The risk associated with cyberattacks has been increasing and with the pandemic, this reality has been exacerbated by remote work – recent data from the National Cybersecurity Center (CNCS) show that cyberattacks increased by 23% in the first half of 2021, compared to the previous year. same period of 2020, and rose 124% compared to 2019. Also, Cyberattacks across all industrial sectors saw a 28% increase in Q3 2022 compared to 2021. The security challenges range from zero-day detection, software vulnerabilities (previously classified), and social engineering attacks. These challenges have led to the production of many security and privacy protocols, and companies often have security experts only to review implementations and improve security mechanisms to prevent attackers from exploiting potential flaws and vulnerabilities. Often, open-source can be seen as software without security guarantees, which is not always true. However, as the code is fully available to the community, all users can analyze it and identify possible (un-)intentional vulnerabilities. There are many cryptographic protocols, namely end-to-end communication protocols, which are theoretically secure and have formal proofs of security published, but often existing implementations of these protocols do not reflect all of their theoretical specifications. These protocols are used in many contexts and need to be validated, as they can introduce critical security flaws on production systems. Our work explored the Kolmogorov Complexity as a method for evaluating the security of some end-to-end computation protocols, such as Multiparty Computation and ZRTP. These protocols can impact multiple fields, including data science, where users need to securely and privately compute and share distributed data without ever exposing it.
23/11/2022 14:00
Computer Systems
João Resende is an Assistant Professor in the Department of informatics at NOVA School of Science and Technology (Lisbon). He obtained his PhD in Computer Science in 2021 with the topic “Security Enhancing Technologies for Cloud-of-Clouds”, in a collaborative effort between three Universities: Minho, Aveiro, and Porto. Previously, he was also a cybersecurity researcher at the Center of Competence in Cyber Security and Privacy (C3P), managing projects such as CyberSec4Europe, which is one of the four pilots focusing on the creation of a Network of Cybersecurity Competence and a new European Cybersecurity Competence Centre.
