Mathematician in computer security
After having spent almost twenty years as a researcher in the United States, in 2020, Marten van Dijk returned to the Netherlands to found and lead the Computer Security group at CWI Amsterdam. Since 2022, he has also been an endowed professor at VU Amsterdam for one day a week. ‘In the Netherlands, there are not that many people active in the field of computer security. By bringing in my international experience, I want to help make the best use of the scarce resources here.’
You hold Master’s degrees in both mathematics and computer science. How did that combination come about?
‘I have always been attracted to Mathematics. In high school, I had a subscription on the monthly magazine Pythagoras, and I used to participate in their Pythagoras Olympiad each month. I especially enjoyed solving complex puzzles that had a practical implication. At that time, computer science was an upcoming field. It was apparent that it would become a very important topic as a tool or method for every other science, and it was close to mathematical thinking. Since my father had completed multiple studies as well, for my family, it was not that strange to combine different courses.’
What kinds of topics have you been working on over the years?
‘My PhD I obtained in cryptology, which is a nice combination of the theoretical side of mathematics with the practice of computer science. After a short postdoc period in Hong Kong, I got a job as a research scientist at the digital signal processing group at Philips Research. There I became the lead inventor of the error correcting codes that are used in Blu-ray discs.
Philips offered the possibility to move to the US and work as a visiting scientist at MIT. This is where I got involved in processor architectures that offer strong security guarantees. Most notably, my collaboration with the group at MIT led to AEGIS, a secure processor architecture which ideas have been used in Intel SGX, and the introduction of the first circuit realisations of Physical Unclonable Functions. Chips contain a heartbeat in the form of an internal clock mechanism and to a large extent this eliminates timing errors in digital computation. However, by reading out analog signals, you get a unique fingerprint of that specific chip due to manufacturing process errors that cause unique timing differences for the chip. This can be used for security such as device identification and authentication.
After a short period in American industry, I returned to MIT to work on oblivious RAM, which led to a test-of-time award. Then I transferred to the University of Connecticut, where I worked at the faculty of Electrical and Computer Eengineering mostly on hardware security. We studied hardware Trojans, continued secure processor architecture research, work on physical unclonable functions and at large cyber physical systems security.
All in all, over the years I have gained broad experience in the field of security, ranging from theoretical computer science to software engineering and the hardware side of it.’
Why did you decide to move back to the Netherlands?
‘During my time in Connecticut, I regularly came back for longer periods of vacation in the Netherlands and finally a sabbatical year at CWI. For personal reasons, I eventually decided to come back for good. At that time, CWI was searching for a new group leader in the field of computer security, which was a perfect match.’
What are you working on at CWI?
‘I have always remained a mathematician at heart. I like the algorithmic aspect of computer science; providing proofs that something works, and developing relatively simple tricks to improve performance. In my final years in Connecticut, I shifted somewhat towards machine learning. There is still a lot of fundamental science to be done in that field. Here, I am building further in that direction. One of the main questions my group here tries to answer is if secure computation is possible at all, and how security can go hand I hand with efficient use of computing resources.
We aim to be complementary to what happens elsewhere in the Netherlands, and explicitly look for topics that are not addressed yet by other groups. That is one of the reasons we recently stepped into database security, for example. The Netherlands is a small country in which not that many people are working on computer security. So, we have to be smart in what we spend our scarce resources on.’