Written by: Regina Ashna Singh
The evolution of the Cybersecurity and Privacy Institute (CPI) at the University of Waterloo started under the leadership of an individual who strongly believed in the advancement of research in the areas of data security and privacy. In 2018, he was appointed the inaugural executive director of CPI and was at the forefront of the institute for about three and half years. During his tenure, he took the initial concept of CPI and expanded its eminence by steering the team to achieve the following pivotal establishments: the National Cybersecurity Consortium (NCC), the Chippie Cluster, and CPI’s Excellence Graduate Scholarship. Since joining Waterloo’s faculty in 2017, the University continues to top the list in North America for computer security and databases according to CSRankings. At the time of this CPI spotlight interview, he stated: “What distinguishes the University of Waterloo in security from other universities in Canada is that we educate future professors in cybersecurity and privacy… we have the breadth, depth, and scientific excellence that nobody else has in the country.”
So, who is the person that kickstarted CPI’s legacy? His name is Florian Kerschbaum – German for “blossoming” and “cherry tree,” respectively. Like the cherry tree, CPI has flourished into something so unique (beautiful) and impactful. And it all began with the seed that is Dr. Kerschbaum - professor in the Cheriton School of Computer Science at the University of Waterloo.
The Wonder Years
Growing up in Fürth, Germany, Florian played handball as a youth and generally enjoyed competing in team sports. His father had a PhD in Lutheran theology and eventually became a lawyer while his mother was an English and history teacher. Florian’s first job was programming Microsoft Excel for a management consulting firm of a high school friend. As he matured, Florian developed an overwhelming desire to travel and see the world thus at the prime age of 24, he left Germany for the United States to pursue a master’s degree in computer science at Purdue University in Indiana.
This relocation was the start of a very fruitful journey both personally and professionally. “I traveled once around the [whole] US…I made more than 20,000 miles per car in three trips, and I've seen something like over 40 states, maybe 45”, says Florian. The leap to America also led him to meet and work for Mikhail (Mike) Atallah, cofounder of Arxan Technologies at the time (now known as Digital.ai), who encouraged Florian to pursue a doctorate. “It basically was Mike Atallah, who was, by training, a theory-algorithms person and he wanted to do all these private algorithms and that very much inspired me to follow that path,” says the professor.
Simultaneously, Florian was missing his homeland, so he seized the opportunity to return to Germany where he completed a PhD in computer science at the Karlsruhe Institute of Technology (KIT) and worked for the multinational software company SAP for 12 years. Dr. Kerschbaum says he established the “applied cryptography” and the “anonymization” practices in SAP’s security research labs. Such innovation was only the beginning of what Florian would go on to accomplish back across the pond.
Strengthening Canada’s Global Leadership in Cybersecurity and Privacy
“Old connections always come back to you,” chuckled Florian. He is referring to Mahesh V. Tripunitara, fellow CPI member and professor in the Department of Electrical and Computer Engineering at the University of Waterloo, who first gave Florian the tip that Waterloo was hiring and urged his friend to apply. The pair became acquainted during graduate school at Purdue. Over seven years later, Dr. Kerschbaum continues to make his mark through the development of globally impactful research.
Image Watermarking
In a daunting age of cyberattacks, there are several reports that deepfake imagery is having a negative impact on many businesses/organizations as well as celebrities and/or political figures. According to a quote from Govtech.com, “A new generation of AI-generated phishing attacks, arriving through emails, texts, voice messages and even videos, is targeting government organizations in unprecedented ways. These clever new cyberattacks are posing new challenges for organization defenders because they are delivered without typos, formatting errors and other mistakes seen in past targeted phishing and spear-phishing campaigns.”
Florian concurs and shares some additional real-life examples where misinformation is a huge challenge such as social media, electoral processes, and the White House at large, to name a few.
At the 2023 CPI Conference poster session, one of Florian’s students, Nils Lukas, presented on optimizing adaptive attacks on image watermarking to deter misuse by marking generated content with a hidden message, enabling its detection using a secret watermarking key.
Beyond the University, Google is the latest tech giant to join Microsoft, Adobe, and Intel in an AI watermarking coalition that “is advancing a way to signal when a piece of media has been created or altered by artificial intelligence.”(Source: NBC News)
But Florian says that the fundamental problem is that it is very easy to detect AI if you know what you are detecting. However, if the adversary becomes aware of your detector, it is also extremely easy to avoid that detector. “You're in a really strange situation where you can quietly detect, but you can’t really tell that you have detected it,” stated Florian.
Then, what is the solution? Florian says he believes the answer is “robustness and robustness in this case means that the detector works even if you know that the detector is there”. Therefore, the adversarial optimization approach is a significant advancement in protecting against deepfakes.
Dr. Kerschbaum went on to say that audio and voice are even more vulnerable to attacks than imagery. “I [would] only need a few seconds of a sample from somebody's voice to be able to somewhat reliably forge it,” says the professor. “We [humans] are much better trained in interpreting images than we are trained in retrofitting a sound, therefore it's much easier to forge sound.”
FinTech and Data Science
In March 2024, Florian and N. Asokan, CPI’s current executive director (on sabbatical), were awarded $2 million through the Ontario Research Fund to develop innovative data science and machine learning techniques aimed at safeguarding Ontario’s financial technology (FinTech) and manufacturing sectors from inadvertent data leaks. The project, led by Florian as principal investigator and Asokan as co-principal investigator, will enhance data security in these critical industries.
“If you look at the work of a data scientist…he starts with data collection, then does data cleaning. He stores that data somewhere and manages that data somewhere. Then, there's some analysis or model building and finally inference. Along this entire process, there are a whole bunch of different security and privacy challenges that are very different in nature. And they all require their somewhat unique solutions and I basically tried to tackle all of them individually.”
When asked why companies should partner with the University of Waterloo to solve their business problems, Florian says consumers have much higher privacy expectations of banks, for example, in comparison to other organizations. Therefore, banks need to build very private and secure solutions if they want to remain competitive as the “Apples and Googles” of the world are trying to “invade traditional banking territory.”
“They [banks] need to transform their business from a money-driven business to a data-driven business. They need new innovations and these innovations partially come from us.” Open banking, a framework that allows consumers to share their financial data with FinTech companies of their choice, is a service not yet available in Canada but could be further developed with expertise from researchers like Florian.
Secure Keystroke Authentication System
In May, Kryptos Matching Inc. (company cofounded by Florian) launched its very first secure and private biometric matching system. With encrypted templates and samples, all matching is done on the ciphertexts to ensure the utmost privacy and security. In other words, the method includes encrypting data without decrypting it, so the privacy of data can be preserved while being able to compare it. Florian says tests are currently being run with companies interested in the technology. The breakthrough has the potential to attract allyship from large Canadian financial institutions, which would yield large funding opportunities for the University of Waterloo under the umbrella of CPI. Watch the YouTube video to learn more about the project.
“We need to strike a balance between using data and preserving people's privacy…whether it’s for companies in the financial industry or in the manufacturing industry, it is often the case that they collect data through their products,” says Florian. “They are indeed the data source themselves. So, how can we use the data while preserving the privacy? That is a balance that we need to strike and I’m in the business of striking.”
Florian has also made a point to maintain work-life balance. When he is not busy with his research targets, he enjoys travelling to new countries, cooking a variety of cuisines, and watching soccer on television. It is Florian’s wisdom, poise, and tenacity that he exhibits in many aspects of his life that helped set the foundation of CPI. Today the institute has over 65 faculty members and 100 student members and has awarded over 75 thousand dollars in scholarships.