If you have ever paid for something online with your credit card, you have probably wondered whether prying eyes could view your precious account information as you sent it into the ether. Of course, protecting valuable communications is not new: wars have been turned on the efforts of code-crackers deciphering details of intercepted enemy plans.
But today the battle is waged online, a cat-and-mouse chase between sender and hacker - and as computers get more powerful the protective codes have to keep ahead to remain useful. Enter the science of cryptography, or ‘hidden writing’, which is a focus of research at the Claude-Shannon Institute, a Science Foundation Ireland-funded group across UCD, Dublin City University, NUI Maynooth and University College Cork.
Professor Gary McGuire, Associate Professor of Maths at UCD School of Mathematical Sciences and Director of the Claude Shannon Institute explains how the approach seeks to disguise messages as they move from sender to legitimate receiver.
“The idea is you would have some message to be communicated between two people and there are prying eyes that want to read the message and you want to protect it from them,” he says. “So the message is transformed into some garbled form that looks like nonsense, and only the receiver knows the transformation and then has to reverse the transformation. The goal is that the eavesdropper is not able to deduce the transformation.”
It works because the transformation uses secret ‘keys’ that allow the information to be encrypted and to allow the receiver to unlock the message.“There’s often one key to encrypt the message and there’s a different key to decrypt the message,” explains Professor McGuire.
“This is very useful in certain protocols, say for buying something on the Internet with a credit card - it is used all the time for validation between two computers.”
But as computing power grows, the threat to security gets bigger too - if you have enough computing power you could theoretically try all possible keys in a practical amount of time: just like fast fingers trying out a combination lock. The current standard for keys is called RSA, but as computers grow more powerful, it will become more cumbersome in the face of security threats, explains Professor McGuire. An alternative is elliptic curve cryptography (ECC), which is a focus of work in UCD.
“The main difference between RSA and ECC is the key size,” explains Prof. McGuire. “The size of the key matters, because if they key is too big the computation slows down and it starts taking too long to do the encryption, so you would be sitting at your Internet terminal waiting for something to happen - you might even think it has frozen. What’s happening with RSA is that as computers get more powerful their keys have to keep doubling in size and they are getting far too big - and the main advantage of ECC is that is has much smaller key size, therefore it is faster.”
ECC, which has its roots in 19th century maths, has a special trick up its sleeve: the mathematical computation that you use to encrypt can be calculated on an elliptic curve. “This operation is complicated which makes it hard for the eavesdropper to undo it, that is what makes it secure,” says Prof. McGuire.
But there is always room for improvement, and UCD is working to make ECC encryption faster and applying it to practical situations. One success came in looking at a new equation for an elliptic curve, published in the literature in 2007, which involved a different formula.
.
“We got very excited when we saw that, we started to study this formula and it turned out to be faster than the previous formulas,” says Prof. McGuire.
Working with Intel and UCC, the UCD team then applied that discovery to a real-world item: a microprocessor.
And while the researchers come up with faster ways to encrypt, there are plenty of future applications. The next big security issue is the cloud, according to Prof. McGuire, where we store information not locally in our own devices such as computers and laptops, but in servers.
“We are moving to small mobile devices and those have big security problems,” he says. “A lot of business executives are doing so much of their business using their smartphones. There’s a lot of private data that should not be in the public, either by voice or email, that is flying around, and encrypting that is a big problem.”
Professor Gary McGuire was interviewed by freelance journalist Dr Claire O'Connell
Related links:
