Dr. Andreas Peter (Assistant Professor)



Assist.-Prof. Dr. Andreas Peter


Zilverling 4051


+31 53 489 2918


Research Interests

  • Privacy-Enhancing Technologies
  • Cryptographic Protocol Design and Analysis
  • Security and Privacy in Building Automation Systems
  • Network Intrusion Detection Systems

Current Activities

Recent Publications

The complete list of publications can be found at:
EEMCS EPrints Service
  • DECANTeR: DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting with R. Bortolameotti, T. van Ede, M. Caselli, M. H. Everts, P. Hartel, R. Hofstede, and W. Jonker
    33rd Annual Computer Security Applications Conference (ACSAC 2017), December 2017, Orlando, USA
  • Multi-client Predicate-only Encryption for Conjunctive Equality Tests with T. van de Kamp, M. H. Everts, and W. Jonker
    16th International Conference on Cryptography and Network Security (CANS 2017), November 2017, Hong Kong, China
    [to appear]
  • Automatic Deployment of Specification-based Intrusion Detection in the BACnet Protocol with H. Esquivel-Vargas and M. Caselli
    3rd ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC 2017), November 2017, Dallas, USA
  • Using Oblivious RAM in Genomic Studies with N. Karvelas and S. Katzenbeisser
    12th International Workshop on Data Privacy Management (DPM 2017), September 2017, Oslo, Norway
  • Private Sharing of IOCs and Sightings with T. van de Kamp, M. H. Everts, and W. Jonker
    3rd ACM Workshop on Information Sharing and Collaborative Security (WISCS 2016), October 2016, Vienna, Austria
  • Reliably Determining Data Leakage in the Presence of Strong Attackers with R. Bortolameotti, M. H. Everts, W. Jonker, and P. Hartel
    32nd Annual Computer Security Applications Conference (ACSAC 2016), December 2016, Los Angeles, CA, USA
  • Publicly Verifiable Private Aggregation of Time-Series Data with B. G. Bakondi, M. H. Everts, P. Hartel, and W. Jonker
    10th International Conference on Availability, Reliability and Security (ARES 2015), August 2015, Toulouse, France
    [IEEE Xplore]
  • Indicators of Malicious SSL Connections with R. Bortolameotti, M. H. Everts, and D. Bolzoni
    9th International Conference on Network and System Security (NSS 2015), November 2015, New York, NY, USA
  • Secure Cluster-Based In-Network Information Aggregation for Vehicular Networks with S. Dietzel and F. Kargl
    81st IEEE Vehicular Technology Conference (VTC Spring 2015), May 2015, Glasgow, United Kingdom
    [IEEE Xplore]
  • A Survey of Provably Secure Searchable Encryption with C. Bösch, P. Hartel, and W. Jonker
    ACM Computing Surveys, vol. 47, no. 2, 2014, pp. 18:1-18:51
  • Privacy-Enhanced Participatory Sensing with Collusion Resistance and Data Aggregation with F. Günther and M. Manulis
    13th International Conference on Cryptology and Network Security (CANS 2014), October 2014, Heraklion, Crete, Greece
  • SOFIR: Securely Outsourced Forensic Image Recognition with C. Bösch, P. Hartel, and W. Jonker
    IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP 2014), May 2014, Florence, Italy
    [IEEE Xplore]
  • General Impossibility of Group Homomorphic Encryption in the Quantum World with F. Armknecht, T. Gagliardoni, and S. Katzenbeisser
    17th IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC 2014), March 2014, Buenos Aires, Argentina
  • Distributed Searchable Symmetric Encryption with C. Bösch, B. Leenders, H. W. Lim, Q. Tang, H. Wang, P. Hartel, and W. Jonker
    12th Annual International Conference on Privacy, Security and Trust (PST 2014), July 2014, Toronto, ON, Canada
    [IEEE Xplore]
  • ProofBook: An Online Social Network Based on Proof-of-Work and Friend-Propagation with S. Biedermann, N. P. Karvelas, S. Katzenbeisser, and T. Strufe
    40th International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2014), January 2014, Novy Smokovec, Slovakia
  • Privacy Preserving Whole Genome Sequence Processing through Proxy-Aided ORAM with N. Karvelas, S. Katzenbeisser, E. Tews, and K. Hamacher
    13th Annual ACM Workshop on Privacy in the Electronic Society (WPES 2014), November 2014, Scottsdale, Arizona, USA

