Cryptographic Foundations for Future-proof Internet Security

Today, the world is more connected than ever before. In 2018, already over half of the world`s population is online, which amounts to more than 4 billion people. The modern Internet includes computing paradigms such as cloud computing or the Internet of Things (IoT) which entirely changed the way we communicate and process data and which types of data are communicated over public networks. Huge amounts of potentially sensitive data now leave classical security perimeters and are processed and accessed by multiple different (untrusted) entities potentially in an ad-hoc fashion. The devices found on the Internet range from classical servers, desktops and laptops to (small) physical devices, home appliances or other items embedded with electronics, software, sensors, or actuators. These developments can bring additional comfort and increased quality of living to individuals and help to make many of our daily tasks much less complicated. However, the Internet is also a place where users are prone to become victims of criminal actions like data and identity theft and the Internet is also increasingly intertwined with a geopolitical environment making users prone to being surveilled or even controlled. To achieve strong security and privacy guarantees, cryptography is the foundational technology. Today, much of our personal freedom and the power to guarantee and maintain a free society depends on cryptographic primitives incorporated in the security protocols used within the Internet. While regulations like the upcoming EU General Data Protection Regulation (GDPR) promote the usage of cryptography to protect sensitive data, revelations about activities of governmental agencies have revealed worrying information. Governmental agencies have subverted cryptographic software products, certification authorities, backdoored cryptographic schemes or influenced and weakened cryptographic standardization processes. Besides providing governmental institutions means to spy on citizens, such practices are highly vulnerable to also be exploited by non- governmental adversaries. Many of the cryptographic schemes used to secure today`s Internet were not designed with the functionality and the security requirements in mind that come along with tomorrow`s envisioned use-cases on the Internet. This requires novel and typically more sophisticated cryptographic schemes that consider aspects that were not known or of interest in the early days of the Internet. Cryptography, which is capable to secure a future-proof Internet, needs to consider all these issues, but additionally needs to be flexible enough to work on both ends of the spectrum, i.e., resource constrained IoT devices as well as cloud-powered services. In addition, one needs to consider more recent aspects such as security in the presence of powerful quantum computers. Within PROFET we aim at designing cryptography that is subversion resilient by design and secure in the presence of powerful quantum computers and thus capable to securing tomorrow`s Internet.

No additional funding sources recorded.