We used to understand the term “information security” as means to protect information and data from unauthorized access and usage. In the digital world, we commonly think of cryptography as the only technology to keep data “secure”. However, with the evolvement of digital ecosystems, the meaning of information security has evolved as well widening its scope and increasing the range of technologies involved. Nowadays, a vast amount of information types is available in digital format: image, video, music, speech, text, biomedical and electromagnetic signals, biometric features, sensor measurements… and these are arranged in documents, movies, songs, databases, software programs, medical records, traffic statistics, transaction records, consumer usage habits… Information in digital format is no longer seen as a mere sequence of bits; every type of data has its own applications, users, and peculiarities that give raise to different security concerns. For instance, the implications of compromising medical data of the patients in a hospital are not the same as those of allowing the illegal download of a song. The range of technologies involved in data protection has increased in such a way that information security, from a technological viewpoint, is no longer identified solely with cryptography. Attack modeling, digital rights management, watermarking, fingerprinting, cryptanalysis, steganography, and more, are all different facets of modern information security technology.
Until recently, information repositories used to be centralized, and it was relatively easy to control access to them. Nowadays, the generation and consumption of information is becoming more and more distributed: persons and devices are continuously interconnected and generating/processing data. This trend, which is foreseen to increase in the years to come, is changing the perspective on how information needs to be protected. First, the protection mechanisms need to be seamless integrated in the natural information flows in order not to become bottlenecks. Second, it is not only necessary to protect the data during their storage and transmission over insecure channels, but also with protecting them during its processing and management. Now we are experiencing a progressive migration to remote computation (especially in cloud computing scenarios), technologies for processing data in the encrypted domain are beginning to find their way as means to guarantee the integrity and confidentiality of data at all times, especially for sensitive data (such as personal or medical data). Modern information security technology is going one step beyond: virtually every process that is applied to digital data leaves some characteristic imprint that can be later identified in order to figure out whether the data has been tampered with, and even who (person or device) generated or processed such data. The extraction of additional information from digital data for security purposes is what is commonly referred to as “information forensics”. This task can be aided by other technologies known as “active forensics”, which insert some undetectable, suitable marks in the data that make easier the a posteriori forensic analysis.
The entities involved in information processing and management play a fundamental role in information security; information may be useless if it comes from unreliable sources. The senders and recipients of this information must be authenticated in order to establish appropriate trust levels, permissions, and secure logs for supporting a posteriori auditing, if necessary. Note that these senders and recipients are not necessarily persons, but they can also be devices. For instance, I may want to read the information contained in an RFID, attached to a certain asset I have purchased, in order to verify the supply chain. Can we have the certainty that this RFID is indeed the original RFID attached to that object? How to link in a robust manner physical identity with “electronic” identity? The relationship between data and users establishes interesting links between the information security and authentication/identification (for humans and devices) disciplines. In turn, identification information constitutes by itself highly valuable data which is also crucial to protect (e.g. in order to avoid impersonation). Indeed, the protection of private information (such as biometrics and other personal data) has been receiving quite a lot of attention during the last years. It is interesting to note that the application of technical protection measures to private information is established by the legislation in force in many countries (including Spain).
As can be seen, information security is a truly interdisciplinary field, which is being currently addressed by many scientists all over the world both in the industry and the academia. Numerous research events and publications are devoted nowadays to the topics within information security. These topics have been indeed the focus of the first International Workshop on Information Forensics and Security – WIFS’09 (http://www.wifs09.org) that has been held in London, UK, last December 6th-9th. This workshop has been supported by the IEEE, the larger and most prestigious professional association in the fields of electrical engineering and computer science, and by other major private organizations in the information security domain such as British Telecom, Hewlett Packard and Thomson. WIFS’09 has gathered nearly 40 scientific papers, selected by an expert program committee among a large number of submissions, and that were presented by renowned researchers in the field. The topics covered in the technical program have been digital watermarking and information hiding, information forensics, biometrics, traitor tracing, fingerprinting, privacy and anonymity, device identification, and cryptography. The workshop has featured outstanding keynote speakers as well, including Bruce Schneier, an internationally renowned security technologist. Another remarkable fact has been the strong presence of members from the industrial sector.
As a proof of its commitment with scientific excellence, in the information security domain in particular, Gradiant has also been present in this cutting-edge research event. Luis Pérez, coordinator of the Task Force in Multimodal Information, has been there presenting two scientific papers on novel theoretical and practical aspects of probabilistic traitor tracing codes, which will probably play an important role in future digital rights management approaches, more friendly with the consumers. A paper coauthored by Fernando Pérez, executive director of Gradiant, was also presented in the field of digital watermarking, introducing improvements for the application of this technology to audio signals. Further research is ongoing in Gradiant on this exciting multidisciplinary field.