Main

August 9, 2016

How Cost-Effective is Robust Cyber Security?

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 8:10 AM

How Cost-Effective is Robust Cybersecurity?

I remember years ago sitting around a boardroom table during which a senior executive was asked what measures he had taken to safeguard his email account and personal information on his computer. "None," he responded. "If someone wants to peer into my very boring and uneventful life, then all the more power to them."

Everyone around the table chuckled. This event took place before the widespread use of online banking, record-keeping, e-commerce, and social media, so what constituted online privacy even five years ago was a lot different than what it is today. Lately I've been thinking about that executive's remark against the backdrop of today's online technology. We live in an age during which a teenager in an eastern European country can hack into a global bank. Or when the owner of Wikileaks decides to release emails like in the case of the Panama Papers where 11.5 million leaked documents that detail financial and client information for more than 214,488 entities went public.

Continue reading "How Cost-Effective is Robust Cyber Security?" »

July 22, 2016

How Can We Balance Security With Usability?

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 6:24 AM



Tesla Autopilot Fatal Crash Raises Safety Questions [Source: https://www.youtube.com/watch?v=mA9zuN_pfG8]

I read with sadness a report about the first documented highway death of a 'driver' in a self-driving car. The investigation into the recent fatal crash is still in its early stages. But we know a few facts: First, 94 percent of all traffic accidents involve some kind of human error. Second, there is no turning back from automation and self-driving technology. Said one expert about the recent crash: "The path to mobility is paved with tragedy."

The incident got me to wondering: My car has a top speed of 137 miles per hour (220 kmph). While driving on the highway I often cross the 75 miles-per-hour mark (120 kmph). I often wonder if I should speed up and push the vehicle closer to its full-scale capabilities (and get to my destination much faster). Most of the time I choose not to do so, and there are many reasons for my decision to stay within the official speed limits. For one, I cannot be sure that someone driving erratically will be in a parallel lane up ahead. I also cannot accurately predict the condition of the road in front of me. There also could be an abrupt mechanical flaw in my own vehicle because of general wear and tear (or a manufacturing glitch). While I drive my vehicle within the stated security limits, there are always times I need to accelerate. When I do, I proceed with a more calculated risk.

Continue reading "How Can We Balance Security With Usability?" »

May 20, 2016

How Far Can A Government Go To Find Out Information About You?

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 9:37 AM



AP Analysis: FBI Drops iPhone Case Against Apple [Source: https://www.youtube.com/watch?v=AtTlJi0PdLA]

The world seemed to come to a standstill when the United States government ordered Apple to unlock an iPhone that had been used by a suspected terrorist - only to have the company refuse. That the average teenage hacker could have possibly unlocked the iPhone was not the point; it was a matter of principle.

Apple claimed that if a government could order it to unlock one phone, then it could conceivably order it to unlock any phone. It would put the company in a difficult position with its loyal customers, who become loyal in part because they assume the company protects the data it receives from them.

Continue reading "How Far Can A Government Go To Find Out Information About You?" »

March 15, 2016

Is This A Back Door We Can All Handle?

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 7:12 AM



David Chaum 'Godfather of anonymous communication' - BBC News [Source: https://www.youtube.com/watch?v=IXr_6jqBTj0]

Remember the 'God View' incident? A reporter was researching an article about Über that included - not surprisingly - riding around in the company's vehicles. Long story short: The company was accused of using a tool known as 'God View' to track the reporter. The tool allowed Über executives to get an aerial view of the area in which the reporter was riding as well as her personal information, according to law enforcement officers.

As part of its settlement with New York City's attorney general, Über "removed all personally identifiable information of riders from its system that provides an aerial view of cars active in a city, has limited employee access to personally identifiable information of riders, and has begun auditing employee access to personally identifiable information in general." So the next time you want to hitch a ride without anyone knowing about it, it seems you're able to do so. The incident captured the very essence of our digitally enabled society: Consumers want all the benefits and conveniences of mobile apps and ride services that track them, but also demand a complete cloak of anonymity and security. 

Continue reading "Is This A Back Door We Can All Handle?" »

February 9, 2016

Gaining And Saving with V-Commerce

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 7:01 AM



Tradesy CEO on how to cash in on your closet [Source: https://www.youtube.com/watch?v=OuVBB88IjS8]

During a trip to Mumbai three decades ago, I took the local train to Churchgate. When I arrived at Churchgate, I asked a taxi driver if he would take me to Cuffe Parade. He said yes, but went on to ask me: "Sharing or charter?" Upon seeing the blank expression on my face, he suggested that I opt for sharing: "You will be saving money in your pocket!" We waited for roughly five minutes, until three other passengers joined us. He dropped us at our respective destinations, me being the last, and charging us almost equal amounts. I hesitated, but then, out of sheer curiosity having experienced this interesting business model, asked him how much I would have paid him had I chosen the charter option. "More than double what you paid just now," he replied.

