Academics advise how to keep data secure in a cyber world
Press release issued: 25 November 2014
Cyber security experts from the University of Bristol have advised the European Union Agency for Network and Information Security (ENISA) on how to protect the personal data of millions of citizens.
Two reports, edited by Professor Nigel Smart, Professor of Cryptology, have been published by ENISA.
- The Algorithms, key size and parameters report 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions related to commercial online services.
- The Study on cryptographic protocols provides an implementation perspective, covering guidelines regarding protocols required to protect commercial online communications containing personal data.
The reports give guidance to corporations, member states, and the wider community about current best scientific practice in the rapidly advancing field of cryptography.
The first report provides a set of proposals in an easy to use form, with a focus on commercial online services that collect, store and process the personal data of EU citizens.
The second report focuses on the current status in cryptographic protocols and encourages further research. A quick overview is presented on protocols which are used in relatively restricted application areas, such as wireless, mobile communications or banking (Bluetooth, WPA/WEP, UMTS/LTE, ZigBee, EMV) and specific environments focusing on Cloud computing.
The reports, which also had input from a number of members from the Cryptography Research group in the Department of Computer Science, provide an update to the 2013 cryptographic guidelines report on security measures required to protect personal data in online systems.
Professor Smart said: “It was a joy to work with ENISA once again on the 2014 reports. We received a lot of positive responses from various stakeholders related to last year’s report, and we hope the new reports will have a similar impact.”
The EC Regulation 611/2013 references ENISA as a consultative body, in the process of establishing a list of appropriate cryptographic protective measures for personal data protection. ENISA’s cryptographic guidelines should serve as a reference document. Within this scope, the provided guiding principles are rather conservative based on current state-of-the-art research, addressing construction of new commercial systems with a long life cycle.