Hossein Shafagh
Doctorate Candidate

ETH Zurich (Swiss Federal Institute of Technology Zurich)
Department of Computer Science
Distributed Systems Group
Universitaetstrasse 6
CH-8092 Zurich, Switzerland

Phone: +41 44 63 26136
Email: shafagh inf.ethz.ch

I am a Ph.D. candidate and research assistant at the Distributed Systems Group at ETH Zurich, Switzerland. I joined the group in September 2013 after graduating from RWTH Aachen University, Germany, with a Master of Science degree in Computer Science. I hold as well a Bachelors degree in Computer Science from the same university. My research interests include designing and improving security protocols for wireless sensor networks and enabling secure Internet of Things. I conducted my master's thesis at SICS (Swedish Institute of Computer Science) in the area of delegated public-key-based authentication for the Internet of Things. In summer 2015, I was a research intern at Stanford, with Philip Levis. In general, I follow research in the systems, networking, and security domain. More specifically, my research interests are in secure communication and networking, and decentralized networks.

To learn more about our Blockchain project Droplet check out: dropletchain.github.io
Talos is our Encrypted data processing project: talos-crypto.github.io


Securing the IoT with Blockchain: Auditable Access Control

Secure storage and management of data generated by the myriad of IoT devices present new challenges in the cloud era. How do we empower the user with ownership and fine-grained access control for IoT data without sacrificing performance or security? To address this challenge, we leverage the blockchain technology to bootstrap trust, for a distributed, secure, and resilient access control management. We introduce Droplet a novel secure data management system for emerging IoT applications. Droplet handles time series data, enables reliable sharing among heterogeneous applications without intermediate trust entities, and features a cryptographically-protected fine-grained and scalable access control to data streams. Poster

Pilatus: Partially Homomorphic Encrypted Sharing for IoT Data

IoT applications often utilize the cloud to provide storage and ubiquitous access to collected data. This naturally facilitates data sharing with third-party services and other users, but bears privacy risks, due to data breaches or unauthorized trades with user data. To address these concerns, we present Pilatus, a new data protection platform tailored for the IoT ecosystem, that protects data confidentiality while enabling secure processing and selective sharing of encrypted data. Our solution includes a suite of novel techniques that enable efficient partially homomorphic encryption, re-encryption and decryption. Pilatus grants users low-level control over their cloud data with cryptographic guarantees. Pilatus features a novel encrypted data sharing scheme with revocation capabilities and in situ key-update. We present performance optimizations that make these advanced cryptographic tools practical for mobile platforms. PDF

We implemented an Avawomen app with Pilatus. Code

Talos: Encrypted Data Processing for the IoT

To tackle the data privacy concerns in IoT, we introduce Talos, a system that stores IoT data securely in a Cloud database while still allowing query processing over the encrypted data. We enable this by encrypting IoT data with a set of cryptographic schemes such as order-preserving and partially homomorphic encryption. To achieve this in constrained IoT devices, Talos relies on optimized algorithms that accelerate order-preserving and partially homomorphic encryption by 1 to 2 orders of magnitude. We assess the feasibility of Talos on low-power devices with and without cryptographic accelerators and quantify its overhead regarding energy, computation, and latency. With a thorough evaluation of our prototype implementation, we show that Talos is a practical system that can provide a high level of security with a reasonable overhead. PDF, Demo, Code

We relied on the Flocklab testbed at ETH Zurich to evaluate the performance of Talos. Code

We have implemented a benchmark tool for the Contiki OS to automate the macro-benchmark of Talos. Code
Our drivers for the hardware crypto engine are merged into the main Contiki repo.

