The Department
The Cryptography and Security Department focuses on three major domains – applied cryptography, network security and digital rights management. The mission of the Department is:

• To be a world-class security research center with globally admired research output
• Providing Singapore with cutting-edge security technologies & solutions that serve national objectives
• Generating IP and training manpower in the ICT security sector to benefit local industry

Currently the Department consists of five groups working on cryptography, sensor network security, defending malware, personal content DRM and enterprise content DRM, respectively. Each group has parallel core/external projects. Besides the five major groups, there are two small projects on RFID security and automotive security.  Among the ongoing projects, six of them received external research funding from local and overseas organisations.

Key Competencies

• Cryptography - design and analysis of cryptosystems
• Defending against malware - protect mobile devices from virus and worms
• Digital rights management - digital copyright protection by software obfuscation
• Sensor network security - key distribution and detection of node compromise
• Privacy protection - security and privacy in e-commerce and data mining
• RFID security - fighting physical counterfeits by secure RFID data chaining and management
• Security protocols - authentication, fair exchange, e-payment, key agreement

• Method and Apparatus for Digital Content Copy Protection, USPatent No. 6711553, 23 Mar 2004
• Remote Authentication Based on Exchanging Signals Representing Biometrics Information,  US Patent No. 6910129, 21 June 2005
• Method and Apparatus for Encrypting and Decrypting Data, SingaporePatent No. 97038, 31 October 2005
• A Method of Exchanging Digital Data, European Patent No. 1082836, 23 November 2005
• Method and Apparatus for Constructing Efficient Elliptic Curve Cryptosystems, SingaporePatent No. 99167, 27 Jan 2006
• A Method of Sale Auditing in Private Transaction of E-goods, Singapore Patent No. 104005, 31 May 2006
• Method and Apparatus for Encrypting and Decrypting Data, USPatent No. 7110539 B1, 19 September 2006
• An Interactive Messaging Communication System, Singapore Patent No. 107005, 31 Jan 2007
• A Method of Generating an Authentication". SingaporePatent No.110390, 28 February 2007
• Public Key Cryptography and a Framework Therefor, SingaporePatent No. 110701, 30 April 2007

• Scalable Trusted Online Dissemination of JPEG2000 Images, ACM Multimedia Systems, 11(1):60-67, 2005.
• New Efficient MDS Array Codes for RAID: Reed-Solomon-like Codes for Tolerating Three Disk Failures, IEEE Transactions on Computer, vol 54, no 12, pp. 1473-1483, 2005.
• Minimizing TTP's Involvement in Signature Validation, International Journal of Information Security, 5(1):37--47, January 2006.
• Scalable Authentication of MPEG-4 Streams, IEEE Trans. on Multimedia, Vol.8, No. 1, pp.152-161, Feb. 2006.
• Augmented Certificate Revocation Lists, 11th Australasian Conference on Information security and privacy (ACISP'06), LNCS 4058, pp 87-98, Springer-Verlag, July 3-5th 2006, Melbourne, Australia, July 2006.
• Analysis of a Secure conference Scheme for Mobile Communication, IEEE Transactions on Wireless Communications, Vol. 5, No. 9, September 2006.
• Routing Optimization Security in MobileIPv6, Computer Networks, 50(13):2401--2419, Elsevier September 2006.
• Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure, Proc. of ACM CCS 2006, pp 221 – 234,   November 2006.
• Formal Proofs for the Security of Signcryption, Journal of Cryptology, Vol. 20, No. 2, April, pp 203-235, Springer, 2007.
• Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks, Proc. of USENIX Security 2007, August 2007.

• Design and analysis of block cipher and homomorphic  cipher
• Advanced cryptography for defense
• Defending against malware for mobile devices
• Secure tele-medical system
• EnterpriseDRM
• Sensor network security
• Personal content DRM
• JPEG2000 standard
• IETF Mobile IPv6 standard
• Security and privacy of data mining

• 7 technology transfers to industry, both MNC and local SME
• Research funding from local and overseas organisations, the European Union (EU), COT (Commercialisation of Technology by Exploit Technologies, the commercialisation arm of A*STAR),  etc.
• 30+ patents in the areas of encryption, authentication, fair exchange, PKI, digital copyright protection, private information retrieval, e-commerce security, distributed system security, etc
• Cryptanalysis/attacks on 70+ crypto schemes/security protocols
• International standard ISO/IEC JTC1/SC29 JPSEC 15444-8, one of the major contributors
• Host of eight international conferences: ACM CCS, ICICS, PKC, ISPEC, ISC, MADNESS, IWAP, ACNS
• 60+ international publications each year
• 50+ invitations to international conference program committee each year

Click here for the Cryptography and Security Department infosheet.