Fabian van den Broek

(Contact)

I am an assistant professor with the Open University of The Netherlands. As a guest researcher I am working in the digital security group at the Institute for Computing and Information Sciences and at the Interdisciplinary Hub for digitalization and society (iHUB), both of the Radboud university of Nijmegen. My current research is mostly focussed on maturing the IRMA (I Reveal My Attributes) technology of the Privacy by Design Foundation. The IRMA technology offers a way to authenticate users based on a subset of their attributes, which results in a very flexible and privacy-friendly eco system.

I finished my PhD on the security of wireless communication technologies such as GSM, GPRS and UMTS. My promotor was prof. Bart Jacobs and my supervisor was dr. Erik Poll. For my PhD I looked into both theoretical and practical questions on security in the access part of mobile technologies, on different abstraction levels: i.e. protocols, cryptographic primitives, implementations of said protocols and the additional services deployed on top of them. By extension I also look at the security of systems utilising mobile communication technology within their architecture, such as remote multi-factor authentication techniques. Finally, I proposed improvements to the wireless standards which prevent fake-base station attacks (IMSI catchers). This work resulted in my doctoral thesis Mobile communication security.

At an earlier stage, I was involved in the OYOI (Own Your Own Identity) project were we succesfully moved the IRMA technology from smart cards, to other carriers, such as the mobile phone. I also participated in the European C-DAX project, working on the security aspects of C-DAX, an ICN (Information-Centric Networking) architecture for smart grids.

Publications

• Attribuut-gebaseerde elektronische handtekeningen en de eIDAS-verordening
  Y. Hu, F. van den Broek, B. Jacobs en P. Wolters
  In: P. Wolters, R. Hermans, A. Janssen, P. Ortolani (red.), Digitalisering en conflictoplossing (Serie Onderneming & Recht), Deventer: Wolters Kluwer 2021, p.293-315.
• IRMA: practical, decentralized and privacy-friendly identity management using smartphones
  Gergely Alpár, Fabian van den Broek, Brinda Hampiholi, Bart Jacobs, Wouter Lueks and Sietse Ringers
  HotPETs 2017, 10th Workshop on Hot Topics in Privacy Enhancing Technologies, Minneapolis, USA 2017.
• Mobile communication security
  Doctoral thesis, 2016.
• Securely derived identity credentials on smart phones via self-enrolment
  Fabian van den Broek, Brinda Hampiholi and Bart Jacobs
  STM2016, 12th International Workshop on Security and Trust Management, Springer LNCS 9871, p.106-121, 2016.
• Defeating IMSI Catchers [Proverif models]
  Fabian van den Broek, Roel Verdult and Joeri de Ruiter
  CCS 2015, ACM Conference on Computer and Communications Security 2015, 340-351, ACM, 2015.
• Towards practical Attribute-Based Signatures
  Brinda Hampiholi, Gergely Alpár, Fabian van den Broek and Bart Jacobs
  SPACE 2015, Security, Privacy, and Applied Cryptography Engineering, pages 310-328. Springer, 2015.
• Securing the information infrastructure for EV charging
  Fabian van den Broek, Erik Poll and Bárbara Vieira
  International Workshop on Communication Applications in Smart Grid (CASG 2015), LNICST volume 154, pages 61-74, Springer, 2015.
• Digitale handtekeningen: nieuwe technologie en nieuwe wet- en regelgeving [addendum](article in Dutch)
  Fabian van den Broek and Erik Poll
  Privacy & Informatie, Nr. 1 17e jaargang, februari 2014
• Security Testing of GSM Implementations
  Fabian van den Broek, Brinio Hond and Arturo Cedillo Torres
  ESSoS 2014, LNCS Volume 8364, 179-195, Springer, 2014.
• Femtocell Security in Theory and Practice.
  Fabian van den Broek and Ronny Wichers Schreur
  NordSec 2013, LNCS Volume 8208, 183-198, Springer, 2013.
• A comparison of time-memory trade-off attacks on stream ciphers
  Fabian van den Broek and Erik Poll
  AfricaCrypt, LNCS Volume 7918, 406-423, Springer, 2013.
• Eavesdropping on GSM: state-of-affairs
  5th Benelux Workshop on Information and System Security (WISSec 2010), November 2010
• Risicoanalyse EPD-DigiD naar aanleiding van de A5/1 kwetsbaarheid in GSM
  Fabian van den Broek, Adri de Bruijn, Erik Poll, Jeroen Prins, Eric Verheul and Otto Vermeulen
  Report by PwC and the Radboud Universiteit for the Dutch Ministry of Health, Welfare and Sport (VWS), 2010.
• Poster GSM security: a state-of-affairs
  STW.ICT conference 2010, Sentinels track, November 2010
• Catching and Understanding GSM-signals
  Master Thesis, Radboud Universiteit Nijmegen, Computing Science Department, March 2010

