Objective: I would like to find research position in the industry.
Core skills: Research (in Security/Privacy). Software development (Web/Desktop). Project management and formation.
- EPFL, Lausanne : PhD in Security and Privacy, with Jean-Pierre Hubaux and Bryan Ford
started in 2015
- EPFL, Lausanne : Master in Communications Systems, specialized in Security
2013 - 2015
- NUS, Singapore : one-year exchange in Electrical Engineering & Computer Science
2012 - 2013
- EPFL, Lausanne : Bachelor in Communications Systems
2010 - 2013
- Website Fingerprinting and Defenses2020
- Rubato: Metadata-Private Messaging for Mobile Devices2020
- Decentralized Privacy-Preserving Proximity Tracing (DP3T)2020
My contribution to this large team project mostly consists of: security analysis (of the initial project PEPP-PT, then of DP3T), reviews of alternative protocols (ROBERT, DESIRE, etc), and some work on interoperability.
website, paper, some press articles: Reuters, BBC, Financial Times, Blick, Le Temps
- Traffic-Analysis of Wearable Devices over Bluetooth Classic and BLE 2019
- PriFi: Low-Latency Metadata Protection for Organizational Networks 2018
L. Barman, I. Dacosta, M. Zamani, E. Zhai, B. Ford, J. Feigenbaum, J-P. Hubaux
Privacy Enhancing Technologies (PoPETS 2020)
paper, website, code
- Reducing Metadata Leakage from Encrypted Files and Communication with PURBs 2018
K. Nikitin & L. Barman, M. Underwood, W. Lueks, B. Ford, J-P. Hubaux
Privacy Enhancing Technologies (PoPETS 2019)
paper, website, press article, presentation, code
- Drand & LeagueOfEntropy.com: Provable Distributed Randomness 2017
My contribution to this team project is mostly code.
website, code, various press articles
- PriFi: A Low-Latency [...] Protocol for Local-Area Anonymous Communication 2016
L. Barman, M. Zamani, I. Dacosta, J. Feigenbaum, B. Ford, J-P. Hubaux, D. Wolinsky
Workshop on Privacy in the Electronic Society (WPES 2016)
- Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud 2015
F. Armknecht, L. Barman, J-M. Bohli, G. Karame (NEC Laboratories Europe)
USENIX Security 16
- Privacy Threats and Practical Solutions for Genetic Risk Tests 2015
L. Barman, E. Graini, J-L. Raisaro, E. Ayday, J-P. Hubaux
Workshop on Genome Privacy and Security (GenoPri 15)
- Research Intern at Cloudflare, London
Website Fingerprinting and Defenses
- Developer at Enfants des Collines, Lausanne
Implementation from scratch of a custom ERP (Typescript/TypeORM/NodeJs/Docker)
- Teaching assistant at the EPFL (part of the PhD program)
In the class "Information Security and Privacy", I rebuilt the old infrastructure in favor of a more reliable setup with dockers and Continuous Integration. I also designed several exercises such as a TLS downgrade attack & implementation of a PAKE protocol.
In the class "Mobile Networks", I helped building hands-on exercises about Wireless networks and their security/privacy aspects. I gave a lecture about TOR/anonymity/mixnets.
- Intern at NEC Laboratories Europe, Heidelberg
Master Thesis, NEC Laboratories Europe, Heidelberg
Supervised by G. Karame (NEC Laboratories Europe) and P. Oechslin (LASEC, EPFL)
- Committee member at Hacker EPFL
- Project manager & Partnership at Junior Entreprise EPFL
- Software Engineer at Intemporare
2013 - 2019
- Web Developer at Sunergic SA
2012 - 2014
I created a web application for monitoring Siemens solar panels, as well as a web application to enable clients to design a roof (through a graphical wizard) and estimate the expected efficiency and profit. This application has been used by several partners of Sunergic and Romande Energie
- Web Developer at Junior Entreprise EPFL
2010 - 2012
Several web development projects, including a website to create online surveys and analyze the results via statistics and graphs
- Teaching assistant at EPFL
For the class "System-oriented Programming", where students learn SH, C, Perl, and basic knowledge of Unix
- Teaching assistant at EPFL
Supervision of semester projects for students in Java, involving cryptography and networking
- Web Developer at CJ Online Works SaRL
2008 - 2011
Improvements of a C# application for car automation, and several web development projects
Non-peer-reviewed posts, highlights on personal projects & random discussions.
- Padmé: Efficiently hiding file sizes read it 2020
An inexpensive padding function to protect the size metadata
- IoT Home Automation with 3D-Printing read it 2019
Keeping my fish and plants alive while I'm away
- A TLS downgrade attack with NetFilter's Queues and Docker read it 2017
Try your very own MitM and downgrade attack now !
- A Journey into Stack Smashing read it 2017
A first attempt at crackme's
- Should I trust the GitHub activity summary ? read it 2016
A «hello world» on GitHub
- Escaping the PyJail read it 2016
Getting out of a python sandbox
- Hunting Aurora Borealis : a Cookbook read it 2016
A step-by-step guide to find Northern Lights
Due to a lack of time, these demos are not maintained anymore.
- Vaultage : a self-hosted, in-browser password manager with client-side encryption 2015-2020
Technologies: Express/Typescript, SJCL (crypto), Jest/Jasmine+Pupeteer (testing)
- TuringWars : A game where small programs fight on a shared computer! (reboot of CoreWars)2017-2019
Technologies: Scala+ScalaJS (backend), Express/Typescript/TypeORM/React/Redux (backend + frontend), Webpack/Docker. Made in 24h @ Lauzhack, then improved for a while.