16 Nov Algorithm age
Abu Dhabi’s Technology Innovation Institute Cryptography Research Centre (CRC) has built the The UAE’s first national and sovereign crypto library and puts United Arab Emirates in a small league of countries that possess advanced digital data security capabilities. SME speaks to Dr Najwa Aaraj, chief researcher at the Cryptography Research Centre about its vital work.
What are the main security threats that the crypto library addresses?
The sheer volume of cyberattacks and their increasing sophistication have made cybersecurity a core area of focus today. The integration of the National Crypto Library within the UAE’s critical digital infrastructure and live systems will enable a more seamless and comprehensive security strategy, ensuring data confidentiality, integrity and source authentication across crucial data-sensitive sectors such as finance, healthcare, and telecommunications. The first release of the library was integrated into several secure communication products with advanced cryptographic protocols and since then, we have continued to strengthen it through working on different schemes.
Moreover, as you know, boosting quantum computing capabilities can result in threats to data security. This premise underscores the importance of the launch of the UAE’s post-quantum cryptography library and our sustained effort to safeguard against quantum computer / algorithms attacks. The Post Quantum Cryptography (PQC) software library serves as the bedrock of any security application or product in development today that integrates public-key cryptography algorithms.
The algorithms that currently support encryption, including public key cryptography, are still considered to be safe for e-commerce because while quantum computing is already a reality, the technology is expensive in terms of resource utilisation. In addition, standards have not yet been established, and use cases are still confined to scientific and government research. However, the race is on among researchers who are trying to find post-quantum encryption algorithms that work.
How can a post-quantum cryptography software library protect against cyberattacks?
The competition I referred to earlier relates directly to the cryptography used widely today – math-based algorithms that are primarily utilised in public key cryptography. When sufficiently powerful quantum computers become a reality, cryptographic schemes that are widely prevalent today will be completely weakened by the relevant quantum algorithms.
The post quantum cryptography (PQC) library provides multiple schemes for public key encryption, key encapsulation mechanisms and digital signatures that are resistant to quantum computers. They are very different from today’s public key algorithms, whose security levels can plunge to zero with sufficiently powerful quantum computers capable of running Shor’s polynomial time algorithm, that allows breaking prime factorisation and discrete logarithm problems on which today’s RSA and ECC algorithms, respectively, are based.
The PQC library offers an advanced level of security that cannot be breached even by sophisticated quantum computers. Cryptographers at CRC as well as several of our global peers are now engaged in developing PQC algorithms. The United Arab Emirates is now in the league of countries that possess advanced digital data security capabilities – it is really a question of joining the crypto race to retain a degree of control over our encrypted data and digital sovereignty.
Can you tell us a bit more about PQC algorithms and why they are important?
Post-quantum cryptography (sometimes called quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (public-key algorithms providing public key encryption, key encapsulation mechanisms, and digital signatures) that are thought to be secure against attacks by relevant quantum algorithms running on sufficiently large quantum computers.
To overcome the security challenges quantum computers pose to public key cryptographic schemes, we have unveiled the first PQC software and hardware library in the UAE. International and Emirati researchers at CRC have developed this library that supports a wide variety of computer architectures and operating systems to advance the cryptographic and security capabilities of Abu Dhabi and the UAE.
Many organisations are working to create post-quantum algorithms before massive scale quantum computers break the public-key algorithms. Many assume that both PQC and traditional algorithms will be used once people begin to trust the PQC algorithms and apply their security protocols. One factor to keep in mind is that PQC algorithms used in security systems will need to be routinely upgraded to ensure they continue to safeguard encrypted data.
The library has been integrated into several secure communications products – can you tell me a bit more about this and these products and how this is being applied?
The library has been integrated to provide secure cryptographic protocols deployed in various secure communication systems. We are also working on integrating our library in widely known protocols to provide two flavours of such protocols: Hybrid and Post Quantum.
