Cybersecurity and Privacy Challenge

Research in the following nine expertise areas is underway in the Centre:

The Centre will nurture and enhance Canada’s leadership position in cybersecurity and privacy research by partnering with industry to collaborate on these expertise areas in detail:

Cryptography

Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of information to view its contents. It provides mathematical and algorithmic tools that are critical for protecting the security of information and communication infrastructures (e.g., the Internet).

Modern cryptography concerns itself with the following four objectives:

  • Confidentiality: The information cannot be understood by anyone for whom it was unintended
  • Integrity: The information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected
  • Non-repudiation: The creator/sender of the information cannot deny at a later stage their intentions in the creation or transmission of the information
  • Authentication: The sender and receiver can confirm each other's identity and the origin/destination of the information

 

There are many types of cryptography and CPI’s faculty specialize in a broad array of cryptographic algorithms, tools, and applications. The table below lists the research focus areas of CPI membership.

Selected illustrative challenges include:

Applied Cryptography

Cryptographic tools for providing confidentiality and security services are now well understood. However, it's still challenging to design and analyze their usage in large-scale applications such as web browsing, messaging, and the Internet of Things. Additional challenges are the efficient and secure implementation of the cryptographic tools, and the design of cryptographic primitives for lightweight environments such as RFID tags.

Advanced Cryptographic Protocols

Although cryptography is mostly used today to provide basic confidentiality and authentication services, advanced cryptographic techniques can be used to provide a diverse suite of security services including multi-party computation, computing with encrypted data, verifiable computing, and obfuscation. Ongoing research aims to further understand these and related topics in the foundations of cryptography, as well to investigate their emerging applications in cloud computing, blockchain, and privacy-preserving machine learning.

Quantum-Safe Cryptography

This research field is concerned with the development of cryptographic primitives and protocols that, unlike RSA (an algorithm to encrypt and decrypt general information that is able to withstand brute force attacks in conventional computing) and elliptic curve cryptography, withstand attacks even by large-scale quantum computers. Even though no one can predict with a high degree of certainty when large-scale quantum computers will be built, Waterloo researchers are already preparing for a possible transition to quantum-safe cryptography.

Data Science Security and Privacy

The field of data science contains a broad scope, combining multiple fields, such as artificial intelligence, statistics, and data analysis, in an effort to clarify and extract value from data and derive actionable insights. Data science activities centre on preparing data for analysis, including cleansing, aggregating, and manipulating the data to facilitate advanced data analysis. This enables researchers and various analytic applications to be able to discern patterns and statistical significances that lead to informed insights concerning the data’s potential utility. 

As with all data, privacy and security are of paramount concern when this data is being collected, stored, shared, and erased. The potential for negative consequences should data be compromised is dramatic, including financial, legal, defense-related, compromised democratic and national infrastructure, personal privacy etc.

‘Big Data’ is fueling the digital economy and companies are amassing vast amounts of personal data. This data can be used to provide improved services in almost all industries, including finance, healthcare, and manufacturing. However, the exploitation of this data also carries the risk of exposing this data to unauthorized or at least unwanted entities, including business partners and end users. Furthermore, when collecting data from many sources, data integrity is not necessarily ensured. Services relying on the data to be correct may be misled by malicious modification to the data. In order to ensure the secure and private use of data, new protection mechanisms need to be developed.

Selected illustrative challenges include:

Secure and Private Collection and Combination of Data Sources

Data may be collected by different entities for different business purposes. A typical example is Google collecting data from users clicking on online ads, and Mastercard collecting data from in-store purchases. However, an in-store purchase may have been triggered by an online ad, and only the combination of the data reveals such a connection. Google and Mastercard indeed use private set intersection in order to combine their data sources. Other important examples include private record linkage performed for provincial health care or criminal record checks. Any act of collecting data may raise security and privacy issues. For example, statistics about app use may reveal sensitive information about the user. In order to disguise the data, Apple and Google perturb the data on the client before collection. However, this impacts accuracy so much, such that only very large user bases yield sufficiently accurate statistics.

