Bio: Philippe Oechslin is an academic researcher from École Polytechnique Fédérale de Lausanne. The author has contributed to research in topics: The Internet & Asynchronous Transfer Mode. The author has an hindex of 15, co-authored 30 publications receiving 2083 citations. Previous affiliations of Philippe Oechslin include École Normale Supérieure & Alcatel-Lucent.
••17 Aug 2003
TL;DR: A new way of precalculating the data is proposed which reduces by two the number of calculations needed during cryptanalysis and it is shown that the gain could be even much higher depending on the parameters used.
Abstract: In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (237) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used.
••08 Mar 2005
TL;DR: A specific time-memory trade-off is introduced that removes the scalability issue of this scheme and it is proved that the system truly offer's privacy and even forward privacy.
Abstract: The biggest challenge for RFID technology is to provide benefits without threatening the privacy of consumers. Many solutions have been suggested but almost as many ways have been found to break them. An approach by Ohkubo, Suzuki and Kinoshita using an internal refreshment mechanism seems to protect privacy well but is not scalable. We introduce a specific time-memory trade-off that removes the scalability issue of this scheme. Additionally we prove that the system truly offer's privacy and even forward privacy. Our third contribution is an extension of the scheme which offers a secure communication channel between RFID tags and their owner using building blocks that are already available on the tag. Finally we give a typical example of use of our system and show its feasibility by calculating all the parameters.
••01 Jul 1998
TL;DR: This document proposes two ways of weighting TCP connections by manipulating some parameters of the protocol and presents results from simulations and prototypes to discuss how proportional fairness could be used to implement an Internet with differentiated services.
Abstract: In this document we study the application of weighted proportional fairness to data flows in the Internet. We let the users set the weights of their connections in order to maximise the utility they get from the network. When combined with a pricing scheme where connections are billed by weight and time, such a system is known to maximise the total utility of the network. Our study case is a national Web cache server connected to long distance links. We propose two ways of weighting TCP connections by manipulating some parameters of the protocol and present results from simulations and prototypes. We finally discuss how proportional fairness could be used to implement an Internet with differentiated services.
••11 Aug 2005
TL;DR: An approach based on time-memory trade-offs whose goal is to improve Ohkubo, Suzuki, and Kinoshita's protocol is extended and it is shown that in practice this approach reaches the same performances as Molnar and Wagner's method, without degrading privacy.
Abstract: Radio frequency identification systems based on low-cost computing devices is the new plaything that every company would like to adopt. Its goal can be either to improve the productivity or to strengthen the security. Specific identification protocols based on symmetric challenge-response have been developed in order to assure the privacy of the device bearers. Although these protocols fit the devices' constraints, they always suffer from a large time complexity. Existing protocols require O(n) cryptographic operations to identify one device among n. Molnar and Wagner suggested a method to reduce this complexity to O(log n). We show that their technique could degrade the privacy if the attacker has the possibility to tamper with at least one device. Because low-cost devices are not tamper-resistant, such an attack could be feasible. We give a detailed analysis of their protocol and evaluate the threat. Next, we extend an approach based on time-memory trade-offs whose goal is to improve Ohkubo, Suzuki, and Kinoshita's protocol. We show that in practice this approach reaches the same performances as Molnar and Wagner's method, without degrading privacy.
••28 Feb 2005
TL;DR: It is demonstrated that privacy issues cannot be solved without looking at each layer separately, and it is shown that current solutions fail to address the multilayer aspect of privacy and as a result fail to protect it.
Abstract: RFID tags have very promising applications in many domains (retail, rental, surveillance, medicine to name a few) Unfortunately the use of these tags can have serious implications on the privacy of people carrying tagged items Serious opposition from consumers has already thwarted several trials of this technology The main fears associated with the tags is that they may allow other parties to covertly collect information about people or to trace them wherever they go As long as these privacy issues remain unresolved, it will be impossible to reap the benefits of these new applications Current solutions to privacy problems are typically limited to the application layer RFID system have three layers, application, communication and physical We demonstrate that privacy issues cannot be solved without looking at each layer separately We also show that current solutions fail to address the multilayer aspect of privacy and as a result fail to protect it For each layer we describe the main threats and give tentative solutions
TL;DR: This survey examines approaches proposed by scientists for privacy protection and integrity assurance in RFID systems, and treats the social and technical context of their work.
Abstract: This paper surveys recent technical research on the problems of privacy and security for radio frequency identification (RFID). RFID tags are small, wireless devices that help identify objects and people. Thanks to dropping cost, they are likely to proliferate into the billions in the next several years-and eventually into the trillions. RFID tags track objects in supply chains, and are working their way into the pockets, belongings, and even the bodies of consumers. This survey examines approaches proposed by scientists for privacy protection and integrity assurance in RFID systems, and treats the social and technical context of their work. While geared toward the nonspecialist, the survey may also serve as a reference for specialist readers.
01 Dec 2003
TL;DR: The proposals in this document are experimental and while they may be deployed in the current Internet, they do not represent a consensus that this is the best method for high-speed congestion control.
Abstract: The proposals in this document are experimental. While they may be deployed in the current Internet, they do not represent a consensus that this is the best method for high-speed congestion control. In particular, we note that alternative experimental proposals are likely to be forthcoming, and it is not well understood how the proposals in this document will interact with such alternative proposals.
01 Apr 2003
TL;DR: The preliminary results gathered suggest that the deployment of Scalable TCP would have negligible impact on existing network traffic at the same time as improving bulk transfer performance in highspeed wide area networks.
Abstract: TCP congestion control can perform badly in highspeed wide area networks because of its slow response with large congestion windows. The challenge for any alternative protocol is to better utilize networks with high bandwidth-delay products in a simple and robust manner without interacting badly with existing traffic. Scalable TCP is a simple sender-side alteration to the TCP congestion window update algorithm. It offers a robust mechanism to improve performance in highspeed wide area networks using traditional TCP receivers. Scalable TCP is designed to be incrementally deployable and behaves identically to traditional TCP stacks when small windows are sufficient. The performance of the scheme is evaluated through experimental results gathered using a Scalable TCP implementation for the Linux operating system and a gigabit transatlantic network. The preliminary results gathered suggest that the deployment of Scalable TCP would have negligible impact on existing network traffic at the same time as improving bulk transfer performance in highspeed wide area networks.
TL;DR: This article first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages, and reviews usability requirements for knowledge-based authentication as they apply to graphical passwords.
Abstract: Starting around 1999, a great many graphical password schemes have been proposed as alternatives to text-based password authentication. We provide a comprehensive overview of published research in the area, covering both usability and security aspects as well as system evaluation. The article first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages. We then review usability requirements for knowledge-based authentication as they apply to graphical passwords, identify security threats that such systems must address and review known attacks, discuss methodological issues related to empirical evaluation, and identify areas for further research and improved methodology.
••30 Mar 2011
TL;DR: It is shown that some 'obvious' solutions for multipath congestion control can be harmful, but that the proposed algorithm improves throughput and fairness compared to single-path TCP.
Abstract: Multipath TCP, as proposed by the IETF working group mptcp, allows a single data stream to be split across multiple paths. This has obvious benefits for reliability, and it can also lead to more efficient use of networked resources. We describe the design of a multipath congestion control algorithm, we implement it in Linux, and we evaluate it for multihomed servers, data centers and mobile clients. We show that some 'obvious' solutions for multipath congestion control can be harmful, but that our algorithm improves throughput and fairness compared to single-path TCP. Our algorithmis a drop-in replacement for TCP, and we believe it is safe to deploy.