which you allow any stranger to look at
your photographs your online banking
statement or some of the sensitive
information that you store online such
as your healthcare data and your history
of your medical records I see some of
you shaking your heads right now but I
guess most of us are really doing it
right now this is saying that your
mobile phone knows you better than your
spouse if I can be audacious enough to
propose this is that staff working at
the online service providers know you
better than you know yourself in 2010 a
site reliability engineer from Google
was caught spying on at least four
teenagers well that’s that’s a big
concern but what a big bigger concern
was that he wasn’t caught by technology
he wasn’t caught by any technical
automation he was caught by their
parents reporting to Google about what
he has done in the news report it was
also said that the extent of the damage
of his spying on people using the truly
abuse of his system administrator rights
was unclear now this is a big problem
for us because at a crux of this problem
it just exposes a bigger problem the
lack of control over our data once we
upload it online now how do we solve
this problem how do we know what happens
behind the scene a group of scientists
computer scientists and IT companies in
New Zealand are currently working on it
through a government funded and MBIA
funder grant called Stratus in Stratis
we like to say and propose that data
control can be returned if we control
three elements of data control number
one to know number two to act upon after
you know that something has gone wrong
you can actually roll back
or you can bring someone to account for
some of the wrong wrong things that they
have done and number three to preserve
the privacy of our data with all these
three elements we extend a chance to
create something what we call a kill
switch a kill switch would allow you to
have some absolute control over your
data and at the same time this kill
switch you know could actually tell you
what’s happening and you can stop
someone from accessing your data if you
don’t want them to now Jennifer Lawrence
and many other celebrities in the 2014
I’ve I called heck would have wanted
such a kill switch this kill switch
would have stopped the spread of their
sensitive information and would have
already benefited them to control and to
control the damage that was brought to
them now this kill switch is primarily
on based on a few elements and I’m gonna
show you a few examples from the group
that we have at a University of Waikato
working really hard to solve some of
these problems to know and to act to
know and to act is on this scientific
problem called provenance now provenance
is the derivation history of data if you
know the history of your entire data you
can act upon it and you bring someone to
account for but how do we act beyond
that that is the crux of the question in
this video I’m going to show you an
example of how a CCTV that we created
called provenance logger a program that
looks inside a computer it looks inside
a system is able to expose a system
administrator from abusing the system
administrator rights over here on the
top right hand screen you see Alice and
as with every security example you have
Bob and Bob is on the bottom right
corner of the screen Bob is entering the
annual bonus information and Alice you
know working under him didn’t have a
good relationship with him had this
sixth sense and she probably isn’t
getting any bonus so she’s trying to get
in but her permission was denied
and hence she used her system
administrator rights to access the data
and when she’s doing that the screen on
the Left shows us the prager locks
Prager was able to expose all these
sections and the record all these
sections the proof that she has actually
abused the system administrator rights
now this has exposed the abuse of system
administrators rights all the malicious
insiders triggered by human events what
about a vast majority of the cyber
security incidents nowadays which are
triggered by software events we have
worked on a solution by putting Prager
into machines to check and to record
malicious software happening within the
computer over here you see an example
that we are actually studying right now
it’s the malware Loki Loki is part of a
family of ransomware that locks up your
computer and only unlocks it if you pay
the ransom
now Loki is very topical in Australia
New Zealand because it is the
highest-earning malware there is
happening right now and it is our job to
stop it and the way to stop it is to
understand the enemy you understand and
see what happens within the system a lot
of the systems out there and a lot of
the cyber security capability are
monitoring things that are flying
outside the computers or across the
networks but very few of them are
actually looking within the system I’m
sure some of you will be thinking oh how
am I going to make sense of this you
know this is not an eyesight test yeah
so what should we do we created a
visualization to look at what happens
within the computer now this
visualization we call it visual program
allows you to look inside the computer
right now what we can see from the locks
is that Loki was trying to study the
entire system how many folders and
directories and also the files are
inside there
what files are your Word documents your
pictures your spreadsheets and it’s
trying to study everything identifying
them so that they can lock them up and
once they lock them up the visualization
shows you that is actually in red and we
can zoom into the files and look at what
has actually happened now this gives us
a little bit of control right in both
the human and automated sense I have
covered provenance and provenance allows
you to know and to act upon your data
control elements now we move on to the
final one which is about preservation of
privacy when we actually look at it from
a computer science point of view we
actually are kind of suspicious every
time someone tells us you know
especially a cloud service provider
tells us that everything is encrypted
and always safe because fundamentally if
you want to process the data if you want
a one plus one equals two to the
