7. Homomorphic Encryption (OBJ 1.8)
In this lesson, we’re going to discuss homomorphic encryption and its potential uses in your enterprise security architecture. Now, homomorphic encryption is a form of encryption that permits users to perform calculations on its encrypted data without first decrypting it. By using homomorphic encryption, an organization can process information while still protecting the privacy and security, even if they outsource that processing to a third party cloud provider, because the third party cloud provider can’t read the underlying data because it’s still encrypted in its format. Now, homomorphic encryption is different than most other encryption technologies that are used in enterprise networks because it allows computation to occur using the encrypted data without needing to first access the secret key, which protects the privacy and confidentiality of that data that’s going to be processed.
This is an area of huge potential for privacy and confidentiality advocates, as well as the financial services or healthcare industries to protect their customers and patients privacy. Homomorphic encryption uses the public key to encrypt the data in conjunction with an algebraic system that allows the mathematical functions to be performed on the data while still in an encrypted format. Now, there are three main types of homomorphic encryption partially homomorphic encryption, which keeps sensitive data secure by only allowing select mathematical functions to be performed on that data somewhat homomorphic encryption, which supports limited operations that can be performed a certain number of times and fully homomorphic encryption that keeps information secure and accessible during computation.
Now, the biggest drawback to using homomorphic encryption is that the process of computing these things is very slow and therefore, it’s not practical for many modern applications. Yet Microsoft, IBM, and numerous other tech companies are continually working hard to speed up this process and bring homomorphic encryption to the mainstream, though, so keep it in mind. Homomorphic encryption relies on private information retrieval, secure function evaluation, and private function evaluation to ensure the privacy of the data being processed. A private information retrieval, or Pir protocol can be used with homomorphic encryption to allow a user to retrieve an item from a service in possession of a database without revealing which item is being retrieved.
Secure function evaluation, or SFE, allows two parties to jointly evaluate a publicly known function without revealing their respective inputs, adding to the privacy of the data being processed. Private function evaluation, or PFE, takes this a step further by allowing two parties to jointly evaluate a private function without revealing the respective inputs. Now, with a secure function evaluation, both parties know the intricate function being used, but in a private function evaluation, the function and its inputs are both considered private and not revealed. SFE and PFE are specific types of secure multiparty computation within cryptography.
Secure multiparty computation is going to be used to create methods for parties to jointly compute a function over their input while keeping those inputs private. Unlike traditional cryptographic tasks, where cryptography is used to assure the security and integrity of communication or storage and the adversaries outside of the system of participants such as an Eavesdropper. When you’re using the secure multiparty computation, it’s going to be used to protect the participants’privacy from each other as well. Now, the topic of homomorphic encryption is really a pretty complex one, but for the exam you need to just remember that homomorphic encryption can be used to process already encrypted data and produce usable results that can then be decrypted by the initial owner of that data by using their private key.
8. Virtual/Augmented Reality (OBJ 1.8)
In this lesson, we’re going to discuss the impact of virtual reality and augmented reality on enterprise security and privacy. First, what is virtual reality? Well, virtual reality is a computer generated simulation of a three dimensional image or environment that can be interacted with in a seemingly real or physical way by a person using special electronic equipment, such as a helmet with a screen inside of it or gloves fitted with sensors. Now, there are three main types of virtual reality. We have fully immersive virtual reality, semi immersive virtual reality, and augmented reality. First, we have fully immersive virtual reality. Fully immersive virtual reality allows you to interact with a virtual environment and feel like you’re physically present in the virtual world where the events are actually taking place.
Many virtual gaming businesses have been created that use this fully immersive type of virtual reality out there. For example, the last time I went to Disney World, they had a Star Wars experience called The Secrets of the Empire, which was designed to be a fully immersive virtual reality system. Now, you’d put on a helmet which contained screens in front of your eyes to see the virtual reality world. Then you put on a vest which was equipped with feedback sensors that reacted to the environment in this VR experience. And finally, you received a Star Wars blaster that was essentially a large plastic gun that you’re going to shoot in the VR environment with. Now, in their experience, you’d actually walk around the building from room to room in the real world, and it was fully synced to the virtual reality game itself that you were inside of.
You’d actually be able to be in a room where there was lava or fire and you could feel the heat there. If somebody shot you, the vest would vibrate and give you that feedback that you were being shot by a blaster. It was by far the most immersive VR experience that I’ve ever experienced. Now, the second type of VR we have is known as semi immersive virtual reality. This is more of the home user version of virtual reality. If you ever use an Oculus quest, this would be considered a semi immersive VR experience. Now, you can see the VR environment through your headset, and you’re controlling your movement and actions through handheld joysticks. And you must stay within a limited area, usually about six to 10ft, to be able to remain within the play area.
