The world might run out of a crucial ingredient of touch screens. But don’t worry, we’ve invented an alternative

Timothy Muza/Unsplash, CC BY-SA

Behnam Akhavan, University of SydneyHave you ever imagined your smart phone or tablet without a touch screen? This could soon be the case if we run out of indium, one of the rarest minerals on Earth.

Indium is used in many high-tech devices such as touch screens, smart phones, solar panels and smart windows, in the form of indium tin oxide. This compound is optically transparent and electrically conductive — the two crucial features required for touch screens to work.

But there’s a problem: we have no guaranteed long-term supply of indium. It is naturally found only in tiny traces, and is therefore impractical to mine directly. Almost all of the world’s indium comes as a byproduct of zinc mining.

Fortunately, we have a potential solution: my colleagues and I have developed a new way to make optically transparent and electrically conductive coatings without indium.

A worsening problem

Because the world’s indium supply is tied to zinc mining, its availability and price will depend on the demand for zinc.

Possible declines in zinc demand — already evident in the car manufacturing industry — along with the ever-increasing usage of smart phones and touch panels — are set to exacerbate the potential shortage of indium in the future.

One option is to try and recycle indium. But recovering it from used devices is expensive because of the tiny amounts involved.

---

Read more:
Touch screens: why a new transparent conducting material is sorely needed

---

When a crucial material is in short supply, we should look for alternatives. And that’s exactly what my colleagues and I have found.

How does it work?

Our new coating, details of which are published in the journal Solar Energy Materials and Solar Cells, involves plasma technology.

Plasma is like a soup of charged particles in which electrons have been ripped away from their atoms, and is often described as the fourth state of matter, after solid, liquid and gas. It might sound like an exotic substance, but in fact it comprises more than 99% of the visible objects in the universe. Our Sun, like most stars, is essentially a giant ball of glowing plasma.

Closer to home, fluorescent lightbulbs and neon signs also contain plasma. Our new touchscreen films don’t contain plasma, but their manufacture uses plasma as a way to create new materials that would otherwise be impossible to make.

The new material is created using a process called plasma sputtering.
Behnam Akhavan

Our coating is made of an ultra-thin layer of silver, sandwiched between two layers of tungsten oxide. This structure is less than 100 nanometres thick — roughly one-thousandth of the width of a human hair.

These ultra-thin sandwich layers are created and coated onto glass using a process called “plasma sputtering”. This involves subjecting a mixture of argon and oxygen gases to a strong electric field, until this mixture transforms into the plasma state. The plasma is used to bombard a tungsten solid target, detaching atoms from it and depositing them as a super-thin layer onto the glass surface.

We then repeat this process using silver, and then a final third time tungsten oxide embedded with silver nanoparticles. The entire process takes only a few minutes, produces minimal waste, is cheaper than using indium, and can be used for any glass surface such as a phone screen or window.

The finished result is a sandwich of tungsten oxide and silver, coated onto glass.
Behnam Akhavan, Author provided

The finished plasma coating also has another intriguing feature: it is electrochromic, meaning it can become more or less opaque, or change colour, if an electrical voltage is applied.

This means it could be used to create super-thin “printable displays” that can become dimmer or brighter, or change colour as desired. They would be flexible and use little power, meaning they could be used for a range of purposes including smart labels or smart windows.

The material’s opacity can be changed by varying the voltage.
Behnam Akhavan, Author provided

Smart windows coated with our new films could be used to block the flow of light and thus heat as required. Our plasma film can be applied to any glass surface, which can then be set to adjust its transparency depending on the weather outside. Unlike existing “photochromic” spectacle lenses, which respond to ambient light levels, our material responds to electrical signals, meaning it can be manipulated at will.

Our new indium-free technology holds great potential to manufacture the next-generation touch-screen devices such as smart phones or electronic papers, as well as smart windows and solar cells for environmental sustainability. This technology is ready to be scaled up for creating coatings on commercial glass, and we are now doing further research and development to adapt them for future wearable electronic devices.

---

Read more:
From cobalt to tungsten: how electric cars and smartphones are sparking a new kind of gold rush

---

Behnam Akhavan, Senior Lecturer, ARC DECRA Fellow, School of Biomedical Engineering and School of Physics, Sydney Nano Institute, University of Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

China Hacking Allegations

A Preview of Windows 11 – Coming Soon

Ransomware

A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?

