Secure Computation Laboratory

Professor Marten van Dijk

Advertisment

Marten van Dijk

Professor
Office: Rm. ITE 4-33
Electrical and Computing Engineering, University of Connecticut Storrs-Mansfield, CT 06269
marten.van_dijk@uconn.edu

Research Interests

I am a system security researcher, who investigates and develops new techniques targeting the solution of foundational security problems. In recent years, I have focused on making cloud computing (which includes outsourcing data and workloads to external servers / data center) safe for its users. Towards this aim, I use my strong background in theory (cryptography, algorithms, statistics) with my understanding of computer system architecture to design and build deployable systems that are trustworthy from the user’s perspective.

My general interests are in computer architecture, computer system design, data center infrastructure, cryptology, algorithms and other related fields such as information theory, game theory and machine learning.

Google Scholar
dblp: Computer Science Bibliography

Secure Computation Lab (SCL)

In fall 2013 I started as Associate Professor in the Electrical and Computing Engineering (ECE) department at UConn. My research group grew from one PhD student in spring 2014, to 3 PhD students in fall 2014, to 4 PhD students + 1 MSc student in spring 2015. In fall 2015 and in spring 2016 a 5th and 6th PhD student started. In spring and summer 2016 the secure computation lab has been strengthened with two postdocs.

SCL has grown fast and even though the student group is mainly junior we are now in the process of finalizing and writing several papers to be submitted to related top conferences or journals.

Education

  • Eindhoven University of Technology, PhD in Mathematics, the Netherland, 1997( link).
  • Eindhoven University of Technology, M.S. in Mathematics, Cum Laude, the Netherlands, 1993.
  • Eindhoven University of Technology, M.S. in Computer Science, Cum Laude, the Netherlands, 1991.

Professional Experience

  • Professor, ECE Department, University of Connecticut, 2018 – present
  • Charles H. Knapp Associate Professor, ECE Department, University of Connecticut, 2016 – 2017
  • Associate Professor, ECE Department, University of Connecticut, 2013 – 2015
  • Research Scientist, MIT Computer Science and Artificial Intelligence Laboratory, 2013
  • Consultant Research Analyst (a level higher than Principal and Senior Research Scientist), RSA Laboratories, 2010 - 2012
  • Research Scientist, MIT Computer Science and Artificial Intelligence Laboratory, 2005 - 2010
  • Visiting Research Scientist at MIT CSAIL, Philips Research Laboratories, the Netherlands, 2001 - 2005
  • Research Scientist, Digital Signal Processing group, Philips Research Laboratories, the Netherlands, 1996
  • - 2005
  • Cryptology Research Associate, Chinese University of Hong Kong, 1996

Teaching Experience

  • Lecturer ``Secure Computation and Storage (ECE 6095 / CSE 5095)'', Spring 2016
  • Lecturer ``Microprocessor Application Lab (ECE 3411)'', Fall 2015
  • Lecturer ``Natural Computing (ECE 6095)'', Spring 2015
  • Lecturer ``Numerical Methods in Scientific Computing (ECE 3431 / CSE 3802)'', Fall 2015
  • Lecturer ``Microprocessor Application Lab (ECE 3411)'', Spring 2014
  • Recitation instructor ``Computer System Engineering (6.033)'' at MIT, Spring 2013
  • Lecturer ``Mathematics for Computer Science (6.042)'' at MIT, Fall 2010
  • Lecturer ``Design and Analysis of Algorithms (6.046)'' at MIT, Spring 2009
  • Lecturer ``Mathematics for Computer Science (6.042)'' at MIT, Fall 2008
  • Recitation instructor ``Computer System Engineering (6.033)'' at MIT, Spring 2008
  • Teaching assistant ``Introduction to Algorithms (6.046)'' at MIT, Spring 2007
  • Teaching assistant ``Introduction to Algorithms (6.046)'' at MIT, Fall 2005

Paper Awards

A. Richard Newton Technical Impact Award in Electronic Design Automation, 2015 (in recognition of B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Silicon physical random functions,” in the Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS'02), 2002)

”AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing” (by G.E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, published in the Proceedings of the 17th Annual ACM International Conference on Supercomputing (ICS'03), 2003) selected for inclusion in the ”25 years of International Conference on Supercomputing”, 2014

CCS Best Student Paper Award (one of 3), 2013 (for E. Stefanov, M. van Dijk, E. Shi, C.W. Fletcher, L. Ren, X. Yu, and S. Devadas, “Path ORAM: An Extremely Simple Oblivious RAM Protocol,” in the Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2013)

NYU-Poly AT\&T Best Applied Security Paper Award, 3rd place, 2012 (for E. Stefanov, M. van Dijk, A. Oprea and A. Juels, “Iris: A scalable cloud file system with efficient integrity checks,” ACSAC'12, 2012)

Nominated for best paper award Eurocrypt'10 (one of 3), 2010 (M. van Dijk, C. Gentry, S. Halevi and V. Vaikuntanathan, Fully homomorphic encryption over the integers, Eurocrypt 2010, 24-43, 2010)

Reprint of "Optical Disc System for Digital Video Recording" by T. Narahara, S. Kobayashi, M. Hattori, Y. Shimpuku, G.J. van den Enden, J.A.H.M. Kahlman, M. van Dijk, and R. van Woudenberg, Jpn. J. Appl. Phys. Vol.39, 2000, in the book “Origins and Successors of the Compact Disc Contributions of Philips to Optical Storage” as a result of the IEEE Milestone in Electrical Engineering and Computing dedicated to Philips for the development of the compact disc audio player, 2009

ACSAC'02 outstanding student paper award, 2002 (for B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Controlled Physical Random Functions,” in the Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC'02), best student paper award, 149-160, 2002)

Funding Awards

NSF Frontier, “A Modular Approach to Cloud Security,” $10M, 2014-2019. PIs: Ran Cannetti (overall lead PI, BU), Jonathan Appavoo (BU), Azer Bestravous (BU), Srini Devadas (MIT), Marten van Dijk (lead PI for UConn, share $801K), Sharon Goldberg (BU), Shafi Goldwasser (MIT), Frans Kaashoek (MIT), George Kollios (BU), Orran Krieger (BU), Daniel Wichs (Northeastern University), Vinod Vaikuntanathan (MIT), Nickolai Zeldovitch III (MIT)

MURI – AFOSR (Air Force Office of Scientific Research), “Development of Universal Theory for Evaluation and Design of Nanoscale Devices,” $7.5M, 2014-2019. PIs: Mark Tehranipoor (overall lead PI, UF), Marten van Dijk (lead PI for UConn), Domenic Forte (UF), Ali Gokirmak (UConn), Farinaz Koushanfar (UCSD), Gang Qu (UMD), Helena Silva (UConn), Ankur Srivastava (UMD).

Comcast Center for Excellence, “Embedded System Authentication and New Authentication techniques,” $70K plus an additional $32K of fellowship, 2016 (with roll-over). PI Marten van Dijk.

Comcast Center for Excellence, $195K plus an additional $95K of fellowship, 2015 (with roll-over), split in equal amounts over: (1) “KuMdo: A Key Management Toolbox for Minimizing Business Risk,” PIs Marten van Dijk (lead PI), Alexander Russell; (2) “Supply Chain Management,” PI Marten van Dijk; (3) “User and Embedded System Authentication,” PI Marten van Dijk.

UTRC (United Technologies Research Center), “Tagged Architectures for Hardware Trojan Detection,” $25K, 2014-2015. PI: Marten van Dijk

CHASE (Center for Hardware Assurance and Security Engineering sponsored by Honeywell, Comcast, and MDA), “Gideon: A High Performance HW Interface for Guaranteed Detection of Executed Injected Malicious Code,” $100K, 2013-2015. PIs: Marten van Dijk (lead PI), Omer Khan.

NSF, “Applications and Evolution of TPM Technology,” $500K, 2007-2010. PIs: Srini Devadas (lead PI), Marten van Dijk, Luis Sarmenta.

