Working with industry to improve cybersecurity technology

Sunday, October 8, 2017

Few people outside government and the military paid any attention to cryptography when Gord Agnew began pioneering work in the field in the early 1980s.

So when the electrical and computer engineering professor at the University of Waterloo teamed up with math professors Ron Mullin and Scott Vanstone to develop a better Cyber Security technology to safeguard wireless data, the world didn’t exactly beat a path to their door.

Decades ahead of industry demands

The trio’s number theory breakthrough sped up the encryption process that ensures only the intended recipient can decode sensitive data.

By using the algebraic structure of elliptical curves to generate the encryption key – rather than existing methods that relied on the multiplication of large prime numbers – they were able to produce shorter keys that were still just as secure.

When they launched Certicom in 1985 to commercialize their elliptical curve cryptography (ECC) technology, however, selling its value wasn’t easy. “We called it our missionary work,” says Agnew.

Nor were academics flocking to the field. When Agnew started teaching a graduate course in cryptography, he felt lucky to attract five or six students.

Three decades later, of course, Cyber Security is a multi-billion-dollar issue and the focus of headlines, government task forces and commercial lawsuits. ECC technology underpins BlackBerry and Agnew’s classes attract 80-plus students.

Cyber security is a priority

Even so, Agnew still finds himself proselytizing about the need for robust encryption measures in the ever-growing Internet of Things, where price point often trumps security. He points to wireless home-security systems that can be jammed, Fitbits that leak personal information and wireless glucose pumps that can be hacked to deliver a fatal dose.

“We’re getting these systems coming online that have to be cheap, and they’re just not secure in any way, shape or form,” says Agnew, who doesn’t sport a Fitbit and still relies on an old-fashioned, hard-wired burglar alarm.

Although you can’t make anything completely bulletproof, he says, you can create a solid system by addressing security issues at the design phase, identifying the most serious risks and developing ways to mitigate them.

We really need to think of security from the start instead of adding it on as a patch at the end,

Agnew hopes his research will help make that happen. He’s currently working on ways to develop a secure, reliable and redundant cloud system that is immune to breaches and catastrophic failure.

He also regularly conducts security reviews for companies, drawing on decades of experience to navigate complex issues.

The fact that Waterloo gives faculty members time to work with industry partners, Agnew says, sets it apart from other universities – along with the creator-owned IP policy that was essential to the success of Certicom.

Judging by the number of high-profile information breaches now plaguing businesses and government alike, Agnew won’t lack opportunities to put his expertise to work.

“Cryptography and security is hard … even companies like Apple and Google get it wrong,” he says. “I’m not worried about becoming obsolete.”