Securing the unseen: How UCalgary is protecting Canada’s digital backbone

Some digital risks are easier to spot, like a sketchy email or suspicious download, but others are hidden deep in the systems we rely on every day. From companies quietly tracking device information to weaknesses built into software itself, many threats operate out of sight, yet shape our daily digital lives.

Since 2023, University of Calgary researchers have led and contributed to numerous projects supported by the National Cybersecurity Consortium (NCC), a pan-Canadian program that funds initiatives to strengthen digital security, advance privacy technologies and train the next generation of cybersecurity professionals.

This year, four new UCalgary-led projects were funded under the NCC’s Research & Development – Spearhead program, with additional contributions to projects at other institutions. Totalling just under $2 million, the funding will support research, development of security tools and student training in practical cybersecurity work.

Securing the Canadian Software Supply Chain project: $470,588 

“If you look at any nontrivial piece of software, it will have its own supply chain, much like a physical product,” says Dr. Lorenzo De Carli, PhD, an associate professor in the Department of Electrical and Software Engineering.

Modern software is rarely written entirely in house. Working with BoostSecurity.io and collaborator Dr. Benoit Baudry, PhD, from the University of Montreal, project lead De Carli studies how software built from multiple layers of code can introduce vulnerabilities. This often includes prebuilt blocks of software code from other software developers called modules that add functionality to systems. If a module contains flaws or malicious code, it can compromise the larger system.

“That (prebuilt) approach has great benefits in terms of cost and speed, but it creates security problems because you now have to worry not just about the core software code you write, but all software imported that was developed externally,” says De Carli.

His project examines all stages of software development, from writing core software code to creating the final software artifacts, but focuses especially on the building and testing phases, which are often overlooked. The goal is to develop tools and practices that strengthen the security of Canadian software systems during these crucial building steps.

Efficiency and Security of Unknown Group Order Cryptography project: $499,411

Led by Dr. Michael John Jacobson, Jr., PhD, a professor and co-department head in the Department of Computer Science, this project explores new mathematical structures for cryptography in collaboration with Faculty of Science professors Dr. Laurent Imbert, PhD, an adjunct professor, and Dr. Renate Scheidler, PhD, as well as a University of Alberta professor. The work involves mathematical structures for which the number of elements is hard to compute, making them useful for building a variety of hard-to-break cryptosystems.

The research will test whether these cryptosystems can improve privacy-focused technologies such as secure cloud services, banking transactions, blockchain systems that record transactions across computers without relying on a central authority, and zero-knowledge authentication, where a user can prove their identity without revealing passwords or secrets.

Jacobson hopes the findings will provide evidence that these approaches could make digital systems more secure and more efficient for practical cybersecurity applications.

“This thorough investigation we’re planning to do is quite novel,” Jacobson says. “A lot of these ideas have been proposed in the literature, but no one has really done this thorough assessment yet. We’re just starting on this, and this NCC funding is going to help us.”

The Location Dragnet project: $450,000

Mobile apps often rely on software-development kits (SDKs) to provide features like maps, analytics or notifications. SDKs can also collect sensitive information including location, device identifiers and nearby devices, often without users realizing it.

“Even if you don’t use a particular app, your devices, like headphones, can broadcast identifiers that are collected. Phones randomize Bluetooth IDs every 10 minutes, which offers some privacy protection, but many other devices do not,” says Dr. Joel Reardon, PhD, an associate professor in the Department of Computer Science.

Reardon is leading The Location Dragnet project, in collaboration with York University, to map how data flows through SDKs. By combining automated tracking with manual investigation, he aims to reveal which apps collect data, how it is used, and which communities are most affected. The project seeks to improve transparency in mobile-data practices, helping developers, regulators and the public understand potential privacy risks.

“Large-scale data collection can be done relatively easily, but understanding how it works once something interesting appears can take hours or weeks. It’s like solving a puzzle,” says Reardon.

“Most of the project funding goes to supporting students to help with the detailed parts of the work. Training students in these methods equips them for broader security careers in malware analysis, forensic reconstruction and reverse engineering.”

Frontier Quantum-AI Cyber Defense: Pioneering Unprecedented Security Measures for Critical Infrastructure project: $500,000

The final NCC-funded UCalgary project explores the next generation of cybersecurity tools to protect critical infrastructure. Cybercriminals are increasingly using artificial intelligence to launch sophisticated attacks, including fraud schemes and ransomware that can cripple organizations. This research combines quantum computing and AI to develop tools that could detect and respond to cyberattacks autonomously, helping organizations stay ahead of evolving threats.

The project is led by Dr. Hadis Karimipour, PhD, Canada Research Chair (Tier II) in Secure and Resilient Cyber-physical systems and an associate professor with the Schulich School of Engineering, in collaboration with Quantum City, IoTech Lab and Axiam Technology. Read more here.

To learn more about UCalgary’s 2025 NCC-funded projects and the broader national cybersecurity research program, visit the NCC website.