Ludovic Barman

Selected Research

• Groove: Flexible Metadata-Private Messaging2022
  L. Barman, M. Kol, D. Lazar, Y. Gilad, N. Zeldovich. OSDI 22
  paper, slides
• On the ineffectiveness of QUIC PADDING against website fingerprinting 2022
  L. Barman & S. Siby, C. Wood, M. Fayed, N. Sullivan, C. Troncoso
  preprint
• Every Byte Matters: Traffic-Analysis of Bluetooth Wearable Devices (Distinguished Paper Award) 2021
  L. Barman, A. Dumur, A. Pyrgelis, J-P. Hubaux. Ubicomp 2021
  paper, code, press article
• Decentralized Privacy-Preserving Proximity Tracing (DP3T)2020
  My contribution to this large team effort consists of security/privacy analysis of the initial PEPP-PT, then of DP3T, and security reviews of alternative proposals (ROBERT/DESIRE).
  paper, some press articles: Reuters, BBC, Financial Times, Blick, Le Temps
• PriFi: Low-Latency Metadata Protection for Organizational Networks 2018
  L. B., I. Dacosta, M. Zamani, E. Zhai, A. Pyrgelis, B. Ford, J. Feigenbaum, J-P. Hubaux. PETS 2020
  paper, code
• Reducing Metadata Leakage from Encrypted Files and Communication with PURBs 2018
  K. Nikitin & L. Barman, M. Underwood, W. Lueks, B. Ford, J-P. Hubaux. PETS 2019
  paper, website, presentation, code, press article, blog post
• Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud 2015
  F. Armknecht, L. Barman, J-M. Bohli, G. Karame. USENIX Security 2016
  paper

Past positions at a glance

• Privacy Engineer at Google, Zurich 2022
  Developing privacy features for Android
• Research Intern at Cloudflare, London 2020
  Website Fingerprinting and Defenses on QUIC
• Teaching Assistant at EPFL, Lausanne 2015 - 2021
  In the class "Information Security and Privacy", I rebuilt the exercise platform for the students. I also designed several exercises such as a TLS downgrade attack & implementation of a PAKE protocol.
  In the class "Mobile Networks", I helped building hands-on exercises about Wireless networks and their security/privacy aspects. I gave lectures about Tor and the anonymity on the Web.
  I supervised ~10 semester/master projects for students, and I enjoyed helping them thrive both on the technical aspects as well as presenting their work.
• Intern (Master Thesis) at NEC Laboratories Europe, Heidelberg 2015
  Supervised by G. Karame (NEC Laboratories Europe) and P. Oechslin (LASEC, EPFL)
  Led to the USENIX Security publication "Mirror".
• Teaching assistant at EPFL 2012
  For the class "System-oriented Programming", where students learn about SH, C, Perl, Unix. Supervision of semester projects for students in Java, involving cryptography and networking.
• various Web Developer positions (Sunergic, CJ Online Works, JE EPFL, Intemporare) 2008 - 2019
  At Sunergic, I created a Web application for planning a solar panel installation. Users could design a roof through a graphical wizard and estimate the expected efficiency. This application has been used by several partners of Sunergic and Romande Energie.

Education

• EPFL, Lausanne: PhD in Security and Privacy, co-advised by Jean-Pierre Hubaux and Bryan Ford 2021
• EPFL: Bachelor/Master in Communications Systems (with a 1-year exchange at NUS, Singapore) 2015

Blog posts

Non-peer-reviewed posts, highlights on personal projects & random discussions.

• Padmé: Efficiently hiding file sizes 2020
  An inexpensive padding function to protect the size metadata
• IoT Home Automation with 3D-Printing 2019
  Keeping my fish and plants alive while I'm away
• A TLS downgrade attack with NetFilter's Queues and Docker 2017
  Try your very own MitM and downgrade attack now !
• A Journey into Stack Smashing 2017
  A first attempt at crackme's
• Should I trust the GitHub activity summary ? 2016
  A «hello world» on GitHub
• Escaping a PyJail 2016
  Getting out of a python sandbox
• Hunting Aurora Borealis : a Cookbook 2016
  A step-by-step guide to finding Northern Lights