Outreach

February 6, Safer Internet Day

Internet security lies in us: INAOE experts

Santa María Tonantzintla, February 6, 2024. More than 170 countries today celebrate Safer Internet Day, or Safer Internet Day #SID2024, with the aim of promoting the safe and positive use of technology, especially among children and adolescents.

Every day we face numerous risks online that violate our security and, although there are many scientific advances that strengthen it and prevent or control cyber attacks, experts emphasize that Internet security essentially lies in us.

On the occasion of this global commemoration, researchers from the National Institute of Astrophysics, Optics and Electronics (INAOE), a center coordinated by the National Council of Humanities, Sciences and Technologies (Conahcyt), talk about Internet security, the main dangers in cyberspace and the tools to confront them. Likewise, they make recommendations so that the network is a safe space, particularly for minors.

Internet security lies in us

Dr. Claudia Feregrino Uribe, researcher at INAOE, comments that because technology is everywhere we must be very careful with the information we share on social media: “Many times we neglect the personal aspect and go up to social media information that we should not and later we regret it.”

She reports that INAOE makes relevant contributions in the training of human resources specialized in cybersecurity: “On the one hand, we have the master's degree in Security Sciences and Technologies, which is focused on providing information security knowledge to working professionals, information technology and related engineering professionals, as well as lawyers and psychologists who wish to learn about the area and relate it to their work. On the other hand, in the master's degree in Computer Science, where our students are full-time, we have a line of research on cybersecurity.”

She stands out that the thesis projects in the master's degree in Security are focused on solving a specific problem that the companies or institutions where students work have, while the research part in the master's degree in Computer Science suggests solutions to identify and mitigate vulnerabilities, improvements in threat detection techniques through the development of artificial intelligence and machine learning systems to identify patterns of malicious behavior in real time, hardware architectures for cryptographic or post-quantum cryptography algorithms.

Among the recommendations for Internet security, Dr. Feregrino highlights multi-factor authentication, which consists of using a password, a question that only we can answer and a biometric data such as the fingerprint: “This will prevent digital criminals from having access to our information or to prevent that our identity is stolen. It is not infallible, nothing is infallible being on the Internet, but it helps.”

Other tips are: if possible, do not use public networks for bank transfers and personal transactions, do not open links that come from suspicious emails, and make sure that the sites where we buy are trustworthy. It is recommended to browse well-known sites.

We must also protect our data as best as possible, not provide it anywhere, if we make a transaction, delete the card data, in addition to being careful with fraudulent identities. We must also take the time to restrict the permissions we give to the applications on our cell phones.

Likewise, it is important to generate strong passwords: “Many passwords are very common and recognized by attackers, such as “123456” or “Superman.” We must choose passwords in a unique and complex way, since the more complex they are, the more difficult it is for them to attack us and for that we would have to increase the length of passwords, from eight characters to 15, and include a variety of numbers, letters and special characters. If they are very complex and we do not remember them, we can use a password manager.”

For Dr. Feregrino, it is essential to teach girls, boys and young people about the dangers of the careless use of the Internet: “They must know the dangers and, once they know them, they must be taught how they can protect themselves. There is hacking, unauthorized access to systems and pages, emails from people who are not who they say they are, to steal our information. We spend a lot of time connected to the Internet, we often use applications in which there have been many frauds.”

Dr. Feregrino concludes: “We all make the Internet safe. The more knowledge we have on the subject, the better we can protect ourselves."

Artificial Intelligence and post-quantum cybersecurity

For his part, Dr. Miguel Morales Sandoval, researcher at INAOE, believes that the best way to promote the safe and positive use of the Internet is education.

“The main security problem has always been the user. Systems can have their flaws and that can be attributed to the way they are created, but generally when systems fail it is due to the users, who induce the security problems. For example, they use easy-to-guess passwords, leave their devices unprotected, and disclose data to third parties.”

They also publish and reveal a lot of personal information on social networks that attackers collect and analyze, and from there they infer things that ultimately lead to a security incident: “Beyond the development of robust technologies, if the user continues to be the most important link weak, the advances will not have the expected effect,” emphasizes the researcher.

On the other hand, Dr. Morales points out that artificial intelligence (AI) plays for and against security: “Against because attackers now use AI techniques to carry out much more effective attacks. Now you can see the image of a person who is talking and gesturing but it is not said person, but the AI ??reproducing his voice and his gestures, and one does not know if that is real or not. It is already much more difficult to distinguish what is real from what is fake. You may receive an email and the content of it is so convincing that you may think it is true. Generative artificial intelligence creates content so convincing that it can fool people.”

