University City

UNCC professor a leader in cyber security

When we think of those who protect us from harm, police officers and firefighters usually come to mind. But many don't realize there's a person who helps guard our safety in the virtual world as well. And he does so, not with a Taser or fire hose, but with an algorithm.

Dr. Yuliang Zheng, a professor at UNC Charlotte's College of Computing and Informatics, is the inventor of signcryption, a new technology that protects the confidentiality and authentication of our everyday digital transactions.

It's what helps block hackers from breaking into our online banking accounts, and thieves from peeking over our virtual shopping carts and into our wallets full of credit card numbers.

Zheng's signcryption has become so widely respected in cyber security circles that the International Organization of Standardization adapted it in December as the international standard, an important feat that puts our increasingly digitally-connected world on the same virtual page regarding online safety.

The three-year process to become the ISO standard is an accomplishment for Zheng, who has spent decades researching information security technology. After earning his undergraduate degree in 1982, Zheng worked as a software engineer for a telecommunication firm. He then became a cyber security research scientist for the Australian Defense Force Academy. In 2001, UNCC persuaded Zheng to join the College of Computing and Informatics. Considered one of the top 10 international cyber security experts, Zheng has also served as a consultant for numerous banks, government, and e-commerce firms.

Methods of protecting online confidentiality and authentication have existed before signcryption, but have always been a two-step process that Zheng likens to writing and sending a letter the old-fashioned way.

"Authenticity is like when you finish writing a letter, you put your signature at the bottom. You want to make sure that whoever reads the letter knows it comes from you and not someone else," he said. "The next is confidentiality, just like you fold the letter and you put it in an envelope and seal it. You want to make sure the contents are not inspected by someone not authorized to do so."

Using mathematical formulas signcryption quickly condenses both steps into one. This may not seem important to the average person, but Zheng said that's exactly who benefits most.

"I would foresee the primary beneficiary being people in the civilian sector," he said.

Cutting two steps down to one greatly reduces the battery drain on handheld devices such as smartphones and tablets. It also saves costs normally accrued by transporting lengthy encryptions in the two-step process.

Zheng predicts signcrytpion will play an even larger part in consumers' lives when smart cars and the growing use of power companies' smart grids become more commonplace.

It will also help protect users of the growing number of computing clouds that form every day to store information.

Signcryption isn't foolproof, said Zheng, but it's a strong technology to be reckoned with in the cyber world.

"Certainly it will make it harder for hackers to try to break into a system," he said.