From the Wild West to data security

Increasing digitalization and networking require a completely new way of thinkin
Increasing digitalization and networking require a completely new way of thinking about security.

By Cornelia Kröpfl BA MA

30 years ago, data security was a niche topic. Today, researchers at TU Graz are laying the foundations for a completely new way of thinking about security. Including future developments.

Not so long ago, the mobile phone was primarily used to store contact data. Today, smartphones know where we are and what media we read. And when we use smart home apps, it’s easy to tell when we’re at home and when we’re not. Data is being collected in more and more areas of our daily life. And not only via smartphones and computers any more.

"The more data becomes the most important asset of society, the more important security becomes," says a convinced Stefan Mangard.

The expert is head of the Institute of Applied Information Processing and Communications. This area of competence has been growing for over 30 years at Graz University of Technology. "We had security as a field of research when it was still a very exotic subject." By discovering security holes with names such as Meltdown and Spectre, the Graz researchers showed that they are at the forefront of international research.

In addition, TU Graz is currently building the Cybersecurity Campus Graz together with SGS, the world’s leading company for testing, verification and certification, a research, teaching and certification centre for cybersecurity at TU Graz’s Campus Inffeldgasse.

Why does a certification company, similar to TÜV , invest in security research? Mangard explains: "Today, you can no longer evaluate a product without talking about software and its security, because software is built into almost every product. The security and its verifiability depend strongly on how a system is structured. At the Cybersecurity Campus Graz research is done into what system architectures of the future will be like and how product design for security will have to change." And this consideration does not start with the finished smart product: "No, we have to rethink this completely. I have to build the hardware and software in such a way that I can rule out attacks and also verify this."

What is trustworthy?

The basis for any security is cryptography. Mathematical methods are used to encrypt data to prevent misuse.

Cryptography researcher Maria Eichlseder works at the Institute of Applied Information Processing and Communications. She describes her field of work as "extremely exciting, because unexpected results keep coming up and the relevance for the protection of our digital lives is very high". Eichlseder and her colleagues only recently received international awards. Because their ASCON algorithm bundle is particularly robust, efficient and resource-saving. Both encryption and authentication are done in one step. At the moment, the cryptography team is working on international standards for trustworthy algorithms. Who is trusted to develop a fair algorithm? And how do you objectively prove that an algorithm is secure? These are all complex issues for which an interdisciplinary approach is important.

"Don’t leave data in the Wild West"

This interdisciplinarity is also appreciated by Christian Rechberger, head of the Cryptology & Privacy working group at the Institute of Applied Information Processing and Communications in his research area. "Mathematics, programming, electrical engineering, law and numerous other disciplines interlock here." One of his current research topics is quantum computers. "Though we don’t yet know when they will be available. But we want to be prepared. With a quantum computer, many of our current basic protection mechanisms could be broken very easily. That’s why we are carrying out research into methods to protect systems against attacks from such supercomputers."

It is true that a great deal has happened in recent years in terms of data security and privacy - and awareness of it. But Rechberger still sees great potential: "We’re only at the tip of the iceberg, there’s still a lot to do."

Mangard has a very similar opinion: "Data is the most valuable asset of the future. I don’t think it’s a good idea to simply leave it in the Wild West," he says in favour of regimentation. In the end, data creates incredible opportunities. We will only make full use of it "if we manage to protect data and privacy; this is the most important enabler of digitalization". Mangard thinks we’re only at the very beginning: "It’s only just starting."

Challenge accepted

"Don’t feed the bugs" is the credo of LosFuzzys. This is one of the numerous student teams at TU Graz where students can deepen their practical skills. At the young hacker European championship, the European Cyber Security Challenge 2019, the team reached 3 place. Another one of the 16 student competition teams is the TU Graz Data Team , which continually participates in business oriented data science challenges.

Researchers at TU Graz are looking for solutions to the burning problems of the present. What topics are currently on their radars and what you can study to change the future, you can find out on TU Graz screenshots.