Bat. 12, Office F407
IRISA, Rennes (France)
My research focuses on vulnerabilities in cryptographic implementations, which can be related to the core protocol (if there is an issue in the specification) or implementation specific (side channel, or any information leak). The goal of my PhD is to outline the practicability of such vulnerabilities by implementing attacks in a real world scenario.
Before starting my PhD, I graduated from Rennes 1’s Cryptography Master in 2018, where I acquired the mathematical background needed to understand the underlying mechanisms of cryptography. Then, I worked one year at Amossys (Rennes) as a Security Analyst (mostly crypto related software), which allowed me to get my hands on some real world crypto implementations and pushed me to enlarge my CS knowledge and develop more practical skills.
|Nov 5, 2021||I participated to REDOCS 2021: “Risques des objets connectés sur la vie privée” avec la CNIL|
|Feb 16, 2021||Our patch of OpenSSL’s implementation of SRP is part of the major changes between OpenSSL 1.1.1i and 1.1.1j (changelog).|
|Dec 15, 2020||GlobalPlatform issues an amendment to SCP10 following our disclosure of a vulnerability in SCP10.|
|Nov 8, 2020||Our attack on Dragonfly (WPA3) implementations got the second place at CSAW Applied Research Competition (Europe).|
|Mar 1, 2021||ProtonMail Security Contributor following the disclosure of our PARASITE attack.|
|Nov 8, 2020||Second place at CSAW Applied Research competition (Europe) 2020|
A*“They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing AttacksIn IEEE Symposium on Security and Privacy (SP), May 2022
A*PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wildIn CCS, May 2021
ADragonblood is Still Leaking: Practical Cache-based Side-Channel in the WildIn ACSAC, May 2020