Associate professor in the SEC group.
Course material for 2IMS10
2IMS00 Seminar Information Security Technology (responsible lecturer)
2IMS10 Physical Aspects of Digital Security (responsible lecturer)
2IT90 Automata, language theory and complexity (instructions)
Security with noisy data
An essential property of cryptographic primitives is
an extreme sensitivity to small changes in their inputs.
However, a number of important security applications use
physical measurements as a source of (secret) randomness.
On the one hand, these measurements are inherently noisy.
On the other hand, we often wish to use them as input for
hash functions, block ciphers etc.
Some form of error correction is obviously needed
if we want reproducible results.
This requires storage/transfer of redundancy data.
It is prudent to assume that attackers have access to this data.
Hence the challenge is to develop efficient error correction
methods where the redundancy data does not compromise security.
This leads to an interesting mix of physics, information theory, coding theory and
The techniques developed in this field are useful in the
- secure key storage
- privacy preserving biometric identification and authentication
- true random number generation
Using quantum physics for security
Quantum physics has the interesting property that measurements typically destroy state information,
and that unknown quantum information cannot be cloned.
The inherent confidentiality and tamper evidence properties
allow one to design security protocols that would be impossible with classical physics.
The most notable example is Quantum Key Distribution, but there are other nifty tricks:
Quantum Readout of Physical Unclonable Functions
I found a way to use quantum physics to protect the challenge
in a PUF challenge-response protocol. This provides unconditional security against
digital emulation attacks.
article for laymen in The Converstation.
The idea was
experimentally realized using laser speckle.
Quantum Key Recycling
It is possible to keep re-using the same encryption key
in an unconditionally secure way as long as the communicating parties do not detect
an excess of noise.
This is called key recycling.
Key recycling is more efficient than repeated use of Quantum Key Distribution.
Recently developed recycling schemes are simple and no longer need a quantum computer
for the encryption and decryption.
See this preprint
Collusion-resistant watermarking codes
It is possible to embed hidden data in digital content such as audio and video.
This is called watermarking or fingerprinting.
In forensic watermarking a content provider embeds a unique
identification code into the content for each individual customer,
in order to be able to trace any 'leakage' of content (e.g. distribution on P2P) back to the customer.
The most powerful attack against forensic watermarks is the so-called collusion attack: multiple attackers collaborate
to remove the watermark. As they have bought differently watermarked versions of the same content, they can find the location of a significant part of their watermarks simply by comparing their content. In these locations they have a strong attack.
The content provider's defense is to use an error-correcting code
for the embedded indentifier.
I concentrate on the following questions:
This research topic involves information theory, statistics and analysis.
- Fundamental limits on the collusion resistance of codes.
- Analysis and optimization of existing codes.
- Development of new codes.
See the webpage of the
Some ideas for (internal) master projects.
List of publications
Security of embedded systems (SEC) group
Department of Mathematics and Computer Science
Technische Universiteit Eindhoven
tel: 040 247 4870
5600 MB Eindhoven
PGP public key