Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
The Future of Computer Security
Privacy and Security in the Quantum Age
Ian Buitenkant
What is Security?“The state of being free from danger or threat”
In the context of computer security:
Keeping data (and sometimes hardware) safe from being exposed, tampered with, or destroyed
Encryption: keeping data hiddenEncryption relies on “trapdoor” functions:
One way is easy, the other way is hard...
Factor(21) = {3,7}
Factor(26) = {2,13}
Factor(6895601) = {1931,3571} Unless you know the secret!
6895601➗3571 = 1931 (very easy)
EncryptionGiven plaintext P, key k, function f, and ciphertext C, encryption might look like this:
f(P,k) = {C}P to C -- apply the function on the Plaintext and the key (encryption)
1931 x 3571 = 6895601
C to P -- apply another function on the Ciphertext and the key (decryption)
6895601 ➗ 3571 = 1931 f’(C,k) = {P}
Quantum ComputersBits: 1 or 0
Qubits: 1, 0, or both
“Spooky action at a distance” - multiple qubits are not independent → we can perform multiple actions simultaneously
Shor’s algorithm: efficient factorization
Should we worry?Largest prime factorization problem ever solved by a QC? 291311
Fairly small. Modern encryption: hundreds of digits
Is there any way to tell how fast QCs will become?
Currently have a 20-qubit at IBM for experiments
SolutionsPost-quantum encryption:
Better trapdoor functions to rely on (lattice encryption)
Better understanding of the limits of quantum computers
Infinite in every direction: difficult to reason about even with classical computation
Privacy
PrivacyHow much do we willingly share?
Contact info, relationships, physical address, personal information.
Is it reasonable to sacrifice privacy for convenience?
To what extent?
PrivacyHow much do we unknowingly share?
Google knows more about you than you think
Sending physical tracking data from a phone
Able to discern location, time, and speed
Speaking of Google, how much trust do we place in 3rd party organizations
Equifax security breach: 143 million exposed, 200,000+ credit cards
Trust
https://www.csoonline.com/article/3260191/security/healthcare-experiences-twice-the-number-of-cyber-attacks-as-other-industries.html
Medical facilities: Large amounts of personal data stored. Increasingly becoming the targets of cyber attacks
PerceptionHead of Security at Equifax: Master’s in Fine Arts and Music Composition, UGA
Large gap in supply/demand for security professionals
Programming vs Security
Social perception of cybercrime
The Future of SecurityTechnology growth is accelerating more than ever before
More software/hardware → more opportunities for cyber crime
Both fields are growing at different rates
Asymmetry principal:
Attacker only needs 1 opening, defender needs to find/fix all of them
What can you do?Use safer passwords: don’t reuse them
Be wary of public WiFi (even on the right connection)
Read EULAs: https://tosdr.org/ Community project to make ToS documents more readable and accessible
Sourceswww.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-dohttps://eugdpr.org/the-regulation/www.cnbc.com/2017/11/20/what-does-google-know-about-me.htmlwww.forbes.com/sites/forbestechcouncil/2018/08/09/the-cybersecurity-talent-gap-is-an-industry-crisis/www.nbcnews.com/business/consumer/equifax-executives-step-down-scrutiny-intensifies-credit-bureaus-n801706https://www.csoonline.com/article/3260191/security/healthcare-experiences-twice-the-number-of-cyber-attacks-as-other-industries.html