Computer scientist Erol Gelenbe on different types of cyber-attacks and end-to-end security of health data exchanges

videos | July 24, 2019

Cybersecurity is a fairly new topic although cryptography is a very old one. If you think about cryptography it probably goes back to perhaps a thousand years, perhaps more, because the initial purpose was to conceal information, that is to make information only visible, only understandable to the designated sender and the designated receiver. But with a cyber world that we’re living in today, all of our infrastructures are being interconnected through the Internet. As a result, a new form of threat has come up. To deal with it we use cybersecurity.

Cybersecurity has two players: the cyber attackers and the cyber defenders. These are two groups which typically have the same technical knowledge, so it’s a game played between two equal partners. Very often those people who attack are the same type of people and have the same type of knowledge as the people who defend. When this is going on the most obvious objective can be to capture information that should not be made public or that should remain private between the sender and the receiver. However, aside from this very obvious objective which is strictly covered by cryptography, that is the encoding and the decoding of information which is being done today via very complex computational procedures: nothing is unbreakable but everything needs a lot of time to be broken. This is how protection is assured: through the very long computational times associated with the protection.

Now, because we have looked at cybersecurity through the vision of cryptography at some point new gamers come into play. Now we’ve got cyber-attacks which have nothing to do with cryptography but which are creating a nuisance, an impossibility of usage of the system. Thus, cyber-attacks become attacks on the usage of the system rather than attacks on the information it contains. Many of the international attacks that we have been seeing are based on this approach where the attackers try to impede the progress of normal usage of the system. The examples are, for instance, the denial-of-service attacks, sync attacks, WannaCry where the people who were trying to use their own system couldn’t access their own systems.

What is quite interesting is that the centre of gravity of cybersecurity has displaced itself from the field of cryptography towards the field of attacks which impede the usage of the systems or which transform the content of our systems so that the end-user cannot actually access the true information. Let me give you a very simple example. Suppose you are attacking a system which is being controlled physically. Think of a machine that you’re controlling at a distance. This control requires a sequence of steps, and if you as an attacker are able to disorder the sequence, change the order in which the sequence of instructions to the system arrive, then you are completely disabling the system because the machine at the other end will be transforming its actions in an unwanted manner. This is an example of an attack on the Internet of things. A lot of the international attacks we have heard about (for instance, on these centrifuges many years ago) were essentially based on changing the instructions given to mechanical systems. So the attack now is not just on human beings but it’s also on mechanical systems and on the things that surround us and which are controlled by the Internet.

As we move forward we will have to understand all forms of attacks including, for instance, attacks on the energy supply associated with certain systems. For instance, a lot of sensors that we use in offices, in traffic lights and so on, are powered with batteries. It is possible to attack the sensors by attacking the batteries, so if you manage to deplete the energy in the batteries through an Internet action then you have also attacked the sensor and you have attacked the final target. Thus, the whole area of cybersecurity has become a holistic area where you’re dealing with all kinds of attacks on all aspects of the system and not just on the information and not just on the content of the information. As we move forward the research issues are going to be related to this complexity and the approaches are going to be far more statistical and far more based on mathematical modelling of a whole system than on the details of the cryptography or of the content.

In the field of cybersecurity, I’m involved in three projects. These three projects deal with different areas of interest. One project relates to the security of health data transfers. Where does the problem come from? As we move around, as we travel, as we go to our doctor even in our own city, our information is accessed online by the doctor or by the health professional. As we do that there are all kinds of questions that come up: for instance, how does the health professional authenticate his individual rights to access this data? how do we provide the permit to the health professional? For instance, if you are in France, you provide this permit by handing to the health professional a card which has an encrypted chip on it and which also has your photograph. So the health professional can verify who you are by looking at the photograph and then the system can verify your identity through the chip on the card. This is the authentication part on your side. However, the health professional has to do the same things: the health professional has to introduce a similar card into the system to indicate who she or he is with respect to the system.

This is just the first part. Then there are the transfers. As soon as these steps have been made and the authentication has been assured then you have to transfer data from central systems or from the cloud towards the health professional who has to read what your health status is, what your history is and also possibly request the new tests, new information so that the information that health professional will use will be complete. As this is being done, the health professional is exchanging this data constantly with a central system and all the data at that point can be attacked. But how would the attacker know to attack this particular data? The attacker would know if he can identify that the authentication phase deals with health data. They can do this if they have software on the devices that can inform them of what you are doing or what the health professional is doing.

So one of my projects is related to a holistic view of how you control these exchanges in order to maximally assure that there hasn’t been any tampering with the information, there hasn’t been any modification of the contents because, for instance, if your identities are changed by the system or if some false information is given then it can have physical effects on you as a patient, because you may be prescribed the wrong medicines and so on. The physical effects at the end are what you worry about. It’s not so much the cybersecurity itself which is so important: what is much more important is the impact on the individual at the end.

So one of my projects is called KONFIDO, funded by the European Union (in fact, I was in Milan last week because of that). It’s related to this particular issue of the end-to-end security of health data exchanges.

The second project I have is related to home gateways for the Internet of things. What is a home gateway? Suppose you have a home. In this home there’s going to be a security sensor, there’s going to be a temperature sensor, there may be a control system to control the temperature in the house; you may have links so that you can follow what is happening to the children, whether they’re sleeping and so on. So you have a complete interconnected small Internet inside this domicile. This information is being monitored from the outside by some security company that you’ve given rights to and there will be a home gateway. So in this second (‘Ghost’) project, we are looking at attacks on the home gateway itself. Are the flows coming through the Internet to this home gateway attacked or not? You have to look at the statistical nature of these exchanges so that you can be able to tell whether there’s an attack. My role in this project is to design attack detectors, the algorithms and the statistical methods that will allow you to say if there is highly likely an attack going on.

My third project is about how you move data in the Internet when you’re handling a lot of physical systems. I won’t say too much about that, it’s a new project, and it’s just been going on for less than a year but that’s a very interesting, very holistic type of project as well.

As I conclude I’d like to stress the fact that the issue of cybersecurity has now moved all the way from cryptography (and when we talk about cryptography we could also think about Bitcoin, about cryptocurrencies) to protecting infrastructures where you need to deal with the statistics of what is happening in the system as a whole to understand what kinds of traffic addressing the systems that you want to protect are possibly attack traffics and how you reorganize your system dynamically so that you can reduce, mitigate the effect of the attacks.

Professor in Computer and Communication Networks, Imperial College London
Did you like it? Share it with your friends!
Published items
To be published soon