Other Awards

Charles H. Knapp Associate Professorship, Electrical and Computing Engineering Department, University of Connecticut, 2016

Faculty Research Award, Electrical and Computing Engineering Department, University of Connecticut, 2015

Research Highlights before SCL

  1. Physical Unclonable Functions
  2. Secure Processor Architectures
  3. Fully Homomorphic Encryption
  4. Authenticated File System with Dynamic Proofs of Retrievability
  5. Error Correcting Codes for Blu-ray Disc
  1. Physical Unclonable Functions

    Blaise Gassend, Dwaine Clarke, and Marten van Dijk under leadership of Prof. Srini Devadas at MIT were the first to recognize that manufacturing variation could be used to not just identify, but to authenticate, individual integrated circuits. They coined the term Physical Unclonable Functions (PUFs) and invented silicon PUFs. The notion of authenticating a complex physical system using a challenge-response protocol predates silicon PUFs and was used to authenticate nuclear weapons using optical imaging decades ago; this notion was rediscovered and formalized by Pappu et al in 2001. Silicon PUFs are the first PUFs to have integrated measurement circuitry (unlike the prior optical PUFs which require external measurement or imaging equipment). Silicon PUFs also have the tremendous advantage over optical PUFs of being implementable in commodity silicon, implying that they can be integrated with digital processing logic and used to build secure integrated circuits and secure processors. There are two major advantages of silicon PUFs over conventional security solutions: First, the lightweight nature of silicon PUFs lends itself to low-cost authentication without the use of conventional cryptography. Second, PUFs can be used to generate volatile keys that only exist when the chip is powered up. Unlike conventional cryptographic hardware keys that are stored in non-volatile memory, the fact that the keys disappear when power is turned off makes for stronger physical security. These two advantages have resulted in academic, industrial and commercial impact. The paper on silicon PUFs [1] received the 2015 ACM/IEEE A. Richard Newton Technical Impact Award in Electronic Design Automation. The team also introduced controlled PUFs [2] which can be used as an alternative to public-key cryptography assuming error correction is used to stabilize PUF outputs and can be used to tie program execution to a particular device using PUFs.

    The paper on Controlled PUFs [2] received the Best Student Paper award at ACSAC 2002.

    [1] Gassend, B., D. Clarke, M. van Dijk and S. Devadas, “Silicon Physical Random Functions”, 9th Computer and Communication Security Conference, November 2002.
    [2] Gassend, B., D. Clarke, M. van Dijk and S. Devadas, “Controlled Physical Random Functions”, 18th Annual Computer Security Applications Conference, 2002.

  2. Secure Processor Architectures

    Edward Suh, Blaise Gassend, Dwaine Clarke, and Marten van Dijk under leadership of Prof. Srini Devadas at MIT have made pioneering contributions to the security of hardware systems and architectures resulting in the first single-chip secure processor Aegis on an FPGA by developing hardware mechanisms so a processor can execute programs in a private and authentic way even with untrusted external memory [3]. Aegis was the first processor to include memory integrity verification to protect against replay attacks on memory in addition to encryption of memory data. This meant that external memory could be completely untrusted and computation remains secure even if an adversary can actively tamper with external memory contents. Unlike the famous IBM 4758 system where the processor and memory had to be housed together in a tamper-resistant package, Aegis showed that a single chip could be the hardware trusted computing base. Intel SGX, a commercial secure processing effort within Intel with an associated product, has been announced and closely follows the security model of [3] with untrusted system software and untrusted memory.

    The paper on Aegis [3] was included in the International Conference on Supercomputing (ICS) 25th Anniversary Volume, 2014, which recognizes the most influential papers published in ICS between 1987- 2011 (35 papers selected out of 1800 published).

    [3] Suh, E. G., D. Clarke, B. Gassend, M. van Dijk and S. Devadas, “AEGIS: Architecture for Tamper- Evident and Tamper-Resistant Processing”, 17th International Conference on Supercomputing, June 2003.

