Winter Conference 2024 Banner


Security

CableLabs Co-Chairs New M3AAWG AI Committee

Kyle Haefner
Principal Security Architect

Andy Dolan
Senior Security Engineer

Feb 15, 2024

Key Points

  • M3AAWG has formed the AI Committee to proactively address challenges posed by the increased use of artificial intelligence in online abuse.
  • Addressing AI-powered abuse, the committee will study abusers' tactics and develops best practices to mitigate the impact of spam, phishing, fraud and online harassment.
  • Actively tracking and advocating for responsible AI development policies, efforts are directed towards enhancing AI system security and ensuring lifecycle protection against cyber threats.

The sudden rise of highly capable artificial intelligence (AI) has brought immense opportunities for beneficial innovation and advancement. However, alongside its benefits, AI also presents unique challenges concerning online abuse and threats to security and privacy. Recognizing the urgency of addressing these issues, the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) has taken a proactive stance by forming a dedicated AI Committee. The M3AAWG AI Committee, co-chaired by CableLabs, underscores M3AAWG’s commitment to fostering a safer and more secure online environment for users worldwide.

Tackling Abuse Facilitated by AI Systems

One of the primary objectives of the M3AAWG AI Committee is to address the growing concern surrounding malicious actions facilitated by AI systems. To bolster spam and phishing attacks, fraud, and online harassment, nefarious actors are increasingly leveraging AI-powered tools to amplify and accelerate their harmful activities. By studying the tactics employed by abusers and evaluating countermeasures, the committee aims to develop best common practices to help mitigate the impact of AI-facilitated abuse on individuals and organizations alike.

Public Policy and AI Abuse

The landscape of AI policy is in varying stages of development, with governmental and intergovernmental bodies around the globe proposing and enacting their own models of regulation and oversight. These efforts include the recent Executive Order in the United States aiming for "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence," and the European Union’s proposed AI Act establishing stricter regulations for high-risk applications. The M3AAWG AI Committee is establishing an initiative to track policy developments and advocate for public policy promoting responsible and secure AI development.

Best Common Practices for Securing the AI Lifecycle and AI Systems

As AI technologies become more pervasive across various sectors, they also become prime targets for cyberattacks and exploitation. Vulnerabilities in AI algorithms and frameworks can be exploited to manipulate outcomes, compromise data integrity, and undermine trust in AI-driven solutions. In addition to combating malicious use, the M3AAWG AI Committee is focused on enhancing the security of AI systems and the AI lifecycle from training to deployment of AI models through the development of best common practices.

Harnessing AI to Counter Abuse

Although AI has been weaponized for nefarious purposes, it also holds immense potential as a tool for combating abuse and safeguarding online ecosystems. The M3AAWG AI Committee recognizes this dichotomy and is exploring innovative ways to harness AI for good. From proactive content moderation and anomaly detection to sentiment analysis and behavioral profiling, AI technologies offer many possibilities for enhancing online safety and security. By developing AI-driven solutions for detecting and mitigating abuse in real-time, the committee aims to empower service providers, platforms, and other stakeholders in their efforts to combat online threats effectively.

Why M3AAWG: Collaboration and Engagement

M3AAWG recently celebrated 20 years of combatting online abuse and making the internet a safer place.  The last 20 years of combatting spam, malware, DDoS and many other forms of abuse has only been possible through collaboration and engagement with industry leaders, academic institutions, government agencies, and advocacy groups. The M3AAWG AI Committee will leverage and build upon these relationships within the unique trusted forum of M3AAWG to address the complex challenges posed by AI-driven abuse and innovate towards AI-enabled solutions. Through open dialogue, knowledge sharing, and collaborative initiatives, the M3AAWG AI Committee aims to foster a community-driven approach to combating online abuse and promoting responsible AI usage.

Looking Ahead: The Next 20 Years

As AI continues to evolve at a rapid pace, the importance of proactive measures to address its implications for online abuse and security cannot be overstated. With the establishment of the AI Committee at its 60th meeting in San Francisco this February 2024, M3AAWG has taken a significant step towards addressing these pressing issues head-on. By leveraging collective expertise and resources, the committee is poised to drive meaningful progress in safeguarding the digital landscape against emerging threats.

Stay tuned for updates and insights from M3AAWG as we continue our journey towards a safer digital future, and please consider joining M3AAWG and the AI Committee to do your part.

