
Job Doesburg
PhD candidate, based in Nijmegen, the Netherlands.
PhD candidate, based in Nijmegen, the Netherlands.
As a PhD candidate at the Radboud University Nijmegen working for the Institute for Computing & Information Sciences (iCIS) at the Department of Software Science, I am working for the Dutch National Education Lab for Artificial Intelligence (NOLAI). Together with Bernard van Gastel and Erik Poll, we form the Sustainable Data focus area of NOLAI. In particular, I am interested in the privacy and security of data processing in complex systems. With sustainability consisting of three pillars: environmental, economic and social sustainability, this typically falls under social sustainability, or responsible data processing. A significant part of my research is centred around PEP cryptography (Polymorphic Encryption and Pseudonymization). Additionally, in the tech team of NOLAI with Julian van der Horst and Harm van Stekelenburg, we try to develop prototypes of responsible AI in education and the supporting (research) infrastructure.
Apart from that, I am interested in all things related to security, privacy and technology in general. I am also very interested in the intersection of these topics with law, politics, ethics, and how technology is used in society. During my bachelor's and master's in cybersecurity, I worked on the Yivi (formerly called IRMA) attribute-based credential system, a self-sovereign identity (SSI) wallet.
Besides that, I have a lot of experience with graphic design. I am also a freelance web developer, and I am always working on a few (hobby) projects. Whenever I find the time (and guests) for it, I like cooking a lot. I also play rugby (front row) at NSRV Obelix and like to go to the gym (or even go for an occasional run).
As a PhD candidate, I regularly get some interesting ideas for thesis projects for both bachelor and master students at Radboud University. If you are interested in one of these projects, or if you have your own idea, please feel free to contact me.
Normal end-to-end encrypted chat apps (e.g. Signal, WhatsApp) use box encryption to encrypt messages: the message is encrypted with a symmetric key, and the symmetric key is encrypted for each recipient with their public key. This is secure but requires the sender to know the public keys of all recipients in advance. This can be suboptimal in specific situations, such as when connections are not real-time or instable, or when participants can join a group chat at any time and should retroactively receive all messages sent before they joined (e.g. Teams, Slack). In such, more corporate, environments, you may also want to centrally monitor and control which messages are decrypted by whom, but still want to keep the messages encrypted in transit and at rest. This can be achieved with a central server that is able to rekey (but not decrypt) messages. This leads to a novel form of end-to-end encrypted messaging. The idea of this project is to implement a proof-of-concept of this idea and explore the benefits and drawbacks.
Software applications are often complex and consist of multiple components that communicate with each other. To debug and monitor these applications, it is often necessary to trace the flow of data and events through the different components, possibly hosted by different parties. This can be done using distributed tracing, which allows developers to see how requests are processed across different services. However, these traces can lead to privacy problems as they allow for linking data and events between services. To address this, we propose a pseudonymous distributed tracing system that uses n-PEP encrypted pseudonyms to trace events between components. The idea of this project is to explore the possibilities of this approach and to implement a proof-of-concept for a real-world use case.
In many applications, users need to authenticate themselves. This is often done using a centralized authentication server (identity provider or IdP) that stores user credentials, verifies their identity and provides the application with the user's identity. Often, however, the application (service provider or SP) does not need to know the user's full identity but only a partial identity specific to that application. Pseudonymous authentication is a way to achieve this. This can be implemented both decentrally (e.g. using self-sovereign identity or digital identity wallets) and centrally (e.g. using a centralized IdP). The n-PEP cryptography scheme can be used to achieve this. The idea of this project is to explore the possibilities of this approach and to implement this in existing centralized authentication systems and protocols, like SAML or OIDC, and/or in decentralized systems/protocols, like Yivi.
Revocable privacy is a concept that allows users to be anonymous in a system under normal circumstances, but allows for the revocation of this anonymity under certain conditions. This can be useful in situations where users need to be held accountable for their actions, such as in online communities, to prevent illegal activities or implement basic system properties like preventing double spending of electronic money. The n-PEP cryptography scheme may be used to achieve this in simple way based on pseudonymization: users are pseudonymous until a threshold is reached, at which point their pseudonym is revoked and their identity is revealed. The idea of this project is to choose a real-world use case for this approach and to implement a proof-of-concept for this use case.