Contributions

Well, all the public things I work or have worked on are available here. I don't twit, facebook or have a blog but you can find news about what I do on The Tally Ho!

Conferences

• ""IPv6 Routing Header Security" with Philippe Biondi at CanSecWest 07 in Vancouver, Canada. Led to the publication of RFC 5095. More details and notes here.
• "Scapy and IPv6 Networking" with Philippe Biondi at HITB 06 in Kuala Lumpur, Malaysia
• "Mobile IPv6 Security" with Guillaume Valadon at PacSec 06 in Tokyo, Japan. Additional versions of the slides available below:
  • Japanese PDF version
  • English PPT version
  • Japanese PPT version
• "La sécurité dans Mobile IPv6" with Guillaume Valadon at SSTIC 06 in Rennes, France (french title would translate to "Mobile IPv6 security").
  • PPT version of the slides (still in french)
  • Complete article (pdf version, in french)
• "Backdoors furtives et autres fourberies dans le noyau" with Olivier Matz and Pierre Lalet at SSTIC 04 in Rennes, France. (french title would translate to "Stealth backdoors and other kernel deceits"). Link to complete article available below.

Articles, publications

• "Challenge SSTIC 2010: éléments de réponse", Best solution to SSTIC 2010 Challenge, June 2010, in French.
• "IPv6 Type 0 - Routing Header" (PDF version here), article in IETF Journal, Volume 3 Issue 2, October 2007
• "Mobile IPv6", article in MISC magazine #27, September/October 2006, with Guillaume Valadon (in french)
• "La sécurité dans Mobile IPv6", SSTIC 06 proceedings, with Guillaume Valadon (in french)
• "Backdoors furtives et autres fourberies dans le noyau", SSTIC 04 proceedings, with Olivier Matz and Pierre Lalet (in french)

IETF Internet Drafts

• draft-ebalard-mext-ipsec-ro: this memo specifies an improved alternate route optimization procedure for Mobile IPv6. It is designed specifically for environments where IPsec/IKE is used between peers. The document also describes the complete removal of HAO and RH2 extensions from exchanged packets. If you are interested by the topic, I have dedicated a page about the ongoing implementation for Linux (UMIP and Linux kernel)
• draft-ebalard-mext-pfkey-enhanced-migrate: this memo describes the need for an interface between Mobile IPv6 and IPsec/IKE. and shows how the two protocols can work together. Simply put, such a mechanism is required to allow negotiation of transport mode IPsec SA protecting MIPv6 signaling traffic. It is also required to prevent rekeying of tunnel mode SA (protecting data traffic) upon movement, reducing handover time, and power consumption. The protocol described in the memo extends PF_KEY framework. The protocol is implemented in Linux kernel (starting with 2.6.28), racoon IKEv1 daemon, StrongSwan IKEv2 daemon. Additional information is available here and here
• draft-ebalard-mext-hld-security: this memo describes the possible threats and security impacts associated with the use of this insecure NDP-based mechanism as a trigger to drop IPsec protection of data traffic for the MN. It also provides some results on the implementation of the attacks against UMIP.
• draft-bauer-mext-aero-solspace: this memo analyzes potential solutions proposed for NEMO Route Optimization solutions (Global HAHA and CRON) for aeronautical environments.