So if you need to go further than that, you’re going to have to use the joystick to control your position in the game as opposed to actually walking over to that area like you did in the fully immersive model. Now, also, you’re not going to get feedback from this because it’s not that fully immersive system. You don’t have a vest with tactical feedback, for instance, but you are going to be able to see the world and interact with the world through those handheld joysticks. The third type of VR experience we have is known as augmented reality. Now, augmented reality lets the user see the real world and then places a virtual overlay on top of it. For example, in the summer of 2016, there was an extremely popular game known as Pokemon Go, and it included AR.
Now, this game included augmented reality, where you’re going to use your phone screen to display Pokemon characters over the live reality of what you’re seeing. And then if you’re trying to capture them in a ball, you’d actually throw these balls at the Pokemon, and they would do things on your phone screen in front of your real environment. Now, many companies have been working on smart glasses as well for general consumer use. And these are also going to use augmented reality. In 2013, Google created Google Glass, which was a pair of glasses with augmented reality functionality built right in. As its users saw the real world, they also saw an overlay of their text messages, information about the environment, like the temperature and the weather, and maybe even step by step directions as they’re walking down the street.
Now, in 2021, Facebook released its first smart glasses in conjunction with the sunglass manufacturer Rayban. Their version is more focused on recording content and contains two embedded video cameras on each side of the glasses. Now, both of these devices bring up lots of privacy issues for the people around those who are actually wearing the glasses. These glasses have embedded microphones and cameras, and they could be recording people without anybody knowing about it. Now, to mitigate this privacy threat, the Facebook glasses have decided to use a red Led that clearly displays any time the device is actively recording. But again, this is a privacy concern.
Now, with both VR and AR, privacy becomes a major concern because of the highly personal nature of the data that could be collected from these devices. For example, newer virtual reality headsets are using finger tracking and eye tracking as part of their design. This means the companies could be collecting biometric data about its user users, including their unique gait, the way they walk, the way they move, the way their eyes track back and forth, and things like that. This data is also really difficult to Anonymized because each person moves in a very unique way so that Anonymized data could be de. Anonymized and reidentified, as shown by researchers in the field.
9. 3D Printing (OBJ 1.8)
In this lesson, we’re going to discuss 3D printing and the privacy concerns surrounding it. Now, 3D printing, which is more accurately known as additive manufacturing, is the construction of a three dimensional object from a computer aided design model or a digital 3D model, by laying down many successive thick layers of a material until the final composition is completed. Now, when people think of 3D printing, they normally think of using a computer, create a small plastic object. But modern 3D printers have been created that can print just about anything, including cement houses. Now, 3D printing is extremely useful in the manufacturing industry because it can be used to print unique parts or perform extreme prototyping of components and products for an organization.
So how does 3D printing work? Well, first you get a virtual design that’s going to be created and it’s going to serve as the blueprint for your 3D printer to be able to read this thing and build out what you want to design. This blueprint is known as a CAD or computer aided design file. Another method of creating the blueprint is use a 3D scanning technique if you need to copy an existing object. Once that blueprint is ready, you really need to break down the virtual model into layers or slices. This will create dozens or even hundreds of layers that will be used to print the object successfully, getting higher and higher each and every time you put a layer down.
Now, the 3D printer is going to begin by creating a base layer of the material, usually by releasing a semi liquid material through a nozzle. This material can be plastic, metal, or even cement, depending on the type of printer being used. The nozzle is then going to be moved by the printer based on the blueprints provided. And the nozzle can move vertically or horizontally to the precise location needed to create that 3D model. This process is repeated over and over again until your final model is completed. These days, nearly anything can be made with 3D printers, and this is lowering the barrier to entry into the market. No longer does a manufacturer need to order 20,000 units of something and spend a ton of money on building a custom mold to create a new product.
Instead, they can use a 3D printer to create a small batch, test the market, and see if they should invest in a larger production run. In some countries, 3D printers are also used to print prosthetics for people who may have lost a limb, like an arm or a leg. These 3D printed versions are customized to each patient’s exact dimensions, leading to a more durable and better fitting prosthetic. These 3D printers, though, are not without their privacy concerns. You see, that object that is going to be used in this 3D printer is going to contain a watermark based on its exact composition. This can allow strangers to track and observe these objects and gather a lot of information about the user without their consent.
Some experts claim that tracking the use of these 3D products is creating an infringement on the privacy of the individual, and this is something we do have to worry about. Now, another issue we have is one of copyright infringement, because these 3D printers can be used to print just about anything and this could lead to rampant copyright and intellectual property infringement as these devices get more widespread in the consumer marketplace. Similar to how DVD burners were back in the early 2000.
