Interdisciplinary approach to cybersecurity studies
IN the 1980s, when the Internet was still in its infancy, cybersecurity was not an issue. To protect themselves from cyber threats, users used simple security approaches by controlling what was coming into and going out of their personal computer.
Fast forward to today, the spread of networked applications has set the stage for complex cyber attacks, which have increased significantly.
“Globalisation and digitisation have made life easier, through greater accessibility and collaboration via advances in technology. But they are making connected IT (information technology) systems vulnerable to attack,” said Multimedia University (MMU) Faculty of Information Science and Technology dean Associate Professor Dr Lau Siong Hoe.
In a changing world of new security paradigm with the widespread of information communication technologies, Lau said research in information security was critical to secure information of electronic transactions in public networks and computer systems.
“Here at MMU, we are taking an interdisciplinary approach to tackling the challenges and opportunities created by ever-changing technical advances. Key to this effort is the Centre for Ubiquitous Computing and Communication, which was established in 2009 through the Digital Security Special Interest Group.
“The centre conducts research and development in cryptography, biometrics, network security and cyberlaw to meet the multifaceted requirements and objectives of securing information and user privacy. Its aim is to be a premier research and development centre that will have positive impacts at the institutional and national levels,” he said.
Among the research that the centre is conducting is on cloud-based connected car services.
Lau said as vehicle IT became more complex, the risk of cyber attacks grew.
“Researchers are studying and developing integrated end-to-end IT security concepts for vehicle-to vehicle (V2V) communication that will ensure authenticity, integrity and confidentiality whenever sensitive data is exchanged,” he said.
V2V communication lets a vehicle broadcast its position, speed, steering-wheel position, brake status and other data to other vehicles within a
We aim to assist government and private organisations in terms of cybersecurity policies, frameworks, standard of procedures, best practices and local cyberlaws.
range of a few hundred meters.
It is expected that the communication between vehicles can provide drivers with more information about their surroundings, allowing them to make better decisions.
The centre also focuses its research activities on cryptography and network security.
“Cryptography is the practice and study of methods to secure communication in the presence of adversaries. It is a key technology for achieving information security in communications and computer systems,” he said.
“Network security refers to the practice and study of methods to analyse, trace and respond to network incidents caused by unauthorised access, misuse, modification, or denial of the network services and network-accessible resources.
“The research focuses on wireless and mobile communication security, intrusion detection systems and technologies, malware analysis, web security and digital forensics,” said Lau.
Universiti Kebangsaan Malaysia’s Center for Cyber Security, which was established in January last year, takes an interdisciplinary approach to research. This is reflected through its talent rollcall comprising associates from the university’s Faculty of Law, Faculty of Human and Social Science, Faculty of Economics and Management and Faculty of Engineering and Built Environment, and Faculty of Science and Technology.
It also has associate fellows from Universiti Sains Islam Malaysia, the industry and an adjunct professor from CyberSecurity Malaysia.
The Centre for Cyber Security chairman, Associate Professor Dr Siti Norul Huda Sheikh Abdullah, said there were four active research labs at the centre: namely the digital forensics lab, computer security and software verification lab, cyber intelligence lab and information governance lab.
“The digital forensics lab focuses on, among others, development of forensics tools and big data analytics. We look at the process of collecting, analysing and reporting of digital data that may subsequently become digital evidence in the criminal justice system to ease the task of the law enforcement in handling, analysing and presenting the digital evidence for criminal investigation,” Siti Norul Huda said.
In the computer security and software verification lab, the focus is on defence technology and science for digital space.
“The security model that underpins our work is the ‘CIA’ triad; confidentiality, integrity and availability. The research focuses are authentication, steganography, privacy, cryptography, watermarking, intrusion detection system, physical security, security evaluation, blockchain and cryptocurrency. This lab owns the Information Security and Financial Technology Security Tracks of the (university’s) Master of Cyber Security Programme,” said Siti Norul Huda.
The cyber intelligence (CyberIntell) lab focuses on the fundamental and applied research in intelligence informatics, social media analytics, cybersecurity and modelling and simulation. The lab has the capabilities of modelling the human in cybersecurity, social-media-based cyber-situational understanding, and intelligent information gathering and analysis, such as malware analytics.
The information governance lab aims to develop and implement policies, framework, procedures, processes, roles, control, standards, metrics, technology and people who can treat information as a valuable business asset.
“The uniqueness of the Centre of Cyber Security is that we never give up to explore new ideas and innovations in the field of cyber security and digital forensics, and disseminate directly new knowledge and skills to our respective audience, both undergraduate and postgraduate students.
“With a similar motivation, we aim to assist government and private organisations in terms of cybersecurity policies, frameworks, standard of procedures, best practices and local cyber-laws to increase organisational adoption in combating cybercrimes,” she said.
To nurture cyber security guardians, as well as digital forensics professionals, the centre has proposed to hold the Cyber Resilience Conference (CRC2018) in November with the agenda to bring together Asean to combat cybercrimes.
“This inaugural conference will gather all participants, professionals and practitioners in the research area of cyber security into a single platform of knowledge dissemination and lessons learnt.
“With Towards a Resilient Asean, as its motto, the conference aims at strengthening Asean cyberspace security. We hope to share and interact with Asean researchers and practitioners in cyber security, as well as other cyber security experts around the world.”