How are you working with industry and businesses in sharing information you find that may relate to cybersecurity?
The Cryptography Research Centre (CRC) has partnered with several international and Emirati universities with the aim of advancing breakthroughs in the field of cryptography. We have signed partnership agreements with Ruhr-University Bochum (Germany), Radboud University (the Netherlands), Khalifa University (the UAE), University of Milan (Italy), Polytechnic University of Turin (Italy), Federal University of Santa Catarina (Universidade Federal de Santa Catarina in Brazil), and New York University (the USA). CRC also announced a partnership with Yale University (the US) earlier this year.
Working synergistically with these and other industry partners, we will carry out disruptive research to advance breakthroughs across the wider cryptographic spectrum. We are confident that this research will lead to significant transformative impact worldwide.
Can you tell me a bit more about the cryptographers working at the centre – how many are there and where are they drawn from?
At the Cryptography Research Centre, there are currently 59 researchers, scientists and engineers hailing from every corner of the globe including the GCC region, Europe, Asia, and South America. We have a diverse team with 28 different nationalities working together on ground – this aligns with TII’s mandate to attract global talent to live and work here and make Abu Dhabi their home away from home.
Why is cryptography a subject of particular interest to Abu Dhabi?
As is the case with any major city or country, today it has become a national security imperative to maintain cyber security and safeguard confidential information and data. Cryptography is an information security mechanism used to protect enterprise information and communication from cyber threats and achieves several information security-related objectives including confidentiality, integrity, and authentication, and non-repudiation.
Mathematical rule-based calculations or cryptographic algorithms are used in cryptographic key generation, digital signing, verification, encryption, decryption, hashing and other operations in order to protect data privacy, web browsing on the internet, as well as in confidential communication like credit card transactions and emails. Cryptography is an advanced tech domain that contributes significantly to shaping the knowledge economy in any country – a core national priority for the UAE.
The main purpose of establishing the Cryptography Research Centre (CRC) at TII is to conduct advanced research and development across multiple areas of cryptography, fundamental as well as applied cryptographic disciplines. These include design and development of classical crypto libraries, post-quantum cryptography, as well as lightweight cryptography. In addition, we are exploring cryptography for the cloud, confidential computing and privacy preserving schemes, hardware-based cryptography, cryptanalysis, and cryptographic protocols.
With the core parameters defining data compilation, storage and transfer changing dramatically, along with the convenience, ease and efficiency we enjoy comes the inherent challenge of security breaches and data becoming compromised. Cryptography as a field is poised to grow – the US Bureau of Labor Statistics (BLS), projects a 28% job growth in the information security field between 2016 and 2026, a figure that’s significantly higher than the 7% job growth BLS predicts for the average profession.
Any business that views security as critical, will realise the importance of having sovereign cryptographic technologies and achieving technological breakthroughs.
Can you tell me a bit about your background and your interest in cryptography?
I hold a PhD with Highest Distinction in Applied Cryptography and Embedded Systems Security from Princeton University, USA. I also have extensive expertise in applied cryptography, trusted platforms, security architecture for embedded systems, software exploit detection and prevention systems, and biometrics. I hold more than 15 years of experience in working with global firms across multiple geographies from Australia to the United States.
As chief researcher of Cryptography Research Centre (CRC) at the Technology Innovation Institute, I lead R & D of cryptographic technologies, including post-quantum cryptography (PQC) software libraries and hardware implementation, privacy preserving cloud schemes, as well as lightweight cryptographic libraries for embedded and RF systems, among the fields I highlighted earlier. I sit on the board of multiple security and machine learning based start-ups – primarily in the US.
What are the plans for the library going forward – are there any particular areas of interest they will be focusing on?
We are continuously working on our sovereign classical and post quantum cryptographic libraries and their maintenance. We will support the advancing of software and hardware platforms and also ensure support for standards as and when they come through. In addition, we are working on further integrations within the country’s digital infrastructure and also collaborating to support international client requirements.