News

  • New paper accepted at Security & Privacy'24 where we propose a new fuzzing technique we called Dolev-Yao model-guided Fuzzing. We provide a full-fledged implementation of such a DY fuzzer in Rust with our tool tlspuffin, which found four new CVEs on WolfSSL, including one critical and two high CVEs.

  • New paper accepted at Usenix'23 and presented at Real World Crypto (contributed talk) on the e-voting protocol used during the 2022 French legislative election, which was the largest ever political election using e-voting in the world. We reversed the protocol, found 6 verifiability and privacy attacks on the protocol, and proposed fixes, some of them have been already deployed. We also presented this work at Real World Crypto'23. Media coverage: here, there, and there.

  • My ProtoFuzz project (2023-2027) was funded by the ANR (280k euros) as a JCJC project (individual research projects coordinated by young researchers). I am looking for students (research interns, PhD students), postdocs, and engineers to join this research effort. In case you are interested, contact me via email.

Publications

See also on dblp and G Scholar

. DY Fuzzing: Formal Dolev-Yao Models Meet Protocol Fuzz Testing. S&P, 2024.

Preprint Tool

. Reversing, Breaking, and Fixing the French Legislative Election E-Voting Protocol. Usenix Security, 2023.

Preprint Real World Crypto Talk Media Coverage

. Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses. Usenix Security, 2023.

Preprint Best paper award

. Fixing the Achilles Heel of E-Voting: The Bulletin Board. CSF, 2021.

Preprint PDF Models and proofs

. A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-Hellman Protocols. Usenix Security, 2020.

PDF DOI Tool Models and proofs

. Verification of Stateful Cryptographic Protocols with Exclusive OR. JCS (journal), 2020.

Preprint PDF DOI Code

. Symbolic Abstractions for Quantum Protocol Verification. Submitted, 2019.

Preprint PDF Extended Abstract

. A method for unbounded verification of privacy-type properties. JCS (journal), 2019.

Preprint PDF DOI Tool

. Symbolic Analysis of Identity-Based Protocols. Festschrift Symposium in Honor of Catherine Meadows, LNCS 11565, 2019.

PDF DOI Models

. Improving Automated Symbolic Analysis for E-voting Protocols: A Method Based on Sufficient Conditions for Ballot Secrecy. Euro S&P, 2019.

PDF Slides DOI Extended version Models

. New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols. PETS, 2019.

Preprint PDF DOI Black-Hat USA'17 talk Media coverage Video of PoC Models

. A Formal Analysis of 5G Authentication. CCS, 2018.

PDF Slides Extended version DOI Media coverage Models

. POR for Security Protocol Equivalences : Beyond Action-Determinism. ESORICS, 2018.

PDF Extended version DOI Slides Tool

. Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR. CSF, 2018.

Preprint PDF DOI Code

. Automated Verification of Privacy in Security Protocols: Back and Forth Between Theory & Practice. PhD thesis, 2017.

PDF Slides 1-Page Summary DOI

. A Reduced Semantics for Deciding Trace Equivalence. LMCS (journal), 2017.

PDF DOI Code

. Mobile subscriber WiFi privacy. Security & Privacy Workshops (MoST), 2017.

PDF DOI Best paper award Models

. A method for verifying privacy-type properties: the unbounded case. Security & Privacy (Oakland), 2016.

PDF Slides DOI Tool Models

. Towards Completeness via Proof Search in the Linear Time μ-calculus. LICS, 2016.

PDF DOI

. A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols. JLAMP (journal), 2016.

PDF DOI

. Partial Order Reduction for Security Protocols. CONCUR, 2015.

PDF Slides DOI Code

. A reduced semantics for deciding trace equivalence using constraint systems. POST, 2014.

PDF Slides DOI Code

Service

I serve in the program committee of European Symposium on Research in Computer Security (ESORICS) (2024–now) and of the HotSpot workshop (yearly work-shop since 2015, affiliated with IEEE European Symposium on Security and Privacy) (2021–now). I have previously served in the program committee of ACM ASIACCS symposium (2023) and of the Computer Security track at the 29th ACM Symposium on Applied Computing (SEC@SAC) (2019-2022).

I have been external scientific experts for the ANR (French National Agency for Research) Generic Call 2019-2020. I have reviewed papers for CCS, CSF, Euro S&P, ESORICS, ACM TOPS, JCS, etc.

I am the PI of the ProtoFuzz project (2023-2027) funded by ANR JCJ (280k euros). I am or was a member of the France 2030 ANR PEPR Cybersécurité (SVP) (2022-2026) and ANR Chair IA ASAP project (2020-2024), joint project between Huawei Technologies Singapore Research Center and ETH Zürich on 5G protocols (2018-2019). I have participated to the following projects: ANR Chair of research and teaching in artificial intelligence (ASAP), ERC Consolidator Grant SPOOC, ERC Starting Grant POPSTAR, various ANR projects.