computer has to know that it’s one plus
one equals to two now this is a big
problem because none of the computers
right now are empowered to do things
fully encrypted if it’s encrypted
information you can never ever process
the data so the key to solve that was
actually unlocked in 2009 by a group of
scientists in Stanford and IBM it’s
called home morphic encryption
homomorphic encryption allows you to
process data securely without decrypting
the encrypted data so this means like
it’s like a bank teller you know you go
to the bank and the bank might be your
friend right and you go to the bank and
you tell them can you update the bank
balance for me here’s ten more dollars
and they can update the thing and with
some magic they can update your bank
balance and give you the final resign
only you can see but you’re nosy friend
can never see a bank balance yeah so
this is the crux of homomorphic
encryption but what’s what’s the problem
2009 until now there has some issues and
the issue is with the pact
callate of homomorphic encryption
techniques right now so the race is on
the race is on to solve this problem for
example one kilobyte of data right now
takes about 15 minutes to encrypt
homomorphic li now imagine you’re
uploading a photograph right now
there’ll be a lot of coffees to drink
you know when when you’re when you’re
waiting for this photograph to upload
the scientists have now thought about
how about you know we take a step back
and try not to be too ambitious
instead of doing a fool homomorphic
encryption let’s do a partial
homomorphic encryption how do we do a
partial one we focus just on one math
operation for example addition
subtraction multiplication or divide
just one of them in a democratic society
you will find an operation that happens
every three or four years and that is
voting well if you use subtraction for
voting then you probably are living
under a dictator so we’re going to show
you addition right through an example
over here in this example we have eight
students voting yes or no to pay parking
on campus and this this topic you know
allows us to to bring out you know but
eventually we got four votes four votes
that says yes and four votes that say no
it’s very politically correct now what’s
important about this is that the voting
stations were not able to see who voted
for what and what’s more empowering
returning control to the voters was that
every voter was able to mathematically
proof that their vote was counted thus
enabling control back to the users I’ve
shown you many examples which proved to
proliferate business when we returned
control data to users and in 1981 IBM
together with Microsoft operating
systems empower the world with control
of their computation of their
productivity with the
microcomputer movement everyone has a
personal computer in their home or their
offices and security is now as at a cusp
of this right now 36 years later I
believe that we have a strong chance to
move and change the landscape we cannot
rely on someone else anymore we have to
start a personal cybersecurity
revolution returning control data to
users
thank you
[Applause]
you
your photographs your online banking
statement or some of the sensitive
information that you store online such
as your healthcare data and your history
of your medical records I see some of
you shaking your heads right now but I
guess most of us are really doing it
right now this is saying that your
mobile phone knows you better than your
spouse if I can be audacious enough to
propose this is that staff working at
the online service providers know you
better than you know yourself in 2010 a
site reliability engineer from Google
was caught spying on at least four
teenagers well that’s that’s a big
concern but what a big bigger concern
was that he wasn’t caught by technology
he wasn’t caught by any technical
automation he was caught by their
parents reporting to Google about what
he has done in the news report it was
also said that the extent of the damage
of his spying on people using the truly
abuse of his system administrator rights
was unclear now this is a big problem
for us because at a crux of this problem
it just exposes a bigger problem the
lack of control over our data once we
upload it online now how do we solve
this problem how do we know what happens
behind the scene a group of scientists
computer scientists and IT companies in
New Zealand are currently working on it
through a government funded and MBIA
funder grant called Stratus in Stratis
we like to say and propose that data
control can be returned if we control
three elements of data control number
one to know number two to act upon after
you know that something has gone wrong
you can actually roll back
or you can bring someone to account for
some of the wrong wrong things that they
have done and number three to preserve
the privacy of our data with all these
three elements we extend a chance to
create something what we call a kill
switch a kill switch would allow you to
have some absolute control over your
data and at the same time this kill
switch you know could actually tell you
what’s happening and you can stop
someone from accessing your data if you
don’t want them to now Jennifer Lawrence
and many other celebrities in the 2014
I’ve I called heck would have wanted
such a kill switch this kill switch
would have stopped the spread of their
sensitive information and would have
already benefited them to control and to
control the damage that was brought to
them now this kill switch is primarily
on based on a few elements and I’m gonna
show you a few examples from the group
that we have at a University of Waikato
working really hard to solve some of
these problems to know and to act to
know and to act is on this scientific
problem called provenance now provenance
is the derivation history of data if you
know the history of your entire data you
can act upon it and you bring someone to
account for but how do we act beyond
that that is the crux of the question in
this video I’m going to show you an
example of how a CCTV that we created
called provenance logger a program that
looks inside a computer it looks inside
a system is able to expose a system
administrator from abusing the system
