The modern world runs on data. It is one of the most valuable commodities and many of our day to day activities are based on generating or using this data. The convenience of our world, in which a single device brings us internet searches, shopping lists, online purchases, texts and
phone calls is designed to create, store and use data to make life easier and more and more of our daily activities will be conducted online despite security concerns. For example, online purchasing and banking require guarantees that customers data and identities are verifiable and secure.
The act of voting is also now moving to being completed online. While this would surely encourage more people to vote by making the process available on your smartphone, the security and integrity of the system is a concern. Is the system hackable? Can it be shutdown by malicious actors, causing
chaos on voting day? How can we be sure that the person casting the vote online is in fact that person or that they are not being coerced to cast a certain ballot. These are just a few examples of the breadth of the information security field and the foresight required to build secure systems.
Kanta Matsuura, who is a Professor at the Institute of Industrial Science in the University of Tokyo, has been working in this area since the early 2000s. For him, these are issues that the public needs to understand so they can trust in the security tools being developed, such as cryptography
and blockchain technologies. 'Traditionally in cryptography, there is a well-known principle proposed by Auguste Kerckhoffs that says a cryptographic system should be secure even if everything about the system, except the secret key, is public knowledge and available to attackers,' says Matsuura.
'To build such a system requires a careful evaluation of these infrastructures before they are designed, known as security by design.' Matsuura therefore believes that stakeholders be well informed regarding the methods used in the construction of the system and the methods used in the security
evaluation of the system. 'This introduces scientific rigor to the discipline, and contributes to real-world activities such as standardisation, product validation, risk communication, and so on,' he says