Dr. Britta Hale is a cryptographer and Assistant Professor in Computer Science at NPS. Her research expertise is in both the design and analysis of cryptographic protocols, as well as cryptographic applications to UxS, e-voting, and blockchain. Hale holds a doctorate from the Norwegian University of Science and Technology, and a Master of Science in the Mathematics of Cryptography and Communications from Royal Holloway, University of London. She is an active member of the Message Layer Security working group of the Internet Engineering Task Force working on the standardization of group key exchange under maximal security guarantees and a member of the International Association for Cryptologic Research. Hale has recently developed a course on Advocating Technological Change, to run in the Winter ’22 quarter.
The Following Interview was Conducted August 2021:
Cryptographic protocols, self-healing and post-quantum security, represent the current core of my research vectors. There is a significant degree of use-case customization available with cryptographic protocols – a fact that has led the National Institute of Standards and Technology to the conscious decision of not standardizing any one option out of an effort to encourage innovation. Leaning into Project OVERMATCH, I am looking at cryptographic protocol options and customization for autonomous vehicles operating in comms-restricted and contested environments.
It may seem logical that security would be lessened under these restrictions, but modern cryptographic protocols can actually improve security over those used in legacy systems despite the restrictions. They can even offer self-healing under adversarial presence. Imagine being notified automatically and instantaneously of a cyber-attack or cryptographic key leakage, with exact parameters on the amount of data affected – right down to the precise text words and data values the adversary has obtained. That scenario is not fiction but now a very real option, the design and analysis of which I am preparing to go to publication with.
Quantum computers are currently being designed and, when realized, will destabilize many existing cryptographic algorithms. A simple assessment of data sensitivity lifetime indicates that if a quantum computer becomes a reality at any point in the next 30 years, we must have post-Quantum alternatives in use now. We are already at, and potentially past, the deadline for starting a transition to post-Quantum cryptography. There is no margin for apathy in the quantum domain. Ergo, my research is already driving towards security in that future.
Having previously worked in industry on a project that assessed security response for the petroleum infrastructure throughout Europe, this attack came as no surprise. It seems cliché, but we knew this was coming. There is a large body of published research that points to this very security challenge and potential defenses.
Cybersecurity vulnerabilities and attacks are like fault line stress and earthquakes: the absence of noticeable cyber-attacks does not imply a secure system. In fact, it may imply that security vulnerabilities are accumulating and a cyber-attack “Big One” is coming, with catastrophic consequences. As the security of the system degrades over time against increases in technological (and adversarial) capabilities, security defenses must be re-analyzed and adapted. This does not simply imply software updates, but also re-evaluation of network design, hardware, and cryptographic algorithms and protocols to best suit the environment and threat.
Security analyses and design agility build robustness. Naturally, achieving this also implies agility in acquisitions and how contracts accommodate future analyses and adaptation. When we consider the monetary and potential physical consequences of a cyber-attack, such a priori analysis and preemptive planning is a minor investment. As in the current fuel pipeline ransomware cyber-attack, it is reasonable to expect that we will increasingly see large-scale offensive use of cryptography as well as new applications of it.
Another key advance is better involvement for system customers. Better involvement implies facing potential vulnerabilities head-on and participating in decisions on how to solidify the security posture. Security customization is like vehicle customization, and a vendor advertising satisfaction of general security criteria is not unlike one advertising satisfaction of general vehicle criteria. “Four wheels and an engine” hardly provides insight on seating capacity or off-road capabilities. In contrast, involvement in security choices or final product customization transforms the system customer’s defensive capabilities by targeting actual needs.
There are many advances in technology that could help protect against these types of cyber-attacks and those that are coming. Those studying security now are the real defense perimeter for our developing future, and this includes those in non-cyber fields who are broadening their understanding on the side. Fundamentally, by choosing to learn about cyberspace defense, these individuals are building out the capability for being involved in these critical decisions.
Individuals are the real face of the student body, so I will mention a couple illustrative examples among the current graduates.
Persistence, positivity, and determination are characteristics that describe the approach to thesis work of one of my students, Lt. Fritz Hain. The student cohorts that started thesis work in 2020 had an unanticipated challenge before them, and there are many now nearing graduation who never had the opportunity to sit down with their advisors and diagram out research on a whiteboard, nor benefited from in-person camaraderie under long thesis-writing hours. Hain’s positivity, regular updates, and persistent curiosity in experimentation redefined the year and made that challenge look easy.
Few have studied cryptography when they take my Cryptographic Protocol Design and Attacks course. I am always impressed by students who have little background but a strong curiosity in the subject and interest in trying new ideas. Gunnery Sgt. John Lytle was one such student who, following the course, also chose a thesis topic in efficiency testing for post-Quantum cryptographic digital signatures and went on to receive an Outstanding Thesis Award and brief his results to the Principle Cyber Advisor to the Secretary of the Navy.
You are surrounded by an armada of expertise - seize the opportunity! There are researchers from an enormous variety of disciplines at NPS, and you can tap that insight for brainstorming and “big idea” discussions. Knock on doors, make phone and Teams calls, and request a random coffee or lunch break with an expert. Do this both inside your area of study and outside of it as well. This is the hidden little secret of NPS: Experts from all disciplines are unimaginably happy to take time out of their intense schedules to have random “big idea” and future-leaning discussions with students. You may well find that discussion over a coffee provides inconceivable insight and ideas in areas you never knew about, transforming the value you bring with you moving forward.