Pieter Robyns A photo of myself.
A cyber security consultant and researcher

Hi, I'm Pieter. I am a cyber security consultant and researcher who is interested in wireless security, network security, privacy, machine learning, and cryptography. One of my main goals is to connect these worlds in order to discover new security issues and ways to mitigate them. Besides my work and research, I enjoy playing the guitar, producing electronic music, and spending time on my secret hobby projects.

pieter.robyns at outlook dot com
robyns.me

Selected projects

5GSniffer
c++
5G Sniffer

5GSniffer is a free and open-source 5G Physical Downlink Control Channel (PDCCH) blind decoder. The tool decodes the PDCCH of a specific 5G base station (gNB), which contains the Downlink Control Information (DCI). This reveals the Radio Network Temporary Identifiers (RNTIs) that are present in the cell, as well as other information enabling traffic analysis.

emma
python
ElectroMagnetic Mining Array

EMMA is a framework for capturing and attacking traces of electromagnetic radiation emitted by an electronic device, in order to obtain encryption keys or other sensitive data. It was used to attack a protected AES implementation in my paper published at CHES 2019.

gr-lora
python
c++
GNU Radio blocks for decoding LoRa signals

LoRa is a novel modulation scheme for low power, long range, and low bandwidth machine-to-machine communications that has recently gained popularity in the wireless community. The goal of the gr-lora project is to provide GNU Radio blocks that can decode these LoRa messages on the physical layer using Software Defined Radios (SDRs).

PEAPwn
python
A proof-of-concept implementation of the PEAP / LEAP relay attack

PEAPwn is a proof-of-concept implementation of the PEAP / LEAP relay attack introduced in my paper. It uses a modified version of wpa_supplicant to establish a PEAP or EAP-TTLS session with the target Authentication Server, and a Python script to exploit several vulnerabilities in iOS < 8 and the MSCHAPv2 protocol.

aggr-inject
python
A proof-of-concept for the A-MPDU PIP attack

Proof-of-concept of a remote frame injection vulnerability that was introduced in the 802.11n Wi-Fi standard and discussed in my paper. It is demonstrated how the A-MPDU aggregation mechanism can be exploited to perform a Packet-in-Packet (PIP) attack.

Other projects on my Github

Publications

Norbert Ludant, Pieter Robyns, Guevara Noubir. From 5G Sniffing to Harvesting Leakages of Privacy-Preserving Messengers. Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP). San Francisco, CA, USA. DOI: https://doi.ieeecomputersociety.org/10.1109/SP46215.2023.00110. 2023.
Pieter Robyns, Mariano Di Martino, Dennis Giese, Wim Lamotte, Peter Quax, Guevara Noubir. Practical Operation Extraction from Electromagnetic Leakage for Side-Channel Analysis and Reverse Engineering. Proceedings of the 13th ACM Conference on Security & Privacy in Wireless and Mobile Networks. Linz (Virtual Event), Austria. DOI: https://doi.org/10.1145/3395351.3399362. 2020. [pdf]
Pieter Robyns. Ph. D. Thesis: Explicit and Implicit Information Leakage in Wireless Communication. Ph. D. thesis at Fonds voor Wetenschappelijk Onderzoek (1S14918N) and Hasselt University. Diepenbeek, Belgium. 2019. [pdf]
Mariano Di Martino, Pieter Robyns, Winnie Weyts, Peter Quax, Wim Lamotte, Ken Andries. Personal Information Leakage by Abusing the GDPR "Right of Access". Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS). Santa Clara, CA, USA. 2019. [pdf]
Pieter Robyns, Peter Quax, Wim Lamotte. Improving CEMA using Correlation Optimization. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES). Atlanta, USA. DOI: https://doi.org/10.13154/tches.v2019.i1.1-24. 2019 (1), 1-24. [pdf]
Mariano Di Martino, Pieter Robyns, Peter Quax, Wim Lamotte. IUPTIS: A Practical, Cache-resistant Fingerprinting Technique for Dynamic Webpages. Proceedings of the 14th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST. Seville, Spain. DOI: http://dx.doi.org/10.5220/0007226501020112. 2018. [pdf]
Pieter Robyns, Peter Quax, Wim Lamotte, William Thenaers. A Multi-Channel Software Decoder for the LoRa Modulation Scheme. Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security. Madeira, Portugal. DOI: 10.5220/0006668400410051. 2018. [pdf]
Pieter Robyns, Eduard Marin, Wim Lamotte, Peter Quax, Dave Singelée and Bart Preneel. Physical-Layer Fingerprinting of LoRa devices using Supervised and Zero-Shot Learning. Proceedings of the 10th ACM Conference on Security & Privacy in Wireless and Mobile Networks. Boston, MA, USA. DOI: 10.1145/3098243.3098267. 2017. [pdf]
Pieter Robyns, Peter Quax, and Wim Lamotte. Opinion: PHY-Layer Security is no Alternative to Cryptography. Proceedings of the 10th ACM Conference on Security & Privacy in Wireless and Mobile Networks. Boston, MA, USA. DOI: 10.1145/3098243.3098271. 2017. [pdf]
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte. Non-cooperative 802.11 MAC layer fingerprinting and tracking of mobile devices, Security and Communication Networks. Hindawi. DOI: 10.1155/2037. 2017. [pdf]
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte. Assessing the Impact of 802.11 Vulnerabilities using Wicability. Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. Darmstadt, Germany. 2016. [pdf] [poster]
Pieter Robyns, Peter Quax and Wim Lamotte. Injection Attacks on 802.11n MAC Frame Aggregation. Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. New York, NY, USA. 2015. [pdf] [errata]
Pieter Robyns, Bram Bonné, Peter Quax and Wim Lamotte. Short Paper: Exploiting WPA2-enterprise Vendor Implementation Weaknesses Through Challenge Response Oracles. Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks. Oxford, United Kingdom. 2014. [pdf]
Pieter Robyns. Master's Thesis: Wireless Network Privacy. Master's thesis at Hasselt University. Diepenbeek, Belgium. 2014. [pdf]

