skipping threat modeling Software that is secure
Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland email@example.com Abstract Secure Socket Layer (SSL) and Transport Layer
Making the Most of Multi-Factor Authentication Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to
Oracle post exploitation techniques László Tóth firstname.lastname@example.org Disclaimer The views expressed in this presentation are my own and not necessarily the views of my current, past or future employers. Content
Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
Two-Factor Authentication Basics for Linux Pat Barron (email@example.com) Western PA Linux Users Group Some Basic Security Terminology Two of the most common things we discuss related to security are Authentication
What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
Modes of Operation Steven M. Bellovin February 3, 2009 1 Using Cryptography As we ve already seen, using cryptography properly is not easy Many pitfalls! Errors in use can lead to very easy attacks You
Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that
Beyond files forensic OWADE cloud based forensic Elie Bursztein Stanford University Ivan Fontarensky Cassidian Matthieu Martin Stanford University Jean Michel Picod Cassidian 1 The world is moving to the