Paul Haskell-Dowland, Author provided

Paul Haskell-Dowland, Edith Cowan University and Brianna O’Shea, Edith Cowan University

Passwords have been used for thousands of years as a means of identifying ourselves to others and in more recent times, to computers. It’s a simple concept – a shared piece of information, kept secret between individuals and used to “prove” identity.

Passwords in an IT context emerged in the 1960s with mainframe computers – large centrally operated computers with remote “terminals” for user access. They’re now used for everything from the PIN we enter at an ATM, to logging in to our computers and various websites.

But why do we need to “prove” our identity to the systems we access? And why are passwords so hard to get right?

---

Read more:
The long history, and short future, of the password

---

What makes a good password?

Until relatively recently, a good password might have been a word or phrase of as little as six to eight characters. But we now have minimum length guidelines. This is because of “entropy”.

When talking about passwords, entropy is the measure of predictability. The maths behind this isn’t complex, but let’s examine it with an even simpler measure: the number of possible passwords, sometimes referred to as the “password space”.

If a one-character password only contains one lowercase letter, there are only 26 possible passwords (“a” to “z”). By including uppercase letters, we increase our password space to 52 potential passwords.

The password space continues to expand as the length is increased and other character types are added.

Making a password longer or more complex greatly increases the potential ‘password space’. More password space means a more secure password.

Looking at the above figures, it’s easy to understand why we’re encouraged to use long passwords with upper and lowercase letters, numbers and symbols. The more complex the password, the more attempts needed to guess it.

However, the problem with depending on password complexity is that computers are highly efficient at repeating tasks – including guessing passwords.

Last year, a record was set for a computer trying to generate every conceivable password. It achieved a rate faster than 100,000,000,000 guesses per second.

By leveraging this computing power, cyber criminals can hack into systems by bombarding them with as many password combinations as possible, in a process called brute force attacks.

And with cloud-based technology, guessing an eight-character password can be achieved in as little as 12 minutes and cost as little as US$25.

Also, because passwords are almost always used to give access to sensitive data or important systems, this motivates cyber criminals to actively seek them out. It also drives a lucrative online market selling passwords, some of which come with email addresses and/or usernames.

You can purchase almost 600 million passwords online for just AU$14!

How are passwords stored on websites?

Website passwords are usually stored in a protected manner using a mathematical algorithm called hashing. A hashed password is unrecognisable and can’t be turned back into the password (an irreversible process).

When you try to login, the password you enter is hashed using the same process and compared to the version stored on the site. This process is repeated each time you login.

For example, the password “Pa$$w0rd” is given the value “02726d40f378e716981c4321d60ba3a325ed6a4c” when calculated using the SHA1 hashing algorithm. Try it yourself.

When faced with a file full of hashed passwords, a brute force attack can be used, trying every combination of characters for a range of password lengths. This has become such common practice that there are websites that list common passwords alongside their (calculated) hashed value. You can simply search for the hash to reveal the corresponding password.

This screenshot of a Google search result for the SHA hashed password value ‘02726d40f378e716981c4321d60ba3a325ed6a4c’ reveals the original password: ‘Pa$$w0rd’.

The theft and selling of passwords lists is now so common, a dedicated website — haveibeenpwned.com — is available to help users check if their accounts are “in the wild”. This has grown to include more than 10 billion account details.

If your email address is listed on this site you should definitely change the detected password, as well as on any other sites for which you use the same credentials.

---

Read more:
Will the hack of 500 million Yahoo accounts get everyone to protect their passwords?

---

Is more complexity the solution?

You would think with so many password breaches occurring daily, we would have improved our password selection practices. Unfortunately, last year’s annual SplashData password survey has shown little change over five years.

The 2019 annual SplashData password survey revealed the most common passwords from 2015 to 2019.

As computing capabilities increase, the solution would appear to be increased complexity. But as humans, we are not skilled at (nor motivated to) remember highly complex passwords.

We’ve also passed the point where we use only two or three systems needing a password. It’s now common to access numerous sites, with each requiring a password (often of varying length and complexity). A recent survey suggests there are, on average, 70-80 passwords per person.

The good news is there are tools to address these issues. Most computers now support password storage in either the operating system or the web browser, usually with the option to share stored information across multiple devices.

