Professor of Practice Saarinen: ‘Cryptography expertise should be maintained in Finland’
Markku-Juhani Saarinen is a cryptographer, expert in cryptographic methods, whose interest in the field was sparked as a child. Cryptography refers to mathematical safeguarding of information. Updates and start-up processes on mobile phones or computers, for example, are protected cryptographically. Remote connections, e.g. when doing remote work or online shopping, are also secured with the help of cryptography.
Because there are only a handful of researchers in the field of cryptography in Finland, Saarinen represents rarity.
“Professor emerita Kaisa Nyberg from Aalto University was my mentor. She had worked at the Defence Fores before entering the business world and the university. Nyberg had some doctoral students, but they were few. Now she too is retired, so there are very few of us active in working life,” Saarinen mentions.
Self-sufficiency in the field is important for working life and national security
Specialised expertise is required for the reliable technical assessments of encryption methods and systems. One must understand information theory, mathematics, number theory, and even quantum mechanics to work in the field. In Finland, few information security experts have been trained as encryption specialists.
In practical engineering work, basic knowledge of cryptography is needed, for example, when building mobile phones and base stations. Saarinen emphasises, that national self-sufficiency in the field is important for employment, business, and information security:
“Of course, we want to continue having engineering of this type in Finland. There is also a national security aspect here. Finland should maintain the ability to assess independently, who has access to, for example, military or civil communications and how,” he points out.
Cryptography has been used in Finland since before the Second World War. Since that time, cryptographers have traditionally had positions in the communications intelligence service.
“In World War II, Finland had a large code-breaking section, about 1,500 people. They manually smashed codes intercepted from the radio, which were used to tactically control the front-line action. ‘According to the information received’ meant that it is intelligence information,” Saarinen says.
According to him, teaching and research in cryptography in Finland are at a relatively modest level compared to other Nordic countries:
“Our neighbours have a stronger academic tradition. In Finland, the field has been so secretive that even the political leaders of the state probably did not know everything at the time of the Cold War. As a result, the glorious traditions of the industry have been broken in our country. Unfortunately, in the light of publishing, cryptography research is quite limited in Finland,” Saarinen notes.
Information security professional with self-taught hacking skills
Saarinen has been hacking computers since he was a child. Although he was interested in academia at a young age, in his teens, he spent time learning cryptography instead of schoolwork.
His career took off in his early twenties when he was hired to develop cryptosystems at SSH Communications Security, a start-up established by Tatu Ylönen the developer of Secure Shell encryption protocol. The young men were surprised at how quickly and widely the systems were deployed.
“I had a bit of a crypto anarchist attitude towards cryptography, I would say. We did not ask for permissions to do what we did, and the subject was not taught at school. However, it was not long before we received a request for support from an American nuclear weapons laboratory. It was actually quite an unbridled situation. They had our software in place, and they needed user support. It was a time of pioneership in a way,” Saarinen says.
At the same time, he applied to the University of Jyväskylä to study scientific computing. “The studies then consisted half mathematics and half information technology, but later it was possible to have my doctoral dissertation in the field of information security and cryptography. Today, information security is such a large discipline that some universities have a department for it alongside mathematics and information technology,” Saarinen notes.
Cryptography from a global perspective
After his graduation, Saarinen worked as a Teaching Assistant at the Helsinki University of Technology (now Aalto University), starting a dissertation, but left the project to become a security expert in the Middle East. His work there focused more on network security and penetration testing.
“In the Middle East, we were able to do things that were not possible in Finland. Rules and control are looser there, making penetration testing even more interesting. Typically, the customer was a bank that wanted to investigate weaknesses in its systems as a result of the attack tests. At the time, Finnish banks would not have agreed to participate in such penetration testing,” he mentions.
Saarinen defended his doctoral dissertation in the Information Security Group at Royal Holloway, University of London in 2009. His research path took him to work as a start-up entrepreneur and Principal Investigator in the United States. After the United States, it was again the Middle East, when the government of the United Arab Emirates invested heavily in the attack side of information security.
From the Middle East, Saarinen returned to Great Britain, first to Cambridge and then to Oxford, where he has lived for the past five years. His current workplace, PQShield, is located in Oxford. He was the first full-time employee in this University of Oxford spin-out. The company focuses on developing quantum-safe cryptography; algorithmic solutions that are resistant to attacks with quantum computers.
Professorship of practice combines theory and praxis in the best possible way
In his career, Saarinen has seen both the practical and the theoretical side of cryptography. According to him, the grass seems to be often greener on the other side of the fence:
“When I am on the industrial side, I find myself thinking that the academic world is going ahead. The results do not always seem real when you cannot see them concretely in the academia. Right now, I feel like I am in an ideal situation when I can conduct basic scientific research and also be involved in industry and the business world,” he says.
Saarinen ended up a professor of practice in Tampere via the SocHub project, which is a joint development project between the University and the business world. Its goal is to create world-class co-developed systems-on-chips. The project also promotes research and education in system-on-chip design.
“The SocHub research group is building systems-on-chips and that is where our interests met. I have designed cryptographic command extensions related to RISC-V processors and system circuits, and people in Tampere were interested in adding these features to their chips,” Saarinen mentions.
He plans to expand his contribution to the research group:
“Our group’s focus is mostly on the deep technology of information security. We are trying to profile ourselves as a Tampere-based hard technology shop that competes on an international level,” he points out.
In the future, Saarinen finds it important to create more cryptographic expertise in Finland:
“I wish I can supervise doctoral students, if there are suitable students interested both in cryptography and systems-on-chip. Both subjects do not need to be perfectly mastered at the beginning of the studies, but the end goal in the studies is set high,” Saarinen summarises.
Text: Essi Niemenmaa
Photos: Jonne Renvall