IC Research Day 2019: how can we build digital trust?

How can we build digital trust - with cryptography? The poster session. © 2019 Samuel Devantéry

How can we build digital trust - with cryptography? The poster session. © 2019 Samuel Devantéry

At the School of Computer and Communication Sciences (IC) Research Day on June 6, students and researchers convened at the SwissTech Convention Center to discuss mechanisms for strengthening trust and transparency in an increasingly digital world.

"Digital trust is fundamental to society, and the big challenge at this stage of development is that the notion of digital trust is very much up in the air,” said EPFL president and IC professor Martin Vetterli as he opened the day’s proceedings. Vetterli gave a historical view of not just computer science and communications systems research at EPFL, but also a pedagogical paradigm shift: today, computational thinking – "a way of thinking about problems so that computers can find solutions” – is a key educational pillar.

IC dean Jim Larus expanded on the accelerating impact of computer science research and education at EPFL, touching on initiatives like the Center for Digital Trust (C4DT), the Swiss EdTech Collider, and the newly launched Swiss edition of the Alkindi competition for secondary school students.

Event co-chair Professor Jean-Pierre Hubaux, head of the Computer Communications and Applications Laboratory 1 (LCA1) and academic director of the C4DT, also took a historical view – this time of the day’s theme of digital trust. “Hate speech and fake news are not new,” he said, adding that today, cyber war and cybercrime are major threats. Many countries including Switzerland calling for cybersecurity measures in the public and private spheres, raising the stakes for research in the field.

Securing e-voting and outsmarting algorithms

Professor Dan Wallach of Rice University in Houston, Texas, USA kicked off the day’s expert talks with a view on electronic voting technology. From outdated and vulnerable electronic voting machines to online propaganda, Wallach painted a grim picture of cybersecurity in US politics. Internet voting, he says, is not a viable solution due to unequal access to computers, technical vulnerabilities and a higher risk of coercion. However, he noted that cryptographic approaches to e-voting – specifically end-to-end encrypted systems – hold promise. “Voting and cryptography actually get along really well,” Wallach said, citing ElectionGuard from Microsoft, which is still under development.

Next, IC professor Carmela Troncoso, who leads the Security and Privacy Engineering Lab (SPRING), told the audience about the security potential of data inputs called adversarial examples, which can be introduced into machine learning (ML) models. Adversarial technologies, she said – often presented as a security “foe” to ML systems – can also be harnessed as a “friend” to help protect against threats to security, privacy, and even social justice.

“Adversarial examples are only adversarial when you are the algorithm,” Troncoso said, explaining that the goal in terms of privacy is to modify data so that an ML-based algorithm cannot make inferences about, for example, user demographics. She presented a tool based on graph theory, which allows adversarial ML to be used efficiently to improve digital protection. “Adversarial machine learning is hard to defend against, but this opens great opportunities for security and privacy applications,” Troncoso concluded.

Shining a light on hidden vulnerabilities

In his talk on software security, IC Professor Mathias Payer, head of the HexHive Lab, told the audience that as adversaries become more sophisticated, mitigation and software testing are two main defenses against exploitation. Payer explained that over the last 15 years, mitigation defenses have helped dramatically raise the costs of exploitation – without being able to eliminate them, however. That’s where software testing comes in. Payer described the HexHive lab’s recent work on developing tests for “hard-to-reach” code, and specifically so-called “fuzz testing” – an effective approach that can automatically test programs for security violations, and expose critical vulnerabilities before attackers can exploit them.

Speaking via videoconference, Professor Ari Juels of Cornell Tech in New York City gave the final expert talk of the day on security and trust issues concerning blockchain-based decentralized exchanges (DEXes). Cryptocurrencies, Juels explained, provide a globally accessible way to make unalterable, transparent financial transactions via strictly ordered blockchains. But despite their purpose of facilitating trustworthy exchange, these systems are still vulnerable: according to Juels, more than $8 billion in Bitcoin alone has been stolen since 2011. Juels told the audience that his research shows that DEXes, which are accepted tools for managing fair and transparent transactions, are actually rampant with bots and other security manipulations.

IC research showcase

In addition to a lunchtime poster session, ten IC PhD students presented their projects during the IC Research Day 2019.

Jean-Pierre Hubaux closed the day with thanks to all participants, and a word of caution.

“More awareness is needed, more research is needed,” he said. “The more sophisticated technology becomes, the less society at large understands what is going on, and might be tempted to listen to simpler narratives. This is a challenge we have to cope with.”

Author: Celia Luterbacher