I’m a PhD student from the ETRO department at the Vrije Universiteit Brussel in Belgium. Our research group, Smartnets, is specialized in Wireless Sensors and Actuator Networks (WSAN) protocols and applications. I focus on the performance of protocols used in Low-Power Wireless Personal Area Networks.

Our research group uses the Contiki-NG operating system to test communication protocols. However, in 2015, the first official version of the Rust programming language was released. Therefore, I implemented the 6LoWPAN IPv6 stack in Rust and added it to the smoltcp crate.

Current projects


Currently participating in the RustIEC VLAIO TETRA project. The goal of the project is to teach Flanders’ companies to be proficient in the Rust programming language. More information about the project can be found here.

NLnet: add support for RPL in smoltcp

In this project I’m adding the Routing Protocol for Low-power and lossy networks (RPL) to the smoltcp library. More information about the project can be found here.


SHA3 and Keccak Variants Computation Speeds on Constrained Devices (2022)

Thibaut Vandervelden, Ruben De Smet, Kris Steenhaut and An Braeken


In 2015, the National Institute of Standards and Technology (NIST) announced Keccak as the new primitive to be used in SHA 3, not replacing but complementing SHA 2. The Keccak primitive, based on a sponge construction, has flexible parameters that can be controlled by the user to fit the needs of the application. However, the SHA 3 standard constrains and predefines the Keccak parameters to be used and thus making its use less flexible.

In this paper we try to understand the influence of these parameters with respect to memory size and throughput, specifically for constrained devices used in the Internet of Things (IoT) where speed and efficiency is important. Apart from evaluations of the code on real devices, a mathematical model is also presented which helps predicting the performance of the Keccak primitive. We also compare the standard functions from SHA 2 with SHA 3 on different platforms.

All implementations of SHA 2, SHA 3 and Keccak are purely written in Rust, since Rust guarantees safe memory manipulation whilst having the same performance as C. Our measurements show that for the software implementations SHA 2 is always faster than SHA 3 on all tested platforms. When only looking at the Keccak construction, Keccak-$f[800]$ always outperforms other permutations based on Keccak-$f$ when the capacity $c$ stays below 276 bits. In addition, Keccak-$f[800]$ has the added advantage of using less flash memory on 32-bit platforms.

DOI: 10.1016/j.future.2021.09.042 to Elsevier

Circuitree: A Datalog Reasoner in Zero-Knowledge (2022)

Tom Godden, Ruben De Smet, Christophe Debruyne, Thibaut Vandervelden, Kris Steenhaut, and An Braeken


Driven by the increased consciousness in data ownership and privacy, zero-knowledge proofs (ZKPs) have become a popular tool to convince a third party of the truthfulness of a statement without disclosing any further information. As ZKPs are rather complex to design, frameworks that transform high-level languages into ZKPs have been proposed. We propose Circuitree, a Datalog reasoner in zero-knowledge. Datalog is a high-level declarative logic language that is generally used for querying. Furthermore, as a logic language, it can also be used to solve logic problems. An application using Circuitree can efficiently generate ZKPs, based on Datalog rules and encrypted data, to prove that a certain conclusion follows from a Datalog ruleset and encrypted input data. Compared to existing frameworks, which generally use their own limited imperative languages, Circuitree uses an existing high-level declarative language. We point out several applications for Circuitree, including EU Digital COVID Certificates and privacy-preserving access control for peer-to-peer (p2p) networks. Circuitree’s performance is evaluated for access control in a p2p network. First results show that our approach allows for fast proofs and proof verification for this application.

DOI: 10.1109/ACCESS.2022.3153366 to IEEE Access

Symmetric-Key-Based Authentication among the Nodes in a Wireless Sensor and Actuator Network (2022)

Thibaut Vandervelden, Ruben De Smet, Kris Steenhaut and An Braeken


To enable today’s industrial automation, a significant number of sensors and actuators are required. In order to obtain trust and isolate faults in the data collected by this network, protection against authenticity fraud and nonrepudiation is essential. In this paper, we propose a very efficient symmetric-key-based security mechanism to establish authentication and nonrepudiation among all the nodes including the gateway in a distributed cooperative network, without communicating additional security parameters to establish different types of session keys. The solution also offers confidentiality and anonymity in case there are no malicious nodes. If at most one of the nodes is compromised, authentication and nonrepudiation still remain valid. Even if more nodes get compromised, the impact is limited. Therefore, the proposed method drastically differs from the classical group key management schemes, where one compromised node completely breaks the system. The proposed method is mainly based on a hash chain with multiple outputs defined at the gateway and shared with the other nodes in the network.

DOI: 10.3390/s22041403 to MDPI

Lightweight PUF based authentication scheme for fog architecture

Ruben De Smet, Thibaut Vandervelden, Kris Steenhaut and An Braeken


Fog computing improves efficiency and reduces the amount of bandwidth to the cloud. In many use cases, the internet of things (IoT) devices do not know the fog nodes in advance. Moreover, as the fog nodes are often placed in open publicly available places, they can be easily captured. Therefore, it should be ensured that even if the key material is leaked from the fog devices, the previously generated session keys and the identity of the devices can be kept secret, i.e. satisfying anonymity, unlinkability, perfect forward secrecy and resistance against stolen devices attack. Such demands require a multi-factor authentication scheme, which is typically done by providing input of the user with password or biometric data. However, in real use case scenarios, IoT devices should be able to automatically start the process without requiring such manual interaction and also fog devices need to autonomously operate. Therefore, this paper proposes a physical unclonable function (PUF) based mutual authentication scheme, being the first security scheme for a fog architecture, capable of providing simultaneously all these suggested security features. In addition, we also show the resistance against other types of attacks like synchronization and known session specific temporary information attack. Moreover, the scheme only relies on symmetric key based operations and thus results in very good performance, compared to the other fog based security systems proposed in literature.

DOI: 10.1007/s11276-020-02491-0 to Springer

CABE: A Cloud-Based Acoustic Beamforming Emulator for FPGA-Based Sound Source Localization

Laurent Segers, Jurgen Vandendriessche, Thibaut Vandervelden, Benjamin Johan Lapauw, Bruno da Silva, An Braeken and Abdellah Touhafi


Microphone arrays are gaining in popularity thanks to the availability of low-cost microphones. Applications including sonar, binaural hearing aid devices, acoustic indoor localization techniques and speech recognition are proposed by several research groups and companies. In most of the available implementations, the microphones utilized are assumed to offer an ideal response in a given frequency domain. Several toolboxes and software can be used to obtain a theoretical response of a microphone array with a given beamforming algorithm. However, a tool facilitating the design of a microphone array taking into account the non-ideal characteristics could not be found. Moreover, generating packages facilitating the implementation on Field Programmable Gate Arrays has, to our knowledge, not been carried out yet. Visualizing the responses in 2D and 3D also poses an engineering challenge. To alleviate these shortcomings, a scalable Cloud-based Acoustic Beamforming Emulator (CABE) is proposed. The non-ideal characteristics of microphones are considered during the computations and results are validated with acoustic data captured from microphones. It is also possible to generate hardware description language packages containing delay tables facilitating the implementation of Delay-and-Sum beamformers in embedded hardware. Truncation error analysis can also be carried out for fixed-point signal processing. The effects of disabling a given group of microphones within the microphone array can also be calculated. Results and packages can be visualized with a dedicated client application. Users can create and configure several parameters of an emulation, including sound source placement, the shape of the microphone array and the required signal processing flow. Depending on the user configuration, 2D and 3D graphs showing the beamforming results, waterfall diagrams and performance metrics can be generated by the client application. The emulations are also validated with captured data from existing microphone arrays.

DOI: 10.3390/s19183906 to MDPI