Legal, Ethical, Social and Philosophical Issues

We are researching legal, ethical, social and philosophical issues concerning the interplay between information security technology, its theory, and society. This includes the impact of surveillance, information security and privacy enhancing technologies on societal norms and behaviour, the philosophical foundations of information security and privacy, the legal protection of technological protection measures employed in digital rights management systems, the duty of organizations to use technology to protect information security and information privacy, the ethical limits of surveillance, biometrics and sensor technology, the liability of organizations for information security breaches, the regulation of spam and malware, automating the enforcement of privacy norms, the ethics of privacy enhancing and technologies, the legal ontology for security and privacy, legal aspects of public key infrastructures, the regulation of encryption technology, and the ethical use of information security technology.

Mathematical Foundations of Cryptographic Algorithms

Mathematics provides the foundation for much of cryptography. Shannon’s mathematical foundation of secrecy systems relies on probability theory and analysis of cipher systems from early times heavily draws on statistical methods. Since the late 1970s, cryptography has been closely connected to number theory. Many modern day public key cryptosystems make use of arithmetic in number theoretic structures. Moreover, the security of these schemes is frequently based on the presumed difficulty of a number theoretic problem. Construction of systems with information theoretic security uses combinatorial structures and algebraic codes as the main techniques, and mathematical models and proofs form foundation of today's provable security.

System and software security

Security systems are often designed in response to specific needs using a range of techniques (including cryptography) in order to achieve the stated security requirements. Using systematic approaches in design and evaluation of security of a system provides higher assurance about the performance of that system. Malicious software aim at subverting security of the systems and gaining unauthorized privileges. Detection of malicious software and protection against them is particularly challenging due to the complexity of today’s software systems.

Wireless and Communication Security

Wireless communication provides flexibility and power for communication while at the same time gives much more power to attackers to break into the systems. Sensors are small low powered devices that are used for applications such as monitoring environmental factors and identification. A sensor networks consists of a collection of sensor, connected through wireless communication with the aim of providing a specific service. Security of sensor networks not only includes protection against traditional attacks but also new attacks that are specific to sensors including easy loss of sensors and the need to use weaker security primitives to cope with low sensor power.