The Digital Shield: How Cryptography is Turning the Tide in Cybercrime
Cryptography Expert Professor Elena Andreeva tells us how to be safe on the internet and gives insights into the latest developments in cybersecurity.
6.4 trillion Euros in damage are caused by cybercrime worldwide, every year. With an annual increase of 15%, cyber attacks in Austria and beyond are becoming increasingly consequential and harder to control. They’re posing a significant threat to companies, governments, public institutions – and, at a fast-growing rate, to individuals. To tackle the urgent need for research and development in cybersecurity, TU Wien founded a new Center for Cybersecurity, which brings together scientists from different faculties to foster collaboration in this interdisciplinary field at TU Wien Informatics.
Research in cryptography is at the core of protecting us against cyber attacks. We talked with cryptography expert and assistant professor Elena Andreeva from the Research Unit for Security and Privacy about current threats and how to stay safe.
What is cryptography?
Cryptography is a research discipline that creates the mathematical foundation to protect our digital systems against cyberattacks, such as encryption and authentication algorithms. Cryptography nowadays is ubiquitous: We use it on our mobile phones, on our computers, when we do our bank transactions, in our smart homes or smart cars, when we store our photos, or to protect any critical infrastructure. In summary, cryptography is the technological pillar of providing security in the digital world.
Phishing, Hacking through Apps or Public Wi-Fi – it seems that especially our mobile devices are under attack. What are the main threats to look out for?
The basic guideline is to be proactive and vigilant on the web, especially with devices we use daily. The most important ways to protect ourselves are simple but not always easy to follow through. When you browse on the internet, avoid suspicious websites, open websites starting with “https” rather than “http”, and refrain from opening suspicious emails or links from unknown senders.
And: Pay attention to security updates; they are in your notifications for a reason. Especially for devices like smartphones and laptops, we need to install the latest software updates, particularly the security ones. It’s time to be proactive and educate yourself by activating security messages or policies and trying to read the license agreements to understand what data you are giving away.
Most people download apps from the suppliers’ stores without a second thought. But, we need to be careful what kind of access we allow. An app for text messaging does not necessarily require access to your camera, so you can safely disable it from the settings. Especially free apps might not have the necessary defenses in place and can be manipulated.
Finally, we must learn to use communication channels and messaging apps with end-to-end encryption. It ensures that only the sender and recipient can access and read the content of messages. Messaging on most social media platforms doesn’t offer proper encryption by default, so instead, opt for a more secure channel.
What specific threats and defenses do you focus on in your research?
I work both on the theory and application of cryptography. I design, analyze and mathematically prove secure cryptographic building blocks like blockciphers, forkciphers, hash functions. These are used to encrypt and authenticate data, and guarantee security for the Internet, small IoT (Internet of Things) devices, privacy-friendly applications in blockchains, cloud computing, and much more.
Participating regularly in public cryptographic competitions helps me develop my work even further. I co-designed the COLM authenticated encryption scheme, one of the two finalists recommended for robust authentication encryption through the CAESAR public competition.
I’ve recently focused on ciphers with special expanding functionalities, such as forkciphers and expanding functions. I have shown that such expanding ciphers improve security and perform better for both classical authentication and encryption scenarios such as end-to-end secure encryption, Internet communications or IoT security. But they also provide enhanced security in novel privacy-oriented applications, such as secure data computation in the cloud and blockchains.
What is TU Wien Informatics’ role in new developments against cybercrime?
At TU Wien Informatics we aim to develop practical security solutions that come with security and privacy-by-design in mind. These solutions are developed with inherent, in-built security guarantees that reflect even the newest cybersecurity threats. The new Center for Cybersecurity will unite various efforts from different research areas to further enhance our research and applications, from computer science to electrical engineering, mathematics, and law.
Through my research, I aim to develop cryptography that is adept in both terms of security and efficiency with respect to emerging security applications. Plenty of new technology is developing; the most important ones are, of course, applications preserving vast amounts of online personal data. But I’m also interested in novel IoT devices with unique technical requirements – like lightweight cryptography, which is tailored to secure devices with limited computational resources.
Watch the latest TV-documentary on cybercrime with Elena Andreeva “Attack from the Internet” at Puls4 (in German), which shines a light on the importance of cyber attack prevention given their ubiquitous growth nowadays, both worldwide and more concretely, in Austria.
And stay tuned for upcoming activities at the Center for Cybersecurity.
About Elena Andreeva
Elena Andreeva is an Assistant Professor at the Research Unit for Security and Privacy at TU Wien Informatics. Prior to that, she was an Assistant Professor in the Cyber Security Group at DTU, Denmark, and a Lecturer in the Cyber Security Research Group at the University of Klagenfurt, Austria. Her Ph.D. and Postdoctoral research was funded by the Flemish Research Foundation (FWO) and completed at COSIC, KU Leuven, Belgium.
Her research focus lies in the area of theory and applications of cryptography and more concretely: symmetric cryptography, authenticated encryption, forkciphers and expanding functions, hash functions, key derivation, provable security, privacy-friendly security protocols, and cryptography for blockchains. She is interested in the theory and development of provably secure cryptographic designs for secure data communications, storage, and private computation
Andreeva has been actively involved in several cryptographic standardization efforts: SHA-3, CAESAR and lighteight authenticated encryption NIST competitions. She participated in the the hash function LANE (SHA-3), the authenticated encryption families ForkAE (second-round NIST LW process), PRIMATEs (second-round lightweight CAESAR), and COLM (one of the winners in the “security in-depth” CAESAR category) design proposals. She initiated a line of research on the novel symmetric cryptographic expading primitives, such as the FokrSkinny forkcipher and the Butterknife expanding function, which come with elevated security and efficiency benefits. In her latest works at ACNS’23 and ACM-CCS’23 she demonstrates these benefits for pseudorandom number generation, IoT-to-Cloud computation, and most recently for secure messaging, such as the Signal protocol.