prof.dr. A. Peter (Andreas)

Andreas Peter graduated with a M.Sc. in mathematics at both the University of Cambridge (UK) and the University of Oldenburg (Germany) in 2008 and 2009, respectively. Subsequently, he received the Ph.D. in computer science from the Technical University of Darmstadt (Germany) in 2013. His Ph.D. thesis deals with the topic of secure outsourcing of computation with a special focus on homomorphic encryption. From 2014-2018, he was employed as an Assistant Professor, from 2019-2020, as Associate Professor, from 2021-2022 as Adjunct Professor, and since 2022 as Guest Professor at the chair of "Services and Cyber-Security (SCS)" at the University of Twente (NL). Since 2022, he is Full Professor of the research group "Safety-Security-Interaction" at the University of Oldenburg in Germany.

His current research interests include both fundamental and applied security and privacy aspects in IT systems with a focus on privacy-enhancing technologies and cryptographic protocol design and analysis, as well as on network-based intrusion detection and applications of machine learning in security and privacy. He serves on the program committees of several workshops and conferences devoted to information security and privacy. Since 2015, he serves on the Editorial Board of the SpringerOpen EURASIP Journal on Information Security.

Until 2022, he was the UT coordinator of the EIT Digital Master in Security & Privacy and of the 4TU Cyber Security Master Specialization.

Expertise

• Computer Science

  • Privacy Preserving
  • Attack
  • Homomorphic Encryption
  • Encryption
  • Building Automation
  • Wi-Fi
  • Models
  • Biometric Template Protection

Organisations

With the digitalization of our society, the amount of collected data and computational demands is ever-increasing. However, the underlying, vital digital systems are threatened by a plethora of cyber-attacks. Examples include impersonation attacks or data exfiltration attacks that frequently lead to mega breaches exposing sensitive data from millions of innocent people to criminals. On an almost daily basis, newspapers world-wide report about such cyber-attacks and the impact that they have on our digital society.

Due to the central role and importance of data, my group's research strategy follows a data-centric approach. This approach tackles the challenge of defending computer systems as a whole from two different angles, namely by mitigating the risk imposed by ubiquitous data but also by taking the opportunities provided by data richness. First, we research security mechanisms to provide security for data not only while stored and transmitted over networks as implemented by conventional systems but even during data processing. Second, we research the use of data for security and envision a world in which the continuously increasing amounts of data are utilized to identify, analyze, prevent, and respond to cyber-threats. Both research directions are based on the analysis of existing systems and software but also on the design of novel systems.

Security for Data

Data breaches happen in various forms but eventually are mainly attributed to an improper protection of data. While traditional encryption technology can be used for the protection of data at rest and in transit, it requires a decryption step for processing the data which in turn exposes the data in the clear and makes it vulnerable to attacks. To close this security vulnerability, my research group investigates the construction of cryptographic protocols based on non-traditional encryption, such as homomorphic encryption, that allow for the processing of data under encryption without the need to decrypt. Growing amounts of data and increasing complexities of the processing algorithms are complicating factors that largely lead to efficiency problems. We approach this by sacrificing some security for efficiency. Concretely, we explore allowing for some quantifiable leakage (e.g. in terms of differential privacy) to gain efficiency. By studying the success of possible leakage-abuse attacks, we can quantify the loss in security and achieve application-specific, practical tradeoffs between security and efficiency. Lastly, to effectively protect against data breaches, we need to control who has or had access to data at a given point in time. Traditional access control mechanisms typically rely on the complete trust in a single system or administrator, which constitutes a single point of failure. To mitigate this issue, we study decentralized access control approaches based on attribute-based encryption and distributed ledger technologies.

Data for Security

Traditional security solutions are targeted towards the protection from known threats and are dominantly based on insights acquired through costly manual analysis, which is often too slow to cope with the rapid emergence of new threats. To overcome this, my research group aims at a fully automated threat identification, analysis, and response and research the use of artificial intelligence, such as machine learning-based threat classification and clustering, to automatically analyze known threats with corresponding mitigation strategies to learn prediction models that allow for the identification of new/unseen threats and adapted mitigation approaches. Moreover, to be one step ahead of possible attackers, we explore automated security testing techniques to learn models of vulnerable system and software components and associated patches that we use to discover and patch new vulnerabilities. We put a special focus on the threat of data leakage for which we also build new (automated) attacks for data exfiltration and leakage exploitation that we use to learn models to detect and quantify data leakage. Throughout all our research in this context, we make extensive use of simulations and real-world experiments for the validation of achieved results.

