Information security studies if systems satisfy the security needs of those who depend on them. The fundamental technology to assure such systems is cryptography. It is thus foundational to ask if cryptography provides the security guarantees needed and what these are. Researchers in the ISG are pursuing these foundational questions by bringing cryptography and ethnography into conversation.
While cryptography is a field that actively interrogates its foundations, these foundations are, unsurprisingly and sensibly, understood to be of the complexity-theoretic and mathematical variety. However, cryptographic security notions – and everything that depends on them – do not exist in a vacuum. While the immediate objects of cryptography are not social relations, it presumes and models them. This fact is readily acknowledged in the introductions of cryptographic papers which illustrate the utility of the work by reference to some social situation where several parties have conflicting ends but a need or desire to interact. Yet, this part of the definitional work has not received the same rigour from the cryptographic community as complexity-theoretic and mathematical questions.
This research area focuses on remedying this situation by grounding cryptographic security notions in findings from ethnographic fieldwork in adversarial situations; to establish what security means within social settings. Ethnography allows us to learn that which people do not know themselves. The exploratory nature of ethnographic enquiry, rooted in fieldwork with the group it aims to understand, is thus a key enabler in unlocking an understanding of individual and collective security needs and practices (see "Ethnography of Collective Security Needs and Practices" research area).
As a point of departure, the work carried out by ISG researchers considers large-scale urban protests to understand protesters' security needs, practices and the technologies they rely upon. Thus, while providing unique and deep insights into security needs and practices in these settings, it also analyses these technologies (see "Attacks on Cryptographic Protocols" research area) and proposes new solutions based on the findings from fieldwork (see also "Advanced Functionalities from Lattices" research area). By bringing cryptographic security notions to the field, this research area provokes a series of security questions about, for example, confidentiality and anonymity in online and offline networks, trust relations and how to establish them, onboarding and authentication practices.
- Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, Lenka Mareková: Collective Information Security in Large-Scale Urban Protests: the Case of Hong Kong. USENIX 2021
- Martin R. Albrecht, Rikke Bjerg Jensen. What does "secure" mean in Information Security? malb::blog July 2020. https://martinralbrecht.wordpress.com/2020/07/10/what-does-secure-mean-in-information-security/