Keeping communication safe in the future

Sending e-mails, paying bills, or keeping up with friends on social media: Our daily communication behaviour is increasingly shifting into the realm of the Internet, giving rise to numerous questions of safety and risk. Acting as a translator between theory and real life, applied cryptography seeks to provide some of the answers.   

When we ask Elisabeth Oswald how she identifies interesting problems and decides which to address in her research, she notes that the topic of her ERC grant developed gradually: She became aware of a particular data-related problem over time and then invested a further twelve months in carefully formulating the research questions.

Drawing upon mathematical roots and equipped with a comprehensive understanding of the demands of engineering, she sees her role in bridging the gap between the theoretical world of mathematical proofs and assumptions, and the application sphere, where these rigorous statements are often violated. Though founded in mathematics, which relies on absolutes, cryptography’s use in applications means that it is often necessary to compromise. Oswald describes this as tackling the messiness of real life, a satisfying pursuit in her eyes.

Oswald and her team are working on a software tool that can perform this vital bridging effort and aid in implementing cryptography by detecting leaks early on during development. Though they are still in the early stages of the 5-year ERC project, they already have a working prototype, which has garnered interest from industry, and is being tested intensively. She is appreciative of the benefits of the ERC grant, a funding model created to promote curiosity-driven research, which offers scholars greater freedom for scientific experiments and attracts outstanding scientists from across the globe.

Applied cryptography is an interdisciplinary field and in order to develop and test methods, it borrows heavily from other areas, such as statistics or machine and deep learning, when analysing adversarial models, also known as breaches. As they are being re-purposed for cryptography, established statistical tools have to be adapted and recombined in new ways in a continuous process of experimentation to provide a better fit to the research questions.

Because Oswald uses the physical properties of devices – power consumption and electromagnetic emanation – to investigate how information leaks, she takes care to ensure that her expanding team brings together specialists in hardware design, experts in statistical machine learning, and computer scientists. The team’s international composition reflects the global research field, which is populated by scientists from across the world, and is characterised by the collaborative involvement of academia and industry, with practitioners playing an equally important role in disseminating new knowledge and driving the research forward. Currently, researchers and industrial partners are highly enthusiastic about the recent emergence of multi-party computation and fully homomorphic encryption, which offer great promise for applied cryptography, though it is too early to determine the full range of effects that may yet be harnessed.

Tasked with installing this young science in Klagenfurt, Oswald is looking forward to working with new colleagues and established groups locally, such as the system security group and the artificial intelligence community, in areas of overlap that offer synergies. One such joint objective, a Master’s level programme in cybersecurity, is already in preparation. This will serve as an important building block in a very potent research area with a tremendous impact on society.

Delving further into the societal aspect, Oswald has discerned a powerful need for broad debate involving all age groups over fundamental issues of ethics, security, and privacy, with the aim to ensure that an optimally informed society is properly equipped to take responsible decisions in the future. Aside from addressing the wide-spread confusion over the difference between security and privacy, and explaining the risks involved in routine behaviours involving e-mail, social media and shopping online, it is also important to educate about the risks of treating privacy as a mere commodity: Looking around the world, a move away from democratic principles is frequently heralded by a loss of privacy. While cryptography can undoubtedly be regarded as the enabling technology for future secure communication online, it is essential that these basic issues are also addressed.

for ad astra: Karen Meehan