12 Oct 2022
by Dr. Andy Lilly

Cryptographic authentication critical to fight deepfake & ID fraud (Guest blog by Armour Comms)

Guest blog by Dr. Andy Lilly, CTO of Armour Comms #Cyber2022

The first few weeks of a new prime minister has shown the importance of getting communications right, be that the message, the media or the timing. In business, the speed that negatively received messages can go viral has been supercharged by social media. Now think of the potential issues if those communications could be hacked, tampered with, or faked.

The rise of deepfake technologies capable of manipulating video and audio into totally believable corporate communications means it is increasingly critical to know that you are communicating with the person you think you are.

Deepfake fraud is here, now

There are an increasing number of real-world examples of ID fraud and deepfake scams. Over three years ago the Head of a UK subsidiary was tricked into transferring €200,000 to a Hungarian supplier on the instructions of the CEO of the German parent company. In reality, the conversation took place with an artificial intelligence (AI) equipped criminal gang using deepfake software to mimic the German Chief Executive’s voice patterns.

The software was able to perfectly impersonate the voice, including tone, punctuation and German accent, completely fooling the head of the UK subsidiary. The call was also accompanied by an email, supposedly from the CEO reiterating the payment instructions.

It’s no longer enough for organisations to protect sensitive corporate information and intellectual property, such as pricing, product formulas, research, customer lists, etc. It is vital that identities are also safeguarded and remain trustworthy.

Can you really trust video and audio?

Although we have seen deepfakes imitate celebrities and public figures in video format, it’s an endeavour that still takes hours of footage to achieve. Being able to fake voices convincingly takes fewer recordings to produce and with greater computing power will become easier to create. It begs the question can voice recognition be relied on as an accurate form of identity verification?

In the future, deepfake audio fraud is likely to be highly exploited in criminal activity. As the technology continues to evolve, it will become increasingly difficult to distinguish real audio from fake. If you want to ensure authentication of identity you need to use a seriously secure mobile comms service.

Help is out there

Solutions such as Armour Mobile use MIKEY-SAKKE identity-based encryption to secure multimedia services. This enables secure voice and video calls, voice and video conference calls, one-to-one and group messaging, and sending file attachments. The solution ensures that the parties exchanging calls and data are who they claim to be (hence the term “identity-based”).

The MIKEY-SAKKE protocol uses identity-based cryptography and is designed to enable secure, cross-platform communications by identifying and authenticating the end points. It is an efficient, effective and NCSC-accredited protocol for building a wide range of secure multimedia services for government and enterprises.

Get prepared… now

Deepfake scams may well have arrived but there are proven tools to identify the real from the fake. These help prevent fraudulent activity by enabling secure collaboration between trusted colleagues. Communications can be conducted within a closed user group and only trusted parties added to the system can call and message others. So, when discussing commercially sensitive information such as corporate intellectual property, financial transactions, and customer details, you need to know you can trust your communications.

Prepare your organisation now. The fakes will only become better as AI advances. If trust evaporates, business will become untenable.

For more information about MIKEY-SAKKE visit:  https://www.ncsc.gov.uk/articles/using-mikey-sakke-building-secure-multimedia-services or: https://www.armourcomms.com/


Help to shape and govern the work of techUK’s Cyber Security Programme

Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.

*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.


Upcoming events 

Cyber Innovation Den

On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.

Book now!

Cyber Security Dinner

In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.

Book now!


Get involved

All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.

The Cyber Security Group provides a coherent voice for industry working in "high threat" areas - including defence, national security and resilience, the protection of critical national infrastructure, intelligence and organised crime.

The Cyber Management Committee sets the strategic vision for the cyber security programme, helping the programme engage with government and senior industry stakeholders.

The CSSMEF is comprised of SME companies from the techUK membership. The CSSMEF seeks to include a broad grouping of different SME companies working in the Cyber Security (CS) sectors.

 

 

Authors

Dr. Andy Lilly

Dr. Andy Lilly

CTO, Armour Comms