Our activities in the field of information security started in 1992 when Cybernetica’s predecessor institution became the primary contractor for the national Information Security program. Cybernetica has been rapidly developing and currently involves around 60 researchers and system engineers. Throughout its existence, Cybernetica’s main research field has been cryptology and information security. The main research goals are related to various theoretical and practical aspects of Cryptography, including Public Key Infrastructure, Time-Stamping, Secure Multiparty Computation, as well as other aspects of database security and copyright problems.

The international acclaim of the researchers currently working at the Information Security Institute is demonstrated by several indicators – the number of publications in highly rated venues, participation in the program and organizing committees of international conferences and Summer schools, as well as by Cybernetica’s regular participation in international research and development projects funded by the Framework Programs of European Union. Cybernetica’s Information Security Institute also participates in the Excellence in IT in Estonia (EXCITE).

Language-based security analysis of cryptographic protocols

In our approach, the security proof of a protocol is a sequence of transformations from the initial protocol to an obviously secure protocol; we require that each of the transformations is rather simple and allows a simple proof that it does not change the observable behaviour of the system. We investigate the integration of a transformation-sequence-finding tool with a transformation-verifying tool as well as interactive options for protocol researchers.

Attack Tree Analysis Systems and Applications

The attack tree model identifies a particular threat and lists the subattacks necessary to materialize it. In order to increase the expected outcome, the attacker uses knowledge concerning success/failure of some elementary attacks to decide which attacks to skip or try next.

Privacy-Preserving Computations

The primary task of data mining is to develop models about aggregated data, for example about the habits of internet users, without access to precise information in individual data records. We study the cryptographic approach to privacy-preserving data mining and its connections with the well-known randomization approach (Randomized Response Technique). Based on fundamental research results, we have developed the highly successful Sharemind secure computation platform.

Internet Voting Security

Internet voting is an example of a privacy-sensitive application area. On one hand, it is important to find out the voting result; on the other hand, the ballot secrecy has to be protected. Our goal is to make privacy-preserving computing, or cryptocomputing, efficient in Interent voting as well as other real-life applications which include multi-party protocols.