  3. Fully Homomorphic Encryption

    Instead of basing secure computation on a trusted computing base in hardware, secure computation can be based on cryptographic hardness assumptions alone. A first solution to this long time open problem was developed by Craig Gentry in 2010; he showed how to construct a so-called Fully Homomorphic Encryption (FHE) scheme which allows a Boolean function evaluation over cipher texts to correspond to a cipher text which represents an encryption of the same Boolean function evaluation over the plain texts. Together with C. Gentry, S. Halevi and V. Vaikuntanathan at IBM, Marten van Dijk published the second FHE scheme [4] called “FHE over the integers” which involves simple modular arithmetic and which turns out to be easily explained to students.

    The paper on FHE over the integers [4] was nominated (1 out of 3) for best paper award at Eurocrypt 2010.

    [4] van Dijk, M., C. Gentry, S. Halevi and V. Vaikuntanathan, “Fully Homomorphic Encryption over the Integers”, Eurocrypt 2010.

  4. Authenticated File System with Dynamic Proofs of Retrievability

    While working at RSA, Marten van Dijk played a prominent role in the research leading to Iris [5], a practical, authenticated file system designed to support workloads from large enterprises storing data in the cloud and to be resilient against potentially untrustworthy service providers. As a transparent layer enforcing strong integrity guarantees, Iris lets an enterprise tenant maintain a large file system in the cloud. In Iris, tenants obtain strong assurance not just on data integrity, but also on data freshness, as well as data retrievability in case of accidental or adversarial cloud failures. Iris offers an architecture scalable to many clients (on the order of hundreds or even thousands) issuing operations on the file system in parallel. Iris includes novel erasure coding techniques for efficient support of dynamic Proofs of Retrievability (PoR) protocols over the file system. Iris demonstrates that strong integrity protection in the cloud can be achieved with minimal performance degradation.

    Iris [5] received the 2012 NYU-Poly AT&T Best Applied Security Paper Award, 3rd place.

    [5] Stefanov, E., M. van Dijk, A. Oprea and A. Juels, “Iris: A Scalable Cloud File System with Efficient Integrity Checks”, ACSAC’12, 2012

  5. Error Correcting Codes for Blu-ray Disc

    Marten van Dijk is the lead inventor of the error correcting codes accepted in the digital video recording standard for Blu-ray disc.(see also US patents 6,367,049 and 7,103,829) The picket code [6] is a smart interleaving of two flavors of Reed-Solomon (RS) code words; a weakly protected, high rate code, and a strongly protected, low rate code. The “strong” code word symbols are dispersed as “pickets” among the vast amount of “weak” code word symbols. The strong code structure is used to correct all pickets. If consecutive pickets in the interleaving structure are found to be in error, all the symbols in between are likely affected by a burst error. This is used to assign erasures in the weak code words. Since the minimum erasure decoding distance is twice the minimum error correcting distance, the weak code structure becomes strong enough to decode all weak code word symbols. The picket code has a high information rate compared to a classical interleaved RS code with the same error correcting capability.

    [7] was reprinted in the book “Origins and Successors of the Compact Disc Contributions of Philips to Optical Storage”, published in 2009 as a result of the IEEE Milestone in Electrical Engineering and Computing dedicated to Philips for the development of the compact disc audio player.

    [6] Coene, W., H. Pozidis, M. van Dijk, J. Kahlman, R. van Woudenberg and B. Stek, “Channel Coding and Signal Processing for Optical Recording Systems Beyond DVD”, IEEE Trans. on Magn., Vol.37 (2001), Issue 2, Part 1, 682-688, 2001. 30 citations.
    [7] Narahara, T., S. Kobayashi, M. Hattori, Y. Shimpuku, G.J. van den Enden, J.A.H.M. Kahlman, M. van Dijk and R. van Woudenberg, “Optical Disc System for Digital Video Recording”, Jpn. J. Appl. Phys. Vol.39 (2000), Part 1, No. 2B, 912-919, 2000.