PhD Students

  • Joris Cramwinckel (Mar 2018 - ongoing) [external: University of Amsterdam]
    Topic: Blockchain Applications for Pensions (with Marc Francke)
  • Thijs van Ede (Feb 2018 - ongoing)
    Topic: Adaptive Application Fingerprinting for Intrusion Detection
  • Philipp Jakubeit (Nov 2017 - ongoing)
    Topic: Decentralized Identity Management (with Jaco van de Pol)
  • Herson Esquivel-Vargas (Nov 2016 - ongoing)
    Topic: Security & Privacy in Building Automation Systems
  • Valeriu Stanciu (Jan 2016 - ongoing) [external: University Politehnica of Bucharest, Romania]
    Topic: Privacy-Preserving WiFi-Tracking for Crowd Management (with Maarten van Steen)
  • Tim van de Kamp (Feb 2015 - ongoing)
    Topic: Critical Infrastructure Protection through Cryptographic Incident Management
  • Riccardo Bortolameotti (Oct 2014 - ongoing)
    Topic: Determining and Reducing the Impact of Data Breaches
    Awards: Best Poster Award at 1st Cyber Security Workshop in the Netherlands (2015)
  • Bence Gabor Bakondi (Mar 2014 - ongoing)
    Topic: Trusted Healthcare Services (with Willem Jonker)
    Awards: Best Poster and Best Presentation Award at ICT.Open 2016
  • Christoph Bösch (finished on January 21, 2015)
    Topic: Practically Efficient Searchable Encryption and Applications (with Willem Jonker and Pieter Hartel)
  • Arjan Jeckmans (finished on February 5, 2014)
    Topic: Cryptographically-Enhanced Privacy for Recommender Systems (with Pieter Hartel)

Master Students

  • David Stritzl (ongoing): Analysis and Improvement of the MA3TCH Algorithm
  • Fedor Beets (ongoing): Privay-Preserving Smart Contracts for Rental Services on the Blockchain
  • Mario Vuolo (ongoing): Flow-Based Detection of Data Breaches
  • Anirudh Ekambaranathan (ongoing): Lattice-Based Functional Encryption
  • Thijs van Ede (graduated Dec 15, 2017): Detecting Adaptive Data Exfiltration in HTTP Traffic
  • Alex Shyvakov (graduated Aug 24, 2017): Developing a Security Framework for Robots
  • Ikram Ullah (graduated Nov 28, 2016): Detecting Lateral Movement Attacks through SMB using BRO
  • Pallavi Jagannatha (graduated Nov 28, 2016): Automatic Intensive Data Mining around Security Incidents
  • Dennis Schroer (graduated Nov 23, 2016): End-to-End Encryption using Attribute Based Encryption in Healthcare
  • Yannis Koukoulis (graduated Sep 30, 2016): Dual Location Laser Fault Injection
  • Herson Esquivel-Vargas (graduated Sep 26, 2016): Automatic Deployment of Specification-based Intrusion Detection in the BACnet Protocol
  • Joep Peeters (graduated Aug 26, 2016): Fast and Accurate Likelihood Ratio Based Biometric Comparison in the Encrypted Domain
  • Uraz Seddigh (graduated Aug 25, 2016): Bring Your Own Authentication/Authenticator Security in Physical Access Control Systems
  • Van Huynh Le (graduated Aug 23, 2016): Analyzing White-Box Designs for Differential Computation Analysis Resistance
  • Simon de Vries (graduated Aug 11, 2016): Achieving 128-Bit Security Against Quantum Attacks in OpenVPN
    KHMW Internet Scriptieprijs 2016, ENIAC Best Master Thesis Award 2015/2016
  • Moritz Müller (graduated Aug 14, 2015): SIDEKICK: Suspicious Domain Classification in the .nl Zone
    KHMW Internet Scriptieprijs 2015
  • Ines Carvajal Gallardo (graduated Jul 31, 2015): Privacy-Preserving DNA-Based Social Recommender
  • Getachew Mulualem (graduated Mar 3, 2015): Compression and Encryption for Satellite Images
  • Rick van Galen (graduated Nov 28, 2014): Design and Feasibility of Peer-to-Peer Mobile Payment Systems
  • Cristian Staicu (graduated Aug 28, 2014): Lightweight Public-Key Cryptography
  • Felix Günther (graduated Mar 19, 2013): Privacy-Preserving Participatory Sensing with Data Aggregation

Current Projects

CRIPTIM - CRitical Infrastructure Protection Through cryptographic Incident Management


Critical Infrastructure Protection (CIP) mechanisms are commonly based on complex models of interdependencies between the many operators in our critical infrastructure. Particularly due to the rapid emergence of new cyber-threats, the sharing of incident information is indispensable for the functioning of such mechanisms. However, the high sensitivity of this information prevents operators from sharing it.

