Over the last 10 years the use of encryption to protect the confidentiality and integrity of communications over the Internet has increased significantly. This enhances the security and privacy of users by protecting information as it travels from mobile devices to cloud services. More recently some classes of application, such as messaging and password management, have started to offer end-to-end encryption, ensuring that information is only accessible on the mobile devices of the intended recipients, and cannot be read by a malicious data centre operator or nafarious application developer. While end-to-end encryption prevents network observers and service operators from reading the contents of communications, operators can still see the metadata of who accessed what, when, and where from, as well as who is talking with who. In this talk we explore recent research work on software systems which offer metadata privacy in addition to data confidentiality and integrity. We have made significant steps forward, and designs which work in specific domains, such as allowing whistleblowers to contact investigative journalists inside a news app, are possible. However more general solutions remain a challenge. For example, applications which require high bandwidth and low-latency communication patterns remain impractical on mobile devices with limited energy or stringent mobile network data limits. Similarly, simple operations, such as determining the correct key material to use to protect end-to-end encrypted messages is hard if you are unable to trust a single operator. We outline some potential paths forward and highlight the challenges which remain.
Head of Department of Computer Science and Technology
Robin Walker Fellow in Computer Science at Queens' College
Professor of Computer Security, University of Cambridge
Alastair's research work examines the security and privacy of large-scale networked computer systems. He is currently focus on networked mobile devices, such as smartphones, tablets and laptops. He examines the security of the devices themselves as well as the security and privacy problems induced by the interaction between mobile devices and other Internet services. He approaches this through the critical evaluation of existing products, by designing and building novel prototype technologies, and by measuring human behavior.
