New Trajectories for Security and Privacy

We need to develop security and privacy advances that keep pace with technology, new threats, and new use cases—for example, trustworthy and safe autonomous and intelligent systems, secure future hardware platforms, and emerging post-quantum and distributed cryptographic algorithms.

In the?previous blogs of this series, we discussed how the use of information and communication technologies (ICT) continues to grow without bounds. But how can the created data be secured? Also, privacy has emerged as a major policy issue drawing increased attention by consumers and policy makers across the globe.

Today’s highly interconnected systems and applications require security and privacy for proper operation. Corporate networks, social networking and autonomous systems are all built on the assumption of reliable and secure communication but are exposed to various threats and attacks ranging from exposure of sensitive data to denial of service. The field of security and privacy is undergoing rapid flux as new use cases, new threats, and new platforms emerge. For instance, new threat vectors through the emergence of quantum computing will create vulnerabilities in current cryptographic methods. Thus, new encryption standards resistant to quantum attack must be developed to complement the only existing quantum resistant data protection, fully homomorphic encryption (FHE).?Achieving adequate system performance for these new standards, as well as FHE, requires innovations in both the algorithms and the computer architectures.

In another direction, devices have permeated the physical world, and thus trust in these devices becomes a matter of safety. Security has therefore never been more important. Safety and reliability of systems requires the consideration of malicious attacks in addition to the traditional concerns of random failures and degradation of physical-world systems. Security of cyber-physical systems needs to consider how to continue to function or fail gracefully even after attacks. We need intelligent algorithms that sift through contextual data to evaluate trust to do secure sensor fusion over time. This is a difficult problem as contextual data has tremendous variety and quantity—the systems of the future are actually systems of systems with limitless possibilities for communication and signaling. For instance, cars can communicate with each other and also with roadside infrastructure and mobile devices. Like humans, we need to augment systems with the intelligence to trust or not trust based on all they perceive. Another critical topic is resiliency, which requires development of techniques/methodologies to identify and adapt in order to continue to function through or fail gracefully while under attack. One can envision that future truly autonomous systems will follow the lead of bio-inspired systems, such as our immune system; their survival will depend on the capability of learning and adapting to become more resilient over time.

Our hardware is also changing. Complexity is the enemy of security and today’s hardware platforms are highly complex due to drivers of performance and energy efficiency. Modern System-on-Chip (SoC) designs incorporate an array of special-purpose accelerators and intellectual property (IP) blocks. The security architecture of these systems is complex as these systems are now tiny distributed systems where we must build distributed security models with different trust assumptions for each component. Furthermore, these components are often sourced from third parties, implying the need for trust in the hardware supply chain. The pursuit of performance has also led to subtle issues in microarchitecture. For instance, many existing hardware platforms are vulnerable to speculative execution side-channel issues, famously exposed by Spectre and Meltdown. Driven by these problems and others, the future requires fundamentally new hardware designs.

Of course, the proliferation of Artificial Intelligence (AI) adds to the security challenges. AI capabilities continue to increase and applications for trusted systems incorporating AI continue to grow. However, the trustworthiness of the AI for these systems is unclear. Researchers have shown that small perturbations to an image can sway neural network models into the wrong conclusion. A well-placed sticker on a stop sign can make a model classify it as a speed limit sign. Other applications of deep learning systems have similar trust issues: the output of speech recognition might be manipulated with imperceptible audio changes, or malware might go undetected with small changes to the binary. The brittleness of deep learning models is related to their famous inscrutability. Neural networks are black boxes with no explanation for their decisions. Other important problems with neural networks are algorithm bias and fairness. Approaches are needed to make deep learning systems more trusted, explainable, and fair.

Overall, the pace at which today’s systems are increasing in intelligence and ubiquity is astounding. At the same time, the increased scale and complexity of these systems have forced hardware specialization and optimization to address performance challenges. All these advances in capability must go hand-in-hand with advances in security and privacy. Examples include securing weaknesses in the machine learning or conventional cryptography, protecting privacy of personal data, and addressing vulnerabilities in the supply chain or hardware.

Obviously, there is a need for better security—from both a hardware and software perspective—to deliver more secure systems. But how do we measure “better” and “more?” The upcoming SRC-SIA Webinar on Measurable Security and Privacy will explore research topics, techniques and methodologies surrounding the elusive yet very important topic of “measurable security and privacy.”

SRC's Decadal Plan for Semiconductors outlines research priorities that can help us meet the needs of future generations. Developed by leaders across academia, government and industry, the report identifies five seismic shifts shaping the future of semiconductor technologies and calls for an annual $3.4 billion federal investment over the next decade to fund research and development across these five areas. Read the report at: src.org/decadalplan.

This article was authored by Ramesh Chauhan (Qualcomm), Richard Chow (Intel), Debra Delise (Analog Devices), Rafic Makki (Mubadala Capital), Walden Rhines (Cornami) and Victor Zhirnov (SRC).