Examples include Apple’s iCloud Keychain and the ability to save passwords in Internet Explorer, Chrome and Firefox (although less reliable).

Password managers such as KeePassXC can help users generate long, complex passwords and store them in a secure location for when they’re needed.

While this location still needs to be protected (usually with a long “master password”), using a password manager lets you have a unique, complex password for every website you visit.

This won’t prevent a password from being stolen from a vulnerable website. But if it is stolen, you won’t have to worry about changing the same password on all your other sites.

There are of course vulnerabilities in these solutions too, but perhaps that’s a story for another day.

---

Read more:
Facebook hack reveals the perils of using a single account to log in to other services

---

Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University and Brianna O’Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Travelling overseas? What to do if a border agent demands access to your digital device

New laws enacted in New Zealand give customs agents the right to search your phone.
Shutterstock

Katina Michael, Arizona State University

New laws enacted in New Zealand this month give border agents the right to demand travellers entering the country hand over passwords for their digital devices. We outline what you should do if it happens to you, in the first part of a series exploring how technology is changing tourism.

---

Imagine returning home to Australia or New Zealand after a long-haul flight, exhausted and red-eyed. You’ve just reclaimed your baggage after getting through immigration when you’re stopped by a customs officer who demands you hand over your smartphone and the password. Do you know your rights?

Both Australian and New Zealand customs officers are legally allowed to search not only your personal baggage, but also the contents of your smartphone, tablet or laptop. It doesn’t matter whether you are a citizen or visitor, or whether you’re crossing a border by air, land or sea.

---

Read more:
How to protect your private data when you travel to the United States

---

New laws that came into effect in New Zealand on October 1 give border agents:

…the power to make a full search of a stored value instrument (including power to require a user of the instrument to provide access information and other information or assistance that is reasonable and necessary to allow a person to access the instrument).

Those who don’t comply could face prosecution and NZ$5,000 in fines. Border agents have similar powers in Australia and elsewhere. In Canada, for example, hindering or obstructing a border guard could cost you up to C$50,000 or five years in prison.

A growing trend

Australia and New Zealand don’t currently publish data on these kinds of searches, but there is a growing trend of device search and seizure at US borders. There was a more than fivefold increase in the number of electronic device inspections between 2015 and 2016 – bringing the total number to 23,000 per year. In the first six months of 2017, the number of searches was already almost 15,000.

In some of these instances, people have been threatened with arrest if they didn’t hand over passwords. Others have been charged. In cases where they did comply, people have lost sight of their device for a short period, or devices were confiscated and returned days or weeks later.

---

Read more:
Encrypted smartphones secure your identity, not just your data

---

On top of device searches, there is also canvassing of social media accounts. In 2016, the United States introduced an additional question on online visa application forms, asking people to divulge social media usernames. As this form is usually filled out after the flights have been booked, travellers might feel they have no choice but to part with this information rather than risk being denied a visa, despite the question being optional.

There is little oversight

Border agents may have a legitimate reason to search an incoming passenger – for instance, if a passenger is suspected of carrying illicit goods, banned items, or agricultural products from abroad.

But searching a smartphone is different from searching luggage. Our smartphones carry our innermost thoughts, intimate pictures, sensitive workplace documents, and private messages.

The practice of searching electronic devices at borders could be compared to police having the right to intercept private communications. But in such cases in Australia, police require a warrant to conduct the intercept. That means there is oversight, and a mechanism in place to guard against abuse. And the suspected crime must be proportionate to the action taken by law enforcement.

What to do if it happens to you

If you’re stopped at a border and asked to hand over your devices and passwords, make sure you have educated yourself in advance about your rights in the country you’re entering.

Find out whether what you are being asked is optional or not. Just because someone in a uniform asks you to do something, it does not necessarily mean you have to comply. If you’re not sure about your rights, ask to speak to a lawyer and don’t say anything that might incriminate you. Keep your cool and don’t argue with the customs officer.

---

Read more:
How secure is your data when it’s stored in the cloud?

---

You should also be smart about how you manage your data generally. You may wish to switch on two-factor authentication, which requires a password on top of your passcode. And store sensitive information in the cloud on a secure European server while you are travelling, accessing it only on a needs basis. Data protection is taken more seriously in the European Union as a result of the recently enacted General Data Protection Regulation.

