Publications

QUIC is a new transport protocol combining the reliability and congestion control features of TCP with the security features of TLS. One of the main challenges with QUIC is to guarantee that any of its implementation follows the IETF specification. This challenge is particularly appealing as the… Read more

  This paper introduces Network Attack-centric Compositional Testing (NACT), a novel methodology designed to discover new vulnerabilities in network protocols and create scenarios to reproduce these vulnerabilities through attacker models. NACT integrates composable attacker specifications… Read more

Abstract
Anonymous Communication designs such as Tor build their security on distributed trust over many volunteers running relays in diverse global locations. In practice, this distribution leads to a heterogeneous network in which many versions of the Tor software co-exist… Read more

In 2001, Hirt proposed a receipt-free voting scheme, which
prevents malicious voters from proving to anybody how they voted, under
the assumption of the availability of a helping server that is trusted for
receipt-freeness, and only for that property. This appealing design led to
a… Read more

To proactively defend computer systems against cyber-attacks, a honeypot system—purposely designed to be prone to attacks—is commonly used to detect attacks, discover new vulnerabilities, exploits or malware before they actually do real damage to real systems. Its usefulness lies in being able… Read more

Cybersecurity is of critical importance to any organisations on the Internet, with attackers exploiting any security loopholes to attack them. To combat cyber threats, a honeypot, a decoy system, has been an effective tool used since 1991 to deceive and lure attackers to reveal their attacks.… Read more

This paper delves into the challenges associated with evaluating regulatory compliance within Information Systems (IS). Recognising the urgent need for innovation due to growing regulatory pressure and existing inefficiencies, we advocate for novel compliance assessment… Read more

For many proprietary systems source code and documentation
are not available which makes them hard to test leaving only black-
box approaches. In this work, we present an experience of fuzzing a
protocol for drone control and the developed tool BinFuzz. BinFuzz is a
man-in-the-middle… Read more

Packing is a widely used obfuscation technique for malware to bypass detection tools and hinder reverse engineering. Existing research has already covered methods to detect packing, both with static and dynamic analysis. These methods are based on various features: headers, entropy, API calls,… Read more

LoRaWAN devices are secured using traditional cryptographic methods. However, the end devices are still vulnerable to security attacks such as impersonation. To counter these attacks, LoRa requires an additional layer of security at the physical level. Deep Learning-based LoRa device… Read more

… Read more

Alors que les États membres sont confrontés à des risques croissants en matière de cybersécurité, ils ne sont pas tous en mesure d’y faire face seuls. De plus, il existe un risque évident de propagation rapide… Read more

The IoT technology allows many types of personal data to be measured by many kinds of devices and sensors, and to be sent over the Internet for various applications. However, this data transmission… Read more

The Ethereum Global Network (EGN) hosts a complete ecosystem of decentralized services, including blockchains such as Ethereum mainnet but also exchange markets, content delivery networks, and many more. Service discovery is a fundamental mechanism in the EGN, allowing new nodes to look up and… Read more

Despite their ubiquity, the security of Internet of Things devices is unsatisfactory, as demonstrated by several attacks.
The IETF's MUD standard aims to simplify and automate the secure deployment of network devices.
A MUD file specifies a device-specific description of allowed network… Read more

The last few years in the software engineering field have seen a paradigm shift from monolithic applications towards architectures in which the application is split in various smaller entities (i.e., microservices) fueled by the improved availability and ease of use of containers technologies… Read more

The rise of cryptocurrencies has created new avenues for criminal money exchanges. Among various techniques, Bitcoin address clustering plays a crucial role in detecting and grouping addresses owned by the same entity.

This fundamental step is essential for deanonymizing addresses and… Read more

Over the past two decades, network measurement infrastructures have witnessed significant development and widespread adoption. Internet measurement platforms have become common and have demonstrated their relevance in Internet understanding and security observation. However, despite their… Read more

Internet of Things devices can now be found everywhere, including in our households in the form of Smart Home networks. Despite their ubiquity, their security is unsatisfactory, as demonstrated by recent attacks. The IETF's MUD standard has as goal to simplify and automate the secure deployment… Read more

Integration of agile and user experience (UX) remains a challenge despite being a major research interest for both agile software development (ASD) and UX stakeholders. Typically, ASD stakeholders’ primary focus is delivering working software, whereas UX stakeholders focus on designing systems… Read more

Despite their increasing popularity, blockchains still suffer from severe scalability limitations. Recently, Ethereum proposed a novel approach to block validation based on Data Availability Sampling (DAS), that has the potential to improve its transaction per second rate by more… Read more

In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path in the network. IETF protocols require features to ensure their security. This document describes the integrity protection of IOAM-Data-Fields… Read more