The issues of cybersecurity: an interview with Gaëtan Le Guelvouit

Cybersecurity issues have been the focus of recent news. Digitizing documents and the ease of file-sharing is a boon to everyone. But without security, these exchanges are also a serious threat. b<>com's Digital Trust & Identity laboratory works on designing tools to establish digital trust while ensuring the privacy, traceability, and confidentiality of the exchanges. An interview with Gaëtan Le Guelvouit, Manager of the Digital Trust & Identity Laboratory.

How has cybersecurity become a major issue for businesses, organizations, and governments?

The modernization of computing devices, the arrival of the Internet, and the democratization of personal computers have upended the way our society functions. Today everything is digitized: Documents, photos, bank data, etc. Every day, an astronomical quantity of data is created. All this data has value, which is what attracts hackers. Businesses are often the first to be targeted, because they have many sensitive documents like patents, industry secrets, marketing plans, accounting documents, etc. The theft of such documents may lead to lasting economic damage and affect the company's image. Hacking methods have evolved to become very complex. Everyone (businesses, organizations, and governments) is therefore trying to protect themselves.

Are we all under threat?

Just as they do for businesses and governments, hackers covet our data. Historically, hackers would be more likely to seek out banking information like debit card numbers, or online bank login details. Although this is still true, hackers are also trying to pilfer digital identities, such as by gaining access to Facebook accounts, stealing physical identities by retrieving identity documents, or hacking private data and demanding a ransom to restore access to the stolen data. We are therefor facing many threats and cybersecurity concerns us all.

How can we protect ourselves?

Although they exist, security flaws in the latest OSs are rare. The main methods used by hackers are fraud techniques that exploit human and social weaknesses. The best-known on the Internet is phishing, which consists of making a victim believe that he or she is communicating with a trusted third party, most commonly by e-mail, and then taking their personal data. Nearly 100,000 people fall victim to phishing every day. Following best practices for the Internet is generally enough to ward off attacks directly that target our computers. Unfortunately, there are other kinds of cyberattacks that we cannot directly defend ourselves from: The security flaws of online services. Today, every individual has many user accounts, whether they're on social media, e-tailers, or forums, which represents a great deal of personal data coveted by hackers. One major example is the company Yahoo, which was the victim of the largest personal data theft in history, with over a billion user accounts hacked. Things may prove even more serious if the user employs a similar password for multiple user accounts. With just one security flaw or undetected phishing e-mail, a hacker could gain access to all of their Internet accounts! An increasing number of companies are aware of the problem and have put in place what is called multi-factor authentication. This is an additional layer of protection or authentication for an online service that requires additional proof of identity, such as getting a code texted to your cellphone. However, methods like these always add more friction onto the end user, which heavily affects their web browsing quality.

What are the issues that your teams are working on today?

We started from the premise that we would not prevent login theft. Instead we sought to find a solution to stop a hacker from using those logins.. Existing solutions are restrictive because they generally require using a different terminal to validate authentication. For this reason, to us it is obvious that we had to find a solution involving the same terminal as the one used to connect to the web service. We are currently working on a project that borrows a method used by digital marketing companies: Browser fingerprinting. A browser fingerprint is a set of information about an Internet terminal's hardware and software configuration. It contains data like monitor size, language used, list of web plugins installed, etc. In total, over 200 items of data are used. The diversity of the configurations is so large that every browser would have a unique fingerprint. Thus, the concept is to use those fingerprints to verify, during an authentication attempt, that the terminal presented is indeed one of the commonly used terminals. There is nothing to install, as the data from a fingerprint is directly captured from a web browser. For the user, everything is transparent. A hacker doesn't have the same terminal as his or her victim. Consequently, even if he or she has the right login details, the terminal will have a different fingerprint from the victim's, and access will be denied.

We have carried out a full-scale experiment of our solution, and the results are highly encouraging. On average, the likelihood that a hacker has the same fingerprint as his or her victim is less than one in a million. At the same time, we have also patented a solution that can detect when a user is artificially trying to alter their fingerprint so that the hacker cannot "imitate" their victim's fingerprint. We have also developed additional features like the ability to assign multiple terminals to a single account and then manage them. Finally, given that the terminal configurations are likely to change, we have developed machine learning algorithms that can detect software changes in a fingerprint and therefore follow the browser over time. Ultimately, this solution will be promoted to banks, social media, authentication solution makers, etc., and more generally to any Internet authentication service.