I’m a teaching assistant and PhD candidate at the Vrije Universiteit Brussel, at the ETRO-IRIS lab.

My research interests are cryptography and privacy engineering. In particular, I research tools that support building peer-to-peer online social networks.


  • : Glycos: the basis for a peer-to-peer, private online social network.

    (, , , and )
    The final publication is available at Springer via https://dx.doi.org/10.1007/978-3-030-16744-8_9 or download the


    Typical Web 2.0 applications are built on abstractions, allowing developers to rapidly and securely develop new features. For decentralised applications, these abstractions are often poor or non-existent. By proposing a set of abstract but generic building blocks for the development of peer-to-peer (decentralised), private online social networks, we aim to ease the development of user-facing applications. Additionally, an abstract programming system decouples the application from the data model, allowing to alter the front-end independently from the back-end. The proposed proof-of-concept protocol is based on existing cryptographic building blocks, and its viability is assessed in terms of performance.

  • : Glycos: an extensible, resilient and private peer-to-peer online social network.

    (, , and )
    download the


    Online privacy typically comes in two forms. At one hand, users can typically choose with whom of their connections to share information, and have plenty of social privacy controls. The so-called \textit{privacy problem} is more about institutional privacy, whereby the service provider fails to securely store users’ data, be it on purpose or not (danah boyd & Hargittai, 2010). When on purpose, these data are often mined for profit through resale of profiles; often called profiling.

    One way of giving back this institutional privacy to citizens, is by taking away the institution as a whole, by decentralising the application. Care has to be taken as not to make potential “re-centralisation” possible, as is happening to email, where a few large email server providers take up large portions of worldwide email traffic. Mailchimp, a large email marketing company, reports GMail having over 1.8 billion more email delivered than Hotmail (Khan, 2015), and online resources seem to suggest that both Microsoft and GMail are by far the world most popular email service providers (Datanyze, 2018; Lewkowicz, 2017).

    By opting for a carefully designed peer-to-peer design, the risk of this “re-centralisation” can be minimised.

    Several noteworthy efforts have been made to “re-decentralise” online social media platforms, not only academic, also commercial and community projects. These efforts often adapt underlying protocols on a per-feature basis, slowing down the development process, and often scaring off non-domain-specialist developers. This is in contrast with how web development and mobile app development works, where developers have APIs such as cookies, SQL (often with ORM), and REST. These APIs offer developers an abstract method of reasoning about their application.

    We explore a peer-to-peer, fully trustless, obfuscated graph-database model, that is only readable and efficiently traversable by legitimate users. Outsiders only learn a minimal amount of metadata, without revealing content nor structure of the graph database.

    This database model is designed as building block for development of online social media, keeping in mind mobile-friendliness, scalability, and efficiency.

Master Thesis supervision

  • Godden, T. (2020). Blindly enforcing access control policies on encrypted data using zero-knowledge: access control for privacy-focussed, peer-to-peer online social media applications (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Assi, G. (2020). Efficient control of secured wireless sensor and actuator networks using a Keccak sponge: an implementation for a competitive chess environment (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • El Khattuti, Y. (2020). Implementation and evaluation of a Keccak-based symmetric authentication Protocol on RFID (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Contryn, A. (2019). Secure communication between IoT devices for short messages (Master Thesis). Vrije Universiteit Brussel. Belgium.