which you allow any stranger to look at
which you allow any stranger to look at your photographs your online banking
your photographs your online banking
your photographs your online banking statement or some of the sensitive
statement or some of the sensitive
statement or some of the sensitive information that you store online such
information that you store online such
information that you store online such as your healthcare data and your history
as your healthcare data and your history
as your healthcare data and your history of your medical records I see some of
of your medical records I see some of
of your medical records I see some of you shaking your heads right now but I
you shaking your heads right now but I
you shaking your heads right now but I guess most of us are really doing it
guess most of us are really doing it
guess most of us are really doing it right now this is saying that your
right now this is saying that your
right now this is saying that your mobile phone knows you better than your
mobile phone knows you better than your
mobile phone knows you better than your spouse if I can be audacious enough to
spouse if I can be audacious enough to
spouse if I can be audacious enough to propose this is that staff working at
propose this is that staff working at
propose this is that staff working at the online service providers know you
the online service providers know you
the online service providers know you better than you know yourself in 2010 a
better than you know yourself in 2010 a
better than you know yourself in 2010 a site reliability engineer from Google
site reliability engineer from Google
site reliability engineer from Google was caught spying on at least four
was caught spying on at least four
was caught spying on at least four teenagers well that’s that’s a big
teenagers well that’s that’s a big
teenagers well that’s that’s a big concern but what a big bigger concern
concern but what a big bigger concern
concern but what a big bigger concern was that he wasn’t caught by technology
was that he wasn’t caught by technology
was that he wasn’t caught by technology he wasn’t caught by any technical
he wasn’t caught by any technical
he wasn’t caught by any technical automation he was caught by their
automation he was caught by their
automation he was caught by their parents reporting to Google about what
parents reporting to Google about what
parents reporting to Google about what he has done in the news report it was
he has done in the news report it was
he has done in the news report it was also said that the extent of the damage
also said that the extent of the damage
also said that the extent of the damage of his spying on people using the truly
of his spying on people using the truly
of his spying on people using the truly abuse of his system administrator rights
abuse of his system administrator rights
abuse of his system administrator rights was unclear now this is a big problem
was unclear now this is a big problem
was unclear now this is a big problem for us because at a crux of this problem
for us because at a crux of this problem
for us because at a crux of this problem it just exposes a bigger problem the
it just exposes a bigger problem the
it just exposes a bigger problem the lack of control over our data once we
lack of control over our data once we
lack of control over our data once we upload it online now how do we solve
upload it online now how do we solve
upload it online now how do we solve this problem how do we know what happens
this problem how do we know what happens
this problem how do we know what happens behind the scene a group of scientists
behind the scene a group of scientists
behind the scene a group of scientists computer scientists and IT companies in
computer scientists and IT companies in
computer scientists and IT companies in New Zealand are currently working on it
New Zealand are currently working on it
New Zealand are currently working on it through a government funded and MBIA
through a government funded and MBIA
through a government funded and MBIA funder grant called Stratus in Stratis
funder grant called Stratus in Stratis
funder grant called Stratus in Stratis we like to say and propose that data
we like to say and propose that data
we like to say and propose that data control can be returned if we control
control can be returned if we control
control can be returned if we control three elements of data control number
three elements of data control number
three elements of data control number one to know number two to act upon after
one to know number two to act upon after
one to know number two to act upon after you know that something has gone wrong
you know that something has gone wrong
you know that something has gone wrong you can actually roll back
you can actually roll back
you can actually roll back or you can bring someone to account for
or you can bring someone to account for
or you can bring someone to account for some of the wrong wrong things that they
some of the wrong wrong things that they
some of the wrong wrong things that they have done and number three to preserve
have done and number three to preserve
have done and number three to preserve the privacy of our data with all these
the privacy of our data with all these
the privacy of our data with all these three elements we extend a chance to
three elements we extend a chance to
three elements we extend a chance to create something what we call a kill
create something what we call a kill
create something what we call a kill switch a kill switch would allow you to
