path: root/personal/cv/cv.org

I strive to develop reliable and maintainable software,
with an eye toward improving the tools of our craft.

* Experience
** 2021 – present: software engineer at AdaCore
** 2014 – 2021: software engineer at Airbus CyberSecurity
*** Research
I took part in the [[https://paclido.fr][PACLIDO project]], a French government-funded project
gathering industrial and academic partners in order to design and
implement *lightweight authenticated encryption algorithms* and
protocols.

During the course of this project,

- I implemented the reference version of Lilliput-AE, our submission
  to the [[https://csrc.nist.gov/projects/lightweight-cryptography][NIST Lightweight Cryptography Standardization Process]].

- I described this implementation in [[https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/LILLIPUT-AE-spec.pdf][the algorithm's specification
  document]], comparing its performance to that of Ascon and ACORN, the
  lightweight winners of the [[https://competitions.cr.yp.to/caesar-submissions.html][CAESAR competition]].

- I extended the [[https://www.cryptolux.org/index.php/FELICS][FELICS]] benchmarking framework to support AEAD
  algorithms; we [[https://gitlab.inria.fr/minier/felics-ae/][published this fork]] and presented these improvements
  at the [[https://csrc.nist.gov/CSRC/media/Presentations/felics-ae-a-framework-to-benchmark-lightweight/images-media/session3-huynh-felics-ae.pdf][NIST LWC Workshop 2019]].

- I developed optimized software implementations for Lilliput-AE on
  the 16-bit MSP430 platform.
*** Industrial development
I helped develop a network monitoring appliance for four years among a
team of roughly twenty people.  My main role was *maintaining the
codebase* for an in-house rule-matching engine: designing and
implementing features, fixing bugs…  Over the course of the project, I
took part in many other activities:

- I helped our project transition from manual software packaging to
  full-blown continuous integration.

- I contributed extensively to our integration test suite.

- I studied some mechanisms to improve the system's security (Secure
  Boot, TPMs) and helped implement others (LXC containers).

- I reviewed all uses of cryptography in the system as part of our
  security certification process; this allowed me to get a good grasp
  of how filesystem encryption, VPNs, webservers, and repository
  authentication are configured in a free software distribution.

- I supported our license team in assessing our use of free and open
  source software.
** 2014 (6 months): internship at Airbus CyberSecurity
I extended an *Intrusion Detection System to authenticate and decrypt
its ruleset using a Hardware Security Module*.  This was a very
informative foray into the world of cryptographic APIs, such as:

- the [[https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html][PKCS#11]] standard to communicate with hardware tokens,
- the [[https://tools.ietf.org/html/rfc2315][PKCS#7]] format, and its successor [[https://tools.ietf.org/html/rfc5652][CMS]], to serialize encrypted and
  authenticated messages,
- the [[https://tools.ietf.org/html/rfc5280][X.509]] standard to understand how PKIs work and how to process
  certificates,
- the [[http://luca.ntop.org/Teaching/Appunti/asn1.html][ASN.1]] format to reverse-engineer cryptic HSM errors, such as
  ECDSA signatures lacking the [[https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__12__3__1__EC__SIGNATURES.html][zero-padding expected in PKCS#11]],
- [[https://www.openssl.org/][OpenSSL]], to setup PKIs, [[https://stackoverflow.com/a/23422301/1503371][encrypt and sign rulesets, and generate CSRs
  for keys stored securely on a hardware token]].

I also got to learn [[https://security.stackexchange.com/q/58131][a thing or two]] about network security.

As far as software development goes, I dug into many aspects of C
programming: debugging with gdb and valgrind, profiling with
gperftools, the best practices for [[https://www.akkadia.org/drepper/dsohowto.pdf][shared libraries development]]…  I
also got a feel for Python by way of [[https://scapy.net/][Scapy]].
** 2013 (4 months): internship at LIRIS laboratory
I studied two protocols for anonymous communication:

- [[https://dedis.cs.yale.edu/dissent/][Dissent]] :: "accountable anonymous group communication",
- [[https://hal.inria.fr/hal-00945795][RAC]] :: "freerider-resilent, scalable, anonymous communication"
  ([[https://web.archive.org/web/20131018000154/http://www.temple.edu/cis/icdcs2013/data/5000a520.pdf][paper]]).

The goal was to instrument Dissent's implementation to assess its
performance, then to implement and benchmark RAC in order to validate
the theoretical results presented in its specification.

While four months proved too short for me to obtain comparable figures
for both protocols, I appreciated this opportunity to dive into the
guts of these secure communication protocols.  Technically, I also
enjoyed sharpening my knowledge of C++, the Boost framework, and
working with the [[https://www.grid5000.fr/w/Grid5000:Home][Grid5000 environment]].
** 2012 (2 months): internship at Vescape 🇩🇪
I helped this innovative startup expand its game repertoire by
studying a free software game engine and adapting the gameplay to
their unique use-case.

This was my first deep-dive into a considerable codebase, and thus my
first opportunity to practise various aspects of software development
(version control, debugging) on a non-trivial C++ project.
** 2009 – 2014: school projects at INSA de Lyon
Thanks to INSA's generalist syllabus, as well as [[http://gamerush.free.fr/debriefing2.html][some extra-curricular
activies]], I touched on a wide array of problem domains and
technologies:

- drivers for segmented LCD displays on MSP430 microcontrollers, in C,
- image recognition based on [[https://en.wikipedia.org/wiki/Image_moment#Rotation_invariants][Hu moment invariants]], in C,
- game engines, in C++ and Java,
- GUIs in Java,
- webservers, in Java and Go.