Can you explain what the SPOOC research project is?
This project focuses on cryptographic protocols, in particular those used to secure electronic voting. My work entails the design of security proofs, so as to ensure that these protocols provide the necessary guarantees in terms of confidentiality, anonymity and authentication. It is a major and complex issue, due to the proliferation of digital tools and services and the possibility for users to remain constantly connected. Our work is further complicated by the presence of malware and viruses on some computers. Within the scope of the SPOOC project, we are developing protocol analysis tools capable of verifying that new functions such as the protection of anonymity and non-traceability work correctly, including on non-secure platforms. Over time, we will be able to apply these methods to electronic voting so as to guarantee its security - even if the voter's computer has been infected by malware.
What attracts scientists to this field of research?
It is a very rich research subject that combines several facets, both theoretical and practical. We start by developing the algorithm that will automate, partially at least, the search for proofs on protocol reliability. We then design software enabling the automatic verification of the quality of these protocols. In this context, my team and I interact with researchers in the fields of security and software verification. And then there is also a fun side, which consists in trying to find flaws in the cryptographic protocols.
Where do we stand with regard to electronic voting?
Electronic voting is already used massively for professional elections, and an increasing number of countries are asking themselves if they should apply this method to political elections or not. Some countries, such as Germany and Ireland, reject this idea. Estonia has been using electronic voting for its political elections since 2005, and now allows people to vote via the Internet in order to elect members of parliament. French people living abroad also had the possibility of Internet voting during the last legislative elections. Internet voting, just like any postal vote, is very difficult to secure. In this context, researchers must both alert the public to the risks involved with this type of vote and propose cutting-edge solutions together with an explanation of their limitations.
What does the ERC grant mean to you, and how are you going to use it?
Firstly, receiving an ERC grant is a major recognition of my research work, which has been carried out in collaboration with colleagues and students who should also get a lot of credit. The resources allocated to me will enable me to carry out the project under optimal conditions: I can recruit post-docs, engineers and students as well as strengthen collaborations with foreign researchers in our centre.
Testimonial: Michael Rusinowitch, CASSIS team leader
"This ERC grant will allow him to accelerate his research."
"Steve Kremer has a clear vision of computer security issues and of the weakest link in this activity: badly-designed cryptographic protocols. He has succeeded in identifying the locks that are attacked first and foremost, and applied his in-depth knowledge of formal verification in order to successfully tackle this problem. He is a very talented researcher, who skilfully deals with complex theoretical concepts. Moreover, he has successfully developed a network of collaborations with the finest international experts, and he excels in the training and support of young researchers. For all of those reasons, we are delighted that he has received an ERC grant, which will enable him to accelerate his research on the SPOOC project."
Brief biography
Born in Luxembourg in 1976, Steve Kremer studied computing followed by a PhD thesis at the Université Libre in Brussels, Belgium (2003). Following a post-doctoral fellowship at the University of Birmingham in the UK, in 2004 he joined the Inria SECSI team at the ENS Cachan, before joining the CASSIS team at the Inria Nancy centre, where he now works as research director. He has published numerous articles on protocol security in conferences and specialist journals. He is also one of the first two Inria recipients of an ERC grant in the Consolidator Grant category.