switch a kill switch would allow you to
switch a kill switch would allow you to have some absolute control over your
have some absolute control over your
have some absolute control over your data and at the same time this kill
data and at the same time this kill
data and at the same time this kill switch you know could actually tell you
switch you know could actually tell you
switch you know could actually tell you what’s happening and you can stop
what’s happening and you can stop
what’s happening and you can stop someone from accessing your data if you
someone from accessing your data if you
someone from accessing your data if you don’t want them to now Jennifer Lawrence
don’t want them to now Jennifer Lawrence
don’t want them to now Jennifer Lawrence and many other celebrities in the 2014
and many other celebrities in the 2014
and many other celebrities in the 2014 I’ve I called heck would have wanted
I’ve I called heck would have wanted
I’ve I called heck would have wanted such a kill switch this kill switch
such a kill switch this kill switch
such a kill switch this kill switch would have stopped the spread of their
would have stopped the spread of their
would have stopped the spread of their sensitive information and would have
sensitive information and would have
sensitive information and would have already benefited them to control and to
already benefited them to control and to
already benefited them to control and to control the damage that was brought to
control the damage that was brought to
control the damage that was brought to them now this kill switch is primarily
them now this kill switch is primarily
them now this kill switch is primarily on based on a few elements and I’m gonna
on based on a few elements and I’m gonna
on based on a few elements and I’m gonna show you a few examples from the group
show you a few examples from the group
show you a few examples from the group that we have at a University of Waikato
that we have at a University of Waikato
that we have at a University of Waikato working really hard to solve some of
working really hard to solve some of
working really hard to solve some of these problems to know and to act to
these problems to know and to act to
these problems to know and to act to know and to act is on this scientific
know and to act is on this scientific
know and to act is on this scientific problem called provenance now provenance
problem called provenance now provenance
problem called provenance now provenance is the derivation history of data if you
is the derivation history of data if you
is the derivation history of data if you know the history of your entire data you
know the history of your entire data you
know the history of your entire data you can act upon it and you bring someone to
can act upon it and you bring someone to
can act upon it and you bring someone to account for but how do we act beyond
account for but how do we act beyond
account for but how do we act beyond that that is the crux of the question in
that that is the crux of the question in
that that is the crux of the question in this video I’m going to show you an
this video I’m going to show you an
this video I’m going to show you an example of how a CCTV that we created
example of how a CCTV that we created
example of how a CCTV that we created called provenance logger a program that
called provenance logger a program that
called provenance logger a program that looks inside a computer it looks inside
looks inside a computer it looks inside
looks inside a computer it looks inside a system is able to expose a system
a system is able to expose a system
a system is able to expose a system administrator from abusing the system
administrator from abusing the system
administrator from abusing the system administrator rights over here on the
administrator rights over here on the
administrator rights over here on the top right hand screen you see Alice and
top right hand screen you see Alice and
top right hand screen you see Alice and as with every security example you have
as with every security example you have
as with every security example you have Bob and Bob is on the bottom right
Bob and Bob is on the bottom right
Bob and Bob is on the bottom right corner of the screen Bob is entering the
corner of the screen Bob is entering the
corner of the screen Bob is entering the annual bonus information and Alice you
annual bonus information and Alice you
annual bonus information and Alice you know working under him didn’t have a
know working under him didn’t have a
know working under him didn’t have a good relationship with him had this
good relationship with him had this
good relationship with him had this sixth sense and she probably isn’t
sixth sense and she probably isn’t
sixth sense and she probably isn’t getting any bonus so she’s trying to get
getting any bonus so she’s trying to get
getting any bonus so she’s trying to get in but her permission was denied
in but her permission was denied
in but her permission was denied and hence she used her system
and hence she used her system
and hence she used her system administrator rights to access the data
administrator rights to access the data
administrator rights to access the data and when she’s doing that the screen on
and when she’s doing that the screen on
and when she’s doing that the screen on the Left shows us the prager locks
the Left shows us the prager locks
the Left shows us the prager locks Prager was able to expose all these
Prager was able to expose all these
Prager was able to expose all these sections and the record all these
