What practical impact will your research eventually have?

QKD allows two parties to establish a shared secret key without the need for computational assumptions (unlike all classical public key systems).  However, there are several challenges that remain.  In particular, finding way's to improve performance of QKD systems, and better understanding their performance in a variety of noise scenarios.  Our work will potentially allow for more rapid key generation rates in the near future over various QKD-enabled systems and networks.

What do you think is the most pressing need for improving cybersecurity?

A quantum computer can solve certain mathematical problems significantly faster than current classical algorithms could. Many of the most commonly used cryptographic techniques rely on such mathematical concepts, making them secure under the assumption an adversary doesn't have a quantum computer. But as we make advances in Quantum Computing, this hypothetical scenario comes closer to being a reality. Quantum Key Distribution is a method to improve security, by using fundamental principles of quantum physics.

What practical impact will your research eventually have?

My research will significantly enhance the security and reliability of Multi-agent Systems (MAS) in critical applications, such as power systems and microgrids, by introducing a unified resilient defense control strategy to mitigate severe risks posed by advanced cyber threats, including those enabled by quantum computers. This strategy will fortify MAS against sophisticated unbounded False Data Injection (FDI) and Denial of Service (DoS) attacks on control inputs, communication links etc., ensuring continuous and stable operation of critical infrastructure. By increasing resilience and adaptability, the research will help maintain the integrity and functionality of systems under adversarial conditions, with broad applicability across various engineering fields like smart grids, autonomous vehicle networks, and industrial automation. Additionally, the strategy will future-proof MAS against the emerging capabilities of quantum-enabled cyber-attacks, contributing to more reliable and efficient operations, reducing downtime and associated costs in critical applications. Overall, the practical impact of this research lies in creating more secure, reliable, and efficient MAS that can withstand current and future cyber threats, ensuring their safe integration into vital sectors.

What do you think is the most pressing need for improving cybersecurity?

The most pressing need for improving cybersecurity is the development and implementation of advanced, adaptive defense mechanisms that can effectively counter increasingly sophisticated and evolving cyber threats. As cyber-attacks become more complex and persistent, traditional security measures are often insufficient. There is a critical need for strategies that incorporate resilient control defense strategy, leveraging artificial intelligence and machine learning to anticipate and mitigate attacks before they cause significant damage. Furthermore, enhancing the security of communication networks, particularly in distributed systems like Multi-agent Systems (MAS), is essential to prevent breaches that exploit vulnerabilities in sparse communication structures. Another key aspect is the preparation for quantum-era threats, necessitating the adoption of quantum-resistant algorithms to protect against the immense computational power of future quantum computers. Additionally, fostering a culture of cybersecurity awareness and training among all stakeholders, from individuals to organizations, is vital to ensure proactive and informed responses to potential threats.

What practical impact will your research eventually have?

With a focus on adversarial machine learning, we aim to explore the security vulnerabilities of machine learning models, enhance the robustness of them, and research towards safer and trustworthy AI applications.

What do you think is the most pressing need for improving cybersecurity?

Generally speaking, I believe the most pressing need is data safety. With the amount of data generated and stored daily, we need to make sure both the users and the servers are protected properly and the data is stored safely.

What practical impact will your research eventually have?

Our research will significantly improve the privacy and security of users'
location data while measuring and monitoring cellular network performance. By
implementing the new Local Differential Privacy (LDP) framework that uses the
Staircase Randomized Response (SRR) mechanism, we ensure that users' sensitive
location information is well-protected. This means network providers can still gather
essential performance metrics to enhance network efficiency without compromising
user privacy. The practical impact of this research is twofold: users will enjoy better
cellular network service quality without privacy concerns, and network providers,
regulators, and content providers can continue to rely on accurate, privacy-preserving
data for optimizing network performance and tailoring services. This research
ultimately bridges the gap between efficient network measurement and robust user
privacy.

What do you think is the most pressing need for improving cybersecurity?