administrator rights over here on the
top right hand screen you see Alice and
as with every security example you have
Bob and Bob is on the bottom right
corner of the screen Bob is entering the
annual bonus information and Alice you
know working under him didn’t have a
good relationship with him had this
sixth sense and she probably isn’t
getting any bonus so she’s trying to get
in but her permission was denied
and hence she used her system
administrator rights to access the data
and when she’s doing that the screen on
the Left shows us the prager locks
Prager was able to expose all these
sections and the record all these
sections the proof that she has actually
abused the system administrator rights
now this has exposed the abuse of system
administrators rights all the malicious
insiders triggered by human events what
about a vast majority of the cyber
security incidents nowadays which are
triggered by software events we have
worked on a solution by putting Prager
into machines to check and to record
malicious software happening within the
computer over here you see an example
that we are actually studying right now
it’s the malware Loki Loki is part of a
family of ransomware that locks up your
computer and only unlocks it if you pay
the ransom
now Loki is very topical in Australia
New Zealand because it is the
highest-earning malware there is
happening right now and it is our job to
stop it and the way to stop it is to
understand the enemy you understand and
see what happens within the system a lot
of the systems out there and a lot of
the cyber security capability are
monitoring things that are flying
outside the computers or across the
networks but very few of them are
actually looking within the system I’m
sure some of you will be thinking oh how
am I going to make sense of this you
know this is not an eyesight test yeah
so what should we do we created a
visualization to look at what happens
within the computer now this
visualization we call it visual program
allows you to look inside the computer
right now what we can see from the locks
is that Loki was trying to study the
entire system how many folders and
directories and also the files are
inside there
what files are your Word documents your
pictures your spreadsheets and it’s
trying to study everything identifying
them so that they can lock them up and
once they lock them up the visualization
shows you that is actually in red and we
can zoom into the files and look at what
has actually happened now this gives us
a little bit of control right in both
the human and automated sense I have
covered provenance and provenance allows
you to know and to act upon your data
control elements now we move on to the
final one which is about preservation of
privacy when we actually look at it from
a computer science point of view we
actually are kind of suspicious every
time someone tells us you know
especially a cloud service provider
tells us that everything is encrypted
and always safe because fundamentally if
you want to process the data if you want
a one plus one equals two to the
computer has to know that it’s one plus
one equals to two now this is a big
problem because none of the computers
right now are empowered to do things
fully encrypted if it’s encrypted
information you can never ever process
the data so the key to solve that was
actually unlocked in 2009 by a group of
scientists in Stanford and IBM it’s
called home morphic encryption
homomorphic encryption allows you to
process data securely without decrypting
the encrypted data so this means like
it’s like a bank teller you know you go
to the bank and the bank might be your
friend right and you go to the bank and
you tell them can you update the bank
balance for me here’s ten more dollars
and they can update the thing and with
some magic they can update your bank
balance and give you the final resign
only you can see but you’re nosy friend
can never see a bank balance yeah so
this is the crux of homomorphic
encryption but what’s what’s the problem
2009 until now there has some issues and
the issue is with the pact
callate of homomorphic encryption
techniques right now so the race is on
the race is on to solve this problem for
example one kilobyte of data right now
takes about 15 minutes to encrypt
homomorphic li now imagine you’re
uploading a photograph right now
there’ll be a lot of coffees to drink
you know when when you’re when you’re
waiting for this photograph to upload
the scientists have now thought about
how about you know we take a step back
and try not to be too ambitious
instead of doing a fool homomorphic
encryption let’s do a partial
homomorphic encryption how do we do a
partial one we focus just on one math
operation for example addition
subtraction multiplication or divide
just one of them in a democratic society
you will find an operation that happens
every three or four years and that is
voting well if you use subtraction for
voting then you probably are living
under a dictator so we’re going to show
you addition right through an example
over here in this example we have eight
students voting yes or no to pay parking
on campus and this this topic you know
allows us to to bring out you know but
eventually we got four votes four votes
that says yes and four votes that say no
it’s very politically correct now what’s
important about this is that the voting
stations were not able to see who voted
for what and what’s more empowering
returning control to the voters was that
every voter was able to mathematically
proof that their vote was counted thus
enabling control back to the users I’ve
shown you many examples which proved to
proliferate business when we returned
control data to users and in 1981 IBM
together with Microsoft operating
systems empower the world with control
of their computation of their
productivity with the
microcomputer movement everyone has a
personal computer in their home or their
offices and security is now as at a cusp
of this right now 36 years later I
believe that we have a strong chance to
move and change the landscape we cannot
rely on someone else anymore we have to
start a personal cybersecurity
revolution returning control data to
users
thank you
[Applause]
you
Please follow and like us: