There exists a wide gap between endpoint security researchers and Internet security researchers. Recent security breaches show that this gap has been exploited by malware, ransomware and hackers to carry out their illegitimate activities in a covert manner. In this information age, security is a universal problem and the counter hack technologies should not be developed in a disjoint manner.
The proposed lab/project will develop a unified security framework which will be useful for stakeholders from all the related areas of computing (software, operating systems, network, Internet,databases, mobile, cloud, etc.). The unified security framework will be based on joint research in the
following application domains:
- End Point Protection
- Internet Security
- Digital Forensics
- Quantum Technology
Increase in malware and hacking attempts with little and expensive threat protection has resulted in significant reduction of confidentiality, reliability, availability and trust on Internet based systems which, till now, were very efficiently serving online and off-line requirements of national and international cyber connected community. In this regard recent examples are ransomware WannaCry and Stuxnet. The main focus of the proposed lab is to develop defensive framework from malware and other Cyber threats by understanding their development, evolution, proliferation, prediction, damage, forensics and ensuring data security by efficient quantum based cryptographic methods.
The domains or areas where the proposed lab will specifically contribute in science and technology are :
- Malware Reverse Engineering: This means using a multi-layer approach with reverse engineering; that
is, instead of fortifying or protecting end point service or application with other services, the components
which define or implement the service shall be identified, reverse engineered, and secured. These
components include software modules, web interfaces, user data transport and network traffic, for
example. Predictive malware defence is also one of the scientific objectives.
- Internet Traffic Reverse Engineering for Anamoly Detection: Internet operators in Pakistan and
worldwide are concerned that although they are providing bulk bandwidth and traffic transit services, but
they really don’t know what is actually happening in their network traffic. Unfortunately Deep Packet
Inspection (DPI) solutions are very expensive and also violates privacy of users. Therefore it is a
challenging task to do privacy preserving analysis of Internet traffic. In this regard, this project will focus
on using statistical analysis of interval and counting data using large deviation theory and long memory
processes. The scientific target is early DDOS detection and backtrack malware signatures to traffic
- Digital Forensics: The long term scientific goals of the proposed digital forensics laboratory include the
creation of expertise and high-quality research in the area of Digital Forensic Analysis of computers
including Network Servers, Audio & Video Devices, Vehicle Infotainment Systems, Drones, Media
Storage, Mobile Devices, i-Pads, Tablets, Cell Phones, Smart Phones, Smart Watches, GPS Devices,
Dash cams, Activity Trackers, IoT Devices and including Medical Devices, that can store digital
information. Hence, it is a need of time to have such a facility in this region which is very important for
national security in the modern digital era where contemporary methods and techniques of digital and
cybercrimes are increasing day by day. The scope such challenges includes Fraud/Wire Fraud, Cyber
Breaches, Intellectual Property/Trade Secret Theft, etc.
- Quantum Key Distribution (QKD) Protocols: Designing, analysis and implementation of QKD
protocols focusing on specific application and industry requirements. As there are a number of QKD
protocols depending upon the available resources, application and scope. QKD Networks: This area
focuses on the utilization of QKD technology in a network fashion, same as existing computer
networks. There are various critical challenges in using QKD technology with classical networks
because of its technical limitations. Research will be done on establishing scalable and secure QKD
networks so that large scale implementation could be done.