Projects
Sasquatch
Raising awareness on privacy and security issues
SASQUATCH is a public display aiming to raise awareness on privacy-sensitive information leaking from smartphones. It uses a network scanner and some data mining to gather private information about visitors' previous whereabouts, and then shows an anonymized version of this data on the public display to draw the visitor's attention. Next, SASQUATCH offers an interactive component that allows people to view the information their own smartphone is leaking in private, and then provides solutions (including a fully-automated smartphone application) for securing against future privacy leaks.
The code for this project is unfortunately not publicly available. However, some papers describing the workings of this system can be found here and here. A TED talk where the SASQUATCH system was used to collect privacy-sensitive information about the audience is available on YouTube.
Wi-Fi PrivacyPolice
Android app providing Wi-Fi security
Wi-Fi PrivacyPolice is an Android application which limits the amount of privacy-sensitive information that is sent out by your smartphone over the air. It does this by making sure that it only tells its surroundings about the Wi-Fi networks it wants to connect to if it is certain that these networks are also available (as opposed to the default, where the preferred network list is sent out continuously). It also prevents 'evil twin' attacks, in which an attacker impersonates a legitimate access points in order to trick devices into connecting to a rogue network.
Wi-Fi PrivacyPolice can be installed from Google Play. Its source code is available on GitHub. A paper describing the workings of privacypolice is available here.
WiFiPi
Involuntary tracking of visitors
The WiFiPi project was started in 2012 as a way to track visitors at a major music festival by capturing their smartphones' signals. The setup was used on multiple occasions, successfully providing a way for festival organisers to monitor hotspots and other crowded areas.
The code for this project is unfortunately not publicly available. However, a paper describing the workings of this system can be found here. Another paper using the mobility data captured by the WiFiPi system to simulate large crowds is available here.
NoFix
Firefox extension protecting against session attacks
NoFix is a Firefox extension which aims to protect the user against session fixation and session hijacking attacks, even when no countermeasures are in place at the server side. It works by checking for every cookie via which channel it was set, and via which channel it is read, in order to prevent unauthorized access.
NoFix, together with its source code, is available on GitHub. Its inner workings are extensively described in a master's thesis.
Publications
Bram Bonné, "Assessing and improving security and privacy for smartphone users", PhD dissertation at UHasselt, Hasselt, 2017 [pdf]
Bram Bonné, Sai Teja Peddinti, Igor Bilogrevic and Nina Taft, "Exploring decision making with Android's runtime permission dialogs using in-context surveys", Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, CA, 2017 [pdf]
IAPP SOUPS Privacy Award!
Bram Bonné, Gustavo Rovelo, Peter Quax and Wim Lamotte, "Insecure Network, Unknown Connection: Understanding Wi-Fi Privacy Assumptions of Mobile Device Users", Information, vol. 8, no. 3, July 2017 [pdf]
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte, "Noncooperative 802.11 MAC Layer Fingerprinting and Tracking of Mobile Devices", Security and Communication Networks, vol. 2017, May 2017 [pdf]
Bram Bonné, Peter Quax and Wim Lamotte, "The Privacy API: Facilitating Insights In How One's Own User Data Is Shared", 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Paris, 2017 [pdf]
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte, "Assessing the Impact of 802.11 Vulnerabilities using Wicability", The 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Darmstadt, 2016.
Bram Bonné, Wim Lamotte, Peter Quax and Kris Luyten, "Raising awareness on smartphone privacy issues with SASQUATCH, and solving them with PrivacyPolice", The 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (ACM Mobiquitous '14), London, 2014 [pdf]
Bram Bonné, Peter Quax and Wim Lamotte, "Your Mobile Phone is a Traitor! — Raising Awareness on Ubiquitous Privacy Issues with SASQUATCH", International Journal on Information Technologies & Security, vol. 6, no. 3, pp. 38—53, Sep. 2014 [pdf]
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte, "Exploiting WPA2-Enterprise Vendor Implementation Weaknesses through Challenge Response Oracles", The 2014 ACM conference on Security and privacy in wireless & mobile networks (ACM WiSec '14), Oxford, 2014 [pdf]
Bram Bonné, Arno Barzan, Peter Quax and Wim Lamotte, "WiFiPi: Involuntary Tracking of Visitors at Mass Events", The 7th IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications (IEEE AOC '13), Madrid, 2013 [pdf]
Arno Barzan, Bram Bonné, Peter Quax, Wim Lamotte, Mathias Versichele and Nico Van de Weghe, "A Comparative Simulation of Opportunistic Routing Protocols Using Realistic Mobility Data Obtained From Mass Events", The 7th IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications (IEEE AOC '13), Madrid, 2013 [pdf]
Bram Bonné, Arno Barzan, Peter Quax and Wim Lamotte, "Simulating the Behavior of Opportunistic Network Protocols at Mass Events with ns-3", The Workshop on ns-3 (WNS3) - held in conjunction with the sixth International Conference on Simulation Tools and Techniques (SIMUTools 2013), Cannes, 2013
Bram Bonné, "Improving session security in web applications", Master's thesis at K.U.Leuven, Leuven, 2011 [pdf]
In addition, Bram performed reviews for IEEE Transactions on Information Forensics and Security and IDAACS.
