- Developing ISO/IEC 29128 parts 2 and 3
Cybersecurity/Network and Information security
Ensuring that protocols are rigorously verified according to standardised methodologies could, at least partly, lower the financial barriers for SMEs to enter the certification market, as the consistent and reliable verification of protocols would streamline the certification of more complex systems.
My work is centred on creating robust frameworks for verifying cryptographic protocols within ICT products, services, and processes, ultimately strengthening resilience against cyber threats.
- Progressing ISO/IEC 29128 parts 2 and 3
Cybersecurity/Network and Information security
By implementing rigorous, standardized verification methods, the overall efficiency of the certification process would improve. This would, to some extent, lower financial entry barriers for SMEs in the certification market, as consistent and dependable protocol verification would simplify the certification of more intricate systems.
In the broader European context, my fellowship is poised to have a significant impact on cybersecurity practices, aligning with the objectives set forth by the Cybersecurity Act (CSA) and advancing European interests in bolstering digital security.
- Advancing ISO/IEC 29128 parts 2 and 3
A unified approach to the verification of cryptographic protocols within cybersecurity certification schemes could significantly reduce the costs and workload associated with certifying composite products or services. By ensuring that protocols are rigorously verified using standardized methodologies, the overall efficiency of the certification process would improve. This could, at least in part, lower the financial barriers for SMEs to enter the certification market, as consistent and reliable verification of protocols would streamline the certification of more complex systems.
My primary focus is on developing standardized verification methodologies for cryptographic protocols, which play a key role in enhancing cybersecurity practices across Europe. I am working on creating robust frameworks for verifying these protocols within ICT products, services, and processes, ultimately contributing to greater resilience against cyber threats. The Cybersecurity Act (CSA) promotes the use of certification as an effective cybersecurity tool that can be applied consistently across Member States without creating unnecessary administrative burdens. Previously, products or services certified in one country often had to undergo similar procedures again when different national requirements were in place. With the introduction of the European Cybersecurity Certification (EUCC) scheme, however, certificates issued under this framework will be legally recognized across all Member States once the corresponding Implementing Act is in force. This harmonization is essential for reducing duplicated efforts, saving time and resources, and ensuring consistent cybersecurity standards throughout Europe.
- Advancing ISO/IEC 29128 parts 2 and 3
Cybersecurity/Network and Information security
A unified approach to the verification of cryptographic protocols within cybersecurity certification schemes could significantly reduce the costs and workload associated with certifying composite products or services. By ensuring that protocols are rigorously verified using standardized methodologies, the overall efficiency of the certification process would improve. This could, at least in part, lower the financial barriers for SMEs to enter the certification market, as consistent and reliable verification of protocols would streamline the certification of more complex systems.
My primary focus is on developing standardized verification methodologies for cryptographic protocols, which play a key role in enhancing cybersecurity practices across Europe. I am working on creating robust frameworks for verifying these protocols within ICT products, services, and processes, ultimately contributing to greater resilience against cyber threats. The Cybersecurity Act (CSA) promotes the use of certification as an effective cybersecurity tool that can be applied consistently across Member States without creating unnecessary administrative burdens. Previously, products or services certified in one country often had to undergo similar procedures again when different national requirements were in place. With the introduction of the European Cybersecurity Certification (EUCC) scheme, however, certificates issued under this framework will be legally recognized across all Member States once the corresponding Implementing Act is in force. This harmonization is essential for reducing duplicated efforts, saving time and resources, and ensuring consistent cybersecurity standards throughout Europe.
- Advancing a Standard on Formal Verification of Cryptographic Protocols to Final Draft Stage
Cybersecurity/Network and Information security
In the medium to long term, ISO/IEC 29128-2 can strengthen the methodological basis for evaluating cryptographic protocol specifications in high-assurance cybersecurity certification. This is particularly relevant to Common Criteria-based schemes, where protocol-level properties are often difficult to assess using algorithm-centric or implementation-only methods. The standard can support more transparent, reproducible and comparable evaluation of properties such as authentication, confidentiality, freshness, unlinkability, anonymity and selective disclosure. These properties are essential for systems such as the European Digital Identity Wallet, which relies on advanced cryptographic protocols and privacy-preserving mechanisms. For the EU, the work supports trust, interoperability and regulatory coherence. For SMEs, it may reduce uncertainty, duplicated effort and barriers to entering certification-driven markets.
Value of Research
Societal, Economic or Technological Impacts
In the medium to long term, ISO/IEC 29128-2 can strengthen the methodological basis for evaluating cryptographic protocol specifications in high-assurance cybersecurity certification. This is particularly relevant to Common Criteria-based schemes, where protocol-level properties are often difficult to assess using algorithm-centric or implementation-only methods. The standard can support more transparent, reproducible and comparable evaluation of properties such as authentication, confidentiality, freshness, unlinkability, anonymity and selective disclosure. These properties are essential for systems such as the European Digital Identity Wallet, which relies on advanced cryptographic protocols and privacy-preserving mechanisms. For the EU, the work supports trust, interoperability and regulatory coherence. For SMEs, it may reduce uncertainty, duplicated effort and barriers to entering certification-driven markets.
Title & Organisation Name: Cryptography specialist, National Institute of Telecommunications
Country: Poland
