Keeping ahead of the hackers in a hyper-connected world

6 Nov 2018

Image: Prof Máire O’Neill

Prof Máire O’Neill will give a discourse at the RIA this week about securing connected devices and the internet of things. Dr Claire O’Connell caught up with her ahead of her talk.

Can you trust connected devices to be secure? That’s a huge question, given the proliferation of web-connected devices and the internet of things (IoT). From web-enabled assistants around the house (Hi, Alexa!) to phones, watches, fitness trackers and the software in our cars, electronic portals into our lives are popping up everywhere.

Such devices thrive on data, and protecting that information from prying means that researchers, designers and manufacturers need to keep ahead of the hackers and eavesdroppers. That’s according to Prof Máire O’Neill, who will give a talk at the Royal Irish Academy (RIA) tomorrow (7 November) titled ‘Securing Connected Devices: An Arms Race’.

Vulnerable hardware

The need for vigilance is starkly demonstrated by the Cayla doll, a commercially available web-enabled toy that ‘speaks’ to children, answering their questions. “For a project, I asked an intern to try and hack into the toy’s system,” said O’Neill, who is principal investigator at the Centre for Secure Information Technologies at Queen’s University Belfast (QUB). “It took the intern just five minutes to do that. Think about that: if someone hacks into the system, the doll could be saying anything to a child then.”

One of the big issues with connected devices, noted O’Neill, is that in the rush to get products to market, security is often an afterthought. Yet the problems could run deep into the manufacturing and supply processes.

“What if we have an internet of cloned things, where fake hardware or components are being sold to consumers?” she asked. “The concern is that these tampered components could be easier to hack, and I would envisage we will be seeing a lot more visibility around cases of hardware being attacked.”

Building resistance

O’Neill is research director of the UK Research Institute in Secure Hardware and Embedded Systems (RISE), which is researching these questions at the heart of security and authenticity. “We are looking at how you might detect if a device is counterfeit or if it has been manipulated in some way, [if] can we bring in some kind of trusted manufacturing process, perhaps a brand mark to ensure a security level,” she explained. “We are also looking at how we could go back and start again, how to build attack-resilient hardware platforms that are secure yet will be affordable for these devices.”

One strand of her own research looks at ‘physical unclonable functions’, or digital fingerprints, which can be put into circuits on chips to identify them, introducing better traceability and anti-counterfeit measures.

O’Neill is also seeking to future-proof security in the face of quantum computers. She leads the EU H2020 SAFEcrypto project, which has been developing new methods of encryption to resist attacks from quantum computing and testing them with industry partners.

“We want security that will be resistant today to classical attacks and will remain secure after practical quantum computing becomes a reality,” she said. “People say quantum computing is far off but if you are making a fundamental change to systems, you need to think about that now. In the case of connected devices, many of them will have a long life cycle. Connected cars being designed today or sensors being put into the environment, they could still be working in 15 or 20 years, and quantum computing could be a practical reality by then.”

young strawberry blonde woman in black top smiling at camera.

Image: Prof Máire O’Neill

Inspiration for practical benefits

O’Neill, who is originally from Donegal, was inspired to pursue engineering by her brothers who studied it and by her father. “He was a secondary school teacher and he was really creative,” she recalled. “He built a hydroelectric scheme on the river running by our house, so we had our own electricity.”

O’Neill studied electrical engineering at QUB. In her final year, a local company sponsored her to do a project on data security. That led to O’Neill doing her PhD and even postdoctoral research at QUB with its support, and the high-speed encryption technology she worked on was incorporated into satellite boxes for televisions. “Being able to see that from design stage through to being used in products was a great opportunity for me,” she said. “And that really inspired me in terms of research. I do some blue-sky research but a lot of what I do is very applied now.”

O’Neill would like to see a greater awareness among students about the practical benefits to society that engineering can bring, and she stressed the need for more minds to work on cybersecurity. “There is a shortage of skill in this space; we really need people with a practical understanding of how to build better systems, and that needs a solid background in electronic engineering or computer science,” she said.

“More generally, I think we need to make people more aware of how working on issues such as cybersecurity can really have a positive impact. You can make a huge impact in this space, making technology such as autonomous vehicles and healthcare more secure and safer. This can make a big difference to society.”

Prof Máire O’Neill will deliver the talk, ‘Securing Connected Devices: An Arms Race’, tomorrow (7 November) at 6pm at Academy House, 19 Dawson Street, Dublin 2. The RIA Discourse series is sponsored by Mason Hayes & Curran. Book tickets here.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

Dr Claire O’Connell is a scientist-turned-writer with a PhD in cell biology and a master’s in science communication