Spending twenty to thirty hours a week on sports, as he used to do in the days when he was on the Dutch kayak team, has not been on his agenda for several years now. Still, it does not mean that Tom Vrancken has since then devoted all his time to studying. Apart from doing committee work (two years at canoe association Okawa, one year at sports umbrella organization ESSF, and last year for the national Student winter sports foundation) he had to earn a living as well - especially if you study twice as long as your student grant lasts. In order to save time for a sideline, he graduated part-time.

Vrancken did the broad Master’s program Information Security Technology of the Kerckhoffs Instituut, a joint venture between TU/e and the universities of Twente and Nijmegen which - apart from the technological contents - devoted a great deal of attention to juridical, ethical and policy aspects. The subject of his final project, for the ARPA2 foundation, was admittedly rather technical again. “The name ARPA2 is a wink at ARPA, the American government institution that helped to build the foundation for the Internet”, he says. “The web is not as safe as it should be, because it was never designed to function in an environment with people who want to do harm. This is why ARPA2 makes software for a safer Internet, with more respect for the privacy of the user.”

For safe digital communication you need two things, as Vrancken explains: “A connection that cannot be intercepted, and a way to prove that the person on the other side of the line is actually the person they claim to be: the authentication.”

“Our solution in various Internet systems: that would be great”

The chief connection protocol is TLS, which is used for countless Internet applications, including Internet banking. A strong plus of TLS is the option of Perfect Forward Secrecy: as a part of the required key is destroyed after use, it is not possible to decipher a message afterwards if a password has been intercepted.

However, that risk does exist for many business networks, including that of TU/e, which use the Kerberos authentication protocol. “When you log in with your NT account, this runs via Kerberos. I have now succeeded in coupling that system with TLS in such a way that Perfect Forward Secrecy becomes available for Kerberos networks. In addition, my software will soon make it much simpler to communicate safely between a number of these networks.”

Whether Vrancken’s solution will be successful depends first of all on the approval by the managers of the open source software GnuTLS - indeed, the student has written his software as an extension of that platform. “Thereby our solution would be automatically integrated into various Internet systems. Of course that would be great.”

In any case Vrancken will in February (after a well-earned ‘holiday’ as a snowboard teacher in Austria) focus on completing Master’s program number two: the teacher-training study program. For he is still not ready for a final goodbye to student life.