Raising awareness on privacy and security issues
SASQUATCH is a public display aiming to raise awareness on privacy-sensitive information leaking from smartphones. It uses a network scanner and some data mining to gather private information about visitors' previous whereabouts, and then shows an anonymized version of this data on the public display to draw the visitor's attention. Next, SASQUATCH offers an interactive component that allows people to view the information their own smartphone is leaking in private, and then provides solutions (including a fully-automated smartphone application) for securing against future privacy leaks.
The code for this project is unfortunately not publicly available. However, some papers describing the workings of this system can be found here and here. A TED talk where the SASQUATCH system was used to collect privacy-sensitive information about the audience is available on YouTube.
Android app providing Wi-Fi security
Wi-Fi PrivacyPolice is an Android application which limits the amount of privacy-sensitive information that is sent out by your smartphone over the air. It does this by making sure that it only tells its surroundings about the Wi-Fi networks it wants to connect to if it is certain that these networks are also available (as opposed to the default, where the preferred network list is sent out continuously). It also prevents 'evil twin' attacks, in which an attacker impersonates a legitimate access points in order to trick devices into connecting to a rogue network.
Involuntary tracking of visitors
The WiFiPi project was started in 2012 as a way to track visitors at a major music festival by capturing their smartphones' signals. The setup was used on multiple occasions, successfully providing a way for festival organisers to monitor hotspots and other crowded areas.
The code for this project is unfortunately not publicly available. However, a paper describing the workings of this system can be found here. Another paper using the mobility data captured by the WiFiPi system to simulate large crowds is available here.
Firefox extension protecting against session attacks
NoFix is a Firefox extension which aims to protect the user against session fixation and session hijacking attacks, even when no countermeasures are in place at the server side. It works by checking for every cookie via which channel it was set, and via which channel it is read, in order to prevent unauthorized access.
Bram Bonné, Peter Quax and Wim Lamotte, The Privacy API: Facilitating Insights In How One's Own User Data Is Shared, 2nd IEEE European Symposium on Security and Privacy, Paris, 2017 (to be presented in April).
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte, Assessing the Impact of 802.11 Vulnerabilities using Wicability, The 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Darmstadt, 2016.
Bram Bonné, Wim Lamotte, Peter Quax and Kris Luyten, "Raising awareness on smartphone privacy issues with SASQUATCH, and solving them with PrivacyPolice", The 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (ACM Mobiquitous '14), London, 2014 [pdf]
Bram Bonné, Peter Quax and Wim Lamotte, "Your Mobile Phone is a Traitor! — Raising Awareness on Ubiquitous Privacy Issues with SASQUATCH", International Journal on Information Technologies & Security, vol. 6, no. 3, pp. 38—53, Sep. 2014 [pdf]
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte, "Exploiting WPA2-Enterprise Vendor Implementation Weaknesses through Challenge Response Oracles", The 2014 ACM conference on Security and privacy in wireless & mobile networks (ACM WiSec '14), Oxford, 2014 [pdf]
Bram Bonné, Arno Barzan, Peter Quax and Wim Lamotte, "WiFiPi: Involuntary Tracking of Visitors at Mass Events", The 7th IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications (IEEE AOC '13), Madrid, 2013 [pdf]
Arno Barzan, Bram Bonné, Peter Quax, Wim Lamotte, Mathias Versichele and Nico Van de Weghe, "A Comparative Simulation of Opportunistic Routing Protocols Using Realistic Mobility Data Obtained From Mass Events", The 7th IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications (IEEE AOC '13), Madrid, 2013 [pdf]
Bram Bonné, Arno Barzan, Peter Quax and Wim Lamotte, "Simulating the Behavior of Opportunistic Network Protocols at Mass Events with ns-3", The Workshop on ns-3 (WNS3) - held in conjunction with the sixth International Conference on Simulation Tools and Techniques (SIMUTools 2013), Cannes, 2013.
In addition, Bram performed reviews for IEEE Transactions on Information Forensics and Security and IDAACS.
Talks, presentations and other media
|Sept 21, 2015||VTM Nieuws: "Zo houdt Facebook iedereen in de gaten" [News video] (Dutch)|
|June 17, 2015||ECG Congres gemeentemanagement: "Hoe veilig zijn uw data?"|
|May 9, 2015||Science Festival: "Je smartphone verklikt je" [newspaper article] (Dutch)|
|September 25, 2014||Talk at the European Commission's 9th Security and Safety Symposium: "Your smartphone is a traitor!" [slides]|
|June 7, 2014||TEDxGhent talk: "Your smartphone is leaking your information" [YouTube video]|
Axel Faes, "Machine learning techniques for flow-based network intrusion detection systems", Bachelor's thesis, 2016.
Pieter Robyns, "Wireless Network Privacy", Master's thesis, 2013.
Aäron Thijs, "HTML5 security in modern web browsers", Master's thesis, 2013.
Steve Bottelbergs, "A comparative study on the security of open source web content management systems", Master's thesis, 2013.
Jens Vandenreyt, "Security of NFC-based systems", Master's thesis, 2013.
Pieter Vanderlinden, "A comparative study of web vulnerability scanners", Master's thesis, 2013.
"Security en computernetwerken", Master INF — study guide / course page
"Gedistribueerde systemen", Master INF — study guide / course page
"Netwerksoftware en -architecturen", Master INF — study guide / course page
"Multimediatechnologie", Master INF-MUL — study guide / course page
"Computernetwerken", 3e Bachelor INF — study guide / course page
"Software engineering", 3e Bachelor INF — study guide / course page
"Trimesteroverschrijdend project", 2e Bachelor INF — study guide / course page
"Web programming", 1e Bachelor INF — study guide / course page
Master engineering: computer science / 2009-2011
Specialization software security
Graduated cum laude
Bachelor computer science / 2006-2009
Specialization information and communication technology
Graduated magna cum laude
Bachelor thesis: "A multi-device presence agent"
Elective courses in fields of Databases, Compilers, Astrophysics and Multimedia.
Science-Mathematics / 2000-2006
Elective courses in Philosophy and Photography
Software Engineering & Research Intern / 2016
Research on smartphone user privacy.
PhD student & teaching assistant / 2011-present
Performing privacy and security research, focused on smartphones, wireless networks and the Internet.
Teaching students on a variety of networking, security and multimedia topics.
|C++, C||Excellent (with knowledge of Qt and STL libraries)|
|Python||Excellent (with knowledge of Django)|
|Java||Very good (with knowledge of Android programming, J2EE and JSP)|
|HTML, CSS||Very good|