TNO’s view of 2030: Digital privacy and security for everyone
Privacy and cyber security are the cornerstones of our digital society. ‘Digital privacy and security for everyone’ is therefore one of TNO’s ambitious goals. In 10 years, we’ll ensure that everyone can exchange data online with complete peace of mind. Together with our partners, we are making this possible with smart innovations in data encryption, quantum-safe data sharing, and secure digital infrastructure.
In this article, Erik Meeuwissen (Senior Consultant) and Maaike van Leuken (Researcher) discuss a number of topics including Self-Sovereign Identity (SSI). SSI is one of the technologies TNO is working on in the area of privacy in relation to data sharing.
Less and less control over how your data is shared
We work with privacy-sensitive data in order to protect the digital security of organisations and the general public. In recent years, however, it has become clear that the public have less and less control over how their data is shared. At the same time, a large part of our private lives is being recorded in ‘digital environments’: from our financial affairs in banking apps, healthcare details in hospital information systems to borrowing a book from the library.
‘The whole society is digitising and anything could go wrong. Simply put, we want to make sure things can no longer go wrong.’
Self-Sovereign Identity (SSI)
SSI gives the user control over which (personal) data is shared with whom. The recipient can quickly verify this shared data electronically, for example for authenticity and validity. The process uses cryptographic technologies, such as ‘(decentralised) public-key cryptography’, ‘zero-knowledge proofs’ and in some cases also ‘distributed ledger technologies’.
This enables an efficient exchange of verifiable digital information, where a high level of trust can be achieved. Even between parties who do not naturally trust each other.
‘SSI and other applied cryptography lets us share data in a way that is privacy-friendly and secure.’
Ownership of your data
Maaike: ‘From a privacy perspective, digitisation presents many challenges, but just as many opportunities for improvement. SSI allows us to own our data and choose who to share it with.
Think of it like showing your ID at the supermarket to buy alcohol. Now, the cashier can see your entire passport, including your nationality and place of birth. If you were to digitise this process, you could strip away data to show only what is relevant to a particular situation: in this case your date of birth.
We can go even further by using zero-knowledge proofs that confirm you are 18 without even sharing your date of birth. Being in control of your own data: that’s what SSI is all about.’
The challenge is adoption by society
SSI is a technology that originated around 10 years ago and is now in its adolescence. We can do many things already, but SSI technology has not yet reached maturity. The biggest challenge is now adoption by society.
Cryptography can be used to encrypt information but also to prove its origin. Of course, malicious users also adapt to the latest technologies. That is why it is very important to recognise deviant behaviour early so action can be taken.
Erik: ‘If a failure is imminent or an attacker has access to parts of the infrastructure, TNO creates algorithms to detect this kind of behaviour early. We want to make sure that an attacker, who aims to achieve his goal in small steps, can never do so’.
Digital security in all sectors: from finance, government and tech to logistics
TNO works on the assumption that all digital environments could be a target in the coming years. That is why it has many ongoing research projects with partners in areas such as the financial sector and government. On a more specific level, TNO then focuses on technological niches that have not yet been covered. ‘Big tech is seeking to monopolise the SSI market,’ says Maaike, ‘and we are trying to remain a step ahead.’
Erik: ‘Working in this field remains a cat-and-mouse game, as cyber attacks are getting smarter and smarter. Another aspect to mention is that detection research at TNO has mainly focused on office environments. But these attacks can also target vital processes, posing an immediate risk to life. That is why we are also broadening our research to include operational technology (OT).’
‘Technology alone won’t solve all of our problems. Partnerships to ensure that our work has an impact within society are just as important.’
The future: ‘self-healing’ technologies
What does the future hold? Maaike: ‘In three years’ time, I would like to see the first big SSI pilot within TNO, with everyone at TNO logging in to their computer via SSI for a week. At the same time, SSI needs to be used within government agencies and the medical profession. By 2030, SSI technology could prevent a huge amount of errors and enable healthcare providers to engage in their core task instead of typing up documents’.
Erik: ‘We are also carrying out research into “self-healing” technologies that can respond even faster to attacks and disruptions, just like the human immune system. AI will play a big role in this. But it remains still difficult to say what the future holds. And technology alone won’t solve all of our problems. Partnerships to ensure that our work has an impact within society are just as important’.
Want to know more about SSI-technology?
Erik MeeuwissenFunctie:Senior consultant
Erik Meeuwissen is a senior consultant and leads TNO's Security Monitoring & Detection team. The team has a track record on cyber attack detection in company networks and is broadening its scope to OT. To counter advanced and targeted attacks, anomaly detection is a key ingredient. The team is active in different sectors including government and financials.
Maaike van LeukenFunctie:Scientist / Innovator
Maaike van Leuken is a cryptographer at TNO. She graduated in computing science and cyber security from Radboud University in 2021. Her focus is on the intersection between computing science and cryptography. Amongst others she has been working on privacy-enhancing technologies and the implementation of cryptographic algorithms. In the area of self-sovereign identity, she is responsible for providing clarity in the zoo of international SSI-related standards.
Looking for an expert?View all experts