BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Paul-Olivier Dehaye

Paul-Olivier Dehaye contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securitymath.RTcs.CYmath-phmath.COmath.MPmath.NT

Trust snapshot

Quick read

Trust 17 - UnverifiedVerification L1Unclaimed author
4works
0followers
7topics
1close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

4 published item(s)

preprint2020arXiv

Proximity Tracing in an Ecosystem of Surveillance Capitalism

Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in mounting such attacks has been overestimated. Indeed, an attacker leveraging a moderately successful app or SDK with Bluetooth and location access can eavesdrop and interfere with these proximity tracing systems at no hardware cost and perform these attacks against users who do not have this app or SDK installed. We describe concrete examples of actors who would be in a good position to execute such attacks. We further present a novel attack, which we call a biosurveillance attack, which allows the attacker to monitor the exposure risk of a smartphone user who installs their app or SDK but who does not use any contact tracing system and may falsely believe that they have opted out of the system. Through traffic auditing with an instrumented testbed, we characterize precisely the behaviour of one such SDK that we found in a handful of apps---but installed on more than one hundred million mobile devices. Its behaviour is functionally indistinguishable from a re-identification or biosurveillance attack and capable of executing a false positive attack with minimal effort. We also discuss how easily an attacker could acquire a position conducive to such attacks, by leveraging the lax logic for granting permissions to apps in the Android framework: any app with some geolocation permission could acquire the necessary Bluetooth permission through an upgrade, without any additional user prompt. Finally we discuss motives for conducting such attacks.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

SwissCovid: a critical analysis of risk assessment by Swiss authorities

Ahead of the rollout of the SwissCovid contact tracing app, an official public security test was performed. During this audit, Prof. Serge Vaudenay and Dr. Martin Vuagnoux described a large set of problems with the app, including a new variation of a known false-positive attack, leveraging a cryptographic weakness in the Google and Apple Exposure Notification framework to tamper with the emitted Bluetooth beacons. Separately, the first author described a re-identification attack leveraging rogue apps or SDKs. The response from the Swiss cybersecurity agency and the Swiss public health authority was to claim these various attacks were unlikely as they required physical proximity of the attacker with the target (although it was admitted the attacker could be further than two meters). The physical presence of the attacker in Switzerland was deemed significant as it would imply such attackers would fall under the Swiss Criminal Code. We show through one example that a much larger variety of adversaries must be considered in the scenarios originally described and that these attacks can be done by adversaries without any physical presence in Switzerland. This goes directly against official findings of Swiss public authorities evaluating the risks associated with SwissCovid. To move the discussion further along, we briefly discuss the growth of the attack surface and harms with COVID-19 and SwissCovid prevalence in the population. While the focus of this article is on Switzerland, we emphasize the core technical findings and cybersecurity concerns are of relevance to many contact tracing efforts.

0 citations0 reviewsNo code linkedOpen access
preprint2010arXiv

A note on moments of derivatives of characteristic polynomials

We present a simple technique to compute moments of derivatives of unitary characteristic polynomials. The first part of the technique relies on an idea of Bump and Gamburd: it uses orthonormality of Schur functions over unitary groups to compute matrix averages of characteristic polynomials. In order to consider derivatives of those polynomials, we here need the added strength of the Generalized Binomial Theorem of Okounkov and Olshanski. This result is very natural as it provides coefficients for the Taylor expansions of Schur functions, in terms of shifted Schur functions. The answer is finally given as a sum over partitions of functions of the contents. One can also obtain alternative expressions involving hypergeometric functions of matrix arguments.

0 citations0 reviewsNo code linkedOpen access
preprint2006arXiv

Averages over classical compact Lie groups and Weyl characters

We compute $E_G (\prod_i \tr(g^{λ_i}))$, where $G=Sp(2n)$ or $SO(m) (m=2n, 2n+1)$ with Haar measure. This was first obtained by Persi Diaconis and Mehrdad Shahshahani, but our proof is more self-contained and gives a combinatorial description for the answer. We also consider how averages of general symmetric functions $E_G f_n$ are affected when we introduce a Weyl character $χ^G_λ$ into the integrand. We show that the value of $E_G χ^G_λf_n / E_G f_n$ approaches a constant for large $n$. More surprisingly, the ratio we obtain only changes with $f_n$ and $λ$ and is independent of the Cartan type of $G$. Even in the unitary case, Daniel Bump and Persi Diaconis have obtained the same ratio. Finally, those ratios can be combined with asymptotics for $E_G f_n$ due to Kurt Johansson and provide asymptotics for $E_G χ^G_λf_n$.

0 citations0 reviewsNo code linkedOpen access