人工智能和区块链塑造网络安全的未来

尼克·哈斯特赖特尔

As we become increasingly dependent on technology in our daily lives we open ourselves up to an entirely new kind of threat， cyberattacks.

When we started thinking about cybersecurity and where its heading， one of the first issues brought up was the Internet of Things. Someone tampering with your computer while youre surfing the web is an inconvenience， but what about someone hacking into your car while youre driving down the highway？

So， in an effort to ease our fears and gain a better perspective we decided to ask a group of cybersecurity experts…

Whats the future of cybersecurity？

随着我们在日常生活中愈加依赖科技，我们将面对一种全新的威胁：网络攻击。

我们开始思考网络安全及其发展方向时，提出的第一个问题就是物联网。在您上网时，有人窜改您的计算機会带来不便，那您在路上行驶时，有人黑入您的汽车怎么办？

因此，为了缓解我们的恐惧并获得更好的认知，我们决定咨询一群网络安全专家……

网络安全的未来是什么样的？

Ondrej Vlcek， CTO & GM of Consumer at Avast1

“In 10-15 years， we will be deep in a ‘war of the machines era with advances in artificial intelligence bringing fast and sophisticated execution of security defense and cybercrime. This will be a battle of AI vs AI.

“The availability of low cost computing and storage， off-the-shelf machine learning algorithms， AI code and open AI platforms will drive increased AI use by the good guys to defend and protect—but also increase deployment of AI by the bad guys. There will be sophisticated attacks launched on a grand scale， quickly and intelligently with little human intervention， that compromise our digital devices and web infrastructure.

“Cybercriminals will create fully autonomous， AI-based attacks that will operate completely independently， adapt， make decisions on their own and more. Security companies will counter this by developing and deploying AI-based defensive systems. Humans will simply supervise the process.”

翁德雷·弗尔切克，Avast首席技术官兼客户总经理

“10到15年内，人工智能的进步会让安全防御和网络犯罪变得快速且复杂，我们将深陷‘机器战时代。这将是一场人工智能对人工智能的战斗。

“低成本计算及存储、现成的机器学习算法、人工智能代码和开放式人工智能平台，将促使好人更多地使用人工智能来捍卫安全，但也会让坏人增加对人工智能的利用。几乎无须人工干预，快速、智能且复杂的大规模攻击将会危及我们的数码设备和网络基础设施。

“网络犯罪分子将基于人工智能制造完全自主的攻击;这些攻击将完全独立运行、自行调节、自主决策等。安全公司将通过开发和部署基于人工智能的防御系统来应对。人类仅需监督该过程。”

Konstantinos Karagianni， CTO of BT

“Blockchains are moving from the realm of just fueling cryptocurrencies like Bitcoin to providing smart contracts， identity management， and multiple ways of proving integrity of data. They may also hold the key to defending against IoT attacks.

“Quantum computing will have possibly the biggest impact within 10 years. Most over-the-wire encrypted transmissions collected over the next decade will be readable， and even private keys will be reversible from public blockchains （for example， you can spend someone elses Bitcoin）. Post-quantum safe crypto will be a must.

“AI will be used to identify hacking flaws and patch them to stay ahead of malicious attackers.”

康斯坦丁诺斯·卡拉詹尼，英国电信集团首席技术官

“区块链此前仅为比特币等加密货币提供技术支撑，现正转向其他领域，如提供智能合约、身份管理及多种证明数据完整性的方法。它们也可能是防御物联网攻击的关键。

“量子计算可能是10年内最具影响力的技术。未来10年，大多数在线加密传输都是可读的，甚至公共区块链中的私钥也是可逆的（譬如，您可以花别人的比特币）。后量子安全加密将势在必行。

“人工智能将用于主动识别并修补黑客漏洞，使恶意攻击者无法得逞。”

Carl Herberger， VP of security at Radware2

“The top challenge for cybersecurity isnt preventing data breaches， stamping out ransomware， or preventing ever-more-massive DDoS attacks， it is securing our digital privacy. Digital threats have evolved quickly and can wreak havoc on our lives， endangering our personal privacy and the privacy of those around us.

“To tackle this important issue， we need the national government to take a stance on what our digital privacy is. Is it an immutable human right？ If so， there needs to be explicit legislation that goes beyond what is currently in place. It needs to protect each and every citizen and hold those who might put our privacy in jeopardy accountable for their actions. This will be the most important cybersecurity decision in the next year and it will shape the security landscape for years to come.”

卡爾·赫伯格，Radware安全副总裁

“网络安全的最大挑战不是防止数据泄露、杜绝勒索软件或提防越来越大规模的分布式拒绝服务攻击，而是要保护我们的数字隐私。数字威胁发展迅速，可能会严重破坏我们的生活，危及我们个人和周围人的隐私。

“为了解决这一重要问题，我们需要国家政府对我们的数字隐私表明立场。这是永恒不变的人权吗？如果是，则需要制定比目前还要明确的法律。它需要保护每个公民，并让那些可能危害我们隐私的人对其行为负责。这将是明年最重要的网络安全决策，将塑造未来几年的安全格局。”

Michael Shinn， CEO of Atomicorp3

“IoT will overtake everything else in connected devices and not only will be the most hacked stuff， it will continue to be the hardest to protect. This will turn cybersecurity on its head because security on all IoT is terrible， and totally opaque to users. Its take it or leave it. You cant harden the devices after the fact. You cant even log into them. You just have to hope they are secure and your perimeter can stop all attacks.

“Building secure， hardened IoT devices from the start is ultimately the best solution. One new challenge will be that IoT devices will have encrypted connections （or they should！）. It will be effectively impossible for any network based device like a firewall to see inside that session. There are some SSL/TLS4 interception methods that can be used， but that requires the devices to trust the interception device. Harden your IoT now.”

迈克尔·希恩，Atomicorp首席执行官

“物联网将在连接设备方面超越其他网络，它不仅会受到最多的黑客攻击，还将一如既往地最难以保护。这将完全颠覆人们对网络安全的看法，原因在于所有物联网的安全性都很糟糕，而且对用户完全不透明。对此，要么接受，要么放弃。发生事故后，您将无法加固设备安全。您甚至都无法登录。您只能盼望它们是安全的，并且希望外围设备能阻止所有攻击。

“最佳终极解决方案是从一开始就构建安全、坚固的物联网设备。一项新的挑战是物联网设备将会加密连接（或者应是如此！）。事实上，任何像防火墙之类的联网设备都将无法窥视会话内容。可以使用安全套接字层协议拦截或传输层安全协议拦截的方式，但这要求联网设备信任该拦截装置。即刻强化您的物联网。”

Eugene Pilyankevich， CTO at Cossack Labs5

“Many traditional concepts will be hopefully gone. Perimeter security， storage-only encryption， access control based on privilege records， authentication that relies on one strong factor， DMZ6—they will fade out or vanish completely.

“Many new techniques will arise through machine learning and weak AIs， especially in intrusion detection and making sense of large-scale monitoring and signal analysis. Many new techniques will arise from advancements in cryptography and collective effort to eliminate poor cryptography. Still， we will have snake-oil products and systems.

“Attackers will still be ahead of the game because security is asymmetric in effort and success criteria between attacker and defender.

“With proliferation of IoT and a bunch of computers in every device， the damage will get physical. Growing complexity of real-world processes， intertwined with complexity of security protocols protecting them， will lead to many new challenges in practical use cases for security tooling.”

尤金·皮利安凯维奇，Cossack Labs首席技术官

“许多传统概念有望消失。外围设备安全性、仅存储加密、基于权限的访问控制、依赖于单个强因素的验证、隔离区——它们将消退或完全消失。

“通过机器学习和弱人工智能，许多新技术会出现，尤其是在入侵检测以及掌握大规模监测和信号分析方面。加密技术的进步以及消除不良加密的共同努力，将催生许多新技术。尽管如此，我们仍将使用夸大宣传的产品和系统。

“由于攻击者和防御者在网络安全上的努力和成功标准有所不同，攻击者在角逐中仍将处于领先。

“由于物联网普及且每套设备内置大量计算机，破坏将十分严重。现实世界中愈加复杂的程序，与保护它们的安全协议的复杂性交织在一起，将给安全工具的实际应用带来诸多新的挑战。”

Betsy Cooper， Executive Director， Center for Long-Term Cybersecurity， at UC Berkeley

“In 10-15 years， cybersecurity might be about preventing ‘real identity theft. In 2017， we call theft of social security numbers and passwords ‘identity theft. But what if criminals could steal not just these， but also our fingerprints， our brain waves， and even our genetics？ This could happen， as passwords get easier to crack.

“First， well shift to using biometrics like fingerprints and iris scans to authenticate ourselves online. But once hacked， we cant change these things， so well have to abandon them.

“We might switch to new methods of authentication， through brain wave sensors or genetics. But these can be hacked too. And the more information we provide， the closer criminals will get to capture our essential selves.”

貝齐·库珀，加州大学伯克利分校长期网络安全中心执行主任

“在10到15年内，网络安全可能会围绕关于防止盗窃‘真实身份开展。2017年，我们将盗窃社会安全号码和密码称为‘身份盗窃。但是，如果罪犯不仅可以窃取这些，还可以窃取我们的指纹、脑电波，甚至基因的话，怎么办？这种情况可能发生，因为密码变得更容易被破解。

“首先，我们将转而使用指纹和虹膜扫描等生物识别技术，进行在线身份验证。然而一旦遭到黑客入侵，我们将无法更改这些内容，就不得不放弃它们。

“通过脑电波传感器或基因学，我们可能改用新的身份验证方法。但是这些也可能会被黑客入侵。而且，我们提供的信息越多，犯罪分子就越能掌握我们自身的关键信息。”