Talks, presentations and other media
Sept 7, 2014 | "Van één Pukkelpopper op de drie konden we de locatie volgen" [newspaper article] (Dutch) |
Sept 21, 2015 | VTM Nieuws: "Zo houdt Facebook iedereen in de gaten" [News video] (Dutch) |
June 17, 2015 | ECG Congres gemeentemanagement: "Hoe veilig zijn uw data?" |
May 9, 2015 | Science Festival: "Je smartphone verklikt je" [newspaper article] (Dutch) |
September 25, 2014 | Talk at the European Commission's 9th Security and Safety Symposium: "Your smartphone is a traitor!" [slides] |
June 7, 2014 | TEDxGhent talk: "Your smartphone is leaking your information" [YouTube video] |
Teaching
Students
Axel Faes, "Machine learning techniques for flow-based network intrusion detection systems", Bachelor's thesis, 2016.
Pieter Robyns, "Wireless Network Privacy", Master's thesis, 2013.
Aäron Thijs, "HTML5 security in modern web browsers", Master's thesis, 2013.
Steve Bottelbergs, "A comparative study on the security of open source web content management systems", Master's thesis, 2013.
Jens Vandenreyt, "Security of NFC-based systems", Master's thesis, 2013.
Pieter Vanderlinden, "A comparative study of web vulnerability scanners", Master's thesis, 2013.
Courses
"Security en computernetwerken", Master INF — study guide / course page
"Gedistribueerde systemen", Master INF — study guide / course page
"Netwerksoftware en -architecturen", Master INF
— study guide /
course page
"Multimediatechnologie", Master INF-MUL
— study guide /
course page
"Computernetwerken", 3e Bachelor INF
— study guide /
course page
"Software engineering", 3e Bachelor INF
— study guide /
course page
"Trimesteroverschrijdend project", 2e Bachelor INF
— study guide /
course page
"Web programming", 1e Bachelor INF
— study guide /
course page
Education
Hasselt University
PhD computer science / 2011-2017
Performing privacy and security research, focused on smartphones, wireless networks and the Internet.
Teaching students on a variety of networking, security and multimedia topics.
PhD dissertation: "Assessing and improving security and privacy for smartphone users"
Katholieke Universiteit Leuven
Master engineering: computer science / 2009-2011
Specialization software security
Graduated cum laude
Master thesis: "Improving session security in web applications" (awarded the Luciad master thesis prize)
Elective courses in fields of Security, Management, Law, Cryptography, Machine Learning, Computer Networks and Collective Intelligence (course on Biology in Computer Science at ParisTech).
Hasselt University
Bachelor computer science / 2006-2009
Specialization information and communication technology
Graduated magna cum laude
Bachelor thesis: "A multi-device presence agent"
Elective courses in fields of Databases, Compilers, Astrophysics and Multimedia.
Experience
Universiteit Hasselt
PhD student & teaching assistant / 2011-2017
Performing privacy and security research, focused on smartphones, wireless networks and the Internet.
Teaching students on a variety of networking, security and multimedia topics.
Mobile Vikings (VikingCo)
Software engineer / 2009
Developing Python modules for the backend of a Django-based website and writing a statistics monitoring application.
Languages
Natural
Dutch | Native |
English | Excellent |
French | Average |
Digital
C++, C | Excellent (with knowledge of Qt and STL libraries) |
Python | Excellent (with knowledge of Django) |
Java | Very good (with knowledge of Android programming, J2EE and JSP) |
Javascript | Very good |
SQL | Very good |
HTML, CSS | Very good |
PHP | Average |
Bash scripting | Average |
Prolog | Basic |
Haskell | Basic |
Perl | Basic |