From research internship at SURF to a room of 600 network specialists

Hilco de Lathouder did a research internship at SURF. In the middle of a lockdown, so the timing was far from perfect for getting to know SURF properly. Nevertheless, Hilco was able to do some nice, valuable research. And he got to perform in front of 600 people at the international network conference TNC. 

New Challenge 

Hilco isn’t a standard student: he’s been working for a while and has started studying again. “I once studied telematics, and also work in that field. I have been product manager at Telematch in Zoeterwoude for about seven years now. I like it, but I was looking for a new challenge, I wanted to learn something new. I started looking around and ended up at the master Security and Network Engineering at the UvA. It contained everything that interested me.” 

4,500 identity providers from 73 countries 

After a fairly intensive admission procedure, Hilco was accepted for the programme. The master’s includes two one-month research internships. While looking for the first internship assignment, Hilco came across SURF. “We were given a list of assignments and the one by Bas Zoetekouw of SURF caught my eye. It was about an authentication platform involving 4,500 identity providers from 73 countries. That size and impact appealed to me. Just like the fact that I could also prototype, not just think up a theoretical solution.” 

Encouraging multi-factor authentication 

During his internship, Hilco studied how you can better ensure that multifactor authentication is applied when logging in to online services that are used internationally in a federative context, instead of just a user name and password, for example. Identity providers (e.g. educational institutions) have a role in this, because they have to handle authentication requests from service users. 

“My research showed that far fewer identity providers than expected support multifactor authentication. That was an interesting outcome anyway,” says Hilco. “In addition, I found a possible solution to the problem, which I also tested in my research: when authenticating a user, the service provider (the online service) now proposes one authentication method, for example multifactor authentication. If the identity provider (the institution where the user has his account) does not support this method, this often results in an error message. If the service provider proposes a list of multiple authentication methods that the identity provider can choose from, the identity provider chooses a method that it supports, for example user name/password. So user does not get an error message. And if identity providers later do support multi-factor authentication, the transition will be smooth”.  

There’s a nice, no-nonsense atmosphere at SURF and I like that.

Lockdown 

As a student, you not only do an internship to gain research skills, but also to get to know companies and the people who work there. In that respect, Hilco was not so lucky. “It was January 2022, and a lockdown had just come into effect. I therefore didn’t really have the chance to get to know SURF as a company. I did have contact with my work placement supervisor Bas twice a week, and we had a kick-off meeting with SURF content specialists. But yes, that was all online.” 

Nice, no-nonsense atmosphere 

Nevertheless, Hilco is glad that he did his internship at SURF. “Through SURF, I was introduced to the worlds of NRENs (National Research and Education Network Organisations) and identity management, and I wasn’t familiar with those worlds yet. I’ve learned a lot from that. And despite working remotely, I’ve found the people at SURF to be open, accessible and friendly. There’s a nice, no-nonsense atmosphere at SURF and I like that. And I’ve now worked in a more academic setting, and I can take that experience with me when I decide what exactly I want to do after I graduate.” 

Future Talent Programme 

But what about the presentation at TNC, GÉANT’s international network conference? After his internship was over, his supervisor Bas Zoetekouw suggested to Hilco that he should sign up for GÉANT’s Future Talent Programme with his internship research. This is a programme in which GÉANT gives students the opportunity to present their ideas to a wide audience. A presentation at TNC is one of the opportunities to do so. 

Coach for presentation skills 

Hilco wrote a proposal and submitted it. To his surprise, his proposal was accepted: he was allowed to present his research in a so-called Lightning Talk at TNC in Trieste. “I realised that I had to work hard for this, but I considered it a great honour,” says Hilco. “With a group of eight students, we were thoroughly prepared, we even had a coach to work on our presentation skills. GÉANT wants people to really make an effort, but gave us the opportunity to make something beautiful out of it.” 

Elevator pitch 

On 15 June at 2pm, the time had come. Hilco presented his research into multifactor authentication for services in a multi-federal environment to a full house of 600 people. “The presentation was only five minutes, but that made it extra challenging: I was forced to limit myself to one concrete, clear message in which I explained what my research entailed. A kind of elevator pitch, in other words. I found it exciting to be in front of the audience, but also fun. I was well-prepared, so I was confident. 

I’ve learned a lot and met some interesting and nice people.

Learned a lot 

In a year’s time, Hilco will graduate and may call himself Master in Security and Network Engineering. “Then I’ll see what I really want. In any case, my internship with SURF and the presentation at TNC were very valuable. I’ve learned a lot and met some interesting and nice people. Of course I’ll take that with me in the rest of my career, wherever that may lead.”  

Bas Zoetekouw, Hilco’s internship supervisor at SURF: 
An internship assignment must of course first and foremost be interesting and challenging for the student. But we also look at whether the project can be useful for SURF’s services or innovation projects. These are often things that we don’t get round to doing ourselves in the middle of our day-to-day work. 

Hilco’s project is a good example: we’ve been working for a long time on introducing multi-factor authentication for users at Dutch institutions, but we didn’t really know how to organise it for foreign researchers. Hilco’s research has clarified this for us. We hope to integrate his findings into SURF Research Access Management in the near future so that foreign researchers can also log in using their own institution’s second factor.