Efficient and secure: better systems for enhancing cybersecurity

KKChitchanok Chuengsatiansup moved from the University of Melbourne to the University of Klagenfurt at the end of 2024 with the aim of continuing her work on optimised cryptographic codes that accomplish several goals: While maintaining the security offered by the design, the computational resources required to execute cryptographic code and the overheads to integrate such code into different systems should be minimal.

By what methods do you hope to achieve better cybersecurity?
Suppose there is a message sent from person A to person B. If persons A and B do this using an app offering no security measures, there is a risk that someone could be looking over their virtual shoulders, reading the text along with them. I work on technologies that encrypt the message and then decrypt it again at the end so that only the intended recipient can read it. So-called cryptography is a fundamental mechanism in many areas today, designed not only to protect privacy of our communication, but also to ensure that sensitive areas such as online banking, electronic health records or online tax returns are conducted in secure environments. Companies and state institutions also rely on secure systems.
It takes additional computing power to encrypt and decrypt data. Does cryptography necessarily make our systems slower?
Generally speaking, it is true that stronger security requires more computing power. The aim is to find a balance between the security requirements and the effort involved. If cybersecurity measures render systems too slow, too unwieldy or too resource-intensive, users will often bypass them. In our research, our aim is therefore to develop a cryptographic code that achieves three goals: it should be correct, efficient and easy to maintain.
What does that mean in practice?
In principle, the code must deliver correct results: one plus one must equal two and not three. Otherwise, security cannot be guaranteed. Furthermore, the code must not compromise the general performance of a system. We also have the challenge of maintenance: Nowadays, the aim is to make all kinds of systems secure, from large servers to small devices such as pedometers. It should be possible to integrate a cryptographic code into multiple devices using simple methods. It should also be easy to integrate into devices yet-to-come in the future.
Can you further explain your approach? How do you improve cryptographic code?
We specify the possible arithmetic operations at the outset, and then we determine which modification options should be possible in the code. Then we leave it to the computer to try out the various combinations and search for an optimal algorithm. In a joint research project, which I was involved in as part of my work at the University of Melbourne, we developed a cryptographic code optimiser called CryptOpt that can automatically generate codes for various devices. The code adapts iteratively, measuring performance and thus arriving at its best possible configuration through a series of steps. This system delivers competitive results as those achieved by experts manually optimising the code.  This joint research was also conducted by colleagues at the University of Adelaide, Monash University, Ruhr University Bochum, the Massachusetts Institute of Technology, Stanford University and the Georgia Institute of Technology. CryptOpt is an open-source project that aims to empower anyone, including non-specialist IT technicians, to create optimised cryptographic code for their systems.
In open-source projects, information is usually publicly and transparently accessible. What if hackers also make use of it?
In terms of this project, it is about optimising cryptographic code. If a hacker makes use of this project, the hacker will be able to optimise the code as well. Whether this will be helpful in breaking a cryptosystem, it is a different story.
Finally, how careful are you about keeping your data secure?
I would say that I certainly try to do everything I can to protect my sensitive information. Of course, there are some restrictions: I would like to ensure the highest possible security, but at the same time I need to communicate online and use applications. I try to find a balance here, too. In my community, at least in terms of messenger services, it’s not that difficult – cybersecurity researchers have similar needs and tend to use more secure services.
 

.flex_column.av-2m3gnqd-4871955db91e9f2603ea88fb6b09dc51{
border-radius:0px 0px 0px 0px;
padding:25px 25px 25px 25px;
}

#top .av-special-heading.av-mm7u9k5-478127070ed151066e3eb3637e941cbf{
margin:0px 0px 0px 0px;
padding-bottom:0;
}
body .av-special-heading.av-mm7u9k5-478127070ed151066e3eb3637e941cbf .av-special-heading-tag .heading-char{
font-size:25px;
}
.av-special-heading.av-mm7u9k5-478127070ed151066e3eb3637e941cbf .av-subheading{
font-size:15px;
}

About the person

Chitchanok Chuengsatiansup joined the Department of Artificial Intelligence and Cybersecurity as full professor in November 2024. Before that, she held the position of Senior Lecturer at the University of Melbourne and Lecturer at the University of Adelaide in Australia. After completing her doctorate at Eindhoven University of Technology in the Netherlands, she worked at INRIA and at ENS de Lyon in France. She completed her Bachelor’s degree at Chulalongkorn University in Thailand, followed by a Master’s degree at the University of Tokyo in Japan. The aim of her research is to improve the security and efficiency of cryptographic systems. Specifically, she focuses on optimising interrelated factors in order to develop highly secure cryptographic software capable of performing at speed.
Der Beitrag Efficient and secure: better systems for enhancing cybersecurity erschien zuerst auf University of Klagenfurt.