The Future of Computer Security

Privacy and Security in the Quantum Age

Ian Buitenkant

What is Security?“The state of being free from danger or threat”

In the context of computer security:

Keeping data (and sometimes hardware) safe from being exposed, tampered with, or destroyed

Encryption: keeping data hiddenEncryption relies on “trapdoor” functions:

One way is easy, the other way is hard...

Factor(21) = {3,7}

Factor(26) = {2,13}

Factor(6895601) = {1931,3571} Unless you know the secret!

6895601➗3571 = 1931 (very easy)

EncryptionGiven plaintext P, key k, function f, and ciphertext C, encryption might look like this:

f(P,k) = {C}P to C -- apply the function on the Plaintext and the key (encryption)

1931 x 3571 = 6895601

C to P -- apply another function on the Ciphertext and the key (decryption)

6895601 ➗ 3571 = 1931 f’(C,k) = {P}

Quantum ComputersBits: 1 or 0

Qubits: 1, 0, or both

“Spooky action at a distance” - multiple qubits are not independent → we can perform multiple actions simultaneously

Shor’s algorithm: efficient factorization

Should we worry?Largest prime factorization problem ever solved by a QC? 291311

Fairly small. Modern encryption: hundreds of digits

Is there any way to tell how fast QCs will become?

Currently have a 20-qubit at IBM for experiments

SolutionsPost-quantum encryption:

Better trapdoor functions to rely on (lattice encryption)

Better understanding of the limits of quantum computers

Infinite in every direction: difficult to reason about even with classical computation

Privacy

PrivacyHow much do we willingly share?

Contact info, relationships, physical address, personal information.

Is it reasonable to sacrifice privacy for convenience?

To what extent?

PrivacyHow much do we unknowingly share?

Google knows more about you than you think

Sending physical tracking data from a phone

Able to discern location, time, and speed

Speaking of Google, how much trust do we place in 3rd party organizations

Equifax security breach: 143 million exposed, 200,000+ credit cards

Trust

https://www.csoonline.com/article/3260191/security/healthcare-experiences-twice-the-number-of-cyber-attacks-as-other-industries.html

Medical facilities: Large amounts of personal data stored. Increasingly becoming the targets of cyber attacks

PerceptionHead of Security at Equifax: Master’s in Fine Arts and Music Composition, UGA

Large gap in supply/demand for security professionals

Programming vs Security

Social perception of cybercrime

The Future of SecurityTechnology growth is accelerating more than ever before

More software/hardware → more opportunities for cyber crime

Both fields are growing at different rates

Asymmetry principal:

Attacker only needs 1 opening, defender needs to find/fix all of them

What can you do?Use safer passwords: don’t reuse them

Be wary of public WiFi (even on the right connection)

Read EULAs: https://tosdr.org/ Community project to make ToS documents more readable and accessible

Sourceswww.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-dohttps://eugdpr.org/the-regulation/www.cnbc.com/2017/11/20/what-does-google-know-about-me.htmlwww.forbes.com/sites/forbestechcouncil/2018/08/09/the-cybersecurity-talent-gap-is-an-industry-crisis/www.nbcnews.com/business/consumer/equifax-executives-step-down-scrutiny-intensifies-credit-bureaus-n801706https://www.csoonline.com/article/3260191/security/healthcare-experiences-twice-the-number-of-cyber-attacks-as-other-industries.html