LATEST BLOG POSTS
Cyber war: the current scenario
The modern hybrid war Lately we hear more and more often about “hybrid” or “asymmetric” war, terms intended to explain a military strategy that mixes conventional war, irregular war and cyber war with other indirect attack methods, such as fake news and accusations in the legal or political field. With the evolution of hybrid war as a form of low intensity conflict during peacetime, the “battlefield” has therefore expanded to sectors and organizations that had never been involved in war before. In fact, today, world superpowers are often involved in low intensity conflicts that allow the forces involved to avoid getting caught up in traditional confrontation. The last front of the information war has made cyber war one of the most convenient tools for this type of conflict. The various types of cyber threats In the current Geo-political context, the overwhelming military superiority of certain large countries, in terms of conventional war, has strongly encouraged the smaller nations to adopt cyber warfare to achieve their goals. In fact, cyber warfare provides an economically viable means of asymmetric warfare that can hardly incur into a military response on the field by a much stronger power in terms of physical armaments. Cyber attacks and cyber warfare are therefore becoming increasingly fundamental in the context of modern warfare. When we talk about a cyber attack, we generally refer to the unauthorized intrusion into a computer or a computer network for devious actions such as tampering with services and infrastructure, data theft and infiltration of servers and data centers. The emergence and development of politically oriented non-state cyber-groups and other cyber-crime groups have made the current scenario even more complex. In fact, cyber attacks can today be divided into four macro-categories: cyber-terrorism, cyberwarfare, cybercrime and cyber-espionage. A new way of fighting It is believed that every one of the top 15 countries in the world (in terms of military budgets) are developing offensive and defensive cyber skills. In 2012, 114 of the 193 member states of the United Nations invested in cyber security, including 47 countries that had also started military cyber security projects. These states are developing their military capabilities in cybersecurity, while developing appropriate military theories and strategies. In this regard, an American military think tank recently pointed out in one of its reports that strategic war in the industrial age was nuclear war, while in the information age, strategic war is essentially cyber war. An Anglo-Saxon military doctrine then developed a unified military strategy to integrate and combine the armed forces within the scope of military operations, including air, land, sea and information in order to achieve military objectives. The real advantage of any form of war lies, in fact, in its integration with other forms of war and cyber warfare is now increasingly used in conjunction with more traditional war strategies and tactics. The main objectives of Cyber war In the context of information war and cyber war there are two primary objectives: the control of information, both in the sense of obtaining access to it and in that of denying access to it, and the influence on that information. The two concepts may seem vague and not related directly to war, but in reality they allow numerous strategically fundamental applications. For example, denying access to information could consist of using cyber attacks to cause the radar of a defense system to show inaccurate or partial data. It is obvious that if a country cannot perceive the intrusion of an invader, the invader obtains a significant strategic advantage. As for the influence factor of the information, to use the same example, it would consist of causing the radar systems to sometimes record falsified data, showing elements that are not really present. In the end, the information produced by these systems would be considered so unreliable as to be unusable, thus degrading the quality of the tactical decisions of the attacked country. The need to prepare against these new threats The cyber attack that has been affecting Australia in recent months has worried all western countries a great deal and in recent years, with the intensification of global tensions and the spread of increasingly advanced cyber attack techniques, there has been a rapid escalation of this type of threat. This increase will be even more radical in the coming years, especially if we consider that vulnerabilities will grow exponentially as buildings and cities become increasingly smart and interconnected, and IoT devices are spreading everywhere among the population and in the government and military world. In this context, it is therefore necessary for each country to enhance the cyber defense of all its critical digital infrastructures, developing innovative and adaptive technologies, such as artificial intelligence and machine learning, in order to be able to prevent data breaches or compromises of systems in real time. The clash in cyber space has just begun and countries that have adequately invested in research and development in this sector will be able to easily gain more space for political or military influence.