My taxi ride through Mumbai turned out to be a really a good deal. The driver earned twice as much, and I spent half of what I would have had I chosen the charter option. I was quite proud of myself as to my decision to follow the advice of the cab driver. However, what if the other three people in my taxi had been pickpockets and thieves? (Or just downright annoying people). What would I have done? In economics, there is a maxim known as the 'opportunity cost.' In this case, what the opportunity cost meant was this: Did the money I saved sharing the taxi outweigh the money I would have paid had I been late to an important meeting, or a victim of a pickpocket criminal? The question is THE question facing the new 'sharing economy.'

Continue reading "Gaining And Saving with V-Commerce" »

October 7, 2015

Governments and Corporations Team Up Against Cybercrime

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 10:33 AM



Global cybersecurity market will be worth $170 billion in 2020  [Source: https://www.youtube.com/watch?v=r5jx6d7xRIM]

There are government contracts and then there are government contracts. The technology giant Raytheon recently announced that it won a five-year contract to help manage the computer security of 100 civilian agencies connected to the Department of Homeland Security. Experts said that such a contract, where Raytheon shares its proprietary cybercrime-fighting techniques and tools, could be worth upwards of US$ 1 billion. The official role for the company will be that of a 'prime contractor and systems integrator' for the Network Security Deployment division. Attached to that division is the National Cybersecurity Protection System.

We're hearing a lot about cyber security again, and it's not even the holiday shopping season. Why is that the case? For one, cybercrimes are no longer centered on jolly shoppers and their credit cards at Big Box retail chains and online retailers. Criminals are getting more sophisticated and learning to break into whatever computer system they can. Once in, experts say they can maneuver and sometimes patiently wait until they find the right digital gateway that brings them to a stash of information - otherwise known as a cyber-criminal's pot of gold.

Continue reading "Governments and Corporations Team Up Against Cybercrime" »

September 24, 2015

Is It Time To 'Harden' The Internet?

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 10:44 AM

Is It Time To 'Harden' The Internet?

In tech terms, 'hardening' refers to fixing a computer system - sometimes in various layers, with each layer requiring a unique method of security. Today, Internet protocol designers are talking about applying similar security methods to harden the Internet. But, that's no easy feat. Hardening the Internet requires a coordinated effort involving the research community, the infrastructure equipment development community as well as the network service operator community.

Discussions around hardening the internet has been around for over a decade, especially with regard to surveillance versus security. Historically, there has always been a conflict between the need for surveillance in the interest of national security and the need for network security for Internet users. Prevailing opinions are that pervasive monitoring is a technical attack that should be mitigated by the likes of Internet Engineering Task Force, a volunteer-run organization that promotes Internet standards protocols, wherever possible. The Internet engineering community has consistently taken a consensus position that pushes back against technology-based and indiscriminate government surveillance. The engineering community believes that extensive and indiscriminate surveillance is an assault on individual privacy, and that tightened protocols should make surveillance more expensive or not easily feasible in the least.

Continue reading "Is It Time To 'Harden' The Internet? " »

July 31, 2015

Smart Cities Empowered By IoT

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 9:03 AM

Smart Cities Empowered By IoT

About two hundred years ago, the vast majority of people never ventured too far from their homes. Their entire lives consisted of tending the land around their family homesteads so that they could feed their families. This pattern continued and remained largely unchanged until about 1900, when the Industrial Revolution transformed cities into places that attracted people because of factory jobs and the like.

We have loved the city life ever since. As the global population continues to grow at a steady pace, more and more people are moving to cities every single day. Experts predict that the world's urban population will double by 2050. This means under the current pace, within 40 years, 70 percent of the world's population will reside in cities. This rapid migration will push both current and future urban centers to maximize and expand infrastructures beyond their breaking points.

Continue reading "Smart Cities Empowered By IoT" »

July 1, 2015

Be Careful With Mobile Apps

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 6:25 AM

Mobile Apps

If there's money to be had in a particular activity, you can be sure that thieves and criminals aren't far behind. One of the reasons we hear horror stories about cyber-crime is because the Internet is largely unregulated. I've often heard it compared to America's Wild West. No law and order gives way to swashbuckling criminals with bold schemes.