Secure and Private Training of Machine Learning Models

Machine learning models may reveal unwanted information about the training data. This may enable attacks on those models, such as membership inference attacks that determine whether a sample was part of the training data set given only the model. Model training may also be disrupted using maliciously crafted poisoning attacks. These attacks may prevent a model from learning the intended behavior or introduce unwanted behavior, called a backdoor. An attacker can trigger the backdoor behavior during inference and cause unintended behavior of the model for the benefit of the attacker. For example, it has been shown that a sticker on a stop sign can cause a model to recognize it as a speeding sign. A special form of training is federated learning where multiple data sources jointly train one machine learning model. However, this carries additional challenges for security and privacy since the process now integrates data collection and training into one process and the defender needs to take care of the entire attack surface.

Secure and Private Inference

Once a machine learning model has been trained, it is used to make predictions over unseen data. However, for privacy concerns, neither the model owner nor the sample owner may want to reveal their data. Hence, privacy-preserving inference protocols are needed. However, even a fully private inference protocol does not prevent a sufficiently powerful adversary from extracting a model using repeated queries, a so-called model extraction attack. This is hard to avoid and the best method for a defender may be to track a model and detect redistribution. Furthermore, an adversary may evade detection by a machine learning model, e.g., used for spam filtering or malware detection, by crafting special inputs. So-called adversarial examples are original samples, e.g., a malware, that have a very small modification, e.g., only a few bytes, but are classified very differently, e.g., a malware as benign software.

Human and Societal Aspects of Security and Privacy

The current Digital Age has witnessed an exponential technological development that has enabled individuals to access a wide array of innovative services and goods through the internet and interact with one another through different digital spaces. However, these technological advances have also come with societal costs, such as:

  • a loss in individual privacy and the potential for being a victim of cyber-crime
  • people being increasingly commodified as data inputs by digital platforms
  • the pervasive spread of misinformation and fake news that result in societal polarization and weakened democracies
  • massive market power and wealth in the hands of a few large firms
  • the emergence of cyber-attacks as significant threats to national security

Faculty members at the University of Waterloo researchers are conducting a wide variety of research that address many of the above issues.

Their research can be broadly classified under the sub-themes of: (1) Technology Design (2) Behavioral Choices and (3) Public Policy.

 Selected illustrative challenges include:

Technology Design

The process of how technology is designed, and to what requirements, can incorporate a multitude of influences. Designing technology to improve people’s digital experiences, knowledge, and technology practices, with a focus on security, online privacy, and digital literacy is a prime example. Research in this area can investigate the impacts of technology on end user experiences, public perceptions and responses, or policy changes, for example. This research can then, in turn, help inform design choices for future and existing technologies.

Behavioural Choices

Research in this area covers a broad spectrum of concepts, primarily focusing on the impacts of technology and technology-related variables on the behavioural choices of individuals and/or larger groups. Technology occupies spaces within different paradigms and creates related structures that also have systemic links within different paradigms. For example, surveillance technology impacts how people behave whilst they know they are under scrutiny, whilst the policies that govern surveillance implementation and legality are their own separate but interconnected entity. Research on these relationships can shed light on how technology and technology-related concerns are impacting people’s choices and behaviours, leading to greater understanding of how to improve upon these interactions.

Public Policy

Public policy encompasses a vast array of different issues related to technology, from surveillance and security studies to ethics and freedom discourses within digital spaces, to governmental and other entity responses to cyberattacks, to name just a few. Public policy research initiatives seek to inform upon any or all of the four stages of public policy formation, namely; agenda setting, formulation, implementation, and evaluation. In essence, research topics and goals seek to expand our understanding of how technology is impacting society, and how existing policy is engaging with these effects, ostensibly with an eye towards positive changes.

Legal and Policy Aspects of Security and Privacy

Legal and Policy Aspects of Security and Privacy research considers how law and policy shape information environments that relate to cybersecurity and privacy across a range of sectors including health, education, government, consumer, the workplace, and law enforcement. As rapid technological innovations outpace regulatory environments, law and policy research considers how existing law and policy may be insufficient or unfit to facilitate meaningful security and privacy. Researchers under this subtheme also often consider how law and policy are employed as a set of tools to improve the design and delivery of security and privacy.