Steganography: from its origins to the present
The term steganography refers to a technique that aims to hide communication between two interlocutors. The term is composed precisely of the Greek words στεγανός (covered) and γραφία (writing). Unlike encryption, which allows you to encrypt a message so as to make it incomprehensible if you do not have a key to decipher it, steganography aims to keep the very existence of the message away from prying eyes, by hiding it. The origins Traces of steganography already existed in ancient Greece, when Herodotus narrated two examples in his Stories, but the first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as a book about magic. Initially the author decided not to print it and even destroyed large parts of it, believing that they should never have seen the light of day, but the text continued to circulate in the form of a provisional draft and was published posthumously in 1606. Since then, many throughout history have used this technique to deliver messages safely. For example, it is known that during both world wars, female spies used knitting to send messages, perhaps making an irregular stitch or leaving an intentional hole in the fabric. Steganographic models and techniques In steganography there are two types of messages: the first being “container” message and the second being secret message, where one respectively has the task of hiding the contents of the other, so as to make it invisible to any eavesdroppers. Generally, hidden messages appear to be (or are part of) something else: images, articles, lists or other cover text. For example, the hidden message may be invisible ink between the lines of a private letter. Essentially there are two main steganographic models: injection steganography and generative steganography. Injective steganography is the most used, it consists of inserting (injecting) the secret message into another message that acts as a container, so as not to be visible to the human eye and to be practically indistinguishable from the original. Generative steganography consists instead of taking the secret message and building a suitable container around it, so as to hide it in the best possible way. As far as techniques are concerned, the substitute one is undoubtedly the most widespread, so much so that often when we talk about steganography we implicitly refer to that model. At the base of this technique one can observe: most communication channels (telephone lines, radio transmissions, etc.) transmit signals which are always accompanied by some kind of noise. This noise can be replaced by a signal – the secret message – which has been transformed in such a way that, unless you know a secret key, it is indistinguishable from the actual noise, and therefore can be transmitted without arousing suspicion. Modern steganography In 1985, personal computers began to be used for classical steganography applications. Further development has been rather slow, but a large number of steganography software exists today. Being a form of security through secrecy, the steganography algorithm, unlike a cryptographic algorithm, must take into account the plausible form that the generated data must have, so that they do not cause suspicion. In digital steganography, electronic communications can include steganographic encoding within a transport layer, such as a document file, an image file, a program or a protocol. Multimedia files are ideal for steganographic transmission because of their large size. For example, a sender might send a harmless image file and adjust the color of one pixel in a hundred to match an alphabetic character. The change is so subtle that someone is unlikely to notice it unless they are specifically looking for it. Today steganography therefore presents itself as an ideal tool for the creation of secret communication channels, which can be used in sophisticated scenarios of espionage, computer crime and violation of privacy of both public and private subjects. Defend yourself from steganography: steganalysis Steganalysis is the reverse process of steganography. It aims to determine whether a file or any other means that can carry information contains a secret message and if the outcome is positive, find out what the hidden information is. The effectiveness of steganalysis techniques is strictly dependent on the degree of sophistication and “personalization” of the steganographic techniques used by an attacker. It is easy to see that we are in a vicious circle that provides for an increase in the sophistication of the techniques and tools used both by those who intend to use steganography, and by those who instead intend to unmask it and reveal its hidden contents. Between the two profiles, in general the first figure has an advantage, since he will be able at any time to change the means of transmission and / or coding of the information to escape detection. The role of machine learning In this scenario, machine learning can be a sophisticated weapon at the service of those who intend to unmask steganography. Through machine learning techniques it is possible to automatically develop a steganalysis model starting from a set of file samples with and / or without steganography. However, it is important to underline that machine learning (and more generally artificial intelligence) is a neutral technology. Which means that specifically it is of dual use and does not belong to the domain of the “good”. In fact, machine learning can also be used to develop more sophisticated, polymorphic, data-based steganographic techniques. We need to prepare, because this scenario could represent the future of cyber threats and perhaps a piece of that future is already present today.
War and cryptography: the challenge of quantum communication
