Ludovic Barman
Security & Privacy
Hi, I'm Ludovic !
I recently obtained my PhD in security and privacy, under the guidance of Jean-Pierre Hubaux and Bryan Ford.
My research topics revolve around the analysis and protection of communication metadata (e.g., traffic analysis, website fingerprinting), and around building anonymous communication networks. I like designing and building systems. In my free time, I enjoy thinkering with DiY projects and hiking in the Alps.
I recently joined Google, where I work on privacy on Android.
Feel free to contact me! firstname.lastname@protonmail.com
Table of contents: research / work experience / education / blog posts / demos
Research
- Rhythm: Flexible Metadata-Private Messaging2022
L. Barman, M. Kol, D. Lazar, Y. Gilad, N. Zeldovich - This is not the padding you are looking for! On the ineffectiveness of QUIC PADDING against 2022
website fingerprinting. L. Barman & S. Siby, C. Wood, M. Fayed, N. Sullivan, C. Troncoso
preprint - Every Byte Matters: Traffic-Analysis of Bluetooth Wearable Devices 2021
L. Barman, A. Dumur, A. Pyrgelis, J-P. Hubaux. Ubicomp 2021
paper, code, press article: Horizons - Decentralized Privacy-Preserving Proximity Tracing (DP3T)2020
My contribution to this large team project mostly consists of: security analysis (of the initial project PEPP-PT, then of DP3T), reviews of alternative protocols (ROBERT, DESIRE, etc), and some work on interoperability.
website, paper, some press articles: Reuters, BBC, Financial Times, Blick, Le Temps - PriFi: Low-Latency Metadata Protection for Organizational Networks 2018
L. B., I. Dacosta, M. Zamani, E. Zhai, A. Pyrgelis, B. Ford, J. Feigenbaum, J-P. Hubaux. PETS 2020
paper, code - Reducing Metadata Leakage from Encrypted Files and Communication with PURBs 2018
K. Nikitin & L. Barman, M. Underwood, W. Lueks, B. Ford, J-P. Hubaux. PETS 2019
paper, website, presentation, code, press article: ZDNet - Drand & LeagueOfEntropy.com: Provable Distributed Randomness 2017
My contribution to this team project is mostly code.
website, code, some press articles: ZDNet, TheNextWeb - PriFi: A Low-Latency [...] Protocol for Local-Area Anonymous Communication 2016
L. Barman, M. Zamani, I. Dacosta, J. Feigenbaum, B. Ford, J-P. Hubaux, D. Wolinsky. WPES 2016
paper - Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud 2015
F. Armknecht, L. Barman, J-M. Bohli, G. Karame. USENIX Security 2016
paper - Privacy Threats and Practical Solutions for Genetic Risk Tests 2015
L. Barman, E. Graini, J-L. Raisaro, E. Ayday, J-P. Hubaux. GenoPri 2015
paper
Work Experience
- Privacy Engineer at Google, Zurich 2022
- Research Intern at Cloudflare, London
2020
Website Fingerprinting and Defenses on QUIC - Teaching Assistant at EPFL (part of the PhD program)
2015 - 2021
In the class "Information Security and Privacy", I rebuilt the aging infrastructure in favor of a more reliable setup with dockers and Continuous Integration. I also designed several exercises such as a TLS downgrade attack & implementation of a PAKE protocol.
In the class "Mobile Networks", I helped building hands-on exercises about Wireless networks and their security/privacy aspects. I gave lectures about Tor and the anonymity on the Web. - Intern at NEC Laboratories Europe, Heidelberg
2015
Master Thesis, NEC Laboratories Europe, Heidelberg
Supervised by G. Karame (NEC Laboratories Europe) and P. Oechslin (LASEC, EPFL) - Teaching assistant at EPFL
2012
For the class "System-oriented Programming", where students learn about SH, C, Perl, Unix. Supervision of semester projects for students in Java, involving cryptography and networking. - various Web Developer positions (Sunergic, CJ Online Works, JE EPFL, Intemporare)
2008 - 2019
At Sunergic, I created a Web application for monitoring Siemens solar panels. In addition, it enabled clients to design a roof (through a graphical wizard) and estimate the expected efficiency and profit of a solar installation. This application has been used by several partners of Sunergic and Romande Energie.
Education
- EPFL, Lausanne: PhD in Security and Privacy, co-advised by Jean-Pierre Hubaux and Bryan Ford 2021
- EPFL: Bachelor/Master in Communications Systems (with a 1-year exchange at NUS, Singapore) 2015
Blog posts
Non-peer-reviewed posts, highlights on personal projects & random discussions.
- Padmé: Efficiently hiding file sizes 2020
An inexpensive padding function to protect the size metadata - IoT Home Automation with 3D-Printing 2019
Keeping my fish and plants alive while I'm away - A TLS downgrade attack with NetFilter's Queues and Docker 2017
Try your very own MitM and downgrade attack now ! - A Journey into Stack Smashing 2017
A first attempt at crackme's - Should I trust the GitHub activity summary ? 2016
A «hello world» on GitHub - Escaping a PyJail 2016
Getting out of a python sandbox - Hunting Aurora Borealis : a Cookbook 2016
A step-by-step guide to finding Northern Lights
Demos
Note: these demos have not been updated since early 2020.
- TuringWars : A game where small programs fight on a shared computer! (reboot of CoreWars)2017
Technologies: Scala+ScalaJS (backend), Express/Typescript/TypeORM/React/Redux (backend + frontend), Webpack/Docker. Made in 24h @ Lauzhack, then improved for a while. - Vaultage : a self-hosted, in-browser password manager with client-side encryption 2015
Technologies: Express/Typescript, SJCL (crypto), Jest/Jasmine+Pupeteer (testing)