Human-Centric AI & Security Seminar

Building Quantum-Resilient System: An Empirical Investigation of Post-Quantum Cryptography APIs

Speaker: Nalin Arachchilage

Pricing

• Free

Dates and Times

Contact

Tina Wu

More information

Abstract:

As quantum computing advances, Post-Quantum Cryptography (PQC) has become critical to ensuring the long-term security of digital systems. While significant progress has been made in standardising PQC algorithms, far less attention has been paid to how developers interact with these technologies in practice. In this talk, I present findings from an empirical study conducted in collaboration with ExeQuantum, Australia, examining the usability of PQC APIs and how usability challenges influence secure software development.

Through a controlled user study involving developers with varying levels of expertise, we analysed how participants implemented PQC primitives in realistic programming tasks. Using the Cognitive Dimensions Framework, we identify common usability barriers, including API complexity, documentation deficiencies, and reliance on prior security knowledge. Our findings reveal that poor usability often leads to misconfigurations, insecure coding practices, and increased cognitive load, ultimately undermining the intended security of PQC systems.

I will also discuss key design and documentation recommendations, including secure-by-default APIs, improved developer-centric documentation, and better abstraction mechanisms to support non-expert developers. These insights are essential for ensuring that PQC adoption translates into real-world security benefits through stronger collaboration between academia and industry.

Bio:

Dr Nalin Arachchilage is an Associate Professor in Cyber Security in the School of Computing Technologies at RMIT University, a Regenerative Futures Fellow, and the Group Leader of the Human Centred Cyber Security (HCCS) research group within the RMIT Centre for Cyber Security Research and Innovation. His work advances human centred cybersecurity and privacy, bringing together technical, behavioural, and policy perspectives to strengthen digital trust. With a strong emphasis on building secure, resilient, and quantum ready critical infrastructure systems, Nalin's research tackles some of the most pressing national and global cyber challenges As a Programme Manager, he contributed to the redevelopment of RMIT's Master of Cyber Security program, embedding regenerative futures principles to build a sustainable, ethical, and industry aligned curriculum.

Nalin's career spans Australia, New Zealand, the United Kingdom, Canada, Vietnam, and Sri Lanka, where he has held senior academic and research roles bridging academia, industry, and government. His previous positions include Senior Lecturer and Assistant Head of School (Research) at the University of Auckland, Senior Research Fellow at La Trobe University's Optus Cyber Security Hub, and Lecturer at UNSW Canberra at the Australian Defence Force Academy, where he pioneered Australia's first human centred cybersecurity courses for defence personnel. He has also worked as a Postdoctoral Researcher at the University of Oxford and the University of British Columbia, contributing to foundational work in systems security and usable privacy.

Nalin has served as an Honorary Associate Professor at the University of Warwick and is currently a Technical Advisor to DEFSAFE Cyber Security Inc. His leadership and international experience position him as a recognised thought leader at the intersection of cybersecurity research, education, and policy, committed to advancing cyber resilience across communities, industry, and national security sectors.