|phone:||+31 (0)45 576 2143|
For students with a background in security and/or formal methods, I am happy to supervise thesis projects on security and on privacy, under the broad theme "Security and Privacy in Modern Times". Concrete projects will align with my current research. For an idea of the type of subjects I am happy to supervise:
Projects can be tailored to MSc as well as BSc students. Other topics exist and can be discussed - contact me if you're interested.
Note. In general, I expect the thesis to be written in English, and to provide a solid basis for a (later to be written) publication. See also the page about my approach to supervision.
In general, I'm interested in research that identifies the "bad guys", research that helps to identify security or privacy weaknesses (or the impact of such weaknesses), and research to mitigate security and privacy issues. More concretely, here is an incomplete list of project categories I'm happy to supervise. If you're looking for a project in one of these categories, do contact me.
This is a partial list of project ideas. Contact me to discuss specific subjects of interest to you.
Current approaches to detection of
scientific fraud are either very targeted (plagiarism detection)
or do not scale well (i.e., human intervention). The goal of
this project is to create a classifier using machine-learning
techniques to identify high-profile scientists, and to
incorporate heuristics targeted to detecting scientific fraud.
Skills used in this project: machine learning, relational data, programming, web scraping.
Co-supervisor: dr. Arjen Hommersom.
Scientific fraud is increasingly becoming a
problem. Several classes of fraud (such as plagiarism) can be
automatically detected. However, such detection methods are
focused on the results of one specific type of fraud, instead of
the underlying incentives behind fraud.
In this project, we build upon previous work that developed methods to identify outliers in publication metrics. This project focuses on "secondary" or derived publication metrics, such as number of co-authors, average number of papers with co-authors, etc. The goal is to identify which of such "derived" or secondary publication metrics are useful as indicators for scientific fraud.
Skills used in project: basics of set theory, basic python programming.
The goal of this project is to improve a
scanner that can identify flaws in smart contracts. This project
builds upon work that is currently under submission (anonymously
Skills used in this project: programming, security knowledge.
Co-supervisor: the aforementioned colleague.
Two-factor authentication (2FA) is a more
secure form of authentication than regular password
authentication. In addition to knowing a secret (such as a
password), 2FA typically requires the user to possess something,
e.g. a smartphone. The goal of this project is to automate 2FA by
using BlueTooth connection between a laptop and a smartphone. As a
proof-of-concept, this project will ensure that a laptop's disk
(or some directories on the disk) is/are encrypted unless the
smartphone is connected via BlueTooth.
Skills used in project: Android programming, Bluetooth connectivity.
A phone can read its own vibration out
using its accelerometers. This is unique for each phone and
cannot be imitated: a physical uncloneable function or PUF.
However, many apps can trigger the buzz function and read out
accelerometer values. The goal of this project is to develop an
app that allows for authentication using this PUF functionality
in a secure way.
Skills used in project: Android programming, security analysis.
Co-supervisor: dr. Fabian van den Broek.
Scan-to-email copiers have become a standard
part of office hardware. This is convenient for any scanning job.
However, when scanning sensitive documents, the mails are usually
sent unencrypted and (again, usually) stored unencrypted on the
mail server. In other words: who can see what you scanned?
This project will investigate how to preserve privacy of scanned documents, resulting in a proof-of-concept to do so.
Skills used in project: android programming, cryptography.
This project builds upon the work of the
Pwitter project in developing a privacy layer for Twitter. In this
project, the concept is extended to a more generic framework,
beyond the simple structure of Twitter (where there only exists a
follow relation). You will build a layer on top of an existing,
complex social network that enables a user to privately
communicate over the social network, while retaining privacy
against other users and the social network. The specific privacy
guarantees enabled by your layer will be formally analysed.
Skills used in this project: browser plugin programming, formal security analysis.
Spam is not only an email problem. There are
ebooks that are copy-pasted together, flung together quickly with
no regards for quality of content, only to provide a revenue
stream for their authors. There are various schemes related to
ebook spam. There is a scheme in which the books themselves
provide the revenue. This type of scheme relies on selling many
books to turn a profit, and thus is more likely to use fraudulent
means to promote the book (fake reviews, etc.). Another type of
scheme relies on Amazon's Kindle Direct Publishing
programme, in which Amazon pays out money depending on the amount
of pages read.
The goal of this project is to investigate the current state of ebook spam schemes, and devise countermeasures.
Skills used in the project: web scraping, programming.