‘I should not be dismissed as some cutesy thing that likes to play with numbers’

20 Feb 2019

Aisling Connolly, a researcher in information security based in Paris. Image: Aisling Connolly

Aisling Connolly is a researcher in information security in Paris who really wants you to take control over your own data.

After obtaining her degree in maths and economics at NUI Galway in 2012, Aisling Connolly went on to complete a master’s degree in simulation science at University College Dublin.

In 2015 she made the move to Paris to pursue a PhD in information security at the École Normale Supérieure. She is currently completing this PhD as well as working as a privacy engineer in the advanced research team at Ingenico Group.

What inspired you to become a researcher?

Since I was a kid, I loved to solve puzzles and there were various events throughout my studies that led me to develop an interest in the intersection of maths, computer science and engineering. But there was one definite event that immediately and unquestionably made me decide that I would devote my life to research.

In 2014, former CIA employee Edward Snowden released a series of documents that outlined some of the projects conducted within the NSA. The documents detailed grave privacy violations of entire populations, and it was through these that I learned the potentially lethal dangers of proprietary knowledge and information.

This was the catalyst that made me level-up from being someone who enjoys doing maths, to being someone who needs to deeply understand maths and use it to make a positive change.

Can you tell us about the research you’re currently working on?

This begs for a joke about how my work is all ‘highly classified’. When I started my PhD, I wanted to deeply understand privacy with respect to information and technology. I quickly learned that, actually, we don’t really have a notion of what privacy is as it has not been defined yet, but there have been some efforts to understand it recently.

I spent the past few years gobbling up as much information as I could about things we do understand, like secrecy, fairness and what it means to break an information system. I started by getting a very high-level overview of what is currently in use and what is needed, and began to dig down to try and understand the theoretical foundations underpinning these systems.

The goal is then to build this back up and try to form a more user-centric, modern understanding of information security. Currently I am working on the provable security of ciphers and I never want to stop.

In your opinion, why is your research important?

“Cryptography rearranges power: it configures who can do what, from what.” This is the opening statement from an essay written by cryptographer Phil Rogaway, who sums up the importance of this type of research better than anyone.

We have seen data companies grow so large that they monopolise huge amounts of citizen data. We’ve seen that this affects all aspects of our lives from the things we buy, to who we vote for, to what we believe. By giving big companies such a clear view of our data and our lives, we allow them to dominate and construct society in the way that they wish. By bringing cryptography to people, we redistribute power and we regain technological and societal freedom.

What commercial applications do you foresee for your research?

This is one of the fields of research where we are lucky enough to have an infinite list of commercial applications. Pretty much every single thing that communicates needs some level of security and privacy built in – from fridges to cars, to Facebook and phones, to weapons and wars, to clouds and beyond.

Just take a look around your immediate vicinity, find an electronic device, and I guarantee you there is a commercial application of security needed to be built for that device. We’ve a lot of catching up to do!

What are some of the biggest challenges you face as a researcher in your field?

Immediately, the biggest challenge that comes to mind is that of being a woman. The matters in this field are serious and technical, matters traditionally dealt with by men. It seems a constant struggle to convince people that I am worth listening to, that I indeed comprehend the seriousness and complexity of the topic, and that I should not be dismissed as some cutesy thing that just likes to play with numbers.

Gender aside, the biggest challenge for me is the pace at which we must work in this field. Technology has advanced and has been brought to market alarmingly quickly. Security needs to be faster, cheaper, stronger and more diverse, and all of this needed to be done a decade ago. At the same time, we need to plan for future quantum computing threats.

Are there any common misconceptions about this area of research?

‘Crypto’ means cryptography! All these cryptocurrencies became immensely popular and stole the show by calling them crypto and cryptos. Now, whenever we say we work in crypto, the immediate response is ‘Oh? You’re bitcoin people too?’ No, when we say crypto, we mean cryptography.

More seriously, I think there is a common misconception that cryptographers all communicate very securely. This is often not the case! We are all very busy people and enjoy the benefits and ease of technology, even if it comes at the cost of weaker security. Although, messaging apps like Signal allow us to use encryption very easily, so we’re getting better.

What are some of the areas of research you’d like to see tackled in the years ahead?

This type of work is very cool and it’s seriously fun, but because of this many researchers focus on the ‘sexy’ side of security and neglect some of the most necessary topics.

Look at email. Do you know how to send an encrypted email? It’s quite difficult and even if you manage to generate all your keys correctly and encrypt the message, the only part of the email that gets encrypted is the message body. Things like the sender, receiver, subject line and date are all sent in the clear.

With this metadata, you can already infer a lot of information about the situation. There may be ‘bigger’ problems, but solving the metadata problem is of vital importance for information flows as they exist in the world today.

Are you a researcher with an interesting project to share? Let us know by emailing editorial@siliconrepublic.com with the subject line ‘Science Uncovered’.