The BIU Center for applied cryptography and cyber security focuses on four main areas of research:
Applied Cryptography
Cryptographic techniques play a major role in cyber security. Encryption and signature schemes are used for encrypting and authenticating data in transit and in storage. Secure computation can be used for performing computations based on encrypted or shared data. For example, secure computation can support different parties sharing and operating on data while preserving its privacy, or distributing shares of critical secret data so that no single entity has access to it. A major research goal of the center is to apply advanced cryptographic methods in order to provide better cyber security. This research involves identifying problem areas where advanced cryptographic methods can be used, designing and improving relevant cryptographic techniques, and implementing and experimenting with the resulting solutions.
Applications of Machine Learning, Artificial Intelligence and Natural Language Processing to Cyber Security
Modern computing practices generate massive amounts of data, such as network logs, executable files, and lines of codes. Vulnerabilities must be identified within this data. Actual cyber-attacks are also hard to detect since they hide within the complexity of the computing environments. The scale of the data makes it impossible for it to be examined by human analysts. One of our research goals is to use machine learning, artificial intelligence and natural language techniques in order to automate the identification of potential vulnerabilities and actual attacks.
Systems and Network Security
Attackers in cyber-space contiously attempt to find vulnerablities in computer systems and exploit them, often using communication networks as a vulnerable part of the system or as a medium to reach the victim system. This threat is made even more challenging by the fact that the number of connected devices is constantly on the rise widening the attack surface, and by the fact that user bring their own devices weakening controls. Our research goals in this area span various systems and networking areas, including networking, operating systems, mobile systems, firmware embedded and IoT devices, and more. We examine various aspects of the cybersecurity space, from the vulnerabilities and attack surface to new methods of defense, as well as new ways to collect and share cyber-intelligence.
Hardware Attacks and Defenses
A significant and powerful threat to cryptographic devices is extracting the secret key by Side-Channel Attacks. Side channel attacks on cryptographic devices exploit unintentional information leaks from physical channels, such as power consumption, electromagnetic emission, timing properties, and more. Two specific attacks – Power Analysis and Fault Injection – are major security concerns for hardware implementations. In our research we aim to develop countermeasures at the physical, circuit and logic abstraction levels that protect information leakage from physical channels. Our solutions include alternative logic families, analog power management and fault detection codes.