CyberSecurity

One of the biggest challenges for Danish companies is the threat from hackers. Modern businesses and organizations have a complex IT landscape which makes it a constant battle to make sure there are no holes or weaknesses for hackers to exploit.

DIREC has launched a number of projects in the field of cybersecurity. The projects will develop the underlying technology that enables a high level of cybersecurity and provide us with knowledge about the opportunities that are provided by new advanced digital technology.

Why CyberSecurity?

Securing our companies and organizations

Many companies see it as a matter of time before they are exposed to an attack that affects their systems, and they work in parallel with prevention to manage critical business processes during and after a potential attack. Cybersecurity does not only affect large companies, but many small companies must increasingly be able to document and meet ever higher requirements in relation to cybersecurity in order to become a subcontractor to larger companies.

Securing critical infrastructure

Critical infrastructure cybersecurity has become even more important, especially with the geopolitical changes and an increased digitization of the infrastructure.

Next generation of cryptographic protocols (Post quantum)

Another potential future scenario for cybersecurity is the risk that our current encryption protocols will be broken by future quantum computers and smart algorithms. Therefore, there is also a race to develop post-quantum encryption, which is expected to be able to withstand attacks from a quantum computer. However, these protocols must both be thought through carefully and be fast if they are going to be the backbone of our digital communication system in the future.

In parallel with a growing threat assessment, new advanced technology is continuously being developed to help create more transparency, more secure protocols, better systems for detecting hackers, and better tools for analyzing programs and infrastructure for weaknesses.

Secure IoT Solutions

Security is important for all digital solutions, but for IoT solutions we are facing several new challenges. Many of these systems are deployed globally and the environment might be harder to control. Some of them are controlling critical systems and some of them might have limited resources for processing data. So how do we keep them secure?

Explore the DIREC project addressing this topic.

project: SIOT – Secure Internet of Things – Risk analysis in design and operation

The need for security in IoT systems is huge, however, it is difficult to achieve due to the systems’ characteristics.

Together with industry partners, this project aims to identify safety and security requirements for IoT systems and develop algorithms for quantitative risk assessment and decision-making. The aim is furthermore to create tools for designing and certifying IoT security training programs that will enable Danish companies to obtain security certification for their IoT devices, thus giving them a lead in a market that is likely to demand such certification in the near future.

Security and privacy

We are generating a lot of sensitive data as citizens and in our companies and organizations. The data is valuable for e.g. training AI systems and performing big data analysis, but how can we use the insights from the data while securing the privacy around the data?

Explore the DIREC projects addressing this topic.

project: Privacy and Machine Learning

There is an unmet need for decentralised privacy-preserving machine learning. Cloud computing has great potential, however, there is a lack of trust in the service providers and there is a risk of data breaches.

Today, a lot of data is private and stored locally for good reasons, but combining the data in a global machine learning system could lead to services that benefit all. For instance, consider, consider patient information (e.g., medical images) stored at hospitals. It would be great to build diagnostic and prognostic tools using machine learning based on the data, however, the data can typically not be shared.

This project aims to develop AI methods and tools that enable secure and privacy-preserving use of sensitive data for machine learning. The goal is to address the lack of trust in cloud service providers and the risk of data breaches, while still enabling the use of analytical tools.

The results of the project could lead to innovative ways of using data and increase the competitiveness of Danish companies.

Project: Accountability Privacy Preserving Computation via Blockchain

Cryptographic technologies such as multiparty computation make it possible to share data without the recipient gaining insight into the data sets themselves. The technologies have existed since the 1980s, but they are still unknown to many authorities and companies, despite the help they can offer when it comes to making calculations on sensitive, confidential, and proprietary data.

This project aims to combine secure multiparty computation and blockchain techniques, to enable efficient privacy-preserving computation with accountability, allowing computation on private data while maintaining an audit trail for third-party verification.

Potential applications include data analyses and fraud detection, such as identifying and eliminating wage gaps, detecting fraudulent bids or bets, and other computations that require authenticity and consistency of inputs. The project can potentially help fight discrimination, catch unethical and fraudulent behavior, and generate positive publicity for honest participation.

Secure Online Elections

Today, some countries around the world allow online voting. Estonia has had electronic voting since 2005 and Greenland’s election law was changed to allow it in 2020. But how can we ensure that online elections are secure and create the needed trust in the system?

Explore the DIREC projects addressing this topic:

Project: Trust through Software Independence and Program Verification

There is constant interest for Internet Voting by election commissions around the world. This is illustrated well by Greenland – their election law was changed in 2020 and now permits the use of Internet Voting. However, building an Internet Voting system is not easy: The design of new cryptographic protocols is error-prone and public trust in the elected body is easily threatened.

A software-independent voting protocol is one where an undetected change or error in software cannot cause an undetectable change or error in an election outcome. Program verification techniques have come a long way and promise to improve the reliability and the cybersecurity of election technologies but it is, by no means, clear if formally-verified software-independent voting systems also increase public confidence in elections.

Together with the authorities in Greenland, this project will investigate the effects of program verification on public trust in election technologies. The project aims to contribute to making internet elections more credible, which can strengthen developing and post-conflict democracies around the world.

Project: Verified Voting Protocols and Blockchains

There is constant interest for Internet Voting by election commissions around the world. At the same time, there is a need for online voting in blockchain governance. However, building an internet voting system is not easy: The design of new cryptographic protocols is error-prone, and public trust in the elected body is easily threatened.

Together with an industrial partner, this project aims to improve the security and quality of the internet voting system and influence regulation on minimum quality requirements for blockchains.