Many network protocol designs have applied the Robustness principle, and Tor, the most widely used anonymous network makes no exception. The Robustness principle is elegant, easy and effective to turn into an implementation. However, our research pointed out conflicting interaction between the flexibility offered by the Robustness principle and the core mission of the Tor routing protocol: offering anonymous connections over the Internet to a wide diversity of users and use cases. Indeed, we were able to show that exploiting Tor’s flexibility was an important vector of attacks. In this research project, we argue that flexibility for a distributed overlay network such as Tor must be re-engineered. We expect our methods to allow a stronger resilience to many attacks and a more effective response to newly discovered ones. Moreover, this project has the other overwhelming motivation to design an Anonymous Network able to push the Threat Model to the application layer, and meet the requirements of independant use cases over the same physical network.

Linked publications:

• Upcoming publication! Stay tuned :-)

• Flexible Anonymous Network, HotPETs (2019)

• Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols, PoPETs (2018)

Extensibility is an essential requirement for the success of Internet protocols. Indeed, all standardized protocols have received extensions throughout the years to meet new use-cases and evolve with various desired properties. However, many of them have failed to be deployed despite the willingness of important actors and the availability of implementations. The main reasons for failures fall to middlebox interferences and to difficulties to propagate the usage of the new implementations. We aim for an original method to design extensible Internet protocols that won’t be affected by middleboxes, and that would be fast to deploy everywhere. Many of these efforts have been realized under the initial impulsion of Olivier Bonaventure and his team. More information about linked projects can be found on https://pluginized-protocols.org/.

Linked publications:

• Upcoming publication! Stay tuned :-)

• TCPLS: Modern Transport Services with TCP and TLS, ACM CoNEXT

• TCPLS: Closely Integrating TCP and TLS, ACM HotNETs

• Pluginizing QUIC, ACM SIGCOMM (2019)

One approach to improving the resilience of the Tor network against end-to-end correlation attack is to research techniques that reduce the probability to get an adversary on our path. The path selection is without a doubt the most crucial component of the core Tor software: it offers anonymity to Tor users with random paths that follow a distribution supposed to balance the usage of all relays within the network. Hence, it has this dual objective to offer good anonymity and good performance. This research project develops a framework to enable Path Selection against various adaptation of adversaries: relay adversaries and AS adversaries with load-balancing guarantee

Linked publications:

• CLAPS: Client Location-Aware Path Selection in Tor, ACM CCS

• Waterfilling: Balancing the Tor Network with Maximum Diversity, PoPETs (2017)

Asserting that a claimed identity is legitimate is a difficult problem. Authentication is usually based on an agreed token that a user uses to prove his identity. This token can be of many forms with many different extraction methods. These are commonly divided in the following well-known classification: something we know, something we have and something we are. In this project, we investigated the expected security of multifactor authentication such as FIDO (standardized as Webauthn by the W3C), and proposed SWAT, a new design which can get combined to any other authentication technique without loss of application usability

Linked publications:

• SWAT: Seamless Web Authentication Technology, ACM WWW (2019)

• Formal Analysis of the Fido 1.x Protocol, FPS (2017)