Security & Privacy Radar 2025

Security & Privacy Radar

Légende Legende

Cryptographic Governance Cryptographic governance helps in detecting where cryptographic migrations are most urgent and in performing the migration itself. It allows to understand where and how cryptography is used and to implement and monitor changes.
Security policy as code For an organisation or region it is necessary to have concrete recommendations on the use of cryptography. Expressing these recommendations as code allows for increase insights, automation & security.
Crypto migratie In the next decade, cryptographically relevant quantum computers may undermined the current generation of public-key cryptography. Preparing the migration, which will be slow and cumbersome, is necessary.
Verifiable credentials Digital credentials following the W3C standard and that can represent information found in classic physical credential. These credential are one of the standard recommended for the European Union Digital Identity Wallet.
Post quantum crypto Cryptographic algorithms considered secure against an attack performed by a quantum computer. Most relevant are the NIST standardisation procedure and lattice-based cryptography.
Confidential computing Confidential computing (CC) allows an entity to do computations on data without having access to the data itself and may facilitate collaboration between distrusting organisations. CC can be realised in a centralised way with homomorphic encryption or a trusted execution environment (TEE) or in a decentralised way with secure multiparty computation.
Crypto-agility In cryptographic protocol design, cryptographic agility or crypto-agility is the ability to switch between multiple cryptographic primitives. It facilitates migration from old to new cryptographic protocols, such as from modern public-key cryptography to post-quantum crypto.
Joining data for research purposes In order to conduct their research, scientists often need access to non-aggregate data fragmented over multiple organisations. Several proposals exist to do this in a privacy-friendly way.
Zero-trust security (models) The main concept behind zero trust is “never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a corporate network such as the corporate LAN and even if they were previously verified. Also known as “perimeterless security.”
Format-preserving encryption Format-preserving encryption (FPE) protects data at rest and in use, and when accessed through applications while maintaining the original data length and format. FPE can therefore be used to protect data at the point of ingestion, storage in a database or access through data pipelines, without modifying existing applications significantly.
Cloud containers security Cloud containers security refers to the implementation of security processes, testing and controls for container-based architectures in cloud computing environments. Container management tools such as Kubernetes provide capabilities to deploy, scale, and monitor container infrastructure and can expand the potential attack surface.
API security testing APIs represent a major attack surface for web-enabled applications. API security testing is a specialised type of security testing that identifies vulnerabilities in APIs. API security testing also includes automated API discovery to help maintain an inventory of APIs.
Digital identity wallet Digital identity wallets (DIW) enable the sharing of identity data and all kinds of attestations across any number of organisations and use cases. Through the European DIW, citizens should be able to prove their identity and share information from their DIW, while staying in control of their data.
Code security assistants Code security assistants leverage capabilities of generative AI models and static analysis to aid developers in identifying, analysing, and mitigating security vulnerabilities within a given codebase. They could help identify vulnerabilities early by acting as automated code reviewers. They could also help automate some aspects of security checks that may otherwise require manual effort. They could also help generate code with security best practices.
Multi-Factor Key Derivation Function (MFKDF) Password-based key derivation functions exists to derive a cryptographic key from a password. MFKDF increases the security by adding other authentication factors, like TOTP, HOTP, and hardware tokens.
Searchable encryption Searchable symmetric encryption (SSE) is a form of encryption that allows one to efficiently search over a collection of encrypted documents or files without the ability to decrypt them.
Oblivious transfer (OT) An oblivious transfer (OT) protocol is a type of protocol in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred.
Private set intersection (PSI) Private set intersection allows two parties holding sets to compare encrypted versions of these sets in order to compute the intersection. In this scenario, neither party reveals anything to the counterparty except for the elements in the intersection.
Personal Health Train The Personal Health Train (PHT) aims to connect distributed health data and create value by increasing the use of existing health data for citizens, healthcare, and scientific research.
Zero-Knowledge Proofs In cryptography, a zero-knowledge proof is a protocol in which one party (the prover) can convince another party (the verifier) that some given statement is true, without conveying to the verifier any information beyond the mere fact of that statement’s truth
Dark web / Deep web The Deep Web includes internet content not indexed by search engines, while the Dark Web is a subset accessed via special browsers and often associated with anonymity and criminal activity. Understanding them is important for cybersecurity, law enforcement, and accessing unindexed information.
Quantum programming languages As quantum computers are getting more powerful, it becomes increasingly relevant to be able to write quantum algorithms. This is based on different principles compared to classical languages, and, hence a new skill set.
Generative cybersecurity AI technologies Generative cybersecurity AI technologies are non-traditional methods for improving analysis methods in the security technology of systems and applications (e.g., user behaviour analytics, improved detection of potential attacked from system logs).
DisInformation Security Disinformation undermines trust, manipulates public opinion, and threatens societal stability and security. Disinformation security focuses on detecting and countering the spread of intentionally false information, using various technologies.
Crypto-aware programming languages When developing secure, high-performance cryptographic software, the programmer is presented with a wide range of problems. In contrast to classical programming languages, crypto-aware programming languages do give the programmer support for this.