sections and the record all these
sections and the record all these sections the proof that she has actually
sections the proof that she has actually
sections the proof that she has actually abused the system administrator rights
abused the system administrator rights
abused the system administrator rights now this has exposed the abuse of system
now this has exposed the abuse of system
now this has exposed the abuse of system administrators rights all the malicious
administrators rights all the malicious
administrators rights all the malicious insiders triggered by human events what
insiders triggered by human events what
insiders triggered by human events what about a vast majority of the cyber
about a vast majority of the cyber
about a vast majority of the cyber security incidents nowadays which are
security incidents nowadays which are
security incidents nowadays which are triggered by software events we have
triggered by software events we have
triggered by software events we have worked on a solution by putting Prager
worked on a solution by putting Prager
worked on a solution by putting Prager into machines to check and to record
into machines to check and to record
into machines to check and to record malicious software happening within the
malicious software happening within the
malicious software happening within the computer over here you see an example
computer over here you see an example
computer over here you see an example that we are actually studying right now
that we are actually studying right now
that we are actually studying right now it’s the malware Loki Loki is part of a
it’s the malware Loki Loki is part of a
it’s the malware Loki Loki is part of a family of ransomware that locks up your
family of ransomware that locks up your
family of ransomware that locks up your computer and only unlocks it if you pay
computer and only unlocks it if you pay
computer and only unlocks it if you pay the ransom
the ransom
the ransom now Loki is very topical in Australia
now Loki is very topical in Australia
now Loki is very topical in Australia New Zealand because it is the
New Zealand because it is the
New Zealand because it is the highest-earning malware there is
highest-earning malware there is
highest-earning malware there is happening right now and it is our job to
happening right now and it is our job to
happening right now and it is our job to stop it and the way to stop it is to
stop it and the way to stop it is to
stop it and the way to stop it is to understand the enemy you understand and
understand the enemy you understand and
understand the enemy you understand and see what happens within the system a lot
see what happens within the system a lot
see what happens within the system a lot of the systems out there and a lot of
of the systems out there and a lot of
of the systems out there and a lot of the cyber security capability are
the cyber security capability are
the cyber security capability are monitoring things that are flying
monitoring things that are flying
monitoring things that are flying outside the computers or across the
outside the computers or across the
outside the computers or across the networks but very few of them are
networks but very few of them are
networks but very few of them are actually looking within the system I’m
actually looking within the system I’m
actually looking within the system I’m sure some of you will be thinking oh how
sure some of you will be thinking oh how
sure some of you will be thinking oh how am I going to make sense of this you
am I going to make sense of this you
am I going to make sense of this you know this is not an eyesight test yeah
know this is not an eyesight test yeah
know this is not an eyesight test yeah so what should we do we created a
so what should we do we created a
so what should we do we created a visualization to look at what happens
visualization to look at what happens
visualization to look at what happens within the computer now this
within the computer now this
within the computer now this visualization we call it visual program
visualization we call it visual program
visualization we call it visual program allows you to look inside the computer
allows you to look inside the computer
allows you to look inside the computer right now what we can see from the locks
right now what we can see from the locks
right now what we can see from the locks is that Loki was trying to study the
is that Loki was trying to study the
is that Loki was trying to study the entire system how many folders and
entire system how many folders and
entire system how many folders and directories and also the files are
directories and also the files are
directories and also the files are inside there
inside there
inside there what files are your Word documents your
what files are your Word documents your
what files are your Word documents your pictures your spreadsheets and it’s
pictures your spreadsheets and it’s
pictures your spreadsheets and it’s trying to study everything identifying
trying to study everything identifying
trying to study everything identifying them so that they can lock them up and
them so that they can lock them up and
them so that they can lock them up and once they lock them up the visualization
once they lock them up the visualization
once they lock them up the visualization shows you that is actually in red and we
shows you that is actually in red and we
shows you that is actually in red and we can zoom into the files and look at what
can zoom into the files and look at what
can zoom into the files and look at what has actually happened now this gives us
