Dr Philippe Oechslin

Office:	INF 237
philippe.oechslin at epfl.ch

Philippe Oechslin received his EE diploma and his PhD in computer networking from the Swiss Federal Institute of Technology in Lausanne (EPFL). He spent a few years doing research at AT&T Bell Labs, EPFL and the University College of London. He left academia to work as a product architect for a swiss manufacturer of secure routing and encryption devices and has been an IT security consultant since 1998.

Philippe Oechslin is a part-time lecturer in network security at the Security and Cryptography Lab at EPFL. Besides working at EPFL, Philippe is founder and CEO of Objectif Sécurité a company specialised in audit, consulting, training and R&D in Information Security.

Teaching

The Network Security Course

The Network Security course is now part of the bachelor programme of the communication systems and the computer science curriculum. It is also open to students in others schools of EPFL. You can find more information about the course and all lecture notes, slides and exercices here.

Security Protocols and Applications

(together with S.Vaudenay)

This course is a seminar where students give presentations on various topics in security and cryptography. More information on this course is available here (during the spring semester)

Research

Advances in Time-Memory Trade-Offs

This research project is based on time-memory trade-offs, in which an amount of precalculated data is used to accelerate cryptanalys. Current results include a significant improvement to trade-off methods known today. A first paper was presented at Crypto 2003 this year. An instant NT password cracker has been developed as demonstrator of the method. It can crack any alphanumerical windows password in an average of 2 seconds. You should absolutely try our online demonstrator.

Privacy protection in RFID systems

RFID is to replace barcodes in the future, enabling many wonderful applications and raising the fear that we will lose our privacy for good. In a first paper we have studied the ways in which privacy can be jeopardized by RFID tags, even when they use specific protocols supposed to protect the anonymity of the their holder. We have also shown that time-memory trade-offs can be made to work for a good cause, namely helping to keep your identity private.

Semi-Formal security validation techniques

It is well known that many securty problems in information systems result from careless implementation. By exploiting known weaknesses, an attacker can compromise a system. The goal of this research is to develop tools that can automatically discover vulnerabilities in an existing system. The tools are based on a formal description of the system to be validated and on a semi-formal catalog of typical weaknesses. A first prototype, the security bug catcher is being developed through a series of student projects. It has already discovered a first set of vulnerabilities in various FTP servers.

Another result of this research is the excellent tutorial on buffer overflow techniques by Olivier Gay (in french).

Working with malicious terminals

Strong authentication and encryption systems allow people to use their computer for sensitive applications like telebanking or potentially e-voting. On the other hand the operating systems and applications used today are all prone to automated or directed attacks. As a result, even if the data exchange with a bank arrives at our computer with absolute security, we still don't know if the telebanking session we see on the screen is the same session that is being carried out over the network. Initial work in this domain includes the implementation of an attack to demonstrate the problem. Using hooks provided by Internet Explorer we have created an interception layer that can modify data sent to the screen or typed by the user. For ethical reasons we have not implemented an attack against a telebanking application but against the registration process for a popular free e-mail service. On a more humourous note, we have implemented an automatic transcriber which replaces given pairs of words in any web page. This gives for a refreshing read of the news. Also, since Ineternet Explorer is used to display e-mail messages within Outlook, our attack also works perfectly on signed and encrypted e-mails.

Distributed network intrusion detection tools

We study the propagation of malicious and non-malicious activity in a cluster of workstation by tagging processes and data packets. By studying the propagation data we can trace back all infected machines in case of an attack. The propagation patterns themselves can serve as a criteria for detecting an intrusion. A first paper on this subject appeared at IICIS 2003.

Collaboration with local police forces

Through a serie of semester projects we have established a collaboration with the local police forces. Two tools have been developed to assist police forces in their work. Ferret is a non-intrusive disk scanner that searches a harddisk for forbidden files using a list of hashes of such files. The chat surveillor is a tool that monitors different types of internet chat systems for activity by swiss users.

Publications

This is a list of Philippe's publications.

Software

Ophcrack the fastest Windows password cracker
The security bugcatcher, a tool for automatic discovery of vulnerabilities

Philippe Oechslin, Last modified: March 2004