Microsoft, Apple and Google all indicate that handing over a password to one of their apps or devices is in breach of their services agreement, privacy management, and safety practices. That doesn’t mean it’s wise to refuse to comply with border force officials, but it does raise questions about the position governments are putting travellers in when they ask for this kind of information.

Katina Michael, Professor, School for the Future of Innovation in Society & School of Computing, Informatics and Decision Systems Engineering, Arizona State University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

I’ve always wondered: why do our computing devices seem to slow down?

Your gadgets might slow down if they’re bloated with apps.
Neirfy/Shutterstock

Robert Merkel, Monash University

This is an article from I’ve Always Wondered, a series where readers send in questions they’d like an expert to answer. Send your question to alwayswondered@theconversation.edu.au

---

“Why do phones, tablets and computers always slow down as they get older, to the point that they become unusable, but when I back it up and restore it onto a brand new device, it’s fast again (despite not changing any of the installed software)?” – Jason Yosar

---

Plenty of misconceptions and conspiracy theories surround this topic.

Internet searches for “iPhone slow” spike after the release of a new-generation model, but there’s no evidence to suggest that manufacturers deliberately degrade the performance of older devices with software updates.

Computer hardware does not typically slow down over its useful life. Instead, there are several other reasons why smartphones, tablets and PCs start to seem less snappy. The good news is that you can often take steps to improve your existing device’s performance.

Memory bloat

Each time they update, apps typically become larger and more full of features. Visual pizzazz is also a major attraction, and so desktop and mobile operating systems periodically receive significant redesigns.

All that extra functionality and glitz requires your device to do more computation than it did when it arrived home from the store. Given that it doesn’t magically speed up to compensate, it has less spare capacity available to respond to you quickly.

Newer apps not only tend to do more computation, they also usually take up more space in your device’s storage.

Devices only have a limited amount of fast “Random Access Memory” (RAM) available. One of a device’s data storage components, RAM is the rough equivalent of an office whiteboard – fast and convenient, but limited in capacity. Its contents are wiped every time you switch your device off.

When it runs out of space in RAM, your device can shift things to and from the much slower (and permanent until explicitly erased) data storage, flash memory, which takes considerable time.

In older PCs with mechanical hard disks, this used to be called “thrashing”, as users heard the hard disk’s read-write heads moving across the platters as they waited for data to be shifted in and out of the filled-up RAM.

Flash memory is silent and much faster than magnetic hard disks ever were, but it is still orders of magnitude slower than RAM.

Random Access Memory is a form of data storage.
Marcin Bajer/Flickr, CC BY-NC

Excessive cacheing

To make their apps run faster, some designers make them store copies of things in RAM that they think the user might want to see again to speed things up. For instance, a web browser might retain a copy of what the content in each tab looks like, even if only one tab is visible at a given moment.

Known as cacheing, this makes things work much faster – until your system starts to run out of memory. For cacheing to be effective, the amount of space devoted to it must be carefully managed by the application and the device’s operating system.
Some app developers don’t put the effort that they should into doing this well, and their applications not only slow down over time, but can drag the rest of the system down with them too.

More and more software

It’s also not uncommon for useful software to be accompanied by “crapware” – less-than-useful add-ons like browser toolbars – that use system resources and impact performance.

Additional software can slow a system down in many ways: filling up permanent storage, using up more precious RAM, and using the computer’s central processing unit “in the background” without you noticing. All these factors can result in the system having fewer resources available to respond to you promptly.

A new or factory-reset device tends to have less of this accumulated “cruft” (unwanted data and software) installed, and therefore has more resources available to do the tasks that a user actually wants.

Another unpleasant possibility is that some of the computing capabilities of your device are being used by malware – whether viruses, worms or other varieties of malicious software.

What can you do?

You’re not going to be able to match the performance of the latest and greatest high-end smartphone, tablet, or PC with an older model, as newer devices generally have fundamentally faster components. But with a small amount of effort, you can get the most out of your existing device.

Whether you’re using a phone, tablet, PC or Mac, the most useful zero-cost action you can take is to uninstall unnecessary apps and add-ons.

However, in some circumstances it may be easier – AFTER carefully backing up all your data – to simply perform the equivalent of a factory reset and reinstall the operating system from scratch, adding only the apps you actually need.

