Cyber-Security

A main focus of our research is on secure multiparty computation (MPC), which is a collection of techniques, which allows to compute on encrypted data without the data ever leaving the encrypted domain. Only selected results will be revealed as clear text.

MPC considers a scenario with a number of different parties, which each have a dataset they want to keep private. Yet they agree on some statistics they would like to learn about the jointed dataset. MPC allows to solve this problem without ever collecting the data at a single point. Very simplified this is done by encrypting each dataset and revealing only the encrypted data to the other parties. Clever algorithms are then developed that can compute on the encrypted data without decrypting it. As a result, an encryption of the desired statistic can be produced. In the end only the encryption of the desired result is opened up. This allows each party to maintain control of its own data.

MPC allows to solve many of the privacy problems posed by the big data economy. Big bata is often also sensitive data, which for instance contains personally identifiable information that needs to be protected. On the one hand, it is predicted that data-driven analytics for decision support or automated decision making will be a tremendous growth factor in the years to come. On the other hand, in many cases, the use of PII threatens the privacy of data subjects. MPC allows mitigating this problem by never revealing the actual data to anyone, only the aggregate result, which can be designed to not contain any personal data.

MPC can also be used to facilitate more collaboration and solve novel problems. Often the quality of the result of an algorithm becomes much better when more data is available. However, often the data is held by different companies, which are not willing to share their data with their potential competitors. Such conflicts between a desire to collaborate and problems with sharing the needed data occur in a number of industrial applications like benchmarking, supply chain optimization and machine learning. With MPC a computation can be done over the entire dataset without revealing the data to the other companies. MPC allows automating and making rapid such collaborative decision-making, opening up completely novel venues for collaboration.

MPC has already been applied to several industrial problems, but currently MPC techniques are too inefficient to be broadly applied. One of our main focuses is to perform the fundamental research needed to create groundbreaking new techniques that will make MPC efficient enough to see broad adoption by industry. Another focus is to continually identity more industrial applications that can be solved using the current state-of-the-art of MPC and implement current MPC techniques to solve these problems.

Another aspect of security concerns exploits based on errors in programming or use of a system. Errors can occur for various reasons, e.g.: lack of understanding, lack of a proper specification of what a system is supposed to do or simply complacency. We are performing research in semantics, logic and programming focusing on formal methods that support reasoning about systems to be implemented. A formal specification of what a system does, what it is supposed to do and which security properties it should have is at the core of formal methods, but with added value by way of the associated verification techniques, such as, automated testing, model checking and formal proofs. We are also researching suitable methodologies for development and maintenance as is common in the safety critical domain

Some concrete examples of the research:

  • How can we (automatically) prove the correctness of implementations of cryptographic tools?
  • How can we develop better formal models and specification languages for reasoning about security properties of software and cyber physical systems?
  • How can we preserve security properties when translating between models at different abstraction levels? How can we develop secure runtime environments?
  • How can we model and specify novel security requirements of software and cyber physical systems? And how can we automatically analyse security of software systems and cyber physical systems, specifically systems for the IoT.

Contact

Jesper Buus Nielsen

Associate professor
M
H bldg. 5335, 285
P +4520586210
P +4520586210