Email
Password
Remember meForgot password?
    Log in with Twitter

article imageQ&A: Protecting digital assets with mathematics Special

By Tim Sandle     Nov 14, 2019 in Technology
Today's digital businesses require a new kind of trust paradigm. As physical and virtual worlds intersect, there is a growing number of security and privacy challenges. Unbound Tech is offering a new form of security and privacy.
Unbound Tech and its team of world-renowned cryptographers are reinventing the future of security and privacy through secure multi-party computation - offering companies a mathematical guarantee of security. This enables businesses to deliver, with unprecedented speed and scale, digital products and services which were previously beyond reach.
To discover more, Digital Journal spoke with Professor Yehuda Lindell, CEO and co-founder of the software-defined cryptography company Unbound Tech (and a professor in the Department of Computer Science at Bar-Ilan University), about how mathematics can boost privacy, security and compliance in companies; and with Unbound Co-founder Professor Nigel Smart.
Digital Journal: What is the current state of global cybersecurity risks?
Professor Yehuda Lindell: With the world becoming more digital every day, the risk due to cybersecurity is growing and will continue to grow. New threats, risks and attacks emerge every day, and as a result, ensuring cybersecurity best practices is an ongoing practice. From data breaches, to ransomware attacks and more, cybersecurity is a threat to ongoing business and can no longer be considered something that is just about checking off “best practice” boxes.
Today, many enterprises’ legacy systems remain in place, and organizations are approaching their security in silos - utilizing different cloud service providers, different management systems, different dedicated hardware and more across a variety of locations - leaving them with a fragmented security infrastructure that is difficult to manage and update but easy to attack. As an organization’s data and information is just as valuable as its financial assets, it’s vital that they do not have this information accessible from a single point of entry or key. From crypto exchanges to the world’s largest enterprises, every organization needs a key management system in place and those without, are at the highest risk of compromise.
DJ: Are organizations undergoing digital transformation more vulnerable to these risks?
Lindell: Absolutely! Enterprises tend to be conservative and maintain the existing security strategies they have had in place year-over-year. However, as cyber threats advance, this slow adoption and implementation of modern security measures already leaves an organization vulnerable.
When organisations transition, they often do not appreciate the security risks involved. Thus, at the time of transitioning, and before infrastructure has been tried and tested, organisations are most vulnerable.
DJ: How important is secure multi-party computation for addressing such threats?
Lindell: Multiparty computation (MPC) is a new tool that can be used to help organizations with key management and key protection in software so it's suitable to today’s digital environment of virtualization and cloud. This approach allows organizations to innovate faster and more securely than ever before, freeing their infrastructure from physical constraints and allowing them to be agnostic to any specific cloud or computing environment. While this process is important, organisations need to have comprehensive defenses at all levels, and no single tool provides the solution.
DJ: What can Quantum-proof security offer?
Lindell: In the event that a quantum computer that can break cryptography is built, the world will need to transition to post-quantum cryptography (these are cryptographic schemes that are secure even against an attacker with a quantum computer). However, despite what many are saying and the splashy news headlines, it is worth stressing that the construction of such a computer is actually still an “if” and not a “when”. In any case, I strongly believe that if such a computer is built, it is still years away. Therefore, organisations should wait until the National Institute of Standards and Technology (NIST: the standards body for cryptography in the US) completes the post-quantum cryptography standardization process. Meanwhile, they should make sure that their cryptographic solutions are agile, meaning that they can be readily swapped out if the necessity arises. This is best practice, irrespective of quantum computing.
DJ: What services does Unbound Tech offer?
Lindell: As our world becomes increasingly digital and our physical and virtual worlds intersect, new security, privacy and compliance challenges emerge constantly. As a result, legacy processes are becoming outdated and restricting, and a new approach to the storage and transfer of information and assets needs to take hold.
Unbound provides solutions for key protection and key management in software, utilizing multi-party computation to ensure that an attacker has to simultaneously breach more than one device. By deploying Unbound’s solution with strong separation between devices, this achieves a high level of security, that is functionally easy to use. Working with leading global enterprises including many of the Fortune 500, our services are specifically designed to benefit organizations spanning a variety of industries including financial services, cryptocurrency, government, information technology and more.
For the final question, Professor Nigel Smart shares some key predictions for 2020.
DJ: What are your security predictions for 2020 and beyond?
Professor Nigel Smart: It should come as no surprise that attacks will continue to rise, and security will remain a primary concern for businesses. Among our predictions for cryptography in 2020 are:
Post-quantum Cryptography: There will be an increased focus on post-quantum cryptography. With the NIST "non-competition" entering its second round, companies will start to have a better idea of what the parameters in terms of key sizes, message sizes, etc for the next generation of public key algorithms will be. Whilst there is no need to update such algorithms in the next year it is worthwhile considering how one would update algorithms if/when the need arises.
Crypto-agility: This is a hot topic - we will not only have a problem with swapping out old algorithms when we need to upgrade to post-quantum algorithms. We already have issues with swapping out algorithms from the past which are past their sell by date. Think DES still being used in banking applications, or the still widespread use of MD5 and SHA-1. Thus designing in crypto agility is going to become more and more important in cryptographic systems.
Machine Learning: The development of machine learning on private data is starting to take off, with companies such as Facebook, Alibaba, Google, Microsoft, Visa and others investing in the space, and a host of startups bringing new technology to the table. The combination of cryptography and machine learning is only going to grow, and I suspect in 2020 this is going to become one of the most important areas as more companies and individuals become worried about the privacy implications of "big data".
More about digital asset, digital security, Cybersecurity, Mathematics
More news from
Latest News
Top News