---

• Email your question to alwayswondered@theconversation.edu.au
• Tell us on Twitter by tagging @ConversationEDU with the hashtag #alwayswondered, or
• Tell us on Facebook

Robert Merkel, Lecturer in Software Engineering, Monash University

This article was originally published on The Conversation. Read the original article.

Explainer: how internet routers work and why you should keep them secure

Think of your router as the post office for the internet.
www.shutterstock.com

Nicholas Patterson, Deakin University

Most of us would be bereft without Wi-Fi but give a little thought to the technology that beams us the internet.

The device we pay so little attention to is called a router. Its main role is to connect networks and send and receive data from an internet provider.

But many routers aren’t particularly secure.

The importance of understanding how routers work and how to protect them from malicious attacks was highlighted by WikiLeaks’s recent revelations about the existence of an alleged CIA hacking tool, code named “CherryBlossom”. This tool can apparently hack routers, allowing the perpetrator to monitor traffic and perform software exploits on victims.

The average person is unlikely to be targeted by this level of attack. But if you’re going to have a router at home, it’s important to understand exactly how it works.

How does a router work?

A router is like a post office for the internet: it acts as a dispatcher, choosing the fastest and most effective delivery paths.

Let’s assume you have a smartphone at home that’s connected to your router and through that, the internet. You’re keen to find a song to listen to. Here’s how it works:

1. Your smartphone takes your song request, and converts it into a radio signal using the specification (it’s called a 802.11 Protocol) that controls how your Wi-Fi works
2. This information is sent to the router, including your smartphone’s Internet Protocol address (essentially, its internet street address) and the track you requested
3. This is where the Domain Name Server (DNS) comes into play. The main purpose of this platform is to take a text based address (let’s say, http://www.spotify.com) and convert it into a numeric Internet Protocol address
4. The router will then send off the request information to your internet provider, through their proxy and then on to Spotify.com
5. Along this journey from your home to your internet provider to Spotify.com, your request information will “hop” along different routers. Each router will look at where the the requested information has to reach and determine the fastest pathway
6. After going through a range of routers, an agreed connection between your home internet, your iPhone and Spotify will be established. As you can see in the image below, I have used a trace route service from Australian-based company Telstra to Spotify showing 16 routers along the journey
7. Then data will begin to travel between the two devices and you’ll hear the requested song playing through your smartphone.

Trace route from Telstra.net to Spotify.com.
Telstra Internet Direct, Author provided

Explaining the back of your router

Even if you now understand how your router works, the machine itself is covered in mysterious ports and jargon. Here are some to look out for:

Ethernet ports: these exist to enable hard wired networking to the router itself in cases where a Wi-Fi connection is not possible.

SSID: this refers to “Service Set Identifier”, and is an alphanumeric set of characters that act as your Wi-Fi network’s identifier.

Telephone/internet port: this port allows your router to gain a hard wired (RJ-45) connection to the internet, usually through telephone lines.

Routers handle interconnectivity and delivery.
Wikimedia Commons

WPS: this stands for “Wi-Fi Protected Setup”. It allows users faster and easier access to Wi-Fi, because they will not have to enter in the passkey once pushed.

LAN: a “Local Area Network” refers to a grouping of computers and devices being networked together, typically with cables and routers in a singular space – often a university, small company or even just at home.

WAN: when we take a series of geographically distributed LANs and connect them together with routers, this is what we call a “Wide Area Network”. This is useful for larger companies that want to connect all their office locations together.

WLAN: closely related to a LAN, “Wireless Local Area Networks” are LANs whereby users who are on mobile devices can connect through a Wi-Fi connection, allowing complete mobility and thus reducing the need for any cables.

The back of a router.
Timo Schmitt/Flickr, CC BY-NC

Cyber safety with routers

It’s important to protect your router and Wi-Fi network from being compromised.

You should:

• Change your router’s administrator password and make it strong
• change the identifying SSID name so it doesn’t give away any details about the model of your router or who owns it
• ensure encryption is turned on in the router settings: this will ensure the traffic travelling over your network is unreadable
• change the passkey you enter in when connecting to Wi-Fi
• ensure your router’s firmware – the software that’s hard coded into your router – is up to date.

Routers ensure your home and internet service provider can stay connected. Look after your router, and it will (hopefully) look after you.

