She co-developed the international standard for lightweight cryptography and finds tinkering with cybersecurity challenges entertaining. An interview with Maria Eichlseder about her research.
News + Stories: What is security for you?Maria Eichlseder: In my lectures I always explain it with the origin of the word. Security comes from securus ("se-" + "cura"), meaning "without worries". Of course, security affects many areas, but we are primarily concerned with information security. For me, not having to worry about my data is the umbrella term for security.
From what perspective do you view security?Eichlseder: From a basic research side, very application-independent. And with the somewhat abstract eye of cryptography. In other words, I am primarily interested in the mathematical principles that make it possible to transform data in such a way that it is secure afterwards, even if it is transported via an insecure channel. This is also the aspect that I find most exciting. Of course, everything has to work together for security, the weakest link in the chain is always the greatest danger. Fortunately, the mathematical foundations are usually not the weakest link. But that’s only because we’ve already spent so much time on it.
What is the danger if cybersecurity is not available?Eichlseder: This looks different in every application. The longer-term implication of not having security or not having cybersecurity methods would be that we would not do anything relevant on our IT devices or on our mobile phones or on our computers because the risk of data being stolen or manipulated would be too great. For me, this means that cybersecurity is the enabler that allows us to do exciting things without having to worry about our data.
Most people are vaguely aware of the risks and still dare to do certain things because they trust that it will work
You have been working intensively on this topic for a long time. What fascinates you personally about this field of research?Eichlseder: On the one hand, it has a certain fun factor. Because whenever you have a game like this between the defender and the attacker in an attack scenario, there is a lot to discover and think about, and also a bit of guesswork. Going through such scenarios and really having to think or puzzle things out is very satisfying work. It’s fun. On the other hand, it is of course great to see how relevant the topic is and how much it has become part of our everyday lives. When I started my studies, even though it wasn’t that long ago, the internet looked pretty different in terms of security. A lot has happened in the last few years. Seeing this is always an ongoing motivation.
In recent years, a lot of everyday applications have shifted to the internet, be it banking or certain administrative procedures with authorities. Does this have much to do with this further development of security?Eichlseder: There was a certain synergy. More important data found its way onto computers, which is why security has had to follow suit. Conversely, we now have many more opportunities to do things over the internet because security has improved so much. If you look at all the official e-government applications, for example. This only works because security is now so widespread and people have a certain amount of trust in it. Most people are vaguely aware of the risks and still dare to do certain things because they trust that it will work.
How much of a cat-and-mouse game is cybersecurity anyway? And who is the cat and who is the mouse?Eichlseder: It’s definitely a game of cat-and-mouse, and that makes sense in terms of game theory. Security is always about having two groups with different opinions. One wants to achieve something and the other wants it not to be achieved. This is the basic setting of security. That’s why it’s always a game of cat and mouse in the spirit of Tom and Jerry, where the mouse also strikes back and the mutual chase intensifies. Getting away from this is one of our goals. But that’s a big goal, because if one of the two does something clever, the other also wants to react cleverly or find a way around it that hasn’t been covered so far. On the technical side, however, you can try to make it much more difficult for the cat. You can do this by thinking about security right from the design stage and taking it into account in the architecture to deter the cat straight away. That is always the dream we have, that at some point there will no longer be this back and forth.
There are always new opportunities that didn’t exist before. Whether increasing computing capacities or other things...Eichlseder: Or new interesting areas of application where suddenly a new cat shows interest.
One technology can never cover all levels of the attack stack
The ASCON algorithm that you co-developed became the standard for lightweight cryptography at the beginning of this year. What is lightweight cryptography and what does it mean that ASCON has now been selected as the standard?Eichlseder: Lightweight cryptography revolves around a range of new applications, for example in the IoT sector, where sensitive data needs to be protected, but under difficult conditions. In the applications concerned, for example, the computing capacities or the available energy are often limited, such as in the case of small battery-powered devices. As a result, the current encryption algorithms in many of these areas are unfortunately simply not efficient enough or not sufficiently prepared for certain attacks. One example of this is the risk of side-channel attacks. Protecting the current algorithms and implementing them securely is often simply too expensive. This has also been recognised by the US standardisation authority NIST (National Institute of Standards and Technology). This authority ensures that a reliable standard is available for all important areas of application, which is then usually also used internationally. NIST then organised a competition for lightweight cryptography, to which my colleagues Christoph Dobraunig, Florian Mendel, Martin Schläffer and I also submitted designs - and to our great delight, our candidate won. Although there is no immediate financial reward for this, I am pleased to see how integration into various real products is now being discussed in different places. This will probably increase in the coming years once the standard has been fully specified. This is currently still in progress. But it is of course a great recognition and shows that we are on the right track here, or were already on the right track when we started working on it almost ten years ago. At that time, the competition was not foreseeable at all, but we saw the area as an promising field of research.