Perhaps the most troubling yet is ransomware - a type of malware that infects a computer in such a way that it restricts a user's access to his own machine. Can you imagine the panic if your computer has been locked and all your important files have been encrypted? Then comes a demand in the form of an on-screen alert - a ransom that must be paid to restore access. This is typically in the range of US$ 100 to US$ 300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin! Infections caused by ransomwares can be devastating, and recovery can be a difficult process that may require the services of a reputable data recovery specialist. That specialist might charge more for his services than the actual ransom!

Continue reading "Be Careful With Mobile Apps" »

June 24, 2015

Trust Challenges Alleviated By Cryptography

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 11:00 AM


There's a popular team-building exercise that is often undertaken at corporate offsites. It involves choosing one person from the group of co-workers to stand up and face away from her colleagues. She is told that her colleagues are right behind her and that she should fall back with the inherent trust that the group will catch her before she hits the ground. It never ceases to amaze me that so many people hesitate. Some of them refuse to let themselves fall back altogether. Then there are those who let go. They place trust in their colleagues and allow themselves to fall back. The reason this exercise continues to be the most utilized of all corporate team-building exercises is that it's all about trust.

I hope that enterprises continue to use this exercise, because we live in a world filled with challenges and we are required to place our trust in software. Perhaps none of these are more important and more current than the Cloud, one of the most recent trends in modern Information Technology. The Cloud is an on-demand self-service model that provides rapid elasticity for resource provisioning. Most of us know full well that resources are pooled to serve multiple customers using a multi-tenant model. Data and applications are usually hosted in a Cloud service provider that controls locations. Cloud customers have little control over them. Service-level agreements try to protect the Cloud customer's interest, but the typical customer is looking for better technical control to get guaranteed protection for her data in the Cloud environment. Despite best interests, trust, security, and privacy issues are major roadblocks in Cloud computing adoption.

Continue reading "Trust Challenges Alleviated By Cryptography" »

May 29, 2015

Peeling The Onion Router

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 10:17 AM

Peeling Away The Onion Router
How real is digital anonymity?

According to the research firm Gartner Group, the amount of data produced on planet earth is set to increase 60 percent each year in the near future. Talk about Big Data getting even bigger! Unimaginably big, in fact. Where to start with this needle in this massive haystack?

The initial problem is, of course, that all data are not created equal. What might be precious information to your organization might be just chatter to another entity. And the other way around. So having all this data in your possession is one thing. Parsing through it to make sense of it all is quite another thing.

Continue reading "Peeling The Onion Router" »

May 19, 2015

Why The Time Is Now for High-Performance Cryptography

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 12:44 PM

Why High-performance cryotogrpahy' by Dr. Ashutosh
Enigma, the 'unbreakable' Nazi code machine

There's a fascinating new movie about how the most complex and intellectually challenging of activities - cryptanalysis - did as much to win World War II for the Allies as did any tank brigade. The Imitation Game is the story of how the mathematician Alan Turing broke the 'unbreakable' Nazi code machine (the ominously named Enigma device) that in turn helped the Allies secretly listen in on vital enemy communications.

I bring up this movie because some 75 years later, we all live in a world where cryptanalysis and cryptography have an enormous amount of influence over our day-to-day lives. The next time you buy something online, for instance, notice how the Internet response slows down and how the payment page arrives relatively slowly. This delay is the consequence of turning on what's known as the secure browsing mode, or 'https.' In secure browsing mode, data exchanged on the Internet is sent over a Secure Sockets Layer. The SSL uses cryptographic operations like public key cryptography for key exchange, and symmetric encryption for confidentiality.

Continue reading "Why The Time Is Now for High-Performance Cryptography" »

April 24, 2015

Security & Apple Pay

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 11:45 AM



Is Apple Pay Vulnerable to Hacking? [Source: https://www.youtube.com/watch?v=Nf9iopf9Ars]

There are certainties in life. The sun will rise in the east and set in the west. And, rest assured, any Apple product you buy is going to be connected to every other Apple product currently on the market. But what about Apple Pay, the mobile payment service and digital wallet that the company unveiled in fall of last year? How does its connections to other Apple products help or hinder it?

