Two elite researchers for IT security and data protection
GWK agrees to the foundation of the Max Planck Institute for Cyber Security and Privacy – Gilles Barthe and Christof Paar to become founding Directors
The Max Planck Society will found the Max Planck Institute for Cyber Security and Privacy in Bochum. After the Senate voted for its establishment last November, the Joint Science Conference (GWK) has now decided to include the Institute in the support from the federal administration and the federal states. The Max Planck Society has already contracted two founding Directors in Gilles Barthe, who had previously been researching at the Institute for Advanced Studies in Software Development Technologies in Madrid, and Christof Paar, a professor at the Ruhr-University Bochum.
There has long been an imbalance of forces in information technology: to make their programs absolutely safe, software developers have to predict every conceivable attack and take appropriate action. On the other hand, attackers only need a single security gap to render all of the safeguards useless. The work of data security and data protection experts is made more difficult by the fast innovation cycle in information technology such as the Internet of Things, in which various devices communicate with each other, and cloud computing, where data is processed and stored on distributed computers in a network.
“Information technology and its applications are constantly changing. This always involves new challenges for data security and data protection,” says Max-Planck President Martin Stratmann. “At the Max Planck Institute for Cyber Security and Privacy in Bochum, our basic research in these fields will help us to find comprehensive and sustainable solutions. We take an interdisciplinary approach that also considers the economic, legal and social aspects of the developments in information technology.”
IT security and data protection in an age of big data
Researchers at the new Institute will develop not just cryptographic methods for new software applications, for example in the cloud, in the Internet of Things and embedded systems, i.e. computers in vehicles or household appliances. They will also answer fundamental questions as to how data protection can keep up with the constant changes in the world of IT. This is necessary so that we can continue to enjoy data privacy in the future, despite the extensive data trails we leave behind on the web, or artificial intelligence’s ability to analyse huge amounts of data.
The technical progress that has been made in IT also requires changes from a legal, economic and social point of view. For example, we need to explore questions of how we can guarantee our right to have our data forgotten by the Internet, or provide data security and protection with limited resources. Other research questions within the scope of the new Max Planck Institute include how social participation and political opinion-making processes change when algorithms are taking more and more decisions, for example about the information we receive through social networks.
Hot on the trail of the attacker’s strategies
When fully operational, the new Max Planck Institute will comprise six Departments and 12 Max Planck research groups, which will enable it to investigate various aspects of IT security and data protection. Until the Institute moves into its own building, which is to be built by the Land North Rhine-Westphalia, the researchers will begin their work on the premises of the Ruhr-University Bochum. “The Ruhr-University Bochum is a leading centre for research into data security and data protection,” says Martin Stratmann. “With the new Max Planck Institute for Cyber Security and Privacy, we will further enhance the national and international standing of the location in these fields.”
For Christof Paar, one of two Directors who has already been appointed alongside Gilles Barthe (a third appointment is currently being negotiated) – his old place of work will also be his new one, at least temporarily. Paar is currently investigating the strategies of attackers on IT systems, who put a lot of effort into finding security gaps, together with cognitive psychologists at the Ruhr-University Bochum. The researchers’ goal are methods that allow them to quantify the attackers’ efforts and to increase them to a point where it discourages adversaries. Another part of his work, as a reaction to Edward Snowden’s disclosures, is to search for defence mechanisms against Trojans that exploit security weaknesses in the hardware. Before this, Paar and his team had discovered several security gaps in small, embedded computer systems, for example contactless chip cards or keyless central locking systems, and helped close these, amongst other things. Although the security requirements on such systems are very high, their computing and energy capacities are limited. In order to take account of these circumstances, Paar has developed the resource-efficient encryption method PRESENT.
Formal tests for the security and protection of data
Gilles Barthe is moving from the Institute for Advanced Studies in Software Development Technologies in Madrid to the new Max Planck Institute. The mathematician is one of the world’s leading researchers in the field of formal methods for software and system security as well as cryptography and data protection. For example, he investigates whether programs that process sensitive information such as the salaries of a company’s workforce, only evaluate the data to the extent and in the manner as prescribed. Because today’s software is very complex, Gilles Barthe has developed methods that analyse the flow of information in such programs automatically, as it were, in other words they do not rely on any manual interventions. He has also made a crucial contribution to the EasyCrypt software. This allows a systematic test of the reliability of cryptographic protocols, that work with randomly generated codes to encrypt electronic payment transactions, for example.
“With Gilles Barthe and Christof Paar, we have garnered two leading scientists in their respective fields of research for the Max Planck Institute for Cyber Security and Privacy,” says Martin Stratmann. “By choosing the best brains in their fields, also for further Departments, the Institute and thus the research location Bochum will become an international magnet, not least for outstanding talents in the field of IT security, data protection and their relevance for society.“