Ludovic Barman
Security, Privacy, Software Engineering

Projects & Papers

• [Project] Traffic-Analysis of Wearable Devices over Bluetooth Classic and BLE since 2018
  Ludovic Barman, Apostolos Pyreglis, Jean-Pierre Hubaux
• [Project] Drand & LeagueOfEntropy.com: Provable Distributed Randomness 2018
  My contribution to this team project is mostly code.
  website, paper, code, various press articles
• [Paper] Reducing Metadata Leakage from Encrypted Files and Communication with PURBs 2018
  Kirill Nikitin & Ludovic Barman, Matthew Underwood, Wouter Lueks, Bryan Ford, Jean-Pierre Hubaux
  website, press article, paper, presentation, code, real-world use
• [Paper] PriFi: Low-Latency Metadata Protection for Organizational Networks since 2015
  Ludovic Barman, Italo Dacosta, Mahdi Zamani, Ennan Zhai, Bryan Ford, Joan Feigenbaum, Jean-Pierre Hubaux
  website, arXiv preprint, code
• [Project] Vaultage, a self-hosted, in-browser password manager with client-side encryption since 2015
  Ludovic Barman & Hadrien Milano
  code, doc, live demo
• [Paper] PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication 2016
  L Barman, M Zamani, I Dacosta, J Feigenbaum, B Ford, J-P Hubaux, D Wolinsky
  In the Workshop on Privacy in the Electronic Society 2016 (WPES 2016)
  paper
• [Paper] Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud 2015
  F Armknecht, L Barman, J-M Bohli, G Karame (NEC Laboratories Europe)
  In 25rd USENIX Security Symposium (USENIX Security 16)
  paper
• [Paper] Privacy Threats and Practical Solutions for Genetic Risk Tests 2015
  L Barman, E Graini, JL Raisaro, E Ayday, JP Hubaux
  2nd International Workshop on Genome Privacy and Security (GenoPri" 15)
  paper
• [Master Thesis] Proofs of Retrievability and Redundancy 2015
  Master Thesis, NEC Laboratories Europe, Heidelberg
  Supervised by Ghassan Karame (NEC Laboratories Europe) and Philippe Oechslin (LASEC, EPFL).
  thesis, presentation
• Project on Bitcoin Fast Payment protocol 2014
  Master Semester project with LASEC, EPFL. Supervisor : Sebastian Faust, Professor : Serge Vaudenay.
• Stratus Cloud, a non-proprietary secure cloud extension, with fine-grained rights, 2014
  Master Semester project with LASEC, EPFL. Supervisor : Alexandre Duc, Professor : Serge Vaudenay.
• Seminar on ZeroCoins and Bitcoin 2014
• Security analysis of a novel two-factor authentication scheme, based on hand gesture on iPad. 2013
  Bachelor Security class at NUS, the National University of Singapore

Blog posts

• IoT Home Automation with 3D-Printing   read it   say Hi to Gasparov January 2019
  Keeping my fish and plants alive while I'm away
• A TLS downgrade attack with NetFilter's Queues and Docker   read it November 2017
  Try your very own MitM and downgrade attack now ! (limited offer)
• A Journey into Stack Smashing   read it April 2017
  A first attempt at crackme's
• Should I trust the GitHub activity summary ?   read it December 2016
  A «hello world» on GitHub
• Escaping the PyJail   read it August 2016
  Getting out of a python sandbox (Hacking challenge)
• Hunting Aurora Borealis : a Cookbook   read it February 2016
  A step-by-step guide to find Northern Lights

Other professional experiences

• Teaching assistant at the EPFL (part of the PhD program) since 2015
  For the class "Information Security and Privacy", for which I notably spent three weeks rebuilding the old infrastructure in favor of a more reliable setup with dockers and Continuous Integration. I also designed several exercises such as a TLS downgrade attack & implementation of a PAKE protocol.
  For the class "Mobile Networks", in which I help builing hands-on exercises about Wireless networks and their security, as well as some privacy aspects of user mobility.
  For the class "Introduction to Java & POO", in which I was responsible for the MOOCs automatic grader.
• Intern at NEC Laboratories Europe, Heidelberg 2015
  Implementation and benchmarking on a project on Cloud Security (Mirror)
• Committee member at Hacker EPFL 2014
• Project manager & Partnership at Junior Entreprise EPFL 2014
• Software Engineer at Intemporare 2013 - 2019
• Web Developer at Sunergic SA 2012 - 2014
  I created a web application for monitoring Siemens solar panels, as well as a web application to enable clients to design a roof (through a graphical wizard) and estimate the expected efficiency and profit. This application has been used by several partners of Sunergic and Romande Energie
• Web Developer at Junior Entreprise EPFL 2010 - 2012
  Several web development projects, including a website to create online survey and analyze the results via statistics and graphs.
• Teaching assistant at EPFL 2012
  For the class "System-oriented Programming", where students learn SH, C, Perl, and basic knowledge of Unix.
• Teaching assistant at EPFL 2012
  Supervision of semester projects for students in Java, involving cryptography and networking
• Web Developer at CJ Online Works SaRL 2008 - 2011
  Improvements of a C# application for car automation, and several web development projects

Education

• EPFL, Lausanne : PhD in Security and Privacy, with Jean-Pierre Hubaux and Bryan Ford started in 2015
• EPFL, Lausanne : Master in Communications Systems, specialized in Security 2013 - 2015
• NUS, Singapore : one-year exchange in Electrical Engineering & Computer Science 2012 - 2013
• EPFL, Lausanne : Bachelor in Communications Systems 2010 - 2013

Demos

• Vaultage : a self-hosted, in-browser password manager with client-side encryption since 2015
  Technologies: Express/Typescript, SJCL (crypto), Jest/Jasmine+Pupeteer (testing), NPM package (infra)
  Still used today and henced maintained.
• TuringWars : A game where small programs fight on a shared computer! (reboot of CoreWars)since 2017
  Technologies: Scala+ScalaJS (backend engine), Express/Typescript/TypeORM/React/Redux (backend + frontend), Webpack/Docker (infra)
  Made in 24h @ Lauzhack, then improved with hmil during our free time. Development stalled.