LEARN MORE

Security

Maintaining Confidentiality in the 10G Network

Confidentiality in the 10G Network

Andy Dolan
Senior Security Engineer

Aug 4, 2020

The 10G platform will offer almost limitless opportunities for innovation and new experiences in the home, bolstering the capabilities of the Internet of Things (IoT) landscape. While the volume of data that passes over cable technologies continues to grow, the classification of private and confidential boundaries continues to change.

Moreover, security is an abstract topic, particularly in the sense of the assurance it provides. We expect security to be present, but in a way that we don’t need to think about; we expect the assurance of security to be seamless. Behind the scenes, security is a constant source of innovation to make that seamless protection possible in the face of an ever-changing set of vulnerabilities, threats and exploits. The frequent application of the phrase “arms race” to describe that innovation is appropriate. Addressing confidentiality is a key pillar in the 10G security platform; it ensures that user data continues to be protected as new possibilities and services become available.

Brief Review: What Is Confidentiality?

Last fall, CableLabs produced a set of blog posts covering the security pillars of confidentiality, integrity and availability. Confidentiality ensures that access to resources such as hardware components, sensor data or private information is only granted to authorized actors, whether they’re users or processes. Authorization is part of the mechanism that enables confidentiality as the barrier between the actor and resource.

What are the primary ways that we can keep information confidential? We’re going to focus on two techniques applied to information:

  • Encryption-Using algorithms to render information unreadable without the proper materials (keys) to decrypt it.
  • Separation and Isolation-Putting barriers in place that must be traversed before gaining access to information.

In addition, there are some threats against confidentiality, including vulnerabilities in encryption algorithms, exploits that can circumvent authorization mechanisms, and, of course, there’s the possibility of quantum computing right around the corner. To stay ahead of the curve, we must continue to innovate to meet these threats.

Where Confidentiality Counts: The Network

Confidentiality is key when it comes to the amount of data that passes between machines. Even over the past 5 years, the data that we consider to be critical in terms of confidentiality has evolved beyond simply what we’re browsing or streaming. It’s also about what our devices are doing.

In the age of the IoT, where every device is connected and often eager to capture the aspects of our environment or actions it invokes, confidentiality also applies to the data that is shared between devices and their cloud services. A great amount can be garnered from the passive observations and actions of smart devices as they’re used over time, including behaviors typical of users interacting with them (e.g., when the smart coffee pot is typically started in the morning). Protecting such data at home is particularly paramount during these unprecedented times of increased “work-from-home” routines.

Continuing to Ensure Confidentiality on the Network

Since its inception in 1997, the DOCSIS ® specification (and later the extended DOCSIS ® security specification) have implemented encryption to ensure that user data is protected from eavesdropping on the cable network. Over the years, changes to encryption algorithms and key sizes have been enacted in DOCSIS in line with the recommendations and best practices of industry and standards organizations.

As the threats against confidentiality continue to be revealed in the world of 10G, CableLabs will continue to adapt to the cryptographic standards and recommendations of such groups through updates to specifications and best practices. Future innovations in encryption technologies will continue to accommodate the incredible power of the 10G network while ensuring the confidentiality of the data that is carried over it.

Maintaining Confidentiality in the Age of the Smart Home

A major evolution in the architecture of the Internet that has come about in only the past decade has been the advent of the IoT. As noted before, confidential data and its privacy implications are now more prevalent than ever, even within only a single smart home. In addition, it may be possible for one compromised smart device to act as a starting point for further intrusions of other devices or points in the home; how can we utilize separation to protect against such a scenario?

Enter CableLabs Micronets, a system that can dynamically organize devices into different groups and provide network separation among them. With this system enabled on your home (or work) networks, one compromised device doesn’t directly provide an attacker with the possibility to target other devices and/or confidential data they may have stored or transmitted over the network.

As for confidentiality when devices talk to each other, CableLabs continues to engage with standards organizations such as OCF to draft standards that ensure the secure operation (and interoperation) of IoT devices, as well as device interactions with cloud services.

Conclusions

The opportunities that the 10G platform will provide are immense in both promise and scope, allowing previously infeasible technologies to be brought to the forefront to provide new classes of products and services.

In light of these great innovations, we must remain cognizant when it comes to the confidentiality of our resources and the protection of user data. As the “arms race” continues, we will continue innovating and staying one step ahead. That’s the speed of security.


SUBSCRIBE TO OUR BLOG