My main research interest are information security and applied cryptography, especially the design of secure and privacy friendly protocols for pervasive systems. In particular, the following research topics are of interest to me.
- Privacy by design
- How can we incorporate privacy into all stages of the system development life cycle? What role do privacy design patterns and privacy design strategies play here?
- Privacy and the Internet of Things
- How can we mitigate the privacy and security problems inherent in RFID systems. How can we secure the Internet of Things, and make it more privacy friendly, taking into account the severe resource constraints of the typical, low cost, RFID tag. (See also: DIFR, PEARL.)
- Advanced use of smart-cards
- How secure is a smart card really and what kind of secrets can we trust to it; is it just an identity card or should it contain multiple applications? how to support rapid secure application development (using JavaCards). What are the best architectures for smart card applications (considering both symmetric key and public key systems), especially generic architectures that can be refined to specific requirements How to handle (or avoid) certification. (See also: JASON, OV chipcard 2.0.)
- Privacy and Identity management
- How to incorporate privacy friendly forms of identity management (like Idemix or U-Prove) in usable systems for identity management. How to align business interests (efficient access management and user administration) with customer interests (secure and trustworthy single sign on (if that exists...) and tools to manage and share personal profiles).
- Revocable privacy
- Security and privacy are often seen as opposite, irreconcilable, goals. Privacy partisans and security sharks cling to rigid points of view, fighting each other in an ageing war of trenches. As a result, measures to increase our security scorn our privacy, while privacy enhancing technologies do very little to address legitimate security concerns. Revocable privacy aims to bridge the two sides of the debate to break the status quo. Revocable privacy is a design principle (including the necessary toolbox) to build information systems that balance security and privacy needs. The underlying principle is to design a system that guarantees the privacy of its users, unless a user violates a predefined rule. (See: paper.)
Last Version - Tue Oct 26 11:53:16 2021 +0200 / e1e3326.
(Note: changeover from CVS to dotless svn version numbers on Jan 19, 2008, and changeover to GIT versioning on May 30, 2013.)
Maintained by Jaap-Henk Hoepman