Selected illustrative challenges include:

Privacy Law and Policy Reform

Privacy and data protection laws are intended to protect the personal information of people as they go about their everyday lives. With the onset of intensely networked digital environments that mediate everyday life, privacy laws often struggle to fulfil their stated purpose. In our era of remote ‘service delivery’, this challenge is further compounded. Research into new technologies—and in diverse settings such as healthcare, education, and the workplace where sensitive personal information is used—is critical to ensure that existing privacy law and policy are adequately understood, evaluated, and reformed where necessary to protect against harms arising from misuse, and to ensure that meaningful regulatory safeguards continue to be advanced for all residents of Canada

Digital Human Rights

As information communication technologies permeate all aspects of social and political life, they disrupt traditional ideas of human rights and governance. New technologies and their application illustrate how pre-existing normative rules no longer neatly map onto our shared digital lives. Questions about the appropriate degree of government and corporate power over individual persons are being recast in our digital age. A key challenge of research in this area is how to adapt the values of constitutionalism to our digital society by assessing the ways that core democratic values such as transparency, accountability, equity, consent, and fairness relate to the technical design and governance of digital environments

Governance and Regulation by Design

While regulatory responses routinely include normative rule-based legal and policy approaches to shape particular behavioural outcomes, they also increasingly include technocratic approaches—that is, the purposeful application of technological solutions to facilitate regulatory practices. This form of technological management now encompasses a range of governance sectors—spanning the automation of policing, healthcare, and the workplace, to name but a few. A key challenge noted by researchers in this area relates to ways that technical design of architectures might establish enhanced levels of security and privacy as part of a broader normative rule-based regulatory approach. It also includes a consideration of the impacts of design-related changes as part of the maintenance of social good.

Network Security

Network Security research aims at building secure network infrastructures and communication protocols to protect end users’ data, applications, devices, as well as networked assets, from a vast landscape of cyber threats. As businesses increasingly rely on distributed software applications that run across networks, the need for developing holistic solutions that incorporate resource monitoring, access control, threat detection, and attack mitigation capabilities in different operational settings has become a central concern for network administrators.

Selected illustrative challenges include:

Secure Protocols for Distributed Systems

In today’s digitally connected world, a wealth of users’ sensitive data like medical records, monetary transactions, or personal information is transmitted through the Internet and efficiently processed by distributed applications hosted in third-party infrastructures, such as the cloud. Ensuring the integrity and confidentiality of data in transit and/or at processing time presents important challenges. First, how can we assess the security of communication protocols? Thus far, network security protocols have been plagued with critical vulnerabilities whose exploitation can prove to be catastrophic. Second, how can we prevent compromised or malicious service providers from breaching users’ privacy, e.g., by harvesting the data that users provide to distributed applications? Directions to tackle these issues include the formal security analysis of cryptographic protocols and the design of cryptographic schemes that allow for the outsourcing of computations over encrypted data

Data-driven Security Automation for Software-defined Networks

Programmable networking devices have enabled the deployment of efficient packet-processing primitives in large-scale and high-speed networks, which can facilitate autonomous diagnosis and localization of network-wide security threats, and execution of countermeasures. However, a challenge lies in dynamically deploying and migrating telemetry and network defence components across the network, and the inability to efficiently collect and process network telemetry data at scale. This can be achieved via intelligent orchestration of software probes, and the development of lightweight and adaptive network monitoring techniques, including in-band network telemetry. The plethora of network data can enable detection and mitigation of threats that can compromise the integrity of systems and data. It is crucial to employ a holistic, multi-faceted approach for threat detection, which capitalizes on different observation points in the network. Furthermore, existing mitigation techniques are often specialized for specific threats, which make them unscalable and impractical. AI techniques are expected to fulfill the promise of automated data-driven detection and mitigation of threats, including zero-day attacks.

Security in the Era of Blockchains

Decentralized cryptocurrencies such as Bitcoin enable digital monetary transactions to be carried out without the presence of a trusted intermediary, whilst concealing the identity of transacting parties. Despite their rising popularity, the mechanisms underpinning decentralized cryptocurrencies lack the ability to interoperate in a secure fashion, or offer the privacy guarantees of in-person cash transactions. These challenges can be addressed by designing novel consensus-based cross-chain communication algorithms, and anonymity-preserving protocols to ensure users’ privacy.  Moreover, secure naming systems, or public key infrastructures (PKIs), are still quintessential for secure communications, where Blockchain-based PKIs have shown great promise in terms of improved security and resilience compared to traditional centralized PKIs. However, achieving decentralized trust without sacrificing the flexibility and scalability typically found in centralized PKIs, is an open area of research.

Mobile and IoT Security

The explosion in the number of “smart” Internet of Things (IoT) devices leveraging various sensors to collect user and environment data is facilitating numerous applications that improve user comfort and convenience, such as automating common household tasks (e.g., smart energy controls), and provide added functionality (e.g., smartphones with fitness tracking capabilities). However, this increases the amount of potentially private information collected by third-party applications, with users having no control on privacy infringement. This challenge can be addressed by: (i) developing IoT traffic filtering mechanisms that provide users the visibility and control over sensor data that is communicated to third-party applications, and (ii) designing differentially private analytics schemes that strike a balance between users’ privacy and data utility while analyzing IoT data streams.

Operational Security

Operational security (OPSEC) are the organizational processes deployed to prevent sensitive information from being compromised and seeks to identify threats and activities that could result in critical data being leaked or revealed to a hostile actor. OPSEC processes are most effective when fully integrated into all planning and operational processes. It includes five steps:

  • critical data identification
  • threat analysis
  • vulnerability analysis
  • risk analysis
  • integration of appropriate countermeasures

The operational security field is keenly interested in ensuring the integrity of information. . Information integrity is important because information/data is relied upon in decision making by individuals, organizations, and society as a whole. Information integrity in turn depends on the integrity of the people, processes, and technologies that create the information/data and the integrity of the environments in which those processes function. The quality of information systems/environments depends on the effectiveness of IT governance practices and information systems controls, including controls designed to ensure the security, availability, confidentiality, privacy, and processing integrity of information.

Selected illustrative challenges include:

Information systems assurance  involves review, evaluation, and reporting on the integrity of information systems and the information they produce, focusing on the processes used to develop, operate, change, and control those information systems. Information systems assurance services include diagnostic assessments of the strengths and weaknesses of IT governance, assessments of information systems controls, assessments of compliance with management policies, standards and regulatory requirements, assessments of the effectiveness of information systems development, operation and change, and other assessments designed to provide assurance to a variety of stakeholders about the integrity of information systems and the information they produce.

Privacy-Enhancing Technologies

Privacy-enhancing technologies (PETs) research is aimed at empowering people to individually control who can gain access to personal information about them, what those with access can do with that information, and with whom those with access can share the information. Many companies and governments have assembled massive amounts of data about individuals, or are placing restrictions on what information individuals can access, which acutely threatens people's privacy and calls for the ongoing development of new and stronger PETs.

Selected illustrative challenges include:

Provable Privacy Guarantees

The confluence of recent advances in science and technology, coupled with the ubiquity of massive amounts of data, has ushered in a new era of data-driven analysis and machine learning (ML). However, these algorithms often operate on sensitive data belonging to individuals and generate outputs that leak information about them, like the AOL search data leak and the Facebook-Cambridge Analytica scandal. As such, data-driven companies and organizations must ensure that algorithms respect the privacy of the individuals who provide their data.  Our research focuses on developing practical algorithms and systems that support sensitive data analysis and ML with provable privacy guarantees, including differential privacy (DP), a state-of-the-art privacy standard considered in industry and government agencies. The first design issue in existing DP systems is that their utility and performance crucially depend on the privacy expertise level of the user. The targeted users of these analytical data systems are not privacy experts, but they must choose proper parameters and algorithms for their desired utility goal. Second, these systems support limited data types and analyses. Hence, the design needs to be extended to practical settings where data can be multi-relational, unstructured, or even federated. Last, some systems fail to achieve end-to-end privacy guarantees when integrating DP with other cryptographic techniques. This failure motivates us to consider privacy as a first-class citizen in the system design and explore new optimization opportunities such as systems for data analysis and ML.

Censorship Circumvention

Totalitarian states are known to deploy large-scale surveillance and censorship mechanisms in order to deter citizens from accessing a free and open Internet. Thus, considerable effort has been put in place to develop censorship resistance technologies that enable people living (or travelling) in such countries to evade such internet monitoring and blocking mechanisms. Two challenges faced in this context are that these technologies must be able to a) disguise internet traffic that would otherwise be forbidden by a censor as allowed traffic, and b) minimize the ability for a censor that impersonates legitimate clients to enumerate and block endpoints providing the circumvention service. Approaches to tackle these challenges include the generation of proxy-based circumvention tools that build covert channels over popular applications allowed across a censor's border, the design of proxy distribution schemes that minimize the endpoints that are exposed to censors, and the design of in-network circumvention technologies that disregard the need for proxies.

Quantum-Safe Communication

Quantum-safe Communication research is focused on designing secure communication and computation technologies that would resist attacks by adversaries with quantum computers. Although large-scale quantum computers that are able to break public key cryptography have not yet been built, it is important to start the transition and security research now since today's devices and communications may need to remain secure for decades to come. Many CPI researchers in this research theme are also members or collaborators with the University of Waterloo's Institute for Quantum Computing.

Selected illustrative challenges include:

Quantum Key Distribution

Quantum mechanics can be used to construct secure communication technologies. Quantum key distribution (QKD) enables communicating parties to establish a highly secure cryptographic key using quantum optical communication channels. The grand challenge in QKD is to create systems that can communicate at high speeds over long distances

Post-Quantum Cryptography

Whereas quantum key distribution obtains quantum-resistant security by using quantum systems, post-quantum cryptography aims to build quantum-resistant systems using non-quantum algorithms that can be run on existing digital computers and communication systems. There are a variety of mathematical approaches for building post-quantum cryptography, several of which are currently under consideration for standardization. It will be a major undertaking to transition the existing cryptographic infrastructure to use post-quantum algorithms

Quantum Algorithms and Cryptanalysis

In tandem with the design of quantum-resistant systems, equal focus must be paid to the analysis of the ability of quantum computers to break these systems. Quantum cryptanalysis focuses on developing and analysing quantum algorithms for breaking cryptographic assumptions.

Software, Hardware, and Systems Security

Software, Hardware, and Systems Security research is aimed at securing the computing devices and the software that runs on them from external cyberattacks. With computing systems being an essential component of every Canadian’s life, especially with millions of devices working from home since 2020, it is increasingly important to secure the hardware and software that they depend on. 

Selected illustrative challenges include:

Vulnerability Detection

Vulnerabilities are bugs introduced into the systems by developers unintentionally. Hence, organizations try their best to detect such bugs before the product is released to the public or have security consultants test their released products. Two challenges that exist in such detection is that it is not easy to come up with patterns that can be used to detect vulnerabilities, and when there are patterns, there are a lot of false positives making the technique unusable. Possible approaches include automatic test case generation, fuzzing, static analysis, and penetration testing

Certifying Security Properties of Systems

System developers need to certify the security of their systems. Security flaws in production can be disastrous. In many application domains (e.g., financial, medical, etc.), regulatory requirements mandate strict certification. Possible approaches include Domain Specific Languages, Type Systems, Software Model Checking, and more general Formal Methods

Hardware-assisted Software Protection

Purely software techniques to protect software systems often involve a tradeoff between the level of security and the performance overhead imposed by the protection technique. Leveraging hardware assistance can avoid this tradeoff but come at the cost of developing and deploying the requisite hardware assistance and the threat of vulnerabilities that arise from the complexity of modern computing hardware itself. The challenge is to develop hardware/software techniques that can avoid these shortcomings