Let's start at the very beginning. The initial idea behind Pay was to help consumers make payments using Apple mobile devices. Apple Pay would accomplish this feat by replacing the credit or debit magnetic strip at credit card terminals. Apple partnered with an array of blue-chip companies, including American Express, MasterCard, and Visa. At first, all seemed to be operating smoothly: Apple Pay worked with Visa's PayWave, MasterCard's PayPass, and American Express' ExpressPay terminals.

Continue reading "Security & Apple Pay" »

April 2, 2015

With the Internet of Things Comes Hidden Risks

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 9:07 AM



CyberPatriot Prepares Students to Protect the Internet of Everything [Source: https://www.youtube.com/watch?v=u1tBJNdZQuc]

Of all the unsettling stories of our Internet age, perhaps none is creepier than computer miscreants hacking into home video cameras or security systems. Whenever I hear an expert or colleague sing about the merits of the Internet of Things (IoT), I remind him or her of their home security systems that could be hacked by creepy outsiders. The story, though unsettling, puts things in perspective. That is, as wonderful as the IoT will be for our personal lives overall, what with all the conveniences involved, we have made a deal that is a formidable one - one in which our privacy and security is forever compromised.

That's why we have to be more vigilant - like it or not. Convenience and the wonders of technology come with a price. Besides, the IoT is already just about everywhere. There are nearly five billion connected things and this number could climb to 25 billion by 2020, according to the folks at Gartner. Now it is true that the IoT promises a smoother life, such as the ability for consumers to keep track of their groceries and energy consumption on their cell phones. We will even receive alerts when milk is running low. Everything, including our homes and our heartbeats (did you see the recent Apple iWatch event?) will be monitored to make our lives more flexible and downright easier.

Continue reading "With the Internet of Things Comes Hidden Risks" »

February 26, 2015

Why FIDO Will Be Man's Best Friend

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 8:56 AM

There's an emerging user authentication method for the web called FIDO. FIDO stands for Fast IDentity Online, and it portends to revolutionize the way consumers connect with their digital devices. When I say digital devices, I mean all of them. The point of FIDO is that it can leverage any hardware support available on a user device. That even covers things like microphones (via speaker recognition), cameras (via face recognition), fingerprint sensors, and my personal favorite, behavioral biometrics. This last item is a true sign that Artificial Intelligence is already upon us and has so many wonderful applications.

I think FIDO is an authentication method to watch for other reasons as well. For starters, it typically focuses on ease of use, security, and standardization. The primary objective is to enable online services and websites, whether on the open Internet or within enterprises, to leverage native security features of end-user computing devices for strong user authentication. Plus, let's not forget about the effort to reduce the problems associated with creating and remembering many online credentials. I know of no one who doesn't think having to retain multiple passwords is a royal pain!

Continue reading "Why FIDO Will Be Man's Best Friend" »

February 20, 2015

The Way Forward: Stronger Authentication

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 8:23 AM

Strong authentication is the first pillar of trusted networks

Strong authentication is the first pillar of trusted networks

Weren't computers supposed to save us time and add convenience to our lives? Technology was supposed to liberate us. Rather, it appears as though we're becoming beholden to the devices around us because of the pesky password.

Recent findings about passwords and online security certainly indicate that we're trapped in our own devices. Consider these sobering statistics: The average computer user has 25 accounts, uses 6.5 passwords, and logs in eight times a day. So say researchers at Microsoft. Add to this rosy scenario the fact that these days there are so many new types of gadgets. From the perspective of storing and remembering passwords, things aren't so rosy.

Continue reading "The Way Forward: Stronger Authentication" »

February 5, 2015

Remembering Multiple Passwords is Passé

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 11:21 AM

Remembering Multiple Passwords is Passé
Passwords have become even more difficult to remember and key-in, especially on small and cumbersome keyboards, which are common on mobile devices

Today life does not move without a fast and robust Internet connection. Be it banking, insurance, booking a movie or travel ticket, or shopping, the Internet has become a crucial part of everything we do.

Moreover, the services and demand surrounding the internet are increasing every day on both ends - the providers and the consumers. Of course, it all used to be a lot simpler: Users sat at their desks and navigated the web from their large desktops and laptops. But they've moved en masse from the standardized world of PCs to the fragmented and diverse world of smartphones and tablets. With emerging mobile users and an equally mobile workforce, even applications have become mobile. They are no longer hosted at a centralized datacenter but in the cloud.

Continue reading "Remembering Multiple Passwords is Passé" »

Search InfyTalk

+1 and Like InfyTalk

Subscribe to InfyTalk feed

InfyTalk VBlogs: Watch Now

Infosys on Twitter