The most pressing need for improving cybersecurity is the enhancement of
proactive threat detection and response capabilities. This involves leveraging advanced
technologies such as machine learning and artificial intelligence to detect threats in real
time, employing behavioral analytics to identify unusual activities, and implementing
automated response systems to mitigate damage swiftly. Additionally, it requires robust
education and training programs to reduce human error, fostering collaboration and
information sharing between organizations and sectors, and adopting stringent security
policies and standards. Securing emerging technologies like IoT and cloud services is
also crucial, along with ongoing investment in research and development to stay ahead
of evolving cyber threats. By addressing these areas, we can build a more resilient and
secure cyber environment.

What practical impact will your research eventually have?

My research primarily focuses on the security aspects of large language models (LLMs). I seek to identify and mitigate potential vulnerabilities in these models to ensure they are robust against various types of threats and attacks. This contributes significantly to the trustworthiness and safety of AI systems in practical applications.

What do you think is the most pressing need for improving cybersecurity?

In terms of enhancing security for LLMs, it's essential to develop methods that secure these models from adversarial attacks, data poisoning, and other emerging threats. As these models become integral to more applications, ensuring their integrity and preventing misuse becomes increasingly important for the overall security landscape.

What practical impact will your research eventually have?

Many applications rely on protocols for their security and functionality. Examples include protocols for cryptographic key distribution, authentication, or confidential communication. However, practical protocols are often complex and composed of multiple subprotocols, and it is not trivial to design and compose them securely. The Composable Modular Security Specifications (CMoSS) framework will allow precise, modular specification of security properties for composed protocols. Using CMoSS, researchers and students will be able to write, understand, and compare the assumptions and security requirements of simple protocols or more complex, composed protocols. This can lead to increased security through better understanding of the properties of protocols, discovery of security issues in existing or prototype protocols, and more informed decisions when creating new protocols or applications.

What do you think is the most pressing need for improving cybersecurity?

We need transparency in cybersecurity. With the ever more complex systems and technologies which are being designed and developed, it can be challenging to understand how they work and what security guarantees they provide. Both developers and users should take time and care to think about the security and privacy properties of the systems they are creating or using. Understandably, not everyone has the time and technical knowledge to understand all the details of many complex systems and applications. For this reason, creators should take care to rigorously verify the security of their products, be transparent about what their technologies are providing, and possibly seek review or certification of their systems from other experts in the field. Well-defined security specifications can facilitate these sorts of analyses, transparency, and collaboration or discussion.

What practical impact will your research eventually have?

In my research, I focus on enabling the removal of data from machine learning models, a pivotal step in safeguarding user privacy. The concept of “Machine Unlearning” is a direct response to the “right to be forgotten” in AI models, aiming to facilitate the removal of user-specific data from machine learning models with minimal impact on model utility and processing costs.
This concept is gaining significant attraction from health to finance applications, particularly in elite industries. These forward-thinking sectors are increasingly recognizing the importance of providing forgetting guarantees to their users, bolstering the trustworthiness and security of their services. The pursuit of “Machine Unlearning” represents a crucial stride in balancing user privacy with the demands of cutting-edge AI technology.
Furthermore, my research extends to the application of “Machine Unlearning” in enhancing the security of intelligent transportation systems to defend the model against poisoning attacks. It facilitates the identification and removal of poisoned samples, thereby enabling the system to recover and operate efficiently even in the face of malicious data.

What do you think is the most pressing need for improving cybersecurity?

As we continue to integrate AI into our daily lives, the imperative to establish trustworthy AI becomes increasingly evident. This journey towards trustworthy AI is intrinsically linked to the ongoing advancements in cybersecurity. Robust cybersecurity techniques serve as the guardians of our AI-driven future. Their pivotal role lies in preserving the integrity of data, safeguarding privacy, and fortifying the resilience of AI systems against persistent threats. Striking a balance between cybersecurity measures and AI performance and usability is a promising approach. I believe it should evolve at a pace matching AI’s rapid growth to ensure that cutting-edge AI remains consistently reliable and trustworthy.

