Computer Engineer, PhD in Applied Cryptography

Current Research Interests: Anonymous Communication, Security of Distributed Networking and Systems, Transport Protocols, Engineering Flexibility in Privacy-Enhancing Technologies.

News

August 2020

Paper accepted at ACM HotNETs: TCPLS: Closely Integrating TCP and TLS. This research is an ongoing work showing potentials for a more intricated TLS/TCP design; This paper covers the promise of our work, with initial results.

August 2020

Paper accepted at ACM CCS: CLAPS: Client-Location-Aware Path Selection in Tor. In a nutshell, this paper offers a second life to many cool location-aware path selection ideas, by solving their known problems and improving on their results.

April 2020

Joined PoPETs 2021 PC, Call For Paper: petsymposium.org/cfp21.php

29. March 2020

Finally a personal site is live!

... see all News

Research Projects

Extensibility of transport protocols

Extensibility is an essential requirement for the success of Internet protocols. Indeed, all standardized protocols have received extensions throughout the years to meet new use-cases and evolve with various desired properties. However, many of them have failed to be deployed despite the willingness of important actors and the availability of implementations. The main reasons for failures fall to middlebox interferences and to difficulties to propagate the usage of the new implementations. We aim for an original method to design extensible Internet protocols that won’t be affected by middleboxes, and that would be fast to deploy everywhere.

Linked publications:

Flexibility in Anonymous Communication

Many network protocol designs have applied the Robustness principle, and Tor, the most widely used anonymous network makes no exception. The Robustness principle is elegant, easy and effective to turn into an implementation. However, our research pointed out conflicting interaction between the flexibility offered by the Robustness principle and the core mission of the Tor routing protocol: offering anonymous connections over the Internet to a wide diversity of users and use cases. Indeed, we were able to show that exploiting Tor’s flexibility was an important vector of attacks. In this research project, we argue that flexibility for a distributed overlay network such as Tor must be re-engineered. We expect our methods to allow a stronger resilience to many attacks and a more effective response to newly discovered ones. Moreover, this project has the other overwhelming motivation to design an Anonymous Network able to push the Threat Model to the application layer, and meet the requirements of independant use cases over the same physical network.

Linked publications:

  • Upcoming publication! Stay tuned :-)
  • Flexible Anonymous Network, HotPETs (2019)

  • Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols, PoPETs (2018)

Security in Tor via Path Selection

One approach to improving the resilience of the Tor network against end-to-end correlation attack is to research techniques that reduce the probability to get an adversary on our path. The path selection is without a doubt the most crucial component of the core Tor software: it offers anonymity to Tor users with random paths that follow a distribution supposed to balance the usage of all relays within the network. Hence, it has this dual objective to offer good anonymity and good performance. This research project develops a framework to enable Path Selection against various adaptation of adversaries: relay adversaries and AS adversaries with load-balancing guarantee

Linked publications:

  • CLAPS: Client Location-Aware Path Selection in Tor, ACM CCS

  • Waterfilling: Balancing the Tor Network with Maximum Diversity, PoPETs (2017)

Exploring Security/Usability trade-offs in Web Authentication

Asserting that a claimed identity is legitimate is a difficult problem. Authentication is usually based on an agreed token that a user uses to prove his identity. This token can be of many forms with many different extraction methods. These are commonly divided in the following well-known classification: something we know, something we have and somethingwe are. In this project, we investigated the expected security of multifactor authentication such as FIDO (standardized as Webauthn by the W3C), and proposed SWAT, a new design which can get combined to any other authentication technique without loss of application usability

Linked publications: