The Waterloo Cybersecurity and Privacy Institute is tackling security challenges before they arise
Florian Kerschbaum
Professor, Faculty of Mathematics
> David R. Cheriton School of Computer Science
> Executive Director, Waterloo Cyber security and Privacy Institute
The world is more connected than ever before. Increasingly significant aspects of our lives are being played out online. As our homes, our cars and even our fitness and health devices connect over the internet, they are transmitting thousands of bits of information about us.
But as we increase our connectivity, we’re exposing ourselves to new risks.
“There are new opportunities for computer crime and fraud that we did not have before,” says Florian Kerschbaum, computer science professor and executive director of the Waterloo Cybersecurity and Privacy Institute. “We’re in an environment where innovation is driving the digital economy. To sell digital services, you have to be the first to market and you have to offer a uniquely useable product. The speed required to gain a foothold is in direct conflict with the time that’s needed to consider and design security measures.”
Cyber researchers have been working for years to help develop the right protocols to protect our homes, our physical safety and even our governments. Enter blockchain - one piece of technology that’s getting a lot of attention in the fight to secure our data.
Originally built as a way to secure cryptocurrency transactions, blockchain is a digital platform that verifies and records exchanges. It creates an indisputable history of these transactions that cannot be modified by a single user, eliminating opportunities for fraud. It is this feature that has some heralding blockchain as a potential solution for some types of cyber vulnerability. But does blockchain have the practical applications we need to keep our digital information secure?
“There is a need to understand if blockchain offers a better solution than existing cybersecurity technology,” says Kerschbaum. “Improvements are also needed before it can scale to meet demands outside of securing cryptocurrency.”
In addition to securing cryptocurrency, blockchain could potentially be used to secure real estate transactions, contracts and auctions. It could also be used to show chain of ownership and provenance for artwork or prevent other forms of counterfeit activity by showing a record of interactions that can never be changed or manipulated.
But part of what gives blockchain its integrity also creates its weakness. The indisputable history means that all transactions are visible – wiping out the confidentiality and privacy essential for many financial transactions.
There are also significant issues related to speed and scale.
“While blockchain can provide a strong audit trail, it is slow and generally shares too much information,” says Kerschbaum. “Right now, blockchain can only manage a few hundred transactions per second. For financial institutions, it would have to handle millions of transactions. It just doesn’t scale yet.”
The Waterloo Cybersecurity and Privacy Institute (CPI) is tackling blockchain with two focused areas of research. First, researchers are looking to solve the “consensus problem”. This refers to the time it takes to authenticate the information within the blockchain. CPI researchers, Srinivasan Keshav and Bernard Wong, are using a solution called Canopus to build a new blockchain. This prototype could potentially handle more than one million transactions per second.
A second area of research focuses on a new blockchain auction protocol that is faster and can protect confidentiality. The new protocol called Strain, developed by Kerschbaum and his collaborators, requires only four blocks: a commit of a bid, a computation of the winner, a verification and finally an opening of the winning bid. Strain protects the confidentiality of the bid against malicious parties.
“For governments or anybody under scrutiny for performing secure procurements, this protocol removes any opportunity for collusion,” says Kerschbaum.
As researchers at the University of Waterloo and CPI are examining just how big an impact blockchain may have, others are contributing to cybersecurity research and education to stay ahead of privacy and security challenges or solve them as they emerge.
“We have the largest computer science undergraduate program along with a large engineering program, with new students just getting started in their careers. Our graduate students are the future experts in this field,” says Kerschbaum. “Longer term, we have to develop principled solutions for defense mechanisms that are not broken immediately after they are invented.
He sees industry and government playing a lead role in improving the current system. Funding for institutes like CPI ensures research remains robust. Government can also play a role in putting incentives in place to help innovators apply security measures that already exist.
“We’re working with large industry partners to implement security and overcome the problems that make it difficult to design with security in mind,” says Kerschbaum. “It’s challenging, but we have great solutions that already work. It’s critical that we apply the tools we already have.”