We implemented a FitBit app with Talos to operate on encrypted data. Code, Demo

Proximity-based Authentication for the Internet of Things

In this project, we introduce a proximity-based authentication approach for the IoT that works in-band by solely utilizing the wireless communication interface. The novelty of this approach lies in its reliance on ambient radio signals to infer proximity within about one second, and in its ability to expose imposters located several meters away. We identify relevant features sensed from the RF channel to establish a notion of proximity across co-located low-power devices. We introduce our proximity-based authentication protocol and show the feasibility of our approach with an early prototype using off-the-shelf 802.15.4 sensors. PDF, Demo, Code

Low-power Wireless Systems Coexistence

The rise of heterogeneity in wireless technologies operating in the unlicensed bands has been shown to adversely affect the performance of low-power wireless networks. CrossTechnology Interference (CTI) is highly uncertain and raises the need for agile methods that assess the channel conditions and apply actions maximizing communication success. To tackle the challenges of CTI, we design and build cognitive systems that can detect CTI and apply effective counter-measures. This project was led by Anwar Hithnawi and resulted in the following systems: TIIM, CrossZig, and CIG. (our Traces)

Student Projects

Interested students in conducting bachelor/master thesis or a lab project in one of the following described projects can either send me an email or just drop by my office for a coffee to discuss further details. I am always looking for motivated and interested students who are ambitious about participating in ongoing research work.

Note to Interested International Students:
Although we highly encourage international students to pursue theses or research projects within our group, we do not provide financial aid in this manner. We encourage you, though, to have a look at the exchange programs at ETH Zurich for scholarships. Please contact us well in advance to facilitate your applications.

Available Projects

Type Title Supervisor Semester
M Data Security in the Internet of Things Hossein Shafagh, Anwar Hithnawi available
M Data Security in the Internet of Things Applications Hossein Shafagh, Anwar Hithnawi available

Assigned Projects

Type Title Student Supervisor Semester
M Towards Blockchain-based Auditable Storage and Sharing of IoT Data Lukas Burkhalter Hossein Shafagh FS 17
M Private Search on Encrypted IoT data Aitor Navarro Hossein Shafagh FS 17

Completed Projects

Type Title Student Supervisor Semester
M Privacy-Preserving Cloud Computation using Fully Homomorphic Encryption Alexander Viand Hossein Shafagh FS 17
L Proximity-based Authentication via Ambient RF Noise Jakob Hasse Hossein Shafagh HS 16
M Secure Analysis of Encrypted IoT Data Pascal Fischli Hossein Shafagh FS 16
L Developing IoT Applications on top of Encrypted Data Lukas Burkhalter,
Alexander Viand
Hossein Shafagh HS 15
M A Public-key Cryptography Framework for the Internet of Things Andreas Droescher Hossein Shafagh FS 15
M Proximity-based Authentication for the Internet of Things Dominic Plangger Hossein Shafagh,
Anwar Hithnawi
FS 15
B Encrypted Data Processing for the Internet of Things: User’s Perspective Lukas Burkhalter Hossein Shafagh FS 15
B Understanding the Impact of Cross Technology Interference
on Low-power Wireless Networks
Jan Wolf Anwar Hithnawi,
Hossein Shafagh
FS 14


Conferences and Journals:

Posters and Demos:

Prior to ETH Zurich:

Standardization Documents


Teaching Assistant at ETH Zurich:

My TA role includes in general varying tasks such as designing problem sets, teaching weekly tutorial sessions, grading assignments and course projects, correction of exams, helping in designing final exams, and guiding students on presenting and writing seminar research papers. I have been a teaching assistant for the following courses:

  • Informatics I for Electrical Engineers - Fall 2016
  • The primary goal of this course is to teach first semester students how to program in C++. They learn object-oriented programming and simple data structures. My role as TA includes holding weekly recitations, giving feedback on assignments, etc.

  • Informatics II for Electrical Engineers - Spring 2014, 2015, 2016*, 2017*
  • This course is a continuation of Informatics I, with more focus on algorithms and data structures. The exercises are in Java and cover divide & conquer principle, recursion, sort, backtracking, trees, and other fundamental data structures. They learn object-oriented programming and simple data structures. My role as TA includes holding weekly recitations, giving feedback on assignments, etc.

    Since 2016 I am the head TA in this course. In 2017, we successfully integrated codeboard as the submission platform for student assignments.

  • Ubiquitous Computing Seminar - Fall 2014*, 2015*
  • In this class, students learn how to conduct scientific research, by reading papers and writing an overview seminar paper.
* head TA: involves interviewing and hiring student TAs and coordinating the tutorials. In Informatics II 2017, we have more than 350 students and 14 TA.