Bertil Chapuis scite author profile

Bertil Chapuis

5Publications

61Citation Statements Received

98Citation Statements Given

How they've been cited

How they cite others

103

Affiliations

University of Applied Sciences and Arts Western Switzerland, University of Lausanne

Publications

Order By: Most citations

Towards Usable Checksums

Cherubini¹,

Meylan²,

Chapuis³

et al. 2018

View full text Add to dashboard Cite

Internet users can download software for their computers from app stores (e.g., Mac App Store and Windows Store) or from other sources, such as the developers' websites. Most Internet users in the US rely on the latter, according to our representative study, which makes them directly responsible for the content they download. To enable users to detect if the downloaded files have been corrupted, developers can publish a checksum together with the link to the program file; users can then manually verify that the checksum matches the one they obtain from the downloaded file. In this paper, we assess the prevalence of such behavior among the general Internet population in the US (N = 2,000), and we develop easyto-use tools for users and developers to automate both the process of checksum verification and generation. Specifically, we propose an extension to the recent W3C specification for sub-resource integrity in order to provide integrity protection for download links. Also, we develop an extension for the popular Chrome browser that computes and verifies checksums of downloaded files automatically, and an extension for the WordPress CMS that developers can use to easily attach checksums to their remote content. Our in situ experiments with 40 participants demonstrate the usability and effectiveness issues of checksums verification, and shows user desirability for our extension. CCS CONCEPTS • Security and privacy → Web protocol security; Usability in security and privacy; Hash functions and message authentication codes;

show abstract

An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources

Chapuis¹,

Omolola²,

Cherubini³

et al. 2020

View full text Add to dashboard Cite

Web developers can (and do) include subresources such as scripts, stylesheets and images in their webpages. Such subresources might be stored on content delivery networks (CDNs). This practice creates security and privacy risks, should a subresource be corrupted. The subresource integrity (SRI) recommendation, released in mid-2016 by the W3C, enables developers to include digests in their webpages in order for web browsers to verify the integrity of subresources before loading them. In this paper, we conduct the rst large-scale longitudinal study of the use of SRI on the Web by analyzing massive crawls (≈3B URLs) of the Web over the last 3.5 years. Our results show that the adoption of SRI is modest (≈3.40%), but grows at an increasing rate and is highly in uenced by the practices of popular library developers (e.g., Bootstrap) and CDN operators (e.g., jsDelivr). We complement our analysis about SRI with a survey of web developers (=227): It shows that a substantial proportion of developers know SRI and understand its basic functioning, but most of them ignore important aspects of the recommendation. The results of the survey also show that the integration of SRI by developers is mostly manual-hence not scalable and error prone. This calls for a better integration of SRI in build tools. CCS CONCEPTS • Security and privacy → Web protocol security; Hash functions and message authentication codes.

show abstract

Extracting Hotspots without A-priori by Enabling Signal Processing over Geospatial Data

Kulkarni

Moro

Chapuis

et al. 2017

View full text Add to dashboard Cite

Privacy-Preserving Location-Based Services by using Intel SGX

Kulkarni

Chapuis

Garbinato

2017

View full text Add to dashboard Cite

Capturing complex behaviour for predicting distant future trajectories

Chapuis

Moro

Kulkarni

et al. 2016

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Bertil Chapuis

Towards Usable Checksums

An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources

Extracting Hotspots without A-priori by Enabling Signal Processing over Geospatial Data

Privacy-Preserving Location-Based Services by using Intel SGX

Capturing complex behaviour for predicting distant future trajectories

Contact Info

Product

Resources

About