As the FNR marks 25 years since its creation, we highlight 25 examples of FNR-supported research with impact. In the 15 years since arriving in Luxembourg, the research group of Professor Peter Y A Ryan has helped enhance the security and privacy in today’s digital society.
Over the last decades, the world has become increasingly connected. Anyone over the age of 15 has witnessed the rapid development of the digital society.
“The Internet has become a key element in the fabric of modern society, and user authentication plays a vital role in securing access to services such as e-mail, e-banking, e-government, e-commerce, social media, cloud storage. ”Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.
The majority of ICT systems involve a complex web of users in many geographical locations.
“ICT services are usually done by people, with people, and for people. The intensive human involvement makes them hard to describe and analyse with the standard mathematical tools, such as formal verification. Voting and elections are good examples of security-critical that are difficult to specify, hard to verify, and extremely important to the society.”
A secure way to communicate with remote entities
Prof Ryan and his team’s work revolves around enabling communication with remote entities in a secure way – essential for digital society.
“Here “secure” means being assured of the identity or identities of the parties you are interacting with and having guarantees of the integrity and privacy of information exchanged. This applies to internet shopping or banking, accessing online government services, online voting, maintaining critical infrastructures and more.”
“If democracy is to be effective, it is essential to identify, assess and mitigate those threats. A good voting system should not only provide the true outcome but also provide sufficient evidence that this is indeed the true outcome. ”Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.
Toward safe voting systems
Electoral fraud, manipulation of voters, fake news and disinformation used to influence the outcome of elections and undermining voter trust are examples of threats faced by democratic societies in an increasingly digital world.
“Specifically, we focus on the design and analysis of cryptographic primitives and protocols, in particular authenticated key establishment, including quantum key establishment, post-quantum algorithms and protocols and end-to-end verifiable voting systems. ”Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.
Spread over several FNR-funded projects, Prof Ryan’s team has been able to make a number of advances in the area of secure, verifiable voting technologies.
For example, after arriving in Luxembourg, one of Prof Ryan’s first FNR projects was to continue work on a voting system he developed called Prêt à Voter, an E2E voting system (end-to-end voter verifiable system) that aims to provide guarantees of accuracy of the count and ballot privacy, independent of things such as software and hardware.
The project, called SeRTVS, made significant strides towards the development and evaluation of fully verifiable voting systems to be deployed.
“One of the areas where we made the greatest progress was in E2E voting systems, where we have developed a number of novel schemes, both for in-person and remote voting, that advanced the state of the art in terms of security and usability.”
Most security breaches result from social engineering style attacks rather than purely technical
One challenge in the quest to make further progress towards truly secure and useable systems, in particular voting systems, is that the socio-technical aspects of security-critical systems has been largely neglected by the community, even though they are critical for most systems.
“Most security breaches result from social engineering style attacks rather than purely technical, e.g. cryptanalytic. In my group we have worked on this in the past but it is very challenging and much remains to be done.”
Prof Ryan explains that developing truly secure and usable voting systems, especially for remote, e.g. internet, voting remains a major challenge, despite immense efforts and significant progress. A number of commercial systems are being touted along with claims of security, that are in reality seriously vulnerable to vote manipulation, vote privacy breaches etc.
“The tension between requirements for privacy on the one hand and transparency on the other is hard to reconcile, especially in the face of a wide range of attackers from a coercive spouse to a nation state. Achieving this while at the same time ensuring that the system is supremely usable and understandable makes this arguably the biggest challenge facing the information security community. I plan to continue to work on this. ”Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.
Navigating the challenges posed by a post-quantum era
Another big challenge that has emerged in recent years and which Prof Ryan and his group have started to address is the migration to a “post-quantum” era: making existing cryptography resistant to attack, for example by an adversary possessing a large-scale quantum computer. Nobody can be sure when, or even if, scalable quantum computing will be available, but the impact on the infrastructure of the digital society if they do is great that the threat is being taken very serious. In a recently completed project (EquiVox), Prof Ryan’s team focussed on post-quantum cryptography with a particular emphasis on electronic voting.
“During the project phase, post-quantum cryptography – and especially the transformation from classical cryptography to methods that can withstand quantum-capable attackers – has grown rapidly in importance, not only in the research community but also in society in general. This has been driven by the rapid advances in quantum computing and the corresponding realisation that quantum-safe security is needed for our digital world. ”Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.
