Security Systems Q&A

BY ALEX JOHNSON

Today, many people have access to some type of computing system, such as a smartphone or a laptop. Even if someone does not own a personal device, they still have a digital identity in the way of financial information, medical information, and other secure data that exists in a computer program. But not many people think about the security of their information. Ari Trachtenberg is a Professor of Electrical and Computer Engineering at Boston University, as well as an affiliate of the Hariri Institute’s Center for Reliable Information Systems and Cyber Security (RISCS). Trachtenberg chatted with us about the nuances of cybersecurity, as well as some surprising ways that your information can be targeted. 

Trachtenberg is a Professor in the Department of Electrical and Computer Engineering at Boston University

Why do we need different types of security across platforms?

Security is typically in conflict with usability.  To make a platform more secure, you usually introduce mechanisms that make it less usable, and vice versa.  As a result, security needs to be matched to the desired usability and potential risks associated with the activity. 

For example, most people don’t hire armed guards to patrol our home with submachine guns and armored personnel carriers. We decide against this because that would be intrusive and freak out the neighborhood, and we also consider the local police able enough to provide protection against the types of risks we envision. The security for a platform must be similarly calibrated against usability and perceived risk.

What are some of the best strategies for dealing with security threats?

First of all, it is important to realize that the average person, or even security researcher, cannot fully protect themselves from malware or security threats. Therefore it is important to plan ahead for the eventuality of an attack. This includes having frequent, off-network backups and having a plan of action should your systems become unusable.

Beyond that, there are standard safety mechanisms that everyone can employ.  Individuals should be aware of the sources of their information, whether they be people, files or webpages.  For example, don’t download or run a file if you do not have reasonable trust in its source. Also be aware of your system’s baseline activity.  If your computer is suddenly extremely sluggish or your system has suddenly added the capability to write text in Russian, keep the anomaly in mind and seek help if it persists. Finally, keep your systems patched, which means downloading system and application updates when it is feasible.

What is the most surprising thing you’ve learned about security systems?

When I first started researching the area, I was surprised by how easy it is to exploit even the most innocuous information.  However, these three  exploitations come to mind:

1.  Bits of trivia like your favorite hobbies or pets can be used to guess passwords or security questions, or even to gain rapport with your friends. 

2.  Location data that is maintained by your phone’s operating system and cell phone provider can also be used to determine your social or religious preferences, medical concerns, and even sleeping habits. 

3.  Meta-information from your network, like how often you send encrypted packets on your network, can be used to decrypt your computer-based phone conversations or to identify which web pages you visit.

Interested in learning more about the research happening at the Hariri Institute? Sign up for our newsletter here.