Author: Juan González, Security and Privacy Manager at Gradiant
Original text published in the Economía Industrial Núm.410: Ciberseguridad magazine (Industrial Economy No.410: Cybersecurity)
The mass adoption of information and telecommunications technology is transforming our society and all of the sectors of our economy. It is changing the way in which we connect as a society, how we interact with Public Administrative bodies and the manner in which companies develop and deliver their products. This digital transformation is also having a considerable impact on companies in terms of how they deliver products to their clients and with regards to their internal organization and their relationships with suppliers.
Investing in cybersecurity innovation is absolutely necessary and that is why in this article we have decided to focus on which aspects of cybersecurity we should look to innovate. Whilst cybersecurity has proved to be beneficial in a wide range of technologies and fields, we have decided to focus on those that we consider the most relevant.
If you wander through any computer security trade fair, you will see how the main cyber security product manufacturers, and in particular the emerging companies, are incorporating Artificial Intelligence solutions to improve the capabilities of their products, whether these be antivirus or intrusion detection systems, security event management systems, firewalls, spam detectors, etc., but for now, these are just small functionalities that are built on the core of their products. Due to their learning capacity, Artificial Intelligence (AI) algorithms are suitable for dealing with cyberattacks that are constantly evolving in order to evade detection tools.
Cryptography: protecting information.
There are three dimensions of information security that must be protected: confidentiality, integrity and availability. Traditionally, the first two have been protected by using cryptography. Within the field of cryptography, there are two innovative trends that are particularly worth mentioning: secure information processing and post-quantum cryptography.
Biometrics for identity verification
Biometry is an identity verification technology, which is gaining ground, due predominantly to its great usability, particularly on mobile devices. Nowadays, users can use a wide range different types of biometrics: face, fingerprint, voice, etc. in order to access their banking services and payment gateways from their mobile devices. The different technologies that are being implemented in order to improve the security measures against presentation attacks include:
- Liveness detection: Technologies that are used to ensure that the subject is a real person.
- Biometrics fusion: The simultaneous combination of several different biometric systems in order to reduce the effectiveness of a presentation attack. For example, systems that are able to capture the face and voice at the same time.
In the previous section we discussed the technological innovations that are being implemented in the field of information security and we would now like to highlight two additional technological aspects, related to privacy:
- Secure digital identities: in order to ensure the correct functioning of services provided through the internet, identity management is fundamental. Nonetheless, it is important to strike a balance between the need for service providers to verify the identity of its users in order to prevent fraud and the need to protect people’s privacy.
- Anonymization: data is very valuable nowadays. Thanks to data analytics technology, known as Big Data, it is possible to process, analyse and share massive amounts of data and this is proving to be highly advantageous in the different fields. Anonymization technology is considered to be a fundamental tool, given that it makes it possible for the hidden value in large data sets to be extracted, shared and transferred, while at the same time ensuring compliance with the organizations’ regulations and guaranteeing that the privacy of the individuals is respected.
- Internet of Things (IoT): it is necessary for cybersecurity technologies that allow for the safe use of IoT-based distributed architecture to be developed. In particular, we must look to explore new aspects such as: lightweight cryptography for low capacity devices, lightweight identify management architectures that are scalable and decentralized, the efficient monitoring of security policies for highly distributed systems, and privacy enhancing technologies.
- Blockchain: blockchain was introduced in 2009 as a solution that created an electronic currency that could be transferred between two entities without the need for any intervention by a financial institution. The solution was based on a structure of connected blocks containing transactions, in which it was possible to combine proof-of-work and proof-of-stake (13) in order to achieve consensus over the content of each of them. The security of this solution is partly based on economic concepts in which the nodes distributed in the network, which are known as miners, behave in an honest manner because of the opportunity cost associated with the proof-of-work. Although this technology was originally used exclusively to allow for operations to be performed using a decentralised electronic currency, the subsequent introduction of the decentralised technology, DLT (Distributed Ledger Technology) made it possible for an unalterable consensus-based network to be created between several participants.
Cybersecurity innovation is strategic, not only because it is key to the expansion of both the industry and the digital society, but also given the market opportunities that it creates in terms of the development of new technologies in this field. In this respect, it is fundamental that Europe, and in particular Spain, promote and foster research and development in cyber security, as by doing so, they will be able to create an ecosystem that will facilitate the innovation and implementation of the developed technologies in the industry. These ideas form part of both the European and Spanish cybersecurity strategies and they have been specified in the European H2020 framework programme. On a national level, innovative public procurement initiatives for cybersecurity could significantly boost the development of national solutions in this sector. Given the lack of solutions to the problems that are being faced by the private sector, this sector could play somewhat of an enabling role if it was to present these issues to the cyber-security R+D community in order to see what solutions they were able to come up with.