Security and Privacy for Emerging ICT Platforms

新兴 ICT 平台的安全和隐私

• 批准号: 534381-2018
• 负责人: Goldberg, Ian
• 金额: $ 8.03万
• 依托单位: University of Waterloo
• 依托单位国家: 加拿大
• 项目类别: Collaborative Research and Development Grants
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=720019
• 关键词: Security; Privacy; Emerging; ICT; Platforms

Information and communication technology (ICT) platforms form the basis of our interactions online. The cloud servers that store and process our data and the networks we use to communicate with them handle a large amount of information about all aspects of our lives. As has been all too apparent with news about large-scale theft and abuse of data from tens of thousands of Bank of Montreal and CIBC customers in May 2018 and nearly 50 million Facebook users in September 2018 (as two examples among a great many), the security and privacy of these platforms is often lacking. Without technological improvements that enhance network and storage security and provide customized functionality without exposing private user information, collection of personal and sensitive data remains rife and breaches continue to wreak havoc on users and companies alike. Today's ICT platforms use basic encryption techniques to protect data in storage and in transit, but do not protect metadata. This leaves users vulnerable to the collection of private information such as location and browsing history, and it leaves communications vulnerable to traffic analysis and censorship. Furthermore, although private data may be encrypted in storage, it needs to be decrypted before the company or cloud service can use it for analysis purposes or to provide customized functionality to users.Working with our partners at the Royal Bank of Canada (RBC)'s Cybersecurity Research Lab, we look beyond current deployments to the emerging generation of ICT platforms. Our work will allow RBC customers, whether at home or travelling abroad, to securely and privately access RBC services without leaking data or metadata to possibly hostile or competing governments or Internet providers. We will also create the ability to offer personalized services to RBC customers through secure computation techniques that do not require RBC to ever collect or store customers' private information, at least not in unencrypted form, thus eliminating the possibility of that information being inadvertently leaked in a data breach.

信息和通信技术(ICT)平台是我们在线互动的基础。存储和处理我们的数据的云服务器以及我们用来与它们通信的网络处理着关于我们生活方方面面的大量信息。2018年5月，蒙特利尔银行和加拿大帝国商业银行数万名客户以及2018年9月近5000万Facebook用户(众多例子中的两个)的数据被大规模窃取和滥用的消息已经非常明显，这些平台往往缺乏安全和隐私。如果没有增强网络和存储安全并在不暴露用户私人信息的情况下提供定制功能的技术改进，个人和敏感数据的收集仍然很普遍，入侵继续对用户和公司造成严重破坏。今天的信息和通信技术平台使用基本的加密技术来保护存储和传输中的数据，但不保护元数据。这使得用户容易受到位置和浏览历史等私人信息的收集，也使通信容易受到流量分析和审查的影响。此外，尽管私有数据可能会在存储中加密，但在公司或云服务可以将其用于分析目的或向用户提供定制功能之前，需要对其进行解密。与加拿大皇家银行S网络安全研究实验室的合作伙伴合作，我们将目光投向当前部署的新兴一代ICT平台。我们的工作将允许加拿大皇家银行的客户，无论是在国内还是在国外旅行，安全和私人地访问加拿大皇家银行的服务，而不会向可能怀有敌意或相互竞争的政府或互联网提供商泄露数据或元数据。我们还将创建通过安全计算技术向RBC客户提供个性化服务的能力，这种技术不需要RBC收集或存储客户的私人信息，至少不是以未加密的形式，从而消除这些信息在数据泄露中意外泄露的可能性。