Output and Impact Goals

My group's research covers the complete range of steps necessary to develop secure solutions for the real world, starting from the analysis of existing attacks and vulnerabilities and their proper modelling, to the engineering of targeted protection, mitigation, detection, and response solutions, all the way to the implementation of prototypes and proof-of-concepts, combined with extensive evaluation. In each of these steps, we are paying explicit attention to the demands imposed by the socio-economic context and the involved human factor, which can be part of the threat and part of the solution at the same time.

We aim for real, tangible societal and economic impact. To ensure this, our research is very much use-inspired and largely driven by real-world challenges. We focus our research on challenges from three application domains:

• Health and healthcare industry: Patient data and other medical data is extremely sensitive and brings about particular data security challenges, for instance due to its structure, size, and the fact it is typically distributed over many different parties. This makes the health and healthcare industry one of our key application domains.
• Software and Internet industry: Digital data is typically processed by software and communicated and shared via the Internet. Because of this, the software and Internet industry form the backbone of the data-driven economy, which makes it an important application domain for our research.
• Cybersecurity industry: The third major application domain of our research is the cybersecurity industry itself. Since we research existing and develop new security solutions, many of our research questions are motivated by shortcomings of existing security solutions and real-world challenges posed by the cybersecurity industry. 

We are committed to perform open and well-documented research to ease reproducibility, reusability, and collaboration to allow for effective knowledge transfer. Key components in this approach are, next to publishing our research at the top security conferences and journals, the release of open source tools and datasets. We follow the well-established guidelines in our community for responsible disclosure of previously unknown vulnerabilities and collaborate with vendors to design suitable patches or mitigations. Furthermore, to ensure innovation lands in society, we support startups in their infancy and also target the creation of new businesses from scratch.

Publications

Other contributions

Current PhD students

• Yoep Kortekaas (Nov 2020 - ongoing)
  • topic: SHARE - Sharing Data with Cryptographic and Differentially Private Guarantees
  • with Florian Hahn, Maarten Everts, and Willem Jonker

• Amina Bassit (May 2020 - ongoing)
  • topic: Optimal Biometric Recognition under Encryption
  • with Florian Hahn, Chris Zeinstra, and Raymond Veldhuis

• Thijs van Ede (Feb 2018 - ongoing)
  • topic: EVIDENCE - Evolutionary Intrusion Detection for Dynamic Environments
  • with Maarten van Steen

• Philipp Jakubeit (Nov 2017 - ongoing)
  • topic: SPA - Seamless Personal Authentication
  • with Maarten van Steen

• Herson Esquivel Vargas (Nov 2016 - ongoing)
  • topic: BASS - Building Automation Systems Security and Privacy
  • with Pieter Hartel

• Valeriu Stanciu (Jan 2016 - ongoing) [external: University Politehnica of Bucharest, Romania]
  • topic: PriFi - Privacy-Preserving WiFi Tracking for Crowd Management
  • with Maarten van Steen

Former PhD students

• Christoph Bösch (finished his PhD on January 21, 2015)
  • topic: Practically Efficient Searchable Encryption and Applications
  • with Pieter Hartel and Willem Jonker

• Arjan Jeckmans (finished his PhD on February 5, 2014)
  • topic: Cryptographically-Enhanced Privacy for Recommender Systems
  • with Pieter Hartel

• Riccardo Bortolameotti (finished his PhD on October 11, 2019)
  • topic: Detection and Evaluation of Data Exfiltration
  • with Pieter Hartel and Willem Jonker

• Tim van de Kamp (finished his PhD on February 21, 2020)
  • topic: Multi-client Functional Encryption for Controlled Data Sharing
  • with Willem Jonker

Research profiles

My group's education strategy is tightly coupled with our research strategy. We offer fundamental bachelor courses on cybersecurity (ranging from cryptography and data security over software, web and system security, to AI for security) that are mandatory in the computer science bachelor program to provide our students with the basics and to prepare them for more advanced studies. On the master level, we coordinate the 4TU Cybersecurity specialization of our computer science master, which delivers cybersecurity graduates having a T-shaped profile with 2/3 of deep technical knowledge and 1/3 of socio-economic knowledge in cybersecurity. The curriculum is designed in collaboration with our advisory board consisting of senior leaders from industry and government to meet the demands from the real-world. We offer advanced cybersecurity master courses that are tightly coupled with our research, ranging from secure data management, over software and system security, to secure cloud computing and privacy-enhancing technologies. Furthermore, to educate our future cybersecurity innovators and entrepreneurs, we coordinate our participation in the EIT Digital Cybersecurity Master, which puts a particular focus on innovation and entrepreneurship in an international context. 