has actually happened now this gives us
has actually happened now this gives us a little bit of control right in both
a little bit of control right in both
a little bit of control right in both the human and automated sense I have
the human and automated sense I have
the human and automated sense I have covered provenance and provenance allows
covered provenance and provenance allows
covered provenance and provenance allows you to know and to act upon your data
you to know and to act upon your data
you to know and to act upon your data control elements now we move on to the
control elements now we move on to the
control elements now we move on to the final one which is about preservation of
final one which is about preservation of
final one which is about preservation of privacy when we actually look at it from
privacy when we actually look at it from
privacy when we actually look at it from a computer science point of view we
a computer science point of view we
a computer science point of view we actually are kind of suspicious every
actually are kind of suspicious every
actually are kind of suspicious every time someone tells us you know
time someone tells us you know
time someone tells us you know especially a cloud service provider
especially a cloud service provider
especially a cloud service provider tells us that everything is encrypted
tells us that everything is encrypted
tells us that everything is encrypted and always safe because fundamentally if
and always safe because fundamentally if
and always safe because fundamentally if you want to process the data if you want
you want to process the data if you want
you want to process the data if you want a one plus one equals two to the
a one plus one equals two to the
a one plus one equals two to the computer has to know that it’s one plus
computer has to know that it’s one plus
computer has to know that it’s one plus one equals to two now this is a big
one equals to two now this is a big
one equals to two now this is a big problem because none of the computers
problem because none of the computers
problem because none of the computers right now are empowered to do things
right now are empowered to do things
right now are empowered to do things fully encrypted if it’s encrypted
fully encrypted if it’s encrypted
fully encrypted if it’s encrypted information you can never ever process
information you can never ever process
information you can never ever process the data so the key to solve that was
the data so the key to solve that was
the data so the key to solve that was actually unlocked in 2009 by a group of
actually unlocked in 2009 by a group of
actually unlocked in 2009 by a group of scientists in Stanford and IBM it’s
scientists in Stanford and IBM it’s
scientists in Stanford and IBM it’s called home morphic encryption
called home morphic encryption
called home morphic encryption homomorphic encryption allows you to
homomorphic encryption allows you to
homomorphic encryption allows you to process data securely without decrypting
process data securely without decrypting
process data securely without decrypting the encrypted data so this means like
the encrypted data so this means like
the encrypted data so this means like it’s like a bank teller you know you go
it’s like a bank teller you know you go
it’s like a bank teller you know you go to the bank and the bank might be your
to the bank and the bank might be your
to the bank and the bank might be your friend right and you go to the bank and
friend right and you go to the bank and
friend right and you go to the bank and you tell them can you update the bank
you tell them can you update the bank
you tell them can you update the bank balance for me here’s ten more dollars
balance for me here’s ten more dollars
balance for me here’s ten more dollars and they can update the thing and with
and they can update the thing and with
and they can update the thing and with some magic they can update your bank
some magic they can update your bank
some magic they can update your bank balance and give you the final resign
balance and give you the final resign
balance and give you the final resign only you can see but you’re nosy friend
only you can see but you’re nosy friend
only you can see but you’re nosy friend can never see a bank balance yeah so
can never see a bank balance yeah so
can never see a bank balance yeah so this is the crux of homomorphic
this is the crux of homomorphic
this is the crux of homomorphic encryption but what’s what’s the problem
encryption but what’s what’s the problem
encryption but what’s what’s the problem 2009 until now there has some issues and
2009 until now there has some issues and
2009 until now there has some issues and the issue is with the pact
the issue is with the pact
the issue is with the pact callate of homomorphic encryption
callate of homomorphic encryption
callate of homomorphic encryption techniques right now so the race is on
techniques right now so the race is on
techniques right now so the race is on the race is on to solve this problem for
the race is on to solve this problem for
the race is on to solve this problem for example one kilobyte of data right now
example one kilobyte of data right now
example one kilobyte of data right now takes about 15 minutes to encrypt
takes about 15 minutes to encrypt
takes about 15 minutes to encrypt homomorphic li now imagine you’re
homomorphic li now imagine you’re
homomorphic li now imagine you’re uploading a photograph right now
uploading a photograph right now
uploading a photograph right now there’ll be a lot of coffees to drink
there’ll be a lot of coffees to drink
there’ll be a lot of coffees to drink you know when when you’re when you’re
you know when when you’re when you’re
you know when when you’re when you’re waiting for this photograph to upload
waiting for this photograph to upload
waiting for this photograph to upload the scientists have now thought about
the scientists have now thought about
the scientists have now thought about how about you know we take a step back
how about you know we take a step back
how about you know we take a step back and try not to be too ambitious
and try not to be too ambitious
and try not to be too ambitious instead of doing a fool homomorphic
instead of doing a fool homomorphic
instead of doing a fool homomorphic encryption let’s do a partial
encryption let’s do a partial
encryption let’s do a partial homomorphic encryption how do we do a
homomorphic encryption how do we do a
homomorphic encryption how do we do a partial one we focus just on one math
partial one we focus just on one math
partial one we focus just on one math operation for example addition
operation for example addition
operation for example addition subtraction multiplication or divide
subtraction multiplication or divide
subtraction multiplication or divide just one of them in a democratic society
just one of them in a democratic society
just one of them in a democratic society you will find an operation that happens
you will find an operation that happens
you will find an operation that happens every three or four years and that is
every three or four years and that is
every three or four years and that is voting well if you use subtraction for
voting well if you use subtraction for
voting well if you use subtraction for voting then you probably are living
voting then you probably are living
voting then you probably are living under a dictator so we’re going to show
under a dictator so we’re going to show
under a dictator so we’re going to show you addition right through an example
you addition right through an example
you addition right through an example over here in this example we have eight
over here in this example we have eight
over here in this example we have eight students voting yes or no to pay parking
students voting yes or no to pay parking
students voting yes or no to pay parking on campus and this this topic you know
on campus and this this topic you know
on campus and this this topic you know allows us to to bring out you know but
allows us to to bring out you know but
allows us to to bring out you know but eventually we got four votes four votes
eventually we got four votes four votes
eventually we got four votes four votes that says yes and four votes that say no
that says yes and four votes that say no
that says yes and four votes that say no it’s very politically correct now what’s
it’s very politically correct now what’s
it’s very politically correct now what’s important about this is that the voting
important about this is that the voting
important about this is that the voting stations were not able to see who voted
stations were not able to see who voted
stations were not able to see who voted for what and what’s more empowering
for what and what’s more empowering
for what and what’s more empowering returning control to the voters was that
returning control to the voters was that
returning control to the voters was that every voter was able to mathematically
every voter was able to mathematically
every voter was able to mathematically proof that their vote was counted thus
proof that their vote was counted thus
proof that their vote was counted thus enabling control back to the users I’ve
enabling control back to the users I’ve
enabling control back to the users I’ve shown you many examples which proved to
shown you many examples which proved to
shown you many examples which proved to proliferate business when we returned
proliferate business when we returned
proliferate business when we returned control data to users and in 1981 IBM
control data to users and in 1981 IBM
control data to users and in 1981 IBM together with Microsoft operating
together with Microsoft operating
together with Microsoft operating systems empower the world with control
systems empower the world with control
systems empower the world with control of their computation of their
of their computation of their
of their computation of their productivity with the
productivity with the
productivity with the microcomputer movement everyone has a
microcomputer movement everyone has a
microcomputer movement everyone has a personal computer in their home or their
personal computer in their home or their
personal computer in their home or their offices and security is now as at a cusp
offices and security is now as at a cusp
offices and security is now as at a cusp of this right now 36 years later I
of this right now 36 years later I
of this right now 36 years later I believe that we have a strong chance to
believe that we have a strong chance to
believe that we have a strong chance to move and change the landscape we cannot
move and change the landscape we cannot
move and change the landscape we cannot rely on someone else anymore we have to
rely on someone else anymore we have to
rely on someone else anymore we have to start a personal cybersecurity
start a personal cybersecurity
start a personal cybersecurity revolution returning control data to
revolution returning control data to
revolution returning control data to users
users
users thank you
thank you
thank you [Applause]
Be First to Comment