Shafi Goldwasser’s Role in Securing the Internet of Things (IoT) 

We keep hearing in today’s technology-driven world that advancements such as 3D printing, next-gen robots, and virtual reality are made everyday, but we often learn little about the real people behind these inventions. Instead, we are constantly exposed to false stereotypes such as “Women can’t code”, which is still not dead despite the increasing numbers of women who’ve succeeded in tech, currently and historically.

Notwithstanding their contribution, women continue to face discrimination in patriarchal societies, such as reduced opportunities for education, not being recognized as equal to men, and being prevented from holding high offices or posts that are stereotyped for men.  What keeps women going forward in the face of this adversity is the sheer human determination to perform and excel.

The archetypal poster woman in this argument, Ada Lovelace, was one of the first programmers. She had written a program in English to operate Bernoulli’s numbers, which can be taken as our modern day ‘algorithm.’ But people ought to understand that she was hardly the only one! Women have always been present in the field, contributing every step of the way since even before the advent of modern computers, it’s just that their work has not been widely publicized.

An area where women have made a significant difference was advancing the now-fashionable Internet of Things (IoT), and in particular addressing privacy and security concerns that arise with it. First let’s understand what the IoT is all about.

What is IoT? Why is it the talk of the town?

Technology has come a long way and we’re now at an era where imagination meets real life. Scenes from former sci-fi movies are today happening right before our eyes. IoT is one such technological breakthrough. The Oxford English Dictionary defines the Internet of Things as a development in which “everyday objects are embedded with microchips giving them network connectivity, allowing them to send and receive data.”1

Gone are the times when communication would happen only between living beings. Machines now have the power to not only interact with each other, but also with humans to make life easier and more efficient for us. We will soon no longer require human intervention to do most of what we are doing today. Cars will require no drivers, household appliances and devices will automatically turn on and off by detecting the presence of their owners, and smart kitchens will cook for families.

With IoT, we would be living in a world where cars, phones, clothing, furniture, digital devices, and healthcare equipment are wirelessly connected to the Internet. Details such as battery, location, and position can all be accessed remotely with a mobile device at hand. Lost a prized possession? You wouldn’t have to worry because IoT has given us the provision to locate it with its IP address. Everything around us would be given a unique tag of identification which could help track its location, in case the item gets lost. Honestly, I can’t wait to fast forward to reach that time.

The IoT has many major companies like IBM, Intel, and Cisco interested and keen on investing in this direction, and the race to expand in this field is on. Significant IoT investments started as early as 2012, when $752 million was invested globally across 112 deals2, certifying that business prospects in the field are high. Another estimate suggests that companies plan on investing $7.2 trillion in IoT by 20173.

So now that we know what IoT is, and a little about why it is causing a sensation, let’s understand the risks behind it as well. As more and more data gets collected, it becomes important to understand whether it is safe, and where it is being sent to. For example, if the dress I wear and the car I use for travel are all connected to the Internet and are sending important data such as their location and ambient temperature to servers for further processing, it can mean that privacy and security no longer exist. Do we really want every move of ours to be tracked? How secure is our data online?

The privacy experience that we’re accustomed to online while using websites, i.e., checking a box that indicates that we agree to share personal information, is not applicable to IoT. There is no checkbox for a smart table or a smart bulb. It is also impractical to think that we could build an app that would moderate this for every smart appliance. So it is highly imperative to come up with a method to ensure that our privacy isn’t violated, and security isn’t at risk or threatened as IoT is realized.

Contribution of Women to IoT

Let us now look at some of the women who have paved the way for Internet of Things.

Women like Radia Perlman, fondly known as the Mother of Internet, Karen Sparck Jones, pioneer in information retrieval, Frances Alan, first woman to have received the Turing award for her contributions to modern optimising compilers and parallelization, and Barbara Liskov, Turing award winner for her contribution to practical and theoretical foundation of programming language and system design, are amongst some of the important people who have contributed greatly to the development of IoT and what it is today. They have been pioneers of significant scientific breakthroughs.