Nicholas Patterson, Teaching Scholar, Deakin University

This article was originally published on The Conversation. Read the original article.

Massive global ransomware attack highlights faults and the need to be better prepared

Wana Decrypt0r 2.0 Ransomware Screen.
Avast

David Glance, University of Western Australia

A massive malware attack was launched on Friday, affecting at least 75,000 computers in 99 countries. Computers running Microsoft Windows were infected with “WanaCrypt0r 2.0 or WannaCry” ransomware. Once infected, all of the files on the computer are encrypted by the malware, which then displays a ransom demand of between US $300 and $600 in bitcoin that needs to be paid before the files can be decrypted.

The WannaCry ransomware is being spread through a weakness in Microsoft Windows that was originally exploited by the US National Security Agency (NSA) as part of their arsenal of cyberweapons in a tool called “Eternal Blue”. Unfortunately, this tool, along with many others, was stolen by hackers and leaked to the world in April 2017 by a hacker group calling themselves the “Shadow Brokers”.

Microsoft had already released a fix for the Eternal Blue vulnerability in March, but the extent of the WannaCrypt attack has highlighted how many organisations have failed to apply the fix, or are running copies of Windows that are so old that there wasn’t a fix for them.

Russia, Ukraine and Taiwan have been the countries most affected by the attack. In the UK however, the attack hit the National Health Service badly enough that services to patients were disrupted.

At the time or writing, one of the bitcoin addresses used by the malware showed that only a few people had paid the ransomware so far but the number has been slowly ticking up.

The spread of the first wave of WannaCry ransomware may have been halted by a cybersecurity researcher who, by registering a domain with a particular name, effectively activated a “kill switch” in the malware software that stops it from spreading further.

Ransomware has become the biggest threat to organisations and governments trying to protect critical infrastructure. According to a study by IBM ransomware attacks increased by 6,000% in 2016 and at least 40% of spam emails now carry ransomware. The study also found that 70% of businesses infected with ransomware would pay the ransom. In many cases, this is because they either did not have backups, or they believed it was a faster way of getting their business back up and running.

The NHS has come in for particular criticism about the consequences of the attack because they knew about the risks and had been warned repeatedly to take steps to protect their networks and computers.

Finding out who was behind the malware is going to be very difficult. The malware communicates using the anonymising Tor network and demands payments in the equally anonymous currency, bitcoin, making tracing those behind the attack more complicated.

The NSA has also been held partly to blame for the attack because it had not alerted Microsoft about the weakness in its system until the NSA’s software that exploited it had been stolen and leaked to the public. Had the NSA told Microsoft when it discovered the weakness, the patch to fix the vulnerability would have been available in enough time for even the slowest of organisations to have patched their computers.

Ironically, large scale attacks such as these do have the effect of highlighting the threat of malware attacks and cybersecurity in general. This is true at the national level as well as amongst businesses. The frequency and scale of attacks also gives us a measure of how effectively companies and countries are prepared for cybersecurity attacks of any kind. Governments can act to enforce cybersecurity protective measures on companies, especially those that provide critical services or infrastructure. They can also act to direct their security services to disclose weaknesses in software systems, rather than keeping them secret in order to exploit them themselves against some future enemy.

Companies and their employees can help protect themselves from future attacks of ransomware by taking the following steps:

1. Back up computers. This doesn’t stop a computer from being attack but effectively renders it ineffective because it is easy to re-install the system from a backup should it become locked by ransomware.
2. Don’t click on links in emails unless you are expecting the email to contain a link. If you don’t know, double check with the sender. Equally, if you open a document and it asks to run macros, just say no. Avoid putting people into this situation in the first place by not sending links unless you have agreed prior to sending the email.
3. Always update systems and software with the latest security updates. Better still, set the system to automatically do this on your behalf.
4. Use antivirus software to protect systems.
5. If infected, disconnect the computer from the network so that other computers are not infected.

David Glance, Director of UWA Centre for Software Practice, University of Western Australia

This article was originally published on The Conversation. Read the original article.

Cloud, backup and storage devices: how best to protect your data

How much data do you still store only on your mobile, tablet or laptop?
Shutterstock/Neirfy

Adnene Guabtni, Data61

We are producing more data than ever before, with more than 2.5 quintillion bytes produced every day, according to computer giant IBM. That’s a staggering 2,500,000,000,000 gigabytes of data and it’s growing fast.