Tools

tlspuffin

We developed with Max Ammann (main developer, security engineer at Trail of Bits), Tom Gouville (PhD student), and Michael Mera (research engineer) a fuzzer implementing a novel model-guided kind of fuzzer. The novel idea is to use the security-related domain-specific Dolev-Yao formal model to guide the fuzzer towards finding logical attacks in security protocols. Research conducted with M. Ammann and S. Kremer.

Porridge

Porridge is a standalone OCaml library implementing Partial Order Reduction techniques for checking trace equivalence of security protocols. It is not restricted to the limited class of action-deterministic protocols as in prior works. It has been successfully integrated into two state-of-the-art verifiers DeepSec and Apte, bringing significant speedups. Theory and practical results are described in our ESORICS’18 paper.

UKano

UKano is a tool that enables the automatic formal verification of unlinkability and anonymity for a large class of 2-agents protocols that was previously out of scope. It has been notably used to discover new attacks on ePassport protocols. I have written this tool by leveraging our new verification method proposed in our S&P’16 paper.

Partial Order Reduction Techniques in APTE

I have developed and implemented Partial Order Reduction techniques for a class of security protocols (those that are action-deterministic) in the tool Apte, dramatically improving its practical impact. I also have implemented a preliminary version of those techniques in the tool SPEC (more details).

Student Supervisions

PhD students

  • (2023-) Tom Gouville : DY Fuzzing : Formal Dolev-Yao Models Meet Protocol Fuzz Testing.
  • (2022-) Vincent Diemunsch: Formal Analysis of Industrial Protocols.

Bachelor and master students

  • (2023) Benjamin Voisin (bachelor student, ENS de Rennes, France): ZKP for eligibility verification in e-voting based on OpenID.
  • (2023) Micol Giacomin (bachelor student, ENS de Paris-Saclay, France): Bit-level mutations for DY fuzzers.
  • (2023) Dominique Bazin (bachelor student, ENS de Paris, France): Proving unlinkability based on reachability-based sufficient conditions.
  • (2021) Max Ammann (master student, Technical University of Munich, Germany): DY fuzzing for testing cryptographic protocols implementations.
  • (2020) Guilhem Roy (master student, École Polytechnique, France): Symbolic-Model-Aware Fuzzing of Cryptographic Protocols.
  • (2020) Timothé Bonhoure (bachelor student, ENS Lyon, France): Improving Cryptographic Protocols Verification: The Best of Two Worlds.
  • (2020) Karan Agarwalla (bachelor student, IIT Bombay, India): Formally Comparing and Evaluating Privacy Properties.
  • (2019-2020) Paul Artigouha (master student, Mines de Nancy, France): Formalizing and verifying privacy for the security protocols from the Noise framework.
  • (2018-2019) Guillaume Girol (master student, École Polytechnique, France): Formalizing and verifying the security protocols from the Noise framework.
  • (2018-2019) Läubli Silvan (bachelor student, ETH Zurich, Switzerland): Implementing a public bulletin board for Alethea.
  • (2018-2019) Andris Suter-Dörig (bachelor student, ETH Zurich, Switzerland): Formalizing and verifying the security protocols from the Noise framework.
  • (2018) Falconieri Vincent (master student working as an academic assistant (Hiwi), ETH Zurich, Switzerland): Fuzzing authentication protocols in LTE.
  • (2017-2018) Vincent Stettler (master student working as an academic assistant (Hiwi), ETH Zurich, Switzerland): NextGen Network Security Analysis.
  • (2017) David Lanzenberger (bachelor student, ETH Zurich, Switzerland): Formal Analysis of 5G Protocols.

Teaching

At Université de Lorraine

At Telecom Nancy

At ETH Zürich

At ENS Cachan

  • Lectures and TA on the theorem prover Coq & SAT-Solving (2015-2017),
  • TA for Logic, Software Engineering, Computability, Computer Programming & Compilation (2013-2017).

Talks

More Talks

(List outdated)
Improving Automated Symbolic Analysis for E-voting Protocols: A Method Based on Sufficient Conditions for Ballot Secrecy
Jun 19, 2019 2:03 PM
IEEE Euro S&P 2019
Slides
Security and Privacy of 5G AKA vs. Formal Verification
Jun 6, 2019 3:20 PM
GDR Securité and Security Seminar at LORIA
Slides
[CCS'18] A Formal Analysis of 5G Authentication
Oct 18, 2018 4:00 PM
CCS 2018
Slides

Contact