September 10, 2015

Future of Security Chapter

  • Clougherty M.
  • Pratt B.

Human behavioral evolution is increasingly dependent on the information that defines us as individuals, communities, or enterprises. The volume of stored data per capita has been growing and will continue to grow at a staggering rate, as humans effectively evolve into digital hoarders. Consequently, the richness of this data makes it a valuable target for those who may want to exploit it for financial or political purposes, and, conversely, the loss of control of this information can have devastating financial and/or social consequences to its owner. As a result of the value of this information, bulk botnet-driven Distributed Denial of Service type of attacks that bring down specific web servers for political or economic reasons are no longer the dominant concern. Furthermore, indiscriminate phishing attacks aimed at stealing arbitrary sets of credentials are no longer as threatening on their own as people become more cautious about accessing sites or opening attachments based on email message. However, a more targeted phishing attack to gain credentials that are used as part of a subsequent targeted attack - a so-called Advanced Persistent Threat attack is potentially devastating. These attacks target specific high value information and, unlike the bulk attacks of the past, the perpetrators of these attacks are ever more sophisticated, well financed criminals, hacktivists, competitors and even governments that will take advantage of the massively increased threat surface that is created by ultra-connectivity of users and devices and the future prevalence of simple, poorly-secured IoT devices connected to the network and cloud services. Fortunately, there is hope in countering this threat through technology and cooperation. In an Us versus Them world, there are simply more of Us those trying to protect data than there are of Them those trying to steal it. We believe that this numerical advantage will form the basis of the solution, by employing massively scalable stream analytics in the edge cloud to detect the presence of attackers and by intensifying widespread sharing of this information among cloud and network providers, shifting the balance away from the attackers. The increasing use of end to end encryption is an attempt to protect the privacy of user data in transit between two points. However, perversely this also makes it difficult for security tools to effectively monitor networks for evidence of infiltration and compromised devices. Thus, the great irony of our age is that the very mechanisms consumers and web services are using to try to protect our data and privacy may actually put our information at greater risk. In the future, approaches will be needed that allow users to provide multiple levels of encryption that permit limited access of information by explicitly negotiated trusted parties. This will form one component of a comprehensive end-to-end security architecture that encompasses end point device and server and cloud network-based security functions that we discuss in this chapter. Finally, we will consider the recent advances in quantum computing devices and consider the impact on current encryption techniques in a post-quantum computing world.

Recent Publications

August 09, 2017

A Cloud Native Approach to 5G Network Slicing

  • Francini A.
  • Miller R.
  • Sharma S.

5G networks will have to support a set of very diverse and often extreme requirements. Network slicing offers an effective way to unlock the full potential of 5G networks and meet those requirements on a shared network infrastructure. This paper presents a cloud native approach to network slicing. The cloud ...

August 01, 2017

Modeling and simulation of RSOA with a dual-electrode configuration

  • De Valicourt G.
  • Liu Z.
  • Violas M.
  • Wang H.
  • Wu Q.

Based on the physical model of a bulk reflective semiconductor optical amplifier (RSOA) used as a modulator in radio over fiber (RoF) links, the distributions of carrier density, signal photon density, and amplified spontaneous emission photon density are demonstrated. One of limits in the use of RSOA is the lower ...

July 12, 2017

PrivApprox: Privacy-Preserving Stream Analytics

  • Chen R.
  • Christof Fetzer
  • Le D.
  • Martin Beck
  • Pramod Bhatotia
  • Thorsten Strufe

How to preserve users' privacy while supporting high-utility analytics for low-latency stream processing? To answer this question: we describe the design, implementation and evaluation of PRIVAPPROX, a data analytics system for privacy-preserving stream processing. PRIVAPPROX provides three properties: (i) Privacy: zero-knowledge privacy (ezk) guarantees for users, a privacy bound tighter ...