It takes surprisingly little knowledge to hack into your neighbour’s security cameras. Just ask Ring.
Luckily, University of Guelph researchers have a solution. Their innovative framework, a new way to build our apps and services, could be the key to protecting our data in an interconnected world.
In a recently published study, they detail a two-level solution that advances the framework currently used in our smart devices: One level works locally on your device and protects sensitive data on its way to the central server. The second level ensures any data remains encrypted even while it’s being processed.
In a few years, the researchers say, this framework could be built into the smart devices and apps we use – from our Ring doorbells to our Alexa speakers, to other applications in health care and autonomous cars. Able to safeguard our data against any third party, this new framework could be a powerful tool in the ongoing battles against hackers, who are using ever-evolving technology to steal our information.
Your data is exposed
Behind the study are researchers from the School of Computer Science at the College of Engineering and Physical Sciences: computer science professor Dr. Ali Dehghantanha, post-doctoral researcher Dr. Abbas Yazdinejad and PhD candidate Elnaz Rabieinejad.
In the so-called Consumer Internet of Things (CIoT) – our current social-digital landscape defined by smart devices and applications – data often sits in vulnerable systems, making cybercrimes all too easy, the team warns.
Current solutions focus on detecting cyberattacks, but not protecting our privacy and our data. Our devices constantly transfer data back and forth to central servers, which become a single point of failure that can be easily mishandled or exposed.
While encryption is widely used, not all solutions incorporate advanced encryption methods that allow for data to be processed while still encrypted. These methods also come at the cost of our device’s performance.
The team aims to strike the right balance between security, privacy and machine learning models’ performance.
“This work fundamentally enhances user privacy and security within the realm of the CIoT,” says Dehghantanha. “It shows us how important it is to protect user data in a world dominated by smart technologies. It also marks a critical step towards safer and more secure digital environments.”
The two-level framework, explained:
The first layer: federated learning (FL)
Here, machine learning models train on raw data on individual devices rather than transmitting the data to a central server. When it’s time for your device to share with the central server, the models share learning outcomes, not the data itself.
It’s like if you and your friends were assigned a group project. Everyone takes their part home; when they combine their parts for the final project, everyone shares what they learned with each other, not the rough drafts of their notes.
The second layer: partially homomorphic encryption (PHE)
Because FL can still be vulnerable to central server privacy attacks, PHE intensifies privacy, like an extra lock added to data before it gets sent to the central server. When our devices share their learnings with the central server, they do so in an encrypted form that does not need to be decrypted to be used.
In the group project analogy, all parts of the project are sealed in special envelopes. But the leader of the project (the central server) is still able to combine all the parts into a larger project summary without having to peek inside the envelopes.
“If you consider a smart home, there are several smart devices, and each device feeds into the main hub,” Yazdinejad says. “We can place machine learning models as a security module in that main hub to monitor our existing data or transactions between the devices in that smart home. And then, whenever we train this model, instead of transferring the actual model, we just transfer the encrypted model parameters – updates that come from local learning – to the central server to get a trained global model.”
The synergy of the two layers – FL and PHE – is key, the researchers say. Privacy and security are built in.
Keeping up with hackers
Though the team says they can’t anticipate how technology will change in the future, they hope this research paves the way forward for computer scientists.
“New technology emerges every day,” says Rabieinejad. “Hackers continually adapt, embracing novel methods and technologies to breach our defenses. Despite these challenges, we fervently hope this research serves as a valuable tool for cybersecurity scientists. By leveraging the insights and strategies we have outlined, they can enhance their arsenal in the ongoing battle to safeguard our data. Our goal is to keep pace with the evolving landscape of cyber threats and anticipate and counteract them, ensuring a more secure digital environment for all.”
Contact:
Dr. Ali Dehghantanha
adehghan@uoguelph.ca