However, AI models can also be used to learn how attackers act, which allows us to react more quickly to incidents: “In the area of network security, the behaviors of what happens on a network can be analyzed to detect earlier or more effectively a possible attack on an organization, for example, and that can be done with predictive AI models. That is, it helps us better understand anomalous behavior. Even in the use of devices, AI can reveal if the behavior is not the user's usual behavior, which means that someone else possibly had access to the device and an action can be taken to protect it or send an alert to the legitimate user”.

Another technology that poses a threat to security in the future is quantum computing, due to its greater processing power, explains Dr. Morales: “Things that we cannot do with current computers because they do not have sufficient processing capacity, will be possible with quantum computing, especially for biology and medicine. Many of the solution strategies that we currently have to protect ourselves on the Internet lie in the difficulty of solving a mathematical problem. If the attacker cannot resolve it, we maintain the security of our information, systems or devices. With quantum computing, the attacker will be able to solve the problems that until now were difficult for a conventional computer and then the security that we now have will no longer exist. This is expected to occur in a very important part of computer security, which is public key cryptography.”

Quantum computing can overthrow the security mechanisms that have worked very well practically since the Internet was invented and this is where the issue of post-quantum cryptography comes in.

“We still do not have a quantum computer with these capabilities but it is expected to be available between 2030 and 2040 due to the accelerated progress in the development of quantum computing. Post-quantum cryptography has begun to be developed and there are algorithms that are believed to survive this type of attacks, but they are in development, which is why this line of research is very relevant,” he asserts.

Key: educating children and adolescents

Dr. Janeth Cruz Enríquez, who is in charge of the Computer Systems area at the Center for Technological Integration of INAOE, emphasizes the importance of raising children's awareness about the dangers in the use of technologies: “ Just as they have benefits in the knowledge and information of the Internet, we must mention to them what risks they are exposed to, such as cyberbullying or identity theft that they may suffer when using messaging tools or some platforms.”

She recommends children and adolescents not to share information, always use safe platforms and be careful with the links they open and who they contact on Internet.

“It is essential that adults become aware and educated about the current risks on the Internet and then transmit this information effectively to children and adolescents. We must create a culture of safe use of the Internet in childhood. Now many children and adolescents use a smartphone and that opens many possibilities for them to be attacked through any type of information that reaches them on any platform they use.”

Another central point is the lack of sufficient legislation regarding cyberbullying, grooming and other cybercrimes: “Technology is ahead of legislation and, although there are already official entities and organizations at the national level that can monitor cybercrimes, many of us do not know the scope of these investigation units or the way in which we can make complaints."

Dr. Janeth Cruz emphasizes that it is not necessary to have in-depth knowledge of technology to protect ourselves and that there are many tools that allow us, for example, to generate random and secure keys for banking transactions, online purchases, etc. “Filters can also be generated for our emails and messaging. As developers of new technologies, we have to integrate security into our developments so that they are less vulnerable.”

For her part, Dr. Kelsey Alejandra Ramírez Gutiérrez, Computer Science researcher at INAOE, highlights that one of the main crimes on the Internet is phishing, which consists of emails in which the sender appears to be from a serious institution to steal personal data.

“You have to be careful, sometimes it even seems that these emails come from a bank, but the extensions are different. Phishing is based heavily on social engineering, perpetrators study the victim's profile to identify their interests and thus design an attack."

Dr. Ramírez recommends being careful with the information we share and not sharing passwords: “Web pages with chats for consultations are increasingly common. Some are on the same page, while others redirect us to WhatsApp or Facebook. It is important to exercise caution when using these chats, as in some cases they may ask for sensitive information such as passwords. While it is possible to provide certain information about the service being requested or a specific case such as following up on a complaint, it is crucial to avoid revealing sensitive personal information.”

She advises girls, boys and young people not to give personal information on social networks because that is what cybercriminals use even for serious crimes such as human trafficking: “They look for information published on our social networks. For example, if we like dogs, they can send us related messages or create a fake profile where they pretend to have the same interests and, thus, create a bond with the victim. To protect ourselves, it is essential to configure the privacy of our profiles on social networks and restrict the visibility to a circle of trusted people. While this may go against the goal of gaining followers, the security of our personal information should be the priority, especially if we are not looking to become influencers.”

Finally, she recommends not having interaction with strangers they meet online and never having a date alone with them.