Tali de York

Oct 22, 2020

4 min read

Deus Ex Machina: Get AI to Boost Device Crypto-Health Monitoring

Just because you’re paranoid, it doesn’t mean they ain’t out to get you. And your Protective Intelligence team should include Artificial Intelligence when crypto-health of your network is at stake.

If you are responsible for crypto-health of a big company, being paranoid is part of your job description: the richer your company is, the more appetizing it is as bait. Also, the larger your network is, the more potential vulnerabilities it has. Your stakeholders trust you with keeping their data safe. In Crypto-Health of Your Device: Should You Care?, I addressed the importance of keeping robust crypto-health of any network-connected device, even if it is a kettle. For you, it is achievable to be a crypto-health guardian, especially if you have enough resources to ensure adequate protection. You can integrate crypto-health monitors into your workflows and use your team to be proactively ready in following the latest cryptography compliance standards and updating main elements of hosts’ crypto-health: digital certificates and cryptographic algorithm implementations.

But what if you are a small player or a home gamer? Crypto-health would turn into a living crypto-hell. As I wrote in Crypto-Health Scout: Patient, Treat Thyself?!, most of us do not have adequate knowledge on how to deal with the discovered vulnerability points or can pay for external support. I suspect that it is the main reason that we have yet to see mass-market crypto-health monitoring products from well-established antivirus software brands. Antivirus programs offer detection and immediate cure, while crypto-health monitoring offers detection and requires expertise. You can’t just delete files containing vulnerable cryptographic objects: it would compare to cutting out all your red blood cells, or all your brain cells, or make holes in all cell membranes because you want to take that weak protein out! As there can not be a magic button to fix the issues, such products would only bring frustration and anxiety. And who would want to sell frustration to their clients?

In an ideal world, that large-scale crypto-health expertise would still be available to individual users the way AI-based applications in human healthcare perform diagnostics as well as possible treatment suggestions. In the real world, is there hope for devices?

A New Hope: Artificial Intelligence

Artificial Intelligence (AI) is a tool in the field: cryptography and its adversary, cryptanalysis, have been using it to achieve better encryption results or to hack existing cryptographic algorithms. Still, how can we integrate Artificial Intelligence into our hypothetic Crypto-Health Scout and create a useful diagnostic and recommendation Crypto-Health AI-Scout tool for individuals? My hint is to use the power of statistical machine learning to interpret the results of crypto-health reports and then call an AI-based recommendation engine to suggest possible actions.

First Crypto-Health Task: Should You Care?

After you get a crypto-health report with discovered potential vulnerabilities of a host, you have to determine if the weakened cryptographic objects are accessible from outside. If yes, they are vulnerabilities, and you should replace them. I suggest solving this task using the supervised machine learning approach. First, we need to create a labeled training dataset for various cryptographic objects on a device and use it to train a classification algorithm. Then, we can use the trained model for predicting if a cryptography object is accessible from outside.

Second Crypto-Health Task: How to Upgrade?

After you get a list of confirmed vulnerable cryptographic objects, you have to determine the course of action on replacing them. As I described in Crypto-Health Scout: Patient, Heal Thyself?!, possible options include checking for a software update, creating a custom build, replacing the software package with alternatives, or abandoning it. The custom software rewrite option is often too expensive for individuals, so I do not include this option for the mass market. Here, we can use an AI-based recommendation engine, which is a second machine learning model trained on a labeled dataset of possible actions. For this model, we could use a classification algorithm that will predict if we should Update, Custom Build, or Abandon an application.

Data Drift and Scalability

As we should regularly retrain the classification algorithms to compensate for constant data changes (data drift), it is a good idea to make this service cloud-based. It will also provide scalability and elasticity of resources. As a result, our Crypto-Health AI-Scout becomes a serverless distributed application that uses the Software-as-a-Service (SAAS) model.

Takeaways

  • Crypto-health monitors are necessary both for large company networks and individual devices.
  • AI can provide the required expertise and support for the results of Crypto-Health status reports and make crypto-health monitors helpful for individuals.
  • The process should use supervised machine learning techniques on labeled datasets with regular retraining to mitigate data drift.
  • Using cloud-native technologies and the SAAS model will help to build a powerful Crypto-Health AI-Scout tool.

I am dreaming of the future when I can go to a Crypto-Health website, click Check Your Device, and after a cup of tea, click the Fix Weak Cryptography button. After another cup of tea, my device is healthy again, and I feel safe. But should I really? What lurks in those clouds? Who watches the Watchers?