What practical impact will your research eventually have?

My research in access control has a realizable impact in organizational security. Access control is used to mitigate insider threats by identifying suspicious behavior, or by preventing the behavior outright. These methods are widely used by many different organizations/businesses like hospitals, financial firms, and insurance companies.

My research on QKD (quantum key distribution) routing in quantum networks will help to further the development of a quantum internet, specifically in the QKD use case. This will ultimately provide higher security communication channels for sensitive information.

What do you think is the most pressing need for improving cybersecurity?

I think the most pressing need in cybersecurity is the development of tools to determine real information from false information. The ability to tell the difference between a real video and a generated one is becoming increasingly difficult. Being able to tell the difference between real and fake is extremely useful in combating fake news / cyber propaganda.

What practical impact will your research eventually have?

Imagine a future where your most sensitive data – be it health records, financial details, or personal information – remains encrypted, safe, and sound even while being processed for machine learning applications. That’s the core goal of our research. We are working on bridging the gap between the theoretical and practical aspects of privacy-preserving machine learning. Our approach focuses on making this technology not just a high-tech concept but a scalable, efficient reality. By integrating advanced cryptographic techniques directly into machine learning algorithms and hardware, like GPUs and FPGAs, we’re paving the way for more secure AI applications. This isn’t just about enhancing data security; it’s about unlocking the potential of AI in sensitive domains like healthcare and finance without compromising on privacy. We’re essentially building the backbone for a new era of trust in AI.

What do you think is the most pressing need for improving cybersecurity?

At the heart of modern cybersecurity challenges is the need for a paradigm shift in how we approach data privacy. The most pressing issue isn’t just defending against cyber threats in the traditional sense; it’s about re-imagining security in an AI-driven world. We need to develop systems that inherently respect and preserve user privacy. This means innovating beyond the current norms of encryption and defense mechanisms. Our research is a step in this direction, focusing on integrating cryptographic resilience such as Homomorphic Encryption (HE) and Multi-Party Computation (MPC) schemes directly into machine learning processes. We are in an age where data is as critical as the air we breathe, protecting it should not be an afterthought but a fundamental aspect of the design of any digital system. The real challenge and necessity lie in creating these inherently secure systems from the ground up.

What practical impact will your research eventually have?

The widespread adoption and experimentation with decentralized protocols and digital currencies have led to numerous implementation projects. We are currently conducting a rigorous security analysis of these protocols. Despite a decade of exploration, the fundamental security guarantees of some protocols are still not well understood. Rigorous security analysis is highly significant as it enhances the security of these protocols, instills trust among users and investors, encourages wider adoption in various industries, aids in shaping regulatory frameworks, and promotes innovation. Ultimately, this work contributes to the maturation and broad acceptance of blockchain technology.

What do you think is the most pressing need for improving cybersecurity?

It’s all about better education and awareness. We need to teach people, from regular users to IT professionals, about online risks and safe practices. Cybersecurity is a team sport, and the more informed we all are, the stronger our defense against cyber threats.

What practical impact will your research eventually have?

The goal of my research is to use the Modular Security Specifications (MoSS) framework to prove the security of blockchains. Currently, security specifications require proofs which are created per blockchain. This results in proofs which are complex and error-prone while lacking reusability, modular analysis, and incremental design. Instead, the MoSS framework provides a method of creating definitions and proofs for the most simple blockchains, and then combining these together to prove the security of more complex blockchains. We are working on creating the definitions and proofs for simple blockchains, and showing how they can be combined to prove the security of Bitcoin. Other researchers can then use this foundation to create their own blockchains, instead of having to start from scratch each time.

What do you think is the most pressing need for improving cybersecurity?

I think general knowledge of cybersecurity is always in need of improvement. The majority of attacks and scams rely on people being unaware of them or unable to properly identify them. The most common one is phishing, where an attacker tricks someone into downloading malware or providing personal information. These types of attacks would be much less successful if more people knew how to spot them, especially as they get more advanced and harder to detect.