Teaching

Topics for BSc/MSc projects or general assignments.
I have helped out with the following courses:

• Security (Fall 2014)
• Security in Organisations (Fall 2011, 2013, 2015 and 2016)
• Software Security (Spring 2011)

Media attention

• Wisselend simkaartnummer voor veiligere verbinding (NEMO Kennislink, 15 December 2016)
• Nijmeegse vinding tegen afluisteren van mobiel (De Gelderlander, woensdag 14 december 2016)
• Nieuwe techniek geeft IMSI-catchers geen kans (WebWereld, 29 November 2016)
• Wisselend simkaartnummer voor veiligere GSM (engineersonline.nl, 27 November 2016)
• Nijmeegs onderzoek: wisselend simkaartnummer voor veilige GSM (De Gelderlander, 24 november 2016)
• 'Digitaal kattenkwaad' door scholieren, is de grens bereikt? (NOS, 16 November 2016)
• My Generation-mobiele telefonie Hoe veilig is het? (Security Management, November 2016, nr. 11)
• Uw mobieltje is af te luisteren (PC Active, februari 2011)
• De zwevende kikker (De Gelderlander, 14/12/2010)
• Radio interview on GSM eavesdropping (Omroep Gelderland, Vandaag de dag, 27/11/2010)
• Enkele aanvullingen en correcties op in de media verschenen berichten over GSM.
• Mobieltjes afluisteren moeilijker dan gedacht(digitallife.nl, 26/11/2010)
• Expert zone: Mobiele luistervinken (PC magazine, November 2010)
• AIVD: hackers op het punt om codes gsm-verkeer te kraken (Volkskrant, 17/09/2010)
• Voorlopig geen digitale inzage patiëntendossier (nu.nl, 09/09/2010)
• Risicoanalyse: SMS-authenticatie EPD is onveilig (Computable, 09/09/2010)
• Mobiel geh@ckt (B4U, July 2010, nr. 61)
• Kraak van GSM-encryptie raakt in zicht (Bits of Freedom, 05/01/2010)

Slides

• Mobile Communication Security, layman overview of PhD research, presented at PhD defence, December 2016
• IMSI catching, presented at Black Hat Session, June 2016
• Defeating IMSI catchers, presented at CCS 2015, October 2015
• Femtocell Security in Theory and Practice, presented at NordSec 2013, October 2013
• A comparison of time-memory trade-off attacks on stream ciphers, presented at AFRICACRYPT 2013 June 2013
• GSM Security: Feit en Fictie(odp format), presented at NLUUG Najaarsconferentie 2010 Security and Privacy, November 2010
• GSM Security: Fact and Fiction, presented at BruCON 2010, September 2010
• Beveiliging van Mobiele Netwerken, aimed at highschool students presented at a CodeYard day. April 2010
• Catching and Understanding GSM-Signals, Master thesis presentation, March 2010

Reviews

I have (sub) reviewed for:

• STM 2017
• AsiaCrypt 2013
• CARDIS 2012
• DPM 2012
• ATIS 2012
• IFIP SEC 2012