You’ve already touched on it briefly, but why do these small IoT systems in particular require a different standard or different protection mechanisms compared to conventional IT systems?Eichlseder: There are two important differences compared to a laptop, for example. One is that the devices have to make do with limited resources. They are often battery-powered or even passively powered, for example RFID tags. The less energy or peak power I need for cryptography, the longer or better I can work. On the other hand, I often have a more difficult security situation. This is because the devices are often physically accessible to potential attackers. And that means there are often additional risk scenarios, such as side-channel and fault attacks. These are attacks in which the attacker exploits their physical access to the device in order to precisely measure the power consumption or the computing time, for example, or to disrupt the computation in order to derive something secret from it. These are all things that specially protected implementations of the previous algorithms can prevent to a certain extent, but this is very time-consuming and requires a lot more energy. This does not fit in at all with the given restrictions. This is why we need new algorithms that can do this much more efficiently so that data remains secure everywhere.
Now you have this better algorithm. What can it do and what can it not do? It probably won’t be able to cover everything either.Eichlseder: One technology can never cover all levels of the attack stack. This is just the mathematical basis. In other words, this is the algorithm for how I transform data before I exchange or store it via an insecure channel. It can provide protection for this data against manipulation and for confidentiality - confidentiality for the content, but not for metadata such as message length, time or sender identity. It cannot disguise any of this, only the content itself. It can only do this if it is used safely and correctly. This is because there are always some basic rules that need to be observed with algorithms. If something goes wrong because the developer has made a mistake or because something is not working in the device, the security guarantees no longer work. Clearly, the whole thing must also be implemented securely and key management must be implemented sensibly. This is often one of the biggest challenges: managing the keys needed for encryption prudently, generating them correctly at the right time in the right place, exchanging them and destroying them again at the end. It’s complicated. Depending on the specific area of application, a different algorithm may have more advantages - for example, the long-established AES standard is often a good choice.
Don’t click on any dubious links and don’t enter your details anywhere where you are not normally asked for them
You have already mentioned physical access to the Internet of Things systems as a problem. What problems does this physical access cause and what other types of hacks are possible as a result?Eichlseder: For example, it is possible to measure the power consumption during the calculation of the cryptographic process. And if the algorithm is not particularly protected, you could try to use a model that shows which calculations with which data should consume exactly how much power to statistically infer what the individual bits of the key should have been at exactly this one point in time during processing. It’s like trying to crack a password or a numerical code. If you want to pick a bicycle lock with four digits, you can try all the digit variations, i.e. all ten to the power of four possibilities. This of course takes a relatively long time. However, if you can get feedback from each individual digit as to whether it is the right one, for example by feeling a click when turning, then you can go through them individually and need a maximum of 40 attempts in total. You can do a similar thing with cryptographic algorithms when you get hold of the device. This is of course a major risk, because the key can be read out and the security of the entire system is lost. Fortunately, we already have quite a lot of theory on how to protect ourselves against these attacks. For example, you can ensure that the calculations do not depend directly on a key bit at any point in time, but that this is always masked with a certain random consumption or simultaneous calculations of independent values. This makes it much more difficult for attackers, but at the same time requires more resources and energy. It then depends on the algorithm how large the overhead is that is created by this protection.
You have a very comprehensive insight into the topic of cybersecurity. Do you think that normal users still don’t take this topic seriously enough and how could they be made more aware of it?Eichlseder: I think many people are very aware of this and sometimes perhaps even worry too much. They often have a relatively vague picture of what is possible, as it is not easy to see how big a certain risk is. As a result, there may also be misjudgements from time to time. But basically, sensitisation or a certain amount of knowledge already exists. But it’s like many things. You usually know that you should do something a little differently or choose a different password, but then you don’t do it. When it comes to nutrition or climate protection, we also know that we should change some of our habits, but we don’t actually do it. Knowledge alone is not enough. You also have to translate things into action and that is often the hurdle.
For all those who want to translate things into action, what can non-experts do to protect themselves?Eichlseder: I can think of three things where you probably have the greatest leverage. One thing to bear in mind when choosing passwords is not to use the same password for several services, but always vary it in some way. Then you should always keep your software up to date and when choosing software, you should consider in advance whether it makes sense or whether you are taking risks. If you install a mobile phone app and it needs all kinds of permissions, wants to read all your files and access all your contacts, you should ask yourself whether this is really justified and necessary. Perhaps ask yourself whether you should use an alternative app in such a case. That is another major lever. The third point that most people have probably heard of is not to click on any dubious links and not to enter your details anywhere where you are not normally asked for them. Whether on the phone from the supposed bank or some online forms that you did not actively access yourself, but reached via some link. These are three basic guidelines that I would recommend.
This research area is anchored in the Field of Expertise "Information, Communication & Computing" , one of five strategic foci of TU Graz. Planet research. Monthly updates from the world of science at Graz University of Technology are available via the research newsletter TU Graz research monthly.