Hossein Shafagh
Doctorate Candidate

ETH Zurich (Swiss Federal Institute of Technology Zurich)
Department of Computer Science
Distributed Systems Group
Universitaetstrasse 6
CH-8092 Zurich, Switzerland

Phone: +41 44 63 26136
Email: shafagh inf.ethz.ch

I am a researcher at ETH Zurich, Switzerland, affiliated with the Distributed Systems Group. I obtained my Ph.D. from ETH Zurich in summer 2018. The title of my dissertation is "Retaining Data Ownership in the Internet of Things" (PDF) and my examination committee consisted of Prof. Philip Levis and my co-advisers Prof. Srdjan Capkun and Prof. Friedemann Mattern. Before that, I graduated with M.Sc. and B.Sc. degrees in Computer Science from RWTH Aachen University, Germany. I conducted my master's thesis at SICS (Swedish Institute of Computer Science) in the area of delegated public-key-based authentication for the Internet of Things. In summer 2015, I was a research intern at Stanford, with Philip Levis.

My research is currently focused on designing and building secure and private data access and processing systems, specially tailored for the IoT. In general, I follow research in the systems, networking, and security domain. More specifically, my research interests are in secure communication and networking, and decentralized networks.

To learn more about our decentralized access authorization project Droplet check out: dropletchain.github.io
Talos is our Encrypted data processing project: talos-crypto.github.io


Droplet: Decentralized Authorization for IoT Data Streams

Secure storage and management of data generated by the myriad of IoT devices present new challenges in the cloud era. How do we empower the user with ownership and fine-grained access control for IoT data without sacrificing performance or security? To address this challenge, we design Droplet a novel decentralized data access control service, which operates without intermediate trust entities. We leverage the blockchain technology to bootstrap trust, for a decentralized, secure, and resilient access control management. Droplet handles time series data, enables reliable sharing among heterogeneous applications from different trust domains, and features a cryptographically-protected fine-grained and scalable access control to data streams. PDF

We have implemented three apps on top of Droplet: Fitbit activity tracker, Ava health tracker, and ECOviz smart meter dashboard. Code

Pilatus: Partially Homomorphic Encrypted Sharing for IoT Data

IoT applications often utilize the cloud to provide storage and ubiquitous access to collected data. This naturally facilitates data sharing with third-party services and other users, but bears privacy risks, due to data breaches or unauthorized trades with user data. To address these concerns, we present Pilatus, a new data protection platform tailored for the IoT ecosystem, that protects data confidentiality while enabling secure processing and selective sharing of encrypted data. Our solution includes a suite of novel techniques that enable efficient partially homomorphic encryption, re-encryption and decryption. Pilatus grants users low-level control over their cloud data with cryptographic guarantees. Pilatus features a novel encrypted data sharing scheme with revocation capabilities and in situ key-update. We present performance optimizations that make these advanced cryptographic tools practical for mobile platforms. PDF

We have implemented an Avawomen app with Pilatus. Code

Talos: Encrypted Data Processing for the IoT

To tackle the data privacy concerns in IoT, we introduce Talos, a system that stores IoT data securely in a Cloud database while still allowing query processing over the encrypted data. We enable this by encrypting IoT data with a set of cryptographic schemes such as order-preserving and partially homomorphic encryption. To achieve this in constrained IoT devices, Talos relies on optimized algorithms that accelerate order-preserving and partially homomorphic encryption by 1 to 2 orders of magnitude. We assess the feasibility of Talos on low-power devices with and without cryptographic accelerators and quantify its overhead regarding energy, computation, and latency. With a thorough evaluation of our prototype implementation, we show that Talos is a practical system that can provide a high level of security with a reasonable overhead. PDF, Demo, Code

We relied on the Flocklab testbed at ETH Zurich to evaluate the performance of Talos. Code

We have implemented a benchmark tool for the Contiki OS to automate the macro-benchmark of Talos. Code
Our drivers for the hardware crypto engine are merged into the main Contiki repo.

