Home / Security Engineering & Consulting

Security Engineering & Consulting

I have been involved with a number of project as a security engineer. Additionally, I worked with a number of organizations and some projects as a security consultant. In this page I highlight some of the projects I was involved in.

Security Consulting

Security Engineering

Chrome Security
During the summer of 2014, where I spent 3 months at Google as a Software Engineer, I contributed to the development of the Chrome browser. My changes improved how Chrome manages the permissions granted for extensions and apps. All the code I wrote can be found here as part of the open source Chromium project.

Firefox Security

During the summer of 2013, where I spent 4 months at Mozilla as a Security Engineer, I contributed to the development of the Firefox browser. My changes improved the way Firefox handles SSL/TLS certificates revocation. All the code I wrote can be found here as part of Firefox code. I have also gave a 15 minutes presentation (video below) summarizing my work there.

 

SSL/TLS revoked certificates crawler

Understanding how certificates is revoked in the Internet is essential to understanding the best way to revoke them. I built a Python script that pulls the certificates of Alexa’s top million sites and then check if any of the certificates in their chains have been revoked. The last time I ran the script there were more than 2.5 million revoked certificates. You can build other the tool to do anything with the SSL/TLS certificates other than checking the revocation information.

Ersatz Passwords

We modified how Linux-based operating systems store user’s passwords and incorporated a machine dependent machine function in the process. When an attacked steal the hashed passwords file (e.g., etc/shadow) and tries to crack the password, ersatz “fake” passwords are returned instead. The design of this tool can be found in this paper and the code, which was mainly developed by Chris Gutierrez, can be found here.

Secure e-Voting

I have experimented, along with my colleague Sam Kerr, with implementing a secure e-voting software. Our implementation does not require the existence of a central trusted party and use a number of cryptographic protocols to provide its guarantees. The code can be accessed from here and the work’s documentation and detailed design can be accessed from here.