Elie Bursztein

From Wikipedia, the free encyclopedia

Elie Bursztein
Born	France
Residence	US
Citizenship	French
Nationality	French
Fields	Computer Security
Institutions	Stanford University
Alma mater	École Normale Supérieure de Cachan, 2008
Doctoral advisor	Jean Goubault-Larrecq
Known for	CAPTCHA security Web security Applied cryptography

Elie Bursztein is a French computer security researcher in Silicon Valley who works at Google.^{[r 1]} He is most known for his work on CAPTCHAs,^{[p 1]}^{[p 2]} his novel attacks on web and mobile systems^{[p 3]} and his creative use of applied cryptography.^{[p 4]} Bursztein is currently a Google researcher in the company's Mountain View, California headquarters and was previously a post-doctoral fellow in computer science at Stanford University.

Education

Elie Bursztein obtained his computer engineering degree from EPITA in 2004, his masters degree in computer science from Paris 7/ ENS, in 2004 (under the supervision of Patrick Cousot) and his PhD in computer science from École Normale Supérieure de Cachan in 2008 (under the supervision of Jean Goubault-Larrecq). His PhD thesis tilted "Anticipation games. Théorie des jeux appliqués à la sécurité réseau" (Anticipation game. Game theory applied to network security) showed how to combine model-checking, temporal logic and game theory to find the optimal responses to network attacks. At Stanford University, he was a post-doctoral fellow with the Stanford Security Laboratory, a unit of the computer science department that focuses on network and computer security.

Research

In addition to his work on CAPTCHA security, Bursztein's other contributions to the security field include the analysis of Microsoft's DPAPI standard and the invention of the XCS attacks^{[p 5]} and HTTPS caching attacks.^{[p 6]} At the Defcon 18 conference in 2010, he demonstrated novel memory based attacks against games with Jocelyn Lagarenne^{[r 2]} and devised the first defense against map hacking using homomorphic encryption with Mike Hamburg and Dan Boneh.^{[p 4]} A Web page he set up in July 2011 that allowed the public to query Microsoft's public Wi-Fi database for the locations of wireless devices^{[r 3]} prompted the company to enact better privacy protections a few days later.^{[r 4]}

CAPTCHA

Bursztein's research on CAPTCHAs aims to make the puzzles easier for humans to solve and harder for computers to crack. In 2009, Bursztein showed with Steven Bethard that eBay audio captchas were broken.^{[p 2]} In 2010, he studied with S. Bethard, C. Fabry, D. Jurafsky and J. C. Mitchell how humans perform on real world CAPTCHAS by running a large scale study.^{[p 1]} In 2011, he demonstrated with R. Bauxis, H. Paskov, D. Perito, C. Fabry and J. Mitchell that non-continuous audio CAPTCHA were ineffective.^{[p 7]} Bursztein was part of a team of Stanford researchers that broke NuCaptcha's security, despite the company's claims of being the "next generation" of video-based CAPTCHA security. He told CNET News in 2012 that "we are able to break NuCaptcha's video scheme with over 90 percent success."^{[r 5]}

Web security

Some of his notable achievements in web and mobile security include:

2013 Reported a bug that prompted Apple to fix a security flaw in its application store that relied on unencrypted connections, potentially allowing attackers to steal passwords.^{[r 6]}
2012 Created Talisman, a browser extension for Google Chrome that enhances users' privacy.^{[r 7]}
2011 Created a tool called OWADE, meaning Offline Windows Analysis and Data Extraction, that bypassed encryption on a Windows PC's hard drive for forensics purposes.^{[r 8]}
2010 Demonstrated how to perform HTTPS caching attack against Internet Explorer 8 and Firefox 3.6.^{[p 6]} This novel technique is the number 4 of the 2010 top ten web hacking techniques.
2010 Analyzed with Gaurav Aggarwal, Collin Jackson and Dan Boneh browsers' private modes.^{[p 8]}^{[r 9]}
2010 Invented with Gustav Rydstedt, Baptiste Gourdin and Dan Boneh the tap-jacking attack, which exploits mobile phone weakness to make click-jacking more effective.^{[r 10]}
2010 Studied clickjacking defense with Gustav Rydstedt, Dan Boneh, and Collin Jackson.^{[p 9]}^{[r 11]}
2009 Invented XCS attacks with Hristo Bojinov and Dan Boneh.^{[p 5]}^{[r 12]}
2009 Discovered more than 40 vulnerabilities in embedded web interfaces with Hristo Bojinov, Eric Lovelett and Dan Boneh

Applied Cryptography

In 2009 Bursztein presented the first complete analysis of the Microsoft DPAPI (Data Protection Application Programming Interface) with Jean Michel Picod.^{[p 3]} In 2011 with J. Lagarenne, M. Hamburg and D. Boneh he used private set intersection protocols to defend against game map hacking.^{[p 4]}

Awards

In 2010 Bursztein came 4th of the 2010 top ten web hacking techniques for his HTTPS caching attack technique,^{[r 13]} and in 2008 he received the WISPT best paper award.

Research publications

↑ 1.0 1.1
↑ 2.0 2.1
↑ 3.0 3.1
↑ 4.0 4.1 4.2
↑ 5.0 5.1
↑ 6.0 6.1
↑
↑
↑

Other references

External links

Persondata
Name	Bursztein, Elie
Alternative names
Short description
Date of birth
Place of birth	France
Date of death
Place of death

This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.