“The elephant in the network” – secure exchange of encryption keys over internet
Jean Lancrenon is a research associate at SnT in Prof. Peter YA Ryan’s research group (APSIA). He works on security modelling of cryptographic services with a particular emphasis on authenticated key exchange protocols. Jean Lacrenon, Research Associate at SnT, research group APSIA.
How to get into cryptography?
I started studying pure mathematics, which for me is the study of the blueprint of the universe seen through the human mind. I then shifted my research efforts to cryptography, and today I work on the theory of authenticated key exchange, which allows two entities to establish a temporary and secure connection. You need good protocols when people log-on from devices across the world and connect with other people: how can you be sure otherwise you are talking with the right person and without no one else listening or changing your messages on the way? In the Internet such problems happen very frequently. My research is about the theoretical security of such protocols.
Why is authentication important for everyone going online?
Digital services are ubiquitous. The Internet and smartphones allow network access at any time and in any location. Companies and individuals have migrated a large part of their transactions, respectively their private lives, online. Whether it be for friends wanting to reconnect, or for one to access a bank account to perform a transaction, the e-world makes this possible across continents, in the blink of an eye.
But who is really “out there”? Anyone is indeed: “the Good, the Bad and the Ugly”, to rephrase the title of Sergio Leone’s cult movie. So, when we upload our vacation photos or when we input our bank details, how do we know that our secrets or the details of our private lives are not being sent to the wrong people?
This fundamental problem is how to remotely establish a private communication channel with the right entity. Moreover, the ever-increasing sensitivity of the activities we now perform online and the inherent obscurity of digital communications make this problem extremely important to deal with.
How is this problem tackled in cryptography?
The design and deployment of systems allowing secure, practical, and scalable connectivity is by no means a simple feat, and has many different facets, ranging from the mathematical invention and analysis of fundamental algorithms, to their robust implementation in a large variety of hardware and software systems, and even through the study of the socio-technical aspects of users’ and companies’ management of cryptographic keys. The problem is that the theory of the secure authenticated key exchange is not yet fully understood. And, while it is far from being the sole factor in obtaining a secure, practical, and fully deployed system, it is one of the most fundamental.
Our research team at SnT, APSIA, focuses part of its research on the theoretical facet, that which deals with the security analysis of the cryptographic core of such systems, the algorithms themselves.
On a practical level how can the research you are doing be applied in the real world?
Actually, everyone who is talking to anybody else on the Internet needs to acknowledge and be aware of the potential problems. If a person wants to pay online, a temporary secure channel is needed to send payment information to the store he is buying at and not somewhere else. Our contribution is to improve the theoretical foundation of the algorithms that create these channels. This means proving mathematically that a protocol is robust to attacks, thus giving the highest assurance of security.
FinTech Gazette / January 2016