We involve students in our research as much as possible, mostly when they start working on their final projects. We stimulate master projects on real-world challenges in collaboration with our industry partners (for instance through dedicated internships). While our courses in the Master program are mostly targeted towards our Master students, they are offered to our industry partners as well and we offer dedicated educational programs, such as the PdEng program, supporting our industry partners in upskilling their current workforce, even when they already have a Master degree in cyber security. While most of our teaching happens on campus, many of our courses allow for remote (online) participation by attending video conferences and live streams and other forms of digital teaching as well.

We aim to make students interested in cybersecurity and particularly in our research as early as possible by supporting and mentoring students in so-called Capture The Flags (CTFs), which are game-based information security competitions aimed at teaching how to identify, exploit, and patch software vulnerabilities, and, as a consequence, how to write secure code. Together with the Twente Hacking Squad (THS), our own CTF team, we organize cyber security workshops to introduce our students to practical security problems. Our students participate in national and international competitions, such as the European Cyber Security Challenge.

Affiliated study programs

Courses academic year 2023/2024

Courses in the current academic year are added at the moment they are finalised in the Osiris system. Therefore it is possible that the list is not yet complete for the whole academic year.

Courses academic year 2022/2023

Current projects

SPA: Seamless Personal Authentication

joint project with Maarten van Steen (UT) and company Nedap

PriFi: Privacy-Preserving WiFi Tracking for Crowd Management

joint project with Maarten van Steen (UT)

EVIDENCE: EVolutionary Intrusion DEtectioN for dynamiC Environments

joint project with Maarten van Steen (UT)

Previous years have seen a surge of cyber attacks targeting private data. This virtual pillage deprives citizens and companies across all industries of sensitive information such as login credentials, intellectual property or personal data. Existing cyber security solutions attempt to deal with these attacks by learning a detection model. However, in today's continuously developing IT settings, such a model quickly depreciates, making the approach fail miserably (often already in the case of a simple software update). In this proposal, we call for a drastic change in security technologies, progressing from static security concepts to evolutionary security concepts. As an important milestone in this progression, the EVIDENCE project will build a network-based intrusion detection system (NIDS) capable of evolving with dynamic changes in the environment in which it is deployed. Designing a system which is able to adapt to developing environments requires us to effortlessly update our system's security models. We plan to apply passive application fingerprinting, an approach which maps network traffic to applications on the machine. This method will create fingerprints of all monitored applications in its training phase and subsequently detects unknown (malicious) applications for which it raises alerts. We propose the generation of fingerprints per host, per protocol, and per application, allowing for fine grained dexterous readjustments in case of environmental changes. In addition, our pivotal contribution commences the detection of contextual changes and subsequent adaptation of the detection model. To this end, we will investigate the application of machine learning classifiers and concept drift detectors on our fingerprint features to detect both basic and more advanced environmental changes such as software updates or newly added devices. This ability to automatically adapt to contextual changes (including those imposed by new cyber attacks) establishes the evolutionary character of our envisaged network-based intrusion detection system and constitutes the uniqueness of the EVIDENCE project.

PriMa: Privacy Matters

Joint project with Raymond Veldhuis (UT)

SHARE: Sharing Data with Cryptographic and Differentially Private Guarantees

SeReNity: Evidence-Based Security Response Centers

INTERSECT: Towards an Internet of Secure Things

Coordinated by Sandro Etalle (TU/e)

ThreatMine: Cyber Threat Intelligence Data Mining

BASS: Building Automation Systems Security and Privacy

Building Automation Systems (BASs) are one of the applications of the “Internet of Things” (IoT). Millions of people work and live in smart buildings around the world. BASs have steadily grown because of two reasons: (1) the convenience of process automation (e.g. energy management, access control, etc.); and (2) the comfort provided to the users (e.g. preferred temperature, lightning, etc.). Sensors and actuators are disseminated throughout the buildings to enable the implementation of BASs. Building inhabitants may not be aware of the presence of such devices even though they closely interact with them every day. The communication between BAS devices used to have its own protocol stack, from the physical to the application layers. Modern BASs, however, use the communications infrastructure that is usually already in place (Local Area Networks). Moreover, this approach enables remote management and monitoring. Unfortunately, it also enables cyberattacks from remote locations. People's safety and privacy could be compromised with BASs that are connected to computer networks. To overcome these problems, the BASS project studies the security and privacy issues in modern building automation systems and develops dedicated protection mechanisms, such as tailored privacy-enhancing technologies and network-based intrusion detection systems.

