Applied Research and Development (Ra&D)

Many security projects are confidentials. So, they can unfortunatley not appear on this website.

The security research team was working on these different projects:

  • Several mandates in collaboration with partners (all partners and subjects are confidentials).
  • Serveral CTI projects in collaboration with partners.
    • 2016 (25161.1 INNO-13-16-ES)
      Amélioration de la sécurité informatique de notre service en ligne.
      Industrial partner: Inetis Sàrl and
    • 2015-16 (17348.1)
      Plate-forme de gestion fiable et sécurisée pour les applications industrielles de l'Internet et du Web des Objets.
      Industrial partner: Novaccess SA, Ville de Lausanne.
    • 2014 (17005.1 INNO-13-16-ES)
      Security Augmentation of Infrastructure.
      Industrial partner: Privately Sàrl.
    • 2013 (15686.1 INNO-13-16-ES)
      Sécurisation d'une plateforme innovante de paiement mobile.
      Industrial partner: Cash Sentinel.
    • 2011-13 (13540)
      Innovative multimodal smartcard-based biometric authentication: logical access control apparatus based on contactless multimodal biometric identification coupled with wireless smartcard verification.
      Industrial partner: Sensometrix.
    • 2011-13 (13744)
      Symbios Hub: Distributed application framework for Transfer and Validation.
      Industrial partner: SYMBIOS Orthopédie SA.
  • 2011-12 ISCIA: Internet Surveillance for Criminal Intelligence Analysis.

Scientific Projects Supervision

University of Applied Sciences Western Switzerland (HEIG-VD)

  • Les portefeuilles Bitcoin recommandés pour Android sont-ils vraiment recommandables ?,
    Fabien Franchini, Bachelor, TS, HEIG-VD, 2017.
  • Détection automatisée d'attaques informatiques,
    Samuel Darcey, Bachelor, TS, HEIG-VD, 2017.
  • Confidentiel,
    Amine Tayaa, Bachelor, TS, HEIG-VD, 2017.
  • Wall-of-sheep,
    Parfait Plaisir de Pâques Noubissi, Bachelor, TS, HEIG-VD, 2016.
  • Confidential,
    Valentin Schaad, Bachelor, TS, HEIG-VD, 2016.
  • Malware analysis: Analysis of attack trends and techniques for Android smartphones,
    Benoît Zuckschwerdt, Bachelor, TS, HEIG-VD, 2016.
  • Fuzz'droid,
    Calixte Melly, Bachelor, TS, HEIG-VD, 2015.
  • Bit-M : Box in the Middle,
    Simone Righitto, Bachelor, TS, HEIG-VD, 2015.
  • Confidential,
    Sébastien Biolzi, Bachelor, TS, HEIG-VD, 2014.
  • Attaque d'un système au travers du driver USB,
    Fabrice Caralinda, Bachelor, TS, HEIG-VD, 2014.
  • Attaque 802.1X - Extraction de certificats machines d'un poste Windows 7,
    Robin Herzog, Bachelor, TR, HEIG-VD, 2014.
  • Confidential,
    Christian Masullo, Bachelor, TS, HEIG-VD, 2014.
  • Confidential,
    Daniel Ferreira Lopes, Bachelor, TR, HEIG-VD, 2013.
  • Confidential,
    Nicolas Joliat, Bachelor, TR, HEIG-VD, 2013.
  • Confidential,
    Yohan Martini, Bachelor, TR, HEIG-VD, 2013.
  • Confidential,
    Patrick Yersin, Bachelor, IL, HEIG-VD, 2013.
  • Audit de sécurité du système d'impression,
    Antoine Vigo, Bachelor, TR, HEIG-VD, 2012-13.
  • Cybersécurité - Analyse du maliciel Stuxnet,
    Cédric Van Pernis, Bachelor, TR, HEIG-VD, 2012.

Swiss Federal Institute of Technology (EPFL)

  • DH vs DL problems,
    Jonathan Kuhn, EPFL, LASEC, 2008.
  • Cache attacks,
    Thomas Kunz, EPFL, LASEC, 2007.
  • Secure VoIP using SIP,
    Michael Jubin, EPFL, LASEC, 2007.

  • Projects coordinator for all semester and diploma projects within the LASEC, 2005-2009.

Miscanellous Personnal Projects

Secure Communications Using Authenticated Channels (2005-09)

EPFL, PhD thesis.
The main motivation is to build protocols which are more secure and more user-friend ly than pre- viously known constructions. Indeed, if the protocol is tedious to use, most of the users will not behave correctly and this wil l lead to some security issues. An example is the behavior of a user with respect to the authentication of an SSH public key who will typically accept it with no check. Making protocols more user-friendly may be difficult since the security must not decrease at the same time. In this thesis, different solutions are proposed for different situations.
Hash functions are often modelized by random oracles while they deviate more and more from this idealization. One of the problems is how to fix the existing digital signatures constructions. In this thesis, a solution is proposed and it consists only in adding a pre-processing on the message.
Digital signatures may also lead to privacy issues (as in e-passports). Indeed, given a message and its signature, anyone can publish the pair which will confirm the authenticity of the message. In this thesis, a provable secure solution is provided allowing to prove the knowledge of the signature without revealing it.
For more information, see the page academic research.

Compomising Electromagnetic Emanations of Wired and Wirless Keyboard (2008)

Join work with Martin Vuagnoux.
We analyze the electromagnetic emanations emitted by computer keyboards. We present four different weaknesses on PS/2, USB, wireless, and laptop keyboards. Thanks to our practical implementation we were able to recover 95 percents of the keystrokes up to 20 meters.
For more information, see the page Compromising Electromagnetic Emanations of Wired and Wireless Keyboards.

Secure Voice over IP Application (2006)

PhD sub-project, EPFL.
The project consists in programming a secure VoIP application where the security is guaranteed peer-to-peer. Users only need to agree on a Short Authenticated String (SAS) of 6 digits and are able to communicate securely. Encryption is done with the AES and the secret key is exchanged by a Diffie-Hellman protocol which is authenticated with our SAS-based protocol.

Secure Communications over Insecure Channels (2005)

for which I received the Kudelski Group Prize.
supervised by Prof. Serge Vaudenay, Master thesis, EPFL.
We analyze the security of generic message authentication protocols and propose new improved solutions.
Report: pdf (0.7 MB)
Slides: pdf (1.0 MB)

Why textbook ElGamal and RSA encryption are insecure? (2004)

supervised by Prof. Serge Vaudenay, Semester Project, EPFL.
We implement the attacks to illustrate they are not secure without a pre-processing on the plaintext.
Report: pdf (0.5 MB)
Slides: pdf (0.6 MB)

Ethernet/Internet embedded camera design (2002)

supervised by René Beuchat, Semester Project, EPFL.
We build a Web server embedded in an FPGA to provide on the Internet images from a CMOS camera.
Rapport : pdf (5 MB)
Annexes : pdf (1 MB)
Slides : pdf (0.5 MB)
Résumé : pdf (1 MB)

Tumours detection and segmentation of MRI images (2001)

for which I received the congratulations from the jury.
supervised by Prof. Michel Kocher, Diploma, EIG.
We design an automatic method to detect and extract tumours of a MRI scan of the head.

Brain segmentation of MRI images (2001)

supervised byProf. Michel Kocher, Semester Project, EIG.
We design an automatic method to extract the brain of a MRI scan of the head. This is the first application of the Mathematic Morphology in 3D.
Page created April 23, 2009. Modified December 22, 2015.