Thomas Gougeon’s research while affiliated with French National Centre for Scientific Research and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (6)


A Simple Attack on CaptchaStar
  • Chapter

July 2019

·

40 Reads

·

2 Citations

Communications in Computer and Information Science

Thomas Gougeon

·

CaptchaStar is a new type of Captcha, proposed in 2016, based on shape recovery. This paper shows that the security of this Captcha is not as good as intended. More precisely, we present and implement an efficient attack on CaptchaStar with a success rate of 96%. The impact of this attack is also investigated in other scenarios as noise addition, and it continues to be very efficient. This paper is a revised version of the paper entitled How to break CaptchaStar, presented at the conference ICISSP 2018 [29].




Analyse forensique de la mémoire des cartes à puce

October 2017

·

33 Reads

Dans notre monde toujours plus connecté, les cartes à puce sont impliquées quotidiennementdans nos activités, que ce soit pour le paiement, le transport, le contrôle d’accès ou encore la santé.Ces cartes contiennent des informations personnelles liées aux faits et gestes de leur possesseur.Le besoin d’interpréter les données contenues dans les mémoires de ces cartes n’a jamais été aussiimportant. Cependant, sans les spécifications de l’application, il est difficile de connaître quellesinformations sont stockées dans la carte, leur emplacement précis, ou encore l’encodage utilisé.L’objectif de cette thèse est de proposer une méthode qui retrouve les informations stockéesdans les mémoires non volatile des cartes à puce. Ces informations peuvent être des dates (e.g.,date de naissance, date d’un événement) ou des informations textuelles (e.g., nom, adresse). Pourretrouver ces informations, un décodage exhaustif des données à l’aide de différentes fonctions dedécodage est possible. Malheureusement, cette technique génère de nombreux faux positifs. Unfaux positif apparaı̂t lorsqu’une fonction de décodage est appliquée sur des données qui ont étéencodées avec une fonction différente. Cette thèse s’appuie alors sur trois contributions exploitantles spécificités des cartes à puce pour éliminer ces faux positifs. La première contribution identifie lesobjets cryptographiques dans les mémoires non volatiles des cartes à puce afin de ne pas effectuer ledécodage sur ces données. Les deux autres contributions retrouvent respectivement des informationstextuelles et des dates dans ces mémoires. Afin de valider ces méthodes, elles sont chacune appliquéessur 371 mémoires de cartes à puce de la vie réelle.


Memory carving can finally unveil your embedded personal data

August 2017

·

25 Reads

·

2 Citations

Smart cards are involved in most of activities, and they gather and record plenty of personal data. A manual interpretation of these raw data is difficult without specifications. This task becomes really tedious applied to plenty of devices. The paper introduces the first method to automatically retrieve textual information from memory dumps of smart cards. Given the data structure and encoding are assumed to be unknown, the method is based on text statistics and characteristics of smart cards to discard false positives. The experiments performed on more than 350 memory dumps revealed that the method can automatically retrieve more than 99% of textual information available in a dump, while keeping the false positive rate as low as 5.5%.


Memory Carving in Embedded Devices: Separate the Wheat from the Chaff

June 2016

·

43 Reads

·

4 Citations

Lecture Notes in Computer Science

This paper investigates memory carving techniques for embedded devices. Given that cryptographic material in memory dumps makes carving techniques inefficient, we introduce a methodology to distinguish meaningful information from cryptographic material in small-sized memory dumps. The proposed methodology uses an adaptive boosting technique with statistical tests. Experimented on EMV cards, the methodology recognized 92% of meaningful information and 98%98\,\% of cryptographic material.

Citations (3)


... ARTIFACIAL and ASSIRA were attacked with a success rate of 18% and 82.7%, respectively in [84]. Whereas CAPTCHaStar was attacked with a success rate of 96% in [26]. Similar to our SMC, SACAPTCHA scheme employs NST and is attacked with a success rate of 96% in [50]. ...

Reference:

Style matching CAPTCHA: match neural transferred styles to thwart intelligent attacks
A Simple Attack on CaptchaStar
  • Citing Chapter
  • July 2019

Communications in Computer and Information Science

... Gougeonet al. [20] argues that interpreting the data stored on embedded device is especially useful for forensic investigation. In many cases the data on these devices can be obtained with no authentication using the API of the device or simply by sniffing a genuine communication. ...

Memory Carving in Embedded Devices: Separate the Wheat from the Chaff
  • Citing Conference Paper
  • June 2016

Lecture Notes in Computer Science