The cybersecurity desk may also be referred to as the "bad news department.There's no shortage of questionable startups leading to devastating breaches, mass surveillance and downright dangerous people. It's rare, but every once in a while there is a glimmer of hope that I would like to share. Especially because doing the right thing in the face of adversity (especially) can help make the cyber world a little more secure.
Indistinguishability Obfuscation (iO)
Cryptographers Have Been Making Software “Unintelligible” while maintaining and preserving its Functionality. Indistinguishability Obfuscation (iO) serves as the technical basis for this capability.
Despite its potential applications, the feasibility of iO remained in doubt until August 2020, when a landmark paper titled “Indistinguishability Obfuscation from Well-founded Assumptions” was published.The paper written by D. Amit Sahai and others creates a solid theoretical foundation for obfuscation and paves the way for practical implementation.
Although challenges remain, this development promises secure and impenetrable software applications.
Defending Against Active Attacker
A Paper presented at Crypto 2020 demonstrates strong improvements in the security of widely used public-key cryptographic systems.
The study, titled "Chosen Ciphertext Security from Injective Trapdoor Functions," examines the trapdoor functions that form the core of public-key cryptographic systems into highly secure counterparts that protect against active or interactive attackers. NTT Research scientist Brent Waters explains the importance of the security of the selected ciphertext. He also emphasized that only cryptographic systems that meet these criteria should be considered for use today.
The Role of Cryptography in Machine Learning Reliability
Dr. Shafi Goldwasser recently emphasized this in his keynote address.He highlighted the impact of cryptography also extends to machine learning (ML).
The top three ways that encryption enhances ML include protecting privacy in genome-wide association studies, ensuring robustness against adversarial attacks, and enabling inspection of ML models. These discoveries provide promising solutions to the challenges faced by ML algorithms and provide efficient approaches to privacy, robustness, and model validation.
LATEST SUCCESS STORIES IN CYBERSECURITY
Bangladesh thanks researchers for discovering data breach
On the positive side, a security researcher discovered a data breach on his website of the Bangladeshi government. Although the government initially remained silent, the country's Computer Emergency Incident Response Team (CIRT) quickly addressed the issue, demonstrating the government's commitment to addressing cybersecurity concerns.
Apple's Proactive Response to Spyware Threats
Apple is aware of the existence of spyware threats and has implemented Rapid Security Response fixes to address actively exploited vulnerabilities. The introduction of Lockdown Mode is further evidence of Apple's commitment to preventing targeted hacking and providing enhanced security measures to users.
The Taiwanese government's swift response
When Taiwan's ride-hailing service leaked customer data, the government's swift response was commendable.The leaked database was quickly repaired, and the company responsible, Hotai Motors, was fined for failing to protect customer data.This incident highlights the importance of government involvement in addressing cybersecurity vulnerabilities.
Vulnerabilities in the US Court Records System Security
Researcher Jason Parker has identified vulnerabilities in the court records systems of his five US states, leading to various responses from state authorities. Some deficiencies have been resolved, but others remain unresolved.Parker's revelations sparked a national review of court records systems and highlighted the role of researchers in ensuring a safer internet and a fairer justice system.
Google ends geofence warrant
Google has taken an important step toward data protection by ending geofence's warrants.
The decision to store location data on users' devices rather than centrally, limits law enforcement's ability to obtain real-time location information. The move reflects a commitment to protecting user privacy amid concerns about the constitutionality of such warrants.
These success stories, coupled with advances in cryptography, provide a balanced perspective on the evolving cybersecurity landscape.
Although challenges remain, proactive action by researchers, governments, and technology companies is contributing to a more resilient and secure digital environment.