10. Quantum Computing (OBJ 1.8)
In this lesson, we’re going to discuss quantum computing and nanotechnology. First, let’s start with quantum computing, which is a combination of physics, mathematics, and quantum mechanics to exploit the collective properties of quantum states such as the superposition, interference and entanglement to perform computation. Now, a quantum is the smallest possible discrete unit of any physical property, such as an atomic or subatomic particle, whereas a binary digit or bit is stored as a one or a zero that represents an on or an off. In a transistor, quantum computing relies on a qubit instead. Now, a qubit is a quantum bit, and instead of holding just the value of one or zero, it can hold a superposition of all the possible states or combinations.
Because of this superposition that creates multiple values at once, quantum computers are much faster and more depth at solving extremely complex mathematical problems like those that we use in cryptography. This is because a quantum computer can perform calculations on all states of a qubit simultaneously instead of having to do them sequentially like a traditional transistor based computer has to do. This means that at exponential scale, a 1000 qubit quantum computer will be more powerful than today’s most powerful supercomputers. To ensure the privacy and confidentiality of our data, we normally use cryptography. But quantum computers can quickly make work of decrypting all of our data without the proper decryption keys because of this ability to do superpositioning.
Because of this, once a functioning quantum computer is available in the production environment, it could render all of our current encryption technologies utterly useless. Therefore, we need to start using post quantum cryptography so our systems can be impervious to a quantum attack once those computers are readily available. Now, there are two methods of securing our data from quantum computers that works even with our current traditional systems. The first is to increase our key size, and the second is to implement new algorithms. The first method is to increase our key size, which increases the number of permutations that are needed to be brute force in order to decrypt our data. This method works if you’re dealing with a symmetric encryption algorithm like AES. If I take AES 128 and I increase it to AES 256, for instance, I’ve just doubled the key length.
But by doubling the key length, I’ve actually squared the number of possible combinations that are going to have to be brute force by the quantum computer. By doing that, I’ve extended their time it’s going to take to crack the key and makes my existing encryption much stronger and much more resistant to being cracked. The second method is to implement new quantum resistant algorithms. This has been what researchers are hard at work on doing for us to make sure we’re ready for this quantum revolution. Now, two examples of this are lattice based cryptography and super singular isogenic key exchanges. We’re not going to go into each of these in this course because it is way beyond the scope of the exam. But I just wanted you to remember that to protect your data for the long term, you need to start looking into quantum resistant technologies in the next few years.
This is because it’s estimated that by 2030, there’s going to be working quantum computers. And when that happens, our existing algorithms simply won’t be able to stop these new quantum computers from cracking our encryption keys. Right now, we don’t have any dedicated quantum resistant cryptography that’s available to us to implement within our networks. But there is a current ongoing competition from the National Institute of Science and Technology to pick one that will become the standard by sometime in 2022 or 2023. Now, in order to build these quantum computers, researchers and engineers are relying on nanotechnology. Nanotechnology is the use of matter on an atomic, molecular, or supermolecular scale for industrial purposes. Now, nanotechnology is contributing to the development of more complex cryptography schemes using quantum computing.
Quantum cryptography is the science of quantum mechanical properties to perform cryptographic functions and tasks. And nanotechnology is used both in the development of this type of cryptography and the creation of quantum computers. These quantum computers and their quantum chips are being made from nanotechnology, and they’re thought to be much more secure than traditional hardware based on transistors like we use now, because they’re not going to leak data when they’re turned on or off like a traditional transistor does. In addition to the area of cryptography, experts also believe that nanotechnology is going to affect cybersecurity in the areas of intelligent threat detection and consumer security.
Over the last decade, computer scientists have continued to build neural networks to increase the machine learning and deep learning capabilities of our systems. The next natural advance in this area is to leverage nanotechnology to build computers that are based on the structure of the human brain to be able to create better predictive abilities than the existing neural networks. Once developed, these nanotechnologyback neural networks could allow emerging threats to be quickly identified and isolated on our networks, as well as to conduct proactive and reactive measures to shut down any incoming threats. But the real place we see nanotechnology heading fast is in the biohacking arena.
With the hopes of increasing consumer security, some nanotechnology researchers have been attempting to build a full system on a chip based on nanotechnology that could be implanted inside the human body or ingested by the user. For example, some biotech researchers at MIT have been working to create a pill that contains a microphone thermometer and a battery that could be able to collect and measure important metrics from within the user’s body. Now, some security experts have suggested that an implemented device could be used as a form of authentication as well to make a user’s account impervious to attack. Of course, all these nanotech solutions inside the end user do bring up extensive privacy issues as well. So it is something you have to think about if you’re going to be on board with it.