Ghassan Karame has a PhD in Computer Science and is the Manager and Chief Researcher at Security Group NEC Laboratories Europe. He is an active member of IEEE, and the ACM, which are leading organizations in the field of engineering and computer science. Besides his research at NEC, he teaches young people on subjects such as designing security protocols and raising awareness on pitfalls and misuse of blockchain and IoT technology.
Some people think of security as a commodity, they design their services and products without caring much about security, But, when you think about it, security is one of the most important aspects of our everyday lives. When you leave your house, you lock your front door for security, and you need to do the same online to protect your assets and resources. Our society is growing more and more digital, and our businesses are increasingly online based, which is why our line of work has a huge impact on human life.
NEC has a major impact when it comes to systems security. We have been contributing to the research field to make our society more secure, and as a result our citizens, customers, and stakeholders of various businesses have benefited. Our security group, here at NEC Labs in Germany deals with a wide range of system security research, including cloud-, IoT-, and not least, blockchain security. I oversee all aspects of system security research, and my current focus is on IoT security and blockchain security.
Our blockchain and IoT security research
In terms of blockchain, we are building a secure technology and one of the fastest growing in the world. Our goal is to be able to match the performance of centralized services utilized by major credit card companies. Unfortunately, existing blockchain systems cannot perform securely at such a high-speed level. So our major goal here is to be able to utilize the technology and allow it to handle a very large number of transactions per second without hampering security.
The matter of IoT security is a complex issue. Devices are made by different manufacturers, run on different operating system, and use different processes and software. As more and more devices are connected to the internet, they become more vulnerable to various threats, which is why we need to come up with security systems that perform well on all of these devices.
Security is a large field of study, and actually quite interdisciplinary. It requires full understanding of the system itself and beyond, including how the devices work, how it’s being deployed, by whom it’s being used, and how it’s used. It also takes many years of study, experience and discussions with customers to obtain the knowledge and expertise needed. Only when you have proper understanding of all of them, you can devise solutions and security protocols that would protect various resources and assets in these systems.
Growing privacy concerns and how to tackle this challenge
We have GDPR in Europe, and certainly there are similar legislations concerning privacy in other regions of the world on the way. We need to be aware of the legislations regarding Internet security and stay on top of things, designing systems that are in line with such regulations. Again, because of the sheer number of devices that are connected to internet, this is a fun but difficult challenge from a security standpoint.
Our responsibility as experts in the field is to make sure that technology provide an ethically sustainable foundation for products. In other words, we need to direct the technological development to a path, which is not based on hype and rumors, but on information from verified sources and ethical considerations.
An expressed goal for multiple sectors of industry and governance is to be able to monetize data. Data is becoming a currency, and for that to happen we need to be able to trust the source of the data. We are making sure that the devices are working ethically and that verified, trustworthy data sources can grow exponentially and provide a healthy foundation for future innovations.
The interview is an extract of a longer interview, available on the website of NEC Lab Europe.