CRIPTIM introduces the new paradigm of "cryptographic incident management" for CIP that ensures data confidentiality with cryptographic guarantees, thereby reducing the operators' fears of information leakage. The underlying idea is to monitor and analyze incident data in the encrypted domain, while an alarm is set off only when a certain failure or alarm state is detected. The subsequent alarm resolution is facilitated through novel access control mechanisms for the selective disclosure of alarm-related information. CRIPTIM realizes this paradigm by developing novel custom-tailored cryptographic techniques in Secure Multiparty Computation, Homomorphic- and Functional Encryption, as well as Oblivious RAM. The intended technology will, for the first time, allow external parties, like intelligence agencies, to feed threat-related topsecret information into the monitoring system which may be the missing piece for the early detection of potentially major disasters. CRIPTIM sets the foundations for this innovative approach to CIP and contributes to an effective and confidential incident management that leads to a more secure and reliable critical infrastructure.



In the last few years, data breaches are constantly on the front pages of major newspapers. Cyber criminals, hacktivists or state-sponsored groups are compromising the networks of companies in order to steal their assets, which span from customer data, intellectual properties, or secret documents. These attacks do not only affect the companies' businesses but also their customers and potentially their lives. For instance, a customer can be victim of identity fraud once his data has been leaked to criminals. Governments and lawmakers recognize the problem and recently approved the first legal obligations for companies regarding these incidents. Nonetheless, companies lack of many technical solutions to deal with these attacks.

#BREACHED focuses on filling the technological gap that companies face when dealing with data breaches. The goal of this project is to create innovative technical solutions that deal with different aspects of such threats. The technologies proposed in this project will allow companies to better protect themselves even in case the attacker is very powerful. The aspects touched by the project span from the prevention of a data breach to the evaluation of its consequences and severity.

BASS - Building Automation Systems Security and Privacy


Building Automation Systems (BASs) are one of the applications of the “Internet of Things” (IoT). Millions of people work and live in smart buildings around the world. BASs have steadily grown because of two reasons: (1) the convenience of process automation (e.g. energy management, access control, etc.); and (2) the comfort provided to the users (e.g. preferred temperature, lightning, etc.). Sensors and actuators are disseminated throughout the buildings to enable the implementation of BASs. Building inhabitants may not be aware of the presence of such devices even though they closely interact with them every day.

The communication between BAS devices used to have its own protocol stack, from the physical to the application layers. Modern BASs, however, use the communications infrastructure that is usually already in place (Local Area Networks). Moreover, this approach enables remote management and monitoring. Unfortunately, it also enables cyberattacks from remote locations. People's safety and privacy could be compromised with BASs that are connected to computer networks. To overcome these problems, the BASS project studies the security and privacy issues in modern building automation systems and develops dedicated protection mechanisms, such as tailored privacy-enhancing technologies and network-based intrusion detection systems.

THeCS - Trusted HealthCare Services


Now that e-Health (electronic health services over the internet) is becoming available there is considerable concern about privacy and security of all that data that we share or submit. The lack of trust was the reason for the Dutch Senate not to pass the bill for the proposed nationwide Electronic Patient Records system even though many millions were spent building the system. But it is not only with nationwide systems; in every communication regarding our health we want our data to be secure.

The THeCS project addresses security, privacy and trust as the key issues in adoption of novel e-Health services, which have great potential to improve healthcare and decrease cost. However, trust privacy and security are seen as roadblocks for wider adoption of these services. In this project we develop mechanisms to solve these privacy and security issues.

Short CV

  • 2008: Master of Advanced Study in mathematics (M.A.St.), University of Cambridge (UK)
  • 2009: Diploma in mathematics (minor subject: computer science), Carl-von-Ossietzky Universität Oldenburg (D)
  • 2009 - 2013: Research assistant at the Computer Science Department, Technische Universität Darmstadt (D)
  • 2013: Ph.D. in computer science, Technische Universität Darmstadt (D)
  • 2013 - 2014: Post-doc in the Distributed and Embedded Security group, University of Twente (NL)
  • since 2014: Assistant Professor (tenure track) in the Services, Cybersecurity and Safety group, UTwente (NL)