Information security and privacy will continue to grow in importance – as will the threats
It is not a simple task to research an area that evolves while you are in the middle of a project, as is for example the case with quantum computing and cryptography.
“Information security and privacy will clearly continue to grow in importance to society in the decades to come, as will the threats. In the ‘70s we saw a revolution in crypto with the invention of public key crypto, now we are going through another revolution as we try to develop quantum safe crypto. “
Nevertheless, the research results from the EquiVox project produced valuable knowledge and expertise that Prof Ryan’s team can put to use in other projects they work on, ranging from the post-quantum transformation of the national identity provider to the security of the first national quantum communication infrastructure.
On the horizon: space cyber
There are still challenges to tackle, and new ones will arise as technologies and services develop. One area Prof Ryan wants to put a focus on in the future is cybersecurity for space missions and assets, referred to by NASA as “space cyber”. ” I hope that Luxembourg can play a pivotal role in this too, spearheading advances and acting as a bridge between US and EU players, and beyond.
Enhancing security and privacy in a digital society
Over the course of the last 15 years since arriving in Luxembourg, the research findings of Prof Ryan’s group have helped enhance the security and privacy of citizens in the digital society of today.
“This is of special significance in Luxembourg given the ambition to be seen as a trusted location for storing and processing data. Given that deploying e-voting is mentioned in the programme of the new government of Luxembourg it is likely that we will be able influence such deployment to ensure that it is done in a careful and responsible way. ”Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.
Peter Y A Ryan’s FNR-funded projects (Principal Investigator projects only)
Funding instrument | Call year | Project title |
RESCOM | 2023 | E-Vote-ID 2023 – International Joint Conference on Electronic Voting |
RESCOM | 2023 | ETAPS 2024 – European Joint Conferences on Theory and Practice of Software |
CORE | 2022 | Probabilistic Verification of Complex Heterogeneous Systems: From Ballots to Ballistics |
CORE | 2021 | Real-World Implementation and Human-Centered Design of PAKE Technologies |
RESCOM | 2020 | ETAPS 2021 – European Joint Conferences on Theory and Practice of Software |
CoVid19 Funding Instrument | 2020 | Facilitating optimal containment and exit strategies with minimal disclosure access control and tracking |
CORE | 2019 | Secure, Quantum-Safe, Practical Voting Technologies |
RESCOM | 2019 | ESORICS 2019 – The 24th European Symposium on Research in Computer Security |
CORE | 2018 | Socio-Technical Verification of Information Security and Trust in Voting Systems |
CORE | 2017 | Quantum Communication with Deniability |
INTER | 2017 | Secure, Usable and Robust Cryptographic Voting Systems |
CORE | 2015 | Verification of Voter-Verifiable Voting Protocols |
INTER | 2015 | Secure Voting Technologies |
INTER Mobility | 2015 | Privacy Enhancing Technologies for Robust Voting Systems |
CORE | 2014 | A Theory of Matching Sessions |
INTER | 2013 | Security properties, process equiva- lences and automated veri cation |
CORE | 2011 | Socio-Technical Analysis of Security and Trust |
INTER | 2011 | Verifiable Internet Voting (VIVO): Moving Theory into Practice |
CORE | 2009 | Secure, Reliable and Trustworthy Voting Systems |
Related Funding Instruments
Related highlights
25 examples of research with impact: The endless potential of plasma
As the FNR marks 25 years since its creation, we highlight 25 examples of FNR-supported research with impact. Over the…
Read more
25 examples of research with impact: A better understanding of rivers and their watersheds
As the FNR marks 25 years since its creation, we highlight 25 examples of FNR-supported research with impact. Starting with…
Read more
25 examples of research with impact: Unravelling the secrets of microbiomes
As the FNR marks 25 years since its creation, we highlight 25 examples of FNR-supported research with impact. Since returning…
Read more
25 examples of research with impact: A geographical approach to a sustainable society
As the FNR marks 25 years since its creation, we highlight 25 examples of FNR-supported research with impact. One of…
Read more
25 examples of research with impact: Towards historical literacy
As the FNR marks 25 years since its creation, we highlight 25 examples of FNR-supported research with impact. Over the…
Read more
25 examples of research with impact: Innovation beyond solid, liquid or gas
As the FNR marks 25 years since its creation, we highlight 25 examples of FNR-supported research with impact. Since arriving…
Read more