One inspiring woman stands out among the many, and her contribution to the field of computer science has influenced and paved way for the Internet of Things and for what it could be. This woman, a Turing award winner herself, has moved boundaries and made transformations in one of the most important fields of security – Cryptography, and her name is Shafi Goldwasser. Shafi was born in New York in 1958, though her parents were from Israel. She graduated from Berkeley and went to Massachusetts Institute of Technology as a postdoc.

“She, along with Silvio Micali, have been recognized for transformative work that laid the complexity-theoretic foundations for the science of cryptography along with efficient methods for the verification of mathematical proofs in complexity theory.”4(taken from the Official ACM Turing Award Webpage)

Their 1982 paper on “Probabilistic Encryption” built the foundation for modern cryptography. The introduction to formal security definitions, randomized methods for encryption, and method of “reductionist proofs” are now the basic efficient standard for security.  These breakthroughs in cryptography can be useful as a security envelope in IoT.

 

The Zero-Knowledge Theory

The paper on “zero-knowledge interactive proof”5 is the one that impressed me the most, because I believe it has the potential to act as a foundation of security when it comes to the Internet of Things. According to the Zero-Knowledge Theory, there exists a Prover (in this case, the IoT user) who will exchange messages with a Verifier (our security system) in order to convince the Verifier that some mathematical statement is true. The proof would allow us to prove statements while revealing no extra information apart from how the statement is true.

To demonstrate the proof’s importance in securing data, I’d like to resort to the following example: My car would report information about its location, speed, and state of functionality to an external server. This information must be restricted to the specific user only, and access to it would require the permission of this user. An ordinary password of alphanumerals would not work as it could easily be cracked. Hence, we would require a much more personalized security system that would enable only the respective person to gain access to it and thereby prevent any unauthorised abuse of data.

The Verifier posts a set of questions to the Prover and these questions would vary based on the answer given. The answers to these questions would be specific to that user. At the same time, to secure the answers of the Prover, a digital commitment scheme can be utilised to allow one party to ‘commit’ to a given message while keeping it a secret, and then later unfold the resulting commitment to reveal the output. Strong cryptography and hash functions can be used to implement the same.

In short, the Prover gives information to the Verifier in such a way that the information is secure from others who may try to access it while the identity gets verified. In this way, not only is there security of data and information, but authentication of the user can also be easily validated. The IoT would cease to exist without a strong security infrastructure. This advancement in cryptography could be an essential building block for IoT.  

If not for Shafi Goldwasser’s contributions to this field, we would have had to wait years for a more effective security system, and we would still be many steps away from the Internet of Things. She was a pioneer, a scientist, a scholar, and an inspiration to all women.

 

References

1.  “Internet, N.” : Oxford English Dictionary. Accessed November 14, 2015. http://www.oed.com/view/Entry/248411

2.  “The Internet of Things – $752M Invested Across 112 Deals in the Last Year.” CB Insights. May 13, 2013. Accessed November 14, 2015. https://www.cbinsights.com/blog/internet-of-things-venture-capital/

3. Eddy, Nathan. “Internet of Things Market to Reach $7.3 Trillion in 2017: IDC.” EWEEK. February 10, 2014. Accessed November 14, 2015. http://www.eweek.com/small-business/internet-of-things-market-to-reach-7.3-trillion-in-2017-idc.html

4. Wigderson, Avi. “SILVIO MICALI.” A.M TURING AWARD-ACM. 2012. Accessed November 14, 2015 http://amturing.acm.org/award_winners/micali_9954407.cfm

5.  Drezgich, Milosh, Shafi Goldwasser, Silvio Micali, and Charles Rackoff. “CS276 Lecture 24: Zero Knowledge Protocols.” In Theory. May 11, 2009. Accessed November 14, 2015. https://lucatrevisan.wordpress.com/2009/05/11/cs276-lecture-24/

Leave a Reply

Your email address will not be published. Required fields are marked *