Message encryption has always been a very important tool within the military, stretching back to the time of the ancient Greeks to the present day. It is natural for two armies in war to seek information about each other, both to learn about enemy strategies before battle, as well as to discover its movements during it. In order to obtain this information, “cryptoanalysis” was born, that is the study of decrypting encrypted messages without knowing their encryption key. It is easy to assume that if an army, through cryptoanalysis, manages to decipher the enemy’s communications, it can gain a fundamental strategic advantage. To be precise, it must be specified that the term “war” today must be understood in a broader sense, given that is increasingly appropriate to speak in terms of “commercial”, “hybrid” or information war. It is also for this reason that, even in recent decades, the need to violate the cryptographic algorithms of rival countries led to a relentless race among mathematicians, both to create increasingly complex algorithms and to try to break them. This challenge has changed radically in recent years, thanks to the emergence of a revolutionary new technology: “Quantum Computing“. The principles of Quantum Mechanics In a nutshell, when one speaks of “Quantum Computer”, it refers to a new type of computer, which exploits the principles of Quantum Mechanics to be able to perform operations and process information. In fact, in order for it to work, the Quantum Computer does not use ordinary bit, but rather the “qubit” or “quantum bit”. Whereas the traditional bit can only manifest itself in two distinct values, 0 or 1, the qubit can be found in a quantum “overlap” between the two states “0” and “1”. This combination, or the principle of superposition of states, allows one to expand the coding of information, exponentially increasing the computational capacity. In fact, the superposition principle states that two or more “quantum states” can be added (superimposed), generating a valid quantum state. Furthermore, each state is the sum (superposition) of several quantum states. Based on these principles, very complex systems have been built, aptly named “Quantum Computers”. The first implementation of a system of this type dates back to 2001, when IBM developed the first 7 qubit quantum computer. The race for quantum supremacy The following years saw the start of what could be defined as “the quantum race” between the world powers, in which everyone sought to gain a strategic advantage over others. Although there are many possible applications for quantum computers, the driving force behind this technological effort is for its use in to be found in the cryptographic field, especially with regard to cryptanalysis. In fact, the enormous computing power of the quantum computer would allow one to decipher most of the codes used today with great speed. Like any technology, however, these tools can also be used by both attackers and defenders. In fact, through what has been called “Quantum Key Distribution” it is possible, using the principles of quantum mechanics, to generate encryption keys and distribute them in a safe way. This is because any measurement on a quantum system alters its state (uncertainty principle), consequently allowing the interlocutors to find out immediately if someone has tried to intercept the distributed key and then take the appropriate countermeasures. The Chinese advantage in the field of quantum communications Even if the current quantum scene is constantly evolving, China seems to be definitely ahead of other countries in the field of quantum communication. In 2016, China launched the first quantum communications satellite, the Micius (a name derived from an ancient Chinese philosopher) into orbit. It is the first experimental satellite that is part of a much larger project called “QUESS” (Quantum Experiments at Space Scale), an international research project in the field of quantum physics. The objectives of the project are to bring an encrypted quantum network between Asia and Europe by 2020, and to extend this network globally by 2030. Chinese scientists have recently claimed to have developed the world’s first fleet of drones for the “secure” transmission of information with quantum communication technology. The work, published last January in the National Science Review, is thanks to researchers from the University of Nanjing, in eastern China, who have developed drones capable of autonomously generating pairs of “entangled” light particles capable of carrying information. The term entanglement in quantum physics refers to the mechanism by which, between two interacting particles, a bond is created that remains active even when they are removed, so that, when one of the two assumes a different state, this is replicated instantly on the other. It is one of the quantum mechanisms that make quantum key distribution possible and safe. This system is particularly revolutionary, especially in the military field, because it is evident that the use of very small quantum communication devices, such as those mounted on drones (weighing 35 kg), allows a great variety of tactical uses that can ensure a significant strategic advantage. The next step will in fact be to conquer absolute security in data transmission, through a network of drones capable of connecting also with quantum satellites such as the “Micius”. So China, to date, remains the undisputed global leader in the field of quantum communication, also due to it having the longest and most complex terrestrial quantum communication network on the planet. Quantum technology in western countries and future developments In any case, many other countries, primarily the United States, have not sit back and watched and are now trying to catch up. Just think of the recent announcement in which Google claimed that it has developed a quantum computer capable of performing in 200 seconds a certain operation that would take the world’s fastest computer of today 10,000 years. Even though the specific case identified by Google is substantially devoid of practical utility and not easily extendable to other areas, it is undoubtedly telling of the rapid technological advances we are witnessing in the realization of quantum computers. In fact, such vast computing power would seem capable of definitively putting an end to the mathematical cryptography to which today the security of encrypted communications is entrusted globally, but in reality many cryptographers are studying to develop algorithms capable of resisting these quantum computers. It’s the so-called “post-quantum cryptography“. In Europe too, several research projects relating to quantum communication have recently been launched and Italy is playing a leading role, being equipped with one of the largest fiber optic networks on the continent: the backbone of approximately 1,800 km built by the INRiM, which connects Italy from Turin to Matera. Telsy itself is connected to this network and is participating in projects related to quantum technology. Furthermore, the technology for quantum communication involves much more work in order to iron out some difficulties, such as, for example, what still presents itself as a necessary condition for the successful end of the transmission trough air, i.e. that the receiver and the sender are in visual contact. So it can be said that the road to a complete transition to quantum communication technologies is still long and the challenge in this sector will become increasingly intense in the coming years.