We implemented a FitBit app with Talos to operate on encrypted data. Code, Demo

Proximity-based Authentication for the Internet of Things

In this project, we introduce a proximity-based authentication approach for the IoT that works in-band by solely utilizing the wireless communication interface. The novelty of this approach lies in its reliance on ambient radio signals to infer proximity within about one second, and in its ability to expose imposters located several meters away. We identify relevant features sensed from the RF channel to establish a notion of proximity across co-located low-power devices. We introduce our proximity-based authentication protocol and show the feasibility of our approach with an early prototype using off-the-shelf 802.15.4 sensors. PDF, Demo, Code

Low-power Wireless Systems Coexistence

The rise of heterogeneity in wireless technologies operating in the unlicensed bands has been shown to adversely affect the performance of low-power wireless networks. CrossTechnology Interference (CTI) is highly uncertain and raises the need for agile methods that assess the channel conditions and apply actions maximizing communication success. To tackle the challenges of CTI, we design and build cognitive systems that can detect CTI and apply effective counter-measures.

This project was led by Anwar Hithnawi and resulted in the following systems: TIIM, CrossZig, and CIG. (our Traces)

Student Projects

Interested students in conducting bachelor/master thesis or a lab project in one of the following described projects can either send me an email or just drop by my office for a coffee to discuss further details. I am always looking for motivated and interested students who are ambitious about participating in ongoing research work.

Note to Interested International Students:
Although we highly encourage international students to pursue theses or research projects within our group, we do not provide financial aid in this manner. We encourage you, though, to have a look at the exchange programs at ETH Zurich for scholarships. Please contact us well in advance to facilitate your applications.

Assigned Projects

Type Title Student Supervisor Semester
M Key Distribution and Management for Efficient Key Updates and Sharing of IoT Data Jason Friedman Hossein Shafagh
Lukas Burkhalter,
SS 18
M Modular and Scalable Encrypted Time Series Data Processing Simon Peyer Hossein Shafagh
Lukas Burkhalter,
SS 18

Completed Projects

Type Title Student Supervisor Semester
M Secure Sharing and Querying of Multidimensional Time-series Data Misels Kaporins Hossein Shafagh
Anwar Hithnawi,
AS 17
M Towards Blockchain-based Auditable Storage and Sharing of IoT Data Lukas Burkhalter Hossein Shafagh AS17
M Privacy-Preserving Cloud Computation using Fully Homomorphic Encryption Alexander Viand Hossein Shafagh SS17
L Proximity-based Authentication via Ambient RF Noise Jakob Hasse Hossein Shafagh AS16
M Secure Analysis of Encrypted IoT Data Pascal Fischli Hossein Shafagh SS16
L Developing IoT Applications on top of Encrypted Data Lukas Burkhalter,
Alexander Viand
Hossein Shafagh AS15
M A Public-key Cryptography Framework for the Internet of Things Andreas Droescher Hossein Shafagh SS15
M Proximity-based Authentication for the Internet of Things Dominic Plangger Hossein Shafagh,
Anwar Hithnawi
B Encrypted Data Processing for the Internet of Things: User’s Perspective Lukas Burkhalter Hossein Shafagh SS15
B Understanding the Impact of Cross Technology Interference
on Low-power Wireless Networks
Jan Wolf Anwar Hithnawi,
Hossein Shafagh


Conferences and Journals:

Posters and Demos:

Prior to ETH Zurich:

Standardization Documents


Teaching Assistant at ETH Zurich:

My TA role includes in general varying tasks such as designing problem sets, teaching weekly tutorial sessions, grading assignments and course projects, correction of exams, helping in designing final exams, and guiding students on presenting and writing seminar research papers. I have been a teaching assistant for the following courses:

  • Informatics I for Electrical Engineers - Fall 2016 2017
  • The primary goal of this course is to teach first semester students how to program in C++. They learn object-oriented programming and simple data structures. My role as TA includes holding weekly recitations, giving feedback on assignments, etc.

  • Informatics II for Electrical Engineers - Spring 2014, 2015, 2016*, 2017*
  • This course is a continuation of Informatics I, with more focus on algorithms and data structures. The exercises are in Java and cover divide & conquer principle, recursion, sort, backtracking, trees, and other fundamental data structures. They learn object-oriented programming and simple data structures. My role as TA includes holding weekly recitations, giving feedback on assignments, etc.

    Since 2016 I am the head TA in this course. In 2017, we successfully integrated codeboard as the submission platform for student assignments.

  • Ubiquitous Computing Seminar - Fall 2014*, 2015*
  • In this class, students learn how to conduct scientific research, by reading papers and writing an overview seminar paper.
* head TA: involves interviewing and hiring student TAs and coordinating the tutorials. In Informatics II 2017, we have more than 350 students and 14 TA.