Elie Bursztein
Encyclopedia
Elie Bursztein is a French
security researcher which focus on web, mobile and offensive security . He is most known for his work on CAPTCHA
,, his novel attacks and his creative use of applied cryptography. Elie Bursztein is currently post-doctoral fellow at Stanford University
in California, US.
in 2004, his master degree in computer science from Paris 7/ ENS, in 2004 (under the supervision of Patrick Cousot
) and his PhD in computer science from École Normale Supérieure de Cachan in 2008 (under the supervision of Jean Goubault-Larrecq). His PhD thesis tilted "Anticipation games. Théorie des jeux appliqués à la sécurité réseau" (Anticipation game. Game theory applied to network security) showed how to combine model-checking, temporal logic and game theory to find the optimal responses to network attacks.
security, Bursztein's other contributions to the security field include the analysis of DPAPI
and the invention of the XCS attacks and HTTPS caching attacks. In 2010 with Jocelyn Lagarenne he demonstrated at the Defcon
18 novel memory based attacks against games and devised with Mike Hamburg and Dan Boneh the first defense against map hacking using homomorphic encryption .
aim at making CAPTCHA
s easier for human and harder for computers. In 2009, Bursztein showed with Steven Bethard that eBay audio captchas were broken. In 2010, he studied with S. Bethard, C. Fabry, D. Jurafsky and J. C. Mitchell how humans perform on real world CAPTCHAS by running a large scale study. In 2011, he demonstrated with R Bauxis, H. Paskov, D. Perito, C. Fabry and J. Mitchell than every none-continous audio captchas are broken.
with Jean Michel Picod.. In 2011 with J. Lagarenne, M. Hamburg and D. Boneh he used
private set intersection protocols to defend against game map hacking .
In 2010 Bursztein came 4th of the 2010 top ten web hacking techniques for his HTTPS caching attack technique, and in 2008 he received the WISPT best paper Award.
French people
The French are a nation that share a common French culture and speak the French language as a mother tongue. Historically, the French population are descended from peoples of Celtic, Latin and Germanic origin, and are today a mixture of several ethnic groups...
security researcher which focus on web, mobile and offensive security . He is most known for his work on CAPTCHA
CAPTCHA
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...
,, his novel attacks and his creative use of applied cryptography. Elie Bursztein is currently post-doctoral fellow at Stanford University
Stanford University
The Leland Stanford Junior University, commonly referred to as Stanford University or Stanford, is a private research university on an campus located near Palo Alto, California. It is situated in the northwestern Santa Clara Valley on the San Francisco Peninsula, approximately northwest of San...
in California, US.
Education
Elie Bursztein obtained his computer engineering degree from EPITAEPITA
The École Pour l'Informatique et les Techniques Avancées , more commonly known as EPITA is a French higher education institution specialized in the field of computer science and software engineering...
in 2004, his master degree in computer science from Paris 7/ ENS, in 2004 (under the supervision of Patrick Cousot
Patrick Cousot
Patrick Cousot is a French computer scientist.Together with his wife Radhia, Cousot is the originator of abstract interpretation, an influential technique in formal methods. In the 2000s, he has worked on practical methods of static analysis for critical embedded software, such as found in avionics...
) and his PhD in computer science from École Normale Supérieure de Cachan in 2008 (under the supervision of Jean Goubault-Larrecq). His PhD thesis tilted "Anticipation games. Théorie des jeux appliqués à la sécurité réseau" (Anticipation game. Game theory applied to network security) showed how to combine model-checking, temporal logic and game theory to find the optimal responses to network attacks.
Research
In addition to his work on CAPTCHACAPTCHA
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...
security, Bursztein's other contributions to the security field include the analysis of DPAPI
DPAPI
DPAPI is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems...
and the invention of the XCS attacks and HTTPS caching attacks. In 2010 with Jocelyn Lagarenne he demonstrated at the Defcon
DEFCON
A defense readiness condition is an alert posture used by the United States Armed Forces. The DEFCON system was developed by the Joint Chiefs of Staff and unified and specified combatant commands. It prescribes five graduated levels of readiness for the U.S...
18 novel memory based attacks against games and devised with Mike Hamburg and Dan Boneh the first defense against map hacking using homomorphic encryption .
CAPTCHA
Bursztein's research on CAPTCHACAPTCHA
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...
aim at making CAPTCHA
CAPTCHA
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...
s easier for human and harder for computers. In 2009, Bursztein showed with Steven Bethard that eBay audio captchas were broken. In 2010, he studied with S. Bethard, C. Fabry, D. Jurafsky and J. C. Mitchell how humans perform on real world CAPTCHAS by running a large scale study. In 2011, he demonstrated with R Bauxis, H. Paskov, D. Perito, C. Fabry and J. Mitchell than every none-continous audio captchas are broken.
Web security
Some of his notable achievements in web security include:- 2010 Demonstrate how to perform HTTPS caching attack against Internet Explorer 8 and Firefox 3.6.. This novel technique is the number 4 of the 2010 top ten web hacking techniques.
- 2010 Analyzed with Gaurav Aggarwal, Collin Jackson and Dan BonehDan BonehDan Boneh is a Professor of Computer Science and Electrical Engineering atStanford University. He is a well-known researcher in the areas of applied cryptographyand computer security.-Education:...
browser private mode. - 2010 Invented with Gustav Rydstedt, Baptiste Gourdin and Dan Boneh the tap-jacking attack which exploits mobile phone weakness to make click-jacking more effective.
- 2010 Studied clickjacking defense with Gustav Rydstedt, Dan BonehDan BonehDan Boneh is a Professor of Computer Science and Electrical Engineering atStanford University. He is a well-known researcher in the areas of applied cryptographyand computer security.-Education:...
, and Collin Jackson. - 2009 Invented XCS attacks with Hristo Bojinov and Dan Boneh.
- 2009 Discovered more than 40 vulnerabilities in embedded web interfaces with Hristo Bojinov, Eric Lovelett and Dan BonehDan BonehDan Boneh is a Professor of Computer Science and Electrical Engineering atStanford University. He is a well-known researcher in the areas of applied cryptographyand computer security.-Education:...
Applied Cryptography
In 2009 Bursztein presented the first complete analysis of the Microsoft DPAPIDPAPI
DPAPI is a simple cryptographic application programming interface available as a built-in component in Windows 2000 and later versions of Microsoft Windows operating systems...
with Jean Michel Picod.. In 2011 with J. Lagarenne, M. Hamburg and D. Boneh he used
private set intersection protocols to defend against game map hacking .
Awards
Elie 's awards:In 2010 Bursztein came 4th of the 2010 top ten web hacking techniques for his HTTPS caching attack technique, and in 2008 he received the WISPT best paper Award.