What practical impact will your research eventually have?

Many applications rely on protocols for their security and functionality. Examples include protocols for cryptographic key distribution, authentication, or confidential communication. However, practical protocols are often complex and composed of multiple subprotocols, and it is not trivial to design and compose them securely. The Composable Modular Security Specifications (CMoSS) framework will allow precise, modular specification of security properties for composed protocols. Using CMoSS, researchers and students will be able to write, understand, and compare the assumptions and security requirements of simple protocols or more complex, composed protocols. This can lead to increased security through better understanding of the properties of protocols, discovery of security issues in existing or prototype protocols, and more informed decisions when creating new protocols or applications.

What do you think is the most pressing need for improving cybersecurity?

We need transparency in cybersecurity. With the ever more complex systems and technologies which are being designed and developed, it can be challenging to understand how they work and what security guarantees they provide. Both developers and users should take time and care to think about the security and privacy properties of the systems they are creating or using. Understandably, not everyone has the time and technical knowledge to understand all the details of many complex systems and applications. For this reason, creators should take care to rigorously verify the security of their products, be transparent about what their technologies are providing, and possibly seek review or certification of their systems from other experts in the field. Well-defined security specifications can facilitate these sorts of analyses, transparency, and collaboration or discussion.

What practical impact will your research eventually have?

In my research, I focus on enabling the removal of data from machine learning models, a pivotal step in safeguarding user privacy. The concept of “Machine Unlearning” is a direct response to the “right to be forgotten” in AI models, aiming to facilitate the removal of user-specific data from machine learning models with minimal impact on model utility and processing costs.
This concept is gaining significant attraction from health to finance applications, particularly in elite industries. These forward-thinking sectors are increasingly recognizing the importance of providing forgetting guarantees to their users, bolstering the trustworthiness and security of their services. The pursuit of “Machine Unlearning” represents a crucial stride in balancing user privacy with the demands of cutting-edge AI technology.
Furthermore, my research extends to the application of “Machine Unlearning” in enhancing the security of intelligent transportation systems to defend the model against poisoning attacks. It facilitates the identification and removal of poisoned samples, thereby enabling the system to recover and operate efficiently even in the face of malicious data.

What do you think is the most pressing need for improving cybersecurity?

As we continue to integrate AI into our daily lives, the imperative to establish trustworthy AI becomes increasingly evident. This journey towards trustworthy AI is intrinsically linked to the ongoing advancements in cybersecurity. Robust cybersecurity techniques serve as the guardians of our AI-driven future. Their pivotal role lies in preserving the integrity of data, safeguarding privacy, and fortifying the resilience of AI systems against persistent threats. Striking a balance between cybersecurity measures and AI performance and usability is a promising approach. I believe it should evolve at a pace matching AI’s rapid growth to ensure that cutting-edge AI remains consistently reliable and trustworthy.

What practical impact will your research eventually have?

My research in access control has a realizable impact in organizational security. Access control is used to mitigate insider threats by identifying suspicious behavior, or by preventing the behavior outright. These methods are widely used by many different organizations/businesses like hospitals, financial firms, and insurance companies.

My research on QKD (quantum key distribution) routing in quantum networks will help to further the development of a quantum internet, specifically in the QKD use case. This will ultimately provide higher security communication channels for sensitive information.

What do you think is the most pressing need for improving cybersecurity?

I think the most pressing need in cybersecurity is the development of tools to determine real information from false information. The ability to tell the difference between a real video and a generated one is becoming increasingly difficult. Being able to tell the difference between real and fake is extremely useful in combating fake news / cyber propaganda.

What practical impact will your research eventually have?

Imagine a future where your most sensitive data – be it health records, financial details, or personal information – remains encrypted, safe, and sound even while being processed for machine learning applications. That’s the core goal of our research. We are working on bridging the gap between the theoretical and practical aspects of privacy-preserving machine learning. Our approach focuses on making this technology not just a high-tech concept but a scalable, efficient reality. By integrating advanced cryptographic techniques directly into machine learning algorithms and hardware, like GPUs and FPGAs, we’re paving the way for more secure AI applications. This isn’t just about enhancing data security; it’s about unlocking the potential of AI in sensitive domains like healthcare and finance without compromising on privacy. We’re essentially building the backbone for a new era of trust in AI.

What do you think is the most pressing need for improving cybersecurity?

At the heart of modern cybersecurity challenges is the need for a paradigm shift in how we approach data privacy. The most pressing issue isn’t just defending against cyber threats in the traditional sense; it’s about re-imagining security in an AI-driven world. We need to develop systems that inherently respect and preserve user privacy. This means innovating beyond the current norms of encryption and defense mechanisms. Our research is a step in this direction, focusing on integrating cryptographic resilience such as Homomorphic Encryption (HE) and Multi-Party Computation (MPC) schemes directly into machine learning processes. We are in an age where data is as critical as the air we breathe, protecting it should not be an afterthought but a fundamental aspect of the design of any digital system. The real challenge and necessity lie in creating these inherently secure systems from the ground up.

What practical impact will your research eventually have?

The widespread adoption and experimentation with decentralized protocols and digital currencies have led to numerous implementation projects. We are currently conducting a rigorous security analysis of these protocols. Despite a decade of exploration, the fundamental security guarantees of some protocols are still not well understood. Rigorous security analysis is highly significant as it enhances the security of these protocols, instills trust among users and investors, encourages wider adoption in various industries, aids in shaping regulatory frameworks, and promotes innovation. Ultimately, this work contributes to the maturation and broad acceptance of blockchain technology.

What do you think is the most pressing need for improving cybersecurity?

It’s all about better education and awareness. We need to teach people, from regular users to IT professionals, about online risks and safe practices. Cybersecurity is a team sport, and the more informed we all are, the stronger our defense against cyber threats.

What practical impact will your research eventually have?

The goal of my research is to use the Modular Security Specifications (MoSS) framework to prove the security of blockchains. Currently, security specifications require proofs which are created per blockchain. This results in proofs which are complex and error-prone while lacking reusability, modular analysis, and incremental design. Instead, the MoSS framework provides a method of creating definitions and proofs for the most simple blockchains, and then combining these together to prove the security of more complex blockchains. We are working on creating the definitions and proofs for simple blockchains, and showing how they can be combined to prove the security of Bitcoin. Other researchers can then use this foundation to create their own blockchains, instead of having to start from scratch each time.

What do you think is the most pressing need for improving cybersecurity?

I think general knowledge of cybersecurity is always in need of improvement. The majority of attacks and scams rely on people being unaware of them or unable to properly identify them. The most common one is phishing, where an attacker tricks someone into downloading malware or providing personal information. These types of attacks would be much less successful if more people knew how to spot them, especially as they get more advanced and harder to detect.