“The Internet has become a key element in the fabric of modern society, and user authentication plays a vital role in securing access to services such as e-mail, e-banking, e-government, e-commerce, social media, cloud storage. ”

Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.

A secure way to communicate with remote entities

Prof Ryan and his team’s work revolves around enabling communication with remote entities in a secure way – essential for digital society.

“Here “secure” means being assured of the identity or identities of the parties you are interacting with and having guarantees of the integrity and privacy of information exchanged. This applies to internet shopping or banking, accessing online government services, online voting, maintaining critical infrastructures and more.”

“If democracy is to be effective, it is essential to identify, assess and mitigate those threats. A good voting system should not only provide the true outcome but also provide sufficient evidence that this is indeed the true outcome. ”

Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.

“Specifically, we focus on the design and analysis of cryptographic primitives and protocols, in particular authenticated key establishment, including quantum key establishment, post-quantum algorithms and protocols and end-to-end verifiable voting systems. ”

Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.

Spread over several FNR-funded projects, Prof Ryan’s team has been able to make a number of advances in the area of secure, verifiable voting technologies.

For example, after arriving in Luxembourg, one of Prof Ryan’s first FNR projects was to continue work on a voting system he developed called Prêt à Voter, an E2E voting system (end-to-end voter verifiable system) that aims to provide guarantees of accuracy of the count and ballot privacy, independent of things such as software and hardware.

The project, called SeRTVS, made significant strides towards the development and evaluation of fully verifiable voting systems to be deployed.

“One of the areas where we made the greatest progress was in E2E voting systems, where we have developed a number of novel schemes, both for in-person and remote voting, that advanced the state of the art in terms of security and usability.”

Most security breaches result from social engineering style attacks rather than purely technical

One challenge in the quest to make further progress towards truly secure and useable systems, in particular voting systems, is that the socio-technical aspects of security-critical systems has been largely neglected by the community, even though they are critical for most systems.

“Most security breaches result from social engineering style attacks rather than purely technical, e.g. cryptanalytic.  In my group we have worked on this in the past but it is very challenging and much remains to be done.”

Prof Ryan explains that developing truly secure and usable voting systems, especially for remote, e.g. internet, voting remains a major challenge, despite immense efforts and significant progress. A number of commercial systems are being touted along with claims of security, that are in reality seriously vulnerable to vote manipulation, vote privacy breaches etc.

“The tension between requirements for privacy on the one hand and transparency on the other is hard to reconcile, especially in the face of a wide range of attackers from a coercive spouse to a nation state. Achieving this while at the same time ensuring that the system is supremely usable and understandable makes this arguably the biggest challenge facing the information security community. I plan to continue to work on this. ”

Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.

“During the project phase, post-quantum cryptography – and especially the transformation from classical cryptography to methods that can withstand quantum-capable attackers – has grown rapidly in importance, not only in the research community but also in society in general. This has been driven by the rapid advances in quantum computing and the corresponding realisation that quantum-safe security is needed for our digital world. ”

Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.

Information security and privacy will continue to grow in importance – as will the threats

It is not a simple task to research an area that evolves while you are in the middle of a project, as is for example the case with quantum computing and cryptography.

“Information security and privacy will clearly continue to grow in importance to society in the decades to come, as will the threats. In the ‘70s we saw a revolution in crypto with the invention of public key crypto, now we are going through another revolution as we try to develop quantum safe crypto. “

Nevertheless, the research results from the EquiVox project produced valuable knowledge and expertise that Prof Ryan’s team can put to use in other projects they work on, ranging from the post-quantum transformation of the national identity provider to the security of the first national quantum communication infrastructure.

Enhancing security and privacy in a digital society

Over the course of the last 15 years since arriving in Luxembourg, the research findings of Prof Ryan’s group have helped enhance the security and privacy of citizens in the digital society of today.

“This is of special significance in Luxembourg given the ambition to be seen as a trusted location for storing and processing data. Given that deploying e-voting is mentioned in the programme of the new government of Luxembourg it is likely that we will be able influence such deployment to ensure that it is done in a careful and responsible way. ”

Peter Y A Ryan Full professor in Computer science and communication – Applied Security at the University of Luxembourg.

Peter Y A Ryan’s FNR-funded projects (Principal Investigator projects only)