We have never been so connected through smart phones, smart watches, laptops and all sorts of wearable technologies inundating today’s marketplace. There were an estimated 6.4 billion connected “things” in 2016, up 30% from the previous year.

We are also continuously sending and receiving data over our networks. This unstoppable growth is unsustainable without some kind of smartness in the way we all produce, store, share and backup data now and in the future.

In the cloud

Cloud services play an essential role in achieving sustainable data management by easing the strain on bandwidth, storage and backup solutions.

But is the cloud paving the way to better backup services or is it rendering backup itself obsolete? And what’s the trade-off in terms of data safety, and how can it be mitigated so you can safely store your data in the cloud?

The cloud is often thought of as an online backup solution that works in the background on your devices to keep your photos and documents, whether personal or work related, backed up on remote servers.

In reality, the cloud has a lot more to offer. It connects people together, helping them store and share data online and even work together online to create data collaboratively.

It also makes your data ubiquitous, so that if you lose your phone or your device fails you simply buy a new one, sign in to your cloud account and voila! – all your data are on your new device in a matter of minutes.

Do you really back up your data?

An important advantage of cloud-based backup services is also the automation and ease of use. With traditional backup solutions, such as using a separate drive, people often discover, a little too late, that they did not back up certain files.

Relying on the user to do backups is risky, so automating it is exactly where cloud backup is making a difference.

Cloud solutions have begun to evolve from online backup services to primary storage services. People are increasingly moving from storing their data on their device’s internal storage (hard drives) to storing them directly in cloud-based repositories such as DropBox, Google Drive and Microsoft’s OneDrive.

Devices such as Google’s Chromebook do not use much local storage to store your data. Instead, they are part of a new trend in which everything you produce or consume on the internet, at work or at home, would come from the cloud and be stored there too.

Recently announced cloud technologies such as Google’s Drive File Stream or Dropbox’s Smart Sync are excellent examples of how cloud storage services are heading in a new direction with less data on the device and a bigger primary storage role for the cloud.

Here is how it works. Instead of keeping local files on your device, placeholder files (sort of empty files) are used, and the actual data are kept in the cloud and downloaded back onto the device only when needed.

Edits to the files are pushed to the cloud so that no local copy is kept on your device. This drastically reduces the risk of data leaks when a device is lost or stolen.

So if your entire workspace is in the cloud, is backup no longer needed?

No. In fact, backup is more relevant than ever, as disasters can strike cloud providers themselves, with hacking and ransomware affecting cloud storage too.

Backup has always had the purpose of reducing risks using redundancy, by duplicating data across multiple locations. The same can apply to cloud storage which can be duplicated across multiple cloud locations or multiple cloud service providers.

Privacy matters

Yet beyond the disruption of the backup market, the number-one concern about the use of cloud services for storing user data is privacy.

Data privacy is strategically important, particularly when customer data are involved. Many privacy-related problems can happen when using the cloud.

There are concerns about the processes used by cloud providers for privacy management, which often trade privacy for convenience. There are also concerns about the technologies put in place by cloud providers to overcome privacy related issues, which are often not effective.

When it comes to technology, encryption tools protecting your sensitive data have actually been around for a long time.

Encryption works by scrambling your data with a very large digital number (called a key) that you keep secret so that only you can decrypt the data. Nobody else can decode your data without that key.

Using encryption tools to encrypt your data with your own key before transferring it into the cloud is a sensible thing to do. Some cloud service providers are now offering this option and letting you choose your own key.

Share vs encryption

But if you store data in the cloud for the purpose of sharing it with others – and that’s often the precise reason that users choose to use cloud storage – then you might require a process to distribute encryption keys to multiple participants.

This is where the hassle can start. People you share data with would need to get the key too, in some way or another. Once you share that key, how would you revoke it later on? How would you prevent it from being re-shared without your consent?

More importantly, how would you keep using the collaboration features offered by cloud providers, such as Google Docs, while working on encrypted files?

These are the key challenges ahead for cloud users and providers. Solutions to those challenges would truly be game-changing.

Adnene Guabtni, Senior Research Scientist/Engineer, Data61

This article was originally published on The Conversation. Read the original article.