Certifications

GIAC Security Essentials Certification (GSEC)GIAC Certified Incident Handler (GCIH)GIAC Assessing and Auditing Wireless Networks (GAWN)GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)GIAC Mobile Device Security Analyst (GMOB)
GIAC Certified Intrusion Analyst (GCIA)GIAC Assessing and Auditing Wireless Networks (GAWN)

Experience

FWO
PhD fellow at Research Foundation Flanders (FWO) and Hasselt University
Since January, 2016 (current)
  1. Performed research related to computer security and privacy with a focus on wireless security, machine learning, software defined radio, side channel attacks, and embedded security under the FWO Strategic Basic Research (SBO) grant.
  2. Published and presented papers in several reputed international conferences and academic journals, such as ACM WiSec, CHES, IoT BDS, Security and Communication Networks, and SOUPS. Some of these works were also presented at non-academic conferences, such as FOSDEM 2018 and FOSDEM 2019.
  3. Reviewed academic works of others for the IEEE Internet of Things Journal and the ACM WiSec poster sessions.
  4. Assisted in the creation and teaching of cyber security related courses at Hasselt University, and guiding students during their course projects, lab assignments, bachelor's thesis, and master's thesis.
  5. Published all of my research and code to the public domain, resulting in over 15 new open-source projects and 3 open datasets on Github.
Hasselt University
PhD student at Hasselt University
September, 2014 - December, 2015
  1. Extended master thesis to look for vulnerabilities in 802.1X EAP methods (WPA2-Enterprise) and other authentication protocols, such as WPS.
  2. Researched privacy related weaknesses in the 802.11 (Wi-Fi) standard, including amendments such as 802.11n, 802.11ac, 802.11u, and others.
  3. Participated in several Coursera courses, and performed a broad literature study of digital signal processing with SDRs (using GNU Radio), the GSM protocol, and machine learning.
  4. Assisted in guiding students during their course projects, lab assignments and thesis.
Hasselt University
Job student at Hasselt University
August, 2014

Performed an audit of the security of uhasselt.be for all publicly accessible pages and pages accessible by students. Topics covered include the discovery of hidden content, security of client side controls (SQLi, XSS, LDAP injection, ...), password and authentication security, random number generator entropy analysis, multi-stage form security, session management, access controls, and basic server application security.

CERN
Summer student at CERN
July, 2013 - September, 2013
  1. Developed manageability tools for EOS, a multi petabyte disk storage system used by physicists of all 4 LHC experiments.
  2. EOS quota visualization using Google Chart API and Python.
  3. EOS permission check: syntax checking of ACL attributes and correcting dangerous permissions by analyzing large metadata files (~5 GB).
  4. Hadoop file history view, 'grep-like' search and long term log file archival (~50 GB).

A report can be found here (pdf).

Education

Hasselt University
Hasselt University
2014 - 2020

Ph. D. degree, Doctor of Science, with congratulations of the jury

Ph. D. thesis: Explicit and Implicit Information Leakage in Wireless Communication

Hasselt University
Hasselt University
2012 - 2014

Master's degree, Computer Science: Multimedia, Magna Cum Laude

Master's thesis: Wireless Network Privacy

Hasselt University
Hasselt University
2009 - 2012

Bachelor's degree, Information and Communications Technology (ICT), Cum Laude

Bachelor's thesis: Latency Hiding in Networked Virtual Environments (Dutch)

Teaching

  • Advanced Topics in Network Security (3490)
    [study guide]
  • Basics of Network Security (3489)
    [study guide]
  • Security and computer networks (2178)
    [study guide]
  • Students
    • Mariano Di Martino, Social Profiling of Users through Information Leakages, Master's thesis, 2018
    • Jef Timmermans, Locally Secured Cloud Backup, Bachelor's thesis, 2016
    • Rick Habets, Bots in the Beehive, Bachelor's thesis, 2015

Honors and awards

  • WiSec poster session chair (2020)
    Served as a poster session chair at the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks.
  • IoTBDS session chair (2018)
    Served as a session chair at the 3rd International Conference on Internet of Things, Big Data and Security.
  • BELCLIV Award for best thesis in ICT security (2014)
    Award granted by BELCLIV for my Master's thesis 'Wireless Network Privacy'. BELCLIV is an organisation that promotes initiatives which aim to improve information and network security.
  • Master Award for Computer Science (2013)
    A yearly award given by Hasselt University to a student with admirable achievements.

Press

Miscellaneous

Languages

Natural languages

Dutch
Native
English
Excellent
French
Average
German
Basic

Programming languages

Excellent knowledge of

Python
C
C++

Very good knowledge of

Java
Javascript
HTML
CSS
SQL
C#
LaTeX

Average knowledge of

Rust
Kotlin
PHP
Matlab

Basic knowledge of

Bash
Verilog
Actionscript

Social

  • In 2011 - 2012 I was president of the student fraternity 'Filii Lamberti', which organizes events for students such as the 'Intro TD', 'Filii Comedy Night', 'Jungle Love TD', and a debate at the university featuring speakers from IBM.
  • During my time as a student at Hasselt University, I was a member of the student council. It was our task to provide feedback to the university staff about the quality of courses, infrastructure, and exams.
  • I've played the guitar in a band called 'I, The Current'. The name is a reference to other bands in the genre such as 'I, The Breather'. At the same time, 'I' is also the symbol for current intensity.