How Artificial Intelligence and Machine Learning will change the world of cybersecurity
Artificial Intelligence (AI) and Machine Learning (ML) tools could substantially help in the fight against cybercrime. But even these technologies can’t guarantee absolute security, and they could even be exploited by malicious hackers. Here we will consider some of the implications about the use of these new instruments in the cybersecurity sector. In 2020 cyber criminals pose a growing threat to all kinds of organisations and companies, as well as their customers. Businesses are doing their best to defend themselves, but it’s hard to predict what new types of cyberattacks will emerge and how they’ll work, which cyber criminals tend use in their favour. Artificial Intelligence and Machine Learning can give a decisive contribution to cybersecurity AI and ML are playing an increasingly important role in cybersecurity, powering security tools that can analyse data from millions of previous cyber incidents, and use it to identify potential threats or new variants of malware. These tools are particularly useful if we consider that cyber criminals are always trying to modify their malware code so that security software is no longer able to recognise it as malicious. By applying AI and ML, cyber-defenders are attempting to stop even the unknown, new types of malware attack. The machine-learning database can draw upon information about any form of malware that’s been detected before. Therefore, when a new form of malware appears, either a variant of an existing malware, or a new kind entirely, the system can check it against the database, examining the code and blocking the attack on the basis that similar events have previously been deemed as malicious. That’s even the case when the malicious code is bundled up with large amounts of benign or useless code in an effort to hide the nefarious intent of the payload. Tracking and analysing users’ behaviour But detecting new kinds of malware isn’t the only way that AI and ML technologies can be deployed to enhance cybersecurity: an AI-based network-monitoring tool can also track what users do on a daily basis, building up a picture of their typical behaviour. By analysing this information, the AI can detect anomalies and react accordingly. This way AI and ML enable cybersecurity teams to respond in an intelligent way, understanding the relevance and consequences of a breach or a change of behaviour, and developing in real time an adequate response. For example, if an employee clicks on a malicious link, the system can work out that this was not a normal behaviour and could therefore be a potentially dangerous action. Using ML, this kind of event can be spotted almost immediately, blocking the potential damage of an intrusion and preventing many criminal activities. And all of this is done without impacting the daily activity of the company, as the response is proportionate: if the potential malicious behaviour is on one machine, locking down the whole network is not required. A great support with some potential risks A huge benefit derived from the use of ML in cybersecurity is that the system will be able to identify and react to potential problems almost instantly, preventing the disruption of the business. By deploying AI-based cybersecurity to automate some of the defence functions, it’s possible to ensure that the network is going to be safe, without relying on humans having to perform the impossible task of monitoring everything at once. In fact, the growing volume of data and its variety make it practically impossible for humans to manage it and automated tools can greatly help in this sense. This statement is further supported when observing how employees operate on the network. Many large companies train their staff to improve cybersecurity, but it’s possible that some employees will attempt to take shortcuts in an effort to do their job more efficiently, which could possibly lead to serious security problems. AI and ML can manage this issue. Human cybersecurity staff will still be needed While AI and ML do provide great advantages for cybersecurity, it’s important for companies to realise that these tools cannot completely replace human cybersecurity staff. It’s possible for a machine learning-based security tool to be programmed incorrectly, for example, resulting in unexpected attacks being missed by the algorithms. Something like this could lead to very serious problems and it must be taken into account right from the start. That’s why AI-based cybersecurity tools need to be regularly evaluated like any other software on the network. There’s also the risk that AI and ML could even create additional problems, because it’s highly likely that cyber criminals themselves are going to use these same techniques in an effort to make their attacks more efficient and disruptive. AI and cybercriminals A report by the Europol’s European Cybercrime Centre has warned that Artificial Intelligence is one of the emerging technologies that could make cyberattacks more effective and more difficult to identify than ever before. It’s even possible that hackers have already started using these techniques to conduct hacking and malware attacks. It’s very likely that by using ML, cyber criminals could develop self-learning automated malware, ransomware, social engineering or phishing attacks. Currently, they might not access to the deep wells of technology that cybersecurity companies have, but there exists code that can provide cyber criminals with access to these resources. In that case, it’s correct to assume that these instruments will soon be part of a criminal’s toolkit, if they aren’t already. While it may be unclear if hackers have used machine learning to help develop or distribute malware, there is already evidence of AI-based tools being used to conduct cybercrime. Last year, for example, it was reported that criminals used AI generated audio to impersonate a CEO’s voice and trick employees into transferring a great amount of money to them. Machine learning systems could also be used to send out phishing emails automatically and learn what sort of language works in the campaigns, what generates clicks and how attacks against different targets should be developed. Like any machine-learning algorithm, success would come from learning over time, meaning that it’s possible that phishing attacks could be driven in the same way security teams try to defend against them. Conclusion Having said all of this, if AI-based cybersecurity tools continue to develop and improve, and are applied correctly alongside human cybersecurity teams, rather than instead of them, this could help companies and governments stay secure against increasingly sophisticated and effective cyberattacks. Ultimately, AI could greatly help us in creating a world where our whole cybersecurity sector is much improved, thanks to a self-learning and self-healing network that can identify in advance negative behaviours and stop them from happening. In any case it’s clear that these new technologies will be at the heart of the cybersecurity of the future.