Finished projects

PensionChain: Blockchain Applications for Pensions

joint project with Marc Francke (UvA)

THeCS: Trusted Healthcare Services

Now that e-Health (electronic health services over the internet) is becoming available there is considerable concern about privacy and security of all that data that we share or submit. The lack of trust was the reason for the Dutch Senate not to pass the bill for the proposed nationwide Electronic Patient Records system even though many millions were spent building the system. But it is not only with nationwide systems; in every communication regarding our health we want our data to be secure. The THeCS project addresses security, privacy and trust as the key issues in adoption of novel e-Health services, which have great potential to improve healthcare and decrease cost. However, trust privacy and security are seen as roadblocks for wider adoption of these services. In this project we develop mechanisms to solve these privacy and security issues.

CRIPTIM: CRitical Infrastructure Protection Through cryptographic Incident Management

Critical Infrastructure Protection (CIP) mechanisms are commonly based on complex models of interdependencies between the many operators in our critical infrastructure. Particularly due to the rapid emergence of new cyber-threats, the sharing of incident information is indispensable for the functioning of such mechanisms. However, the high sensitivity of this information prevents operators from sharing it. CRIPTIM introduces the new paradigm of "cryptographic incident management" for CIP that ensures data confidentiality with cryptographic guarantees, thereby reducing the operators' fears of information leakage. The underlying idea is to monitor and analyze incident data in the encrypted domain, while an alarm is set off only when a certain failure or alarm state is detected. The subsequent alarm resolution is facilitated through novel access control mechanisms for the selective disclosure of alarm-related information. CRIPTIM realizes this paradigm by developing novel custom-tailored cryptographic techniques in Secure Multiparty Computation, Homomorphic- and Functional Encryption, as well as Oblivious RAM. The intended technology will, for the first time, allow external parties, like intelligence agencies, to feed threat-related topsecret information into the monitoring system which may be the missing piece for the early detection of potentially major disasters. CRIPTIM sets the foundations for this innovative approach to CIP and contributes to an effective and confidential incident management that leads to a more secure and reliable critical infrastructure.

OBRE: Optimal Biometric Recognition under Encryption

joint project with Raymond Veldhuis (UT)

Biometric data, such as fingerprints, are personal data. Their storage, especially in large, central databases, entails privacy risks, against which the fingerprints must be protected. GenKey wants to improve its current technology to protect stored fingerprints. Biometric recognition under homomorphic encryption is an excellent candidate for this because it offers the possibility of performing biometric recognition with encrypted fingerprints. A basic method for biometric recognition under homomorphic encryption has been devised at the University of Twente (UT), based on quantized likelihood ratios, Encrypted Quantized Likelihood Ratio comparisons (EQLR) and a comparison protocol, which differs from existing methods based on for homomorphic encryption through much more reliable and faster recognition. This basic method assumes a server on which the encrypted biometric data, the template, is stored and a client with a fingerprint sensor. Typical for the approach is that both client and server learn nothing about the stored template during the recognition, that the server does not learn anything about the biometric data offered and that only the client learns the outcome of the recognition in the form of an accept or reject. Initial experiments on fingerprint data from GenKey prove very promising. The aim of this project is therefore to make this method suitable for application by GenKey in their fingerprint recognition systems.

#BREACHED: Determining and Reducing the Impact of Data Breaches

In the last few years, data breaches are constantly on the front pages of major newspapers. Cyber criminals, hacktivists or state-sponsored groups are compromising the networks of companies in order to steal their assets, which span from customer data, intellectual properties, or secret documents. These attacks do not only affect the companies' businesses but also their customers and potentially their lives. For instance, a customer can be victim of identity fraud once his data has been leaked to criminals. Governments and lawmakers recognize the problem and recently approved the first legal obligations for companies regarding these incidents. Nonetheless, companies lack of many technical solutions to deal with these attacks. #BREACHED focuses on filling the technological gap that companies face when dealing with data breaches. The goal of this project is to create innovative technical solutions that deal with different aspects of such threats. The technologies proposed in this project will allow companies to better protect themselves even in case the attacker is very powerful. The aspects touched by the project span from the prevention of a data breach to the evaluation of its consequences and severity.

Organisations