Dr. Henry Carter is an Assistant Professor of Computing Sciences at Villanova University focusing on cryptography and mobile applications. He’s also a member of Security Baron’s Expert Network, making sure our VPN and password manager reviews are technologically accurate. Security Baron talked to Dr. Carter and asked him our important questions about VPNs, cybersecurity, and his research in general.
When do you think VPNs are necessary? Are most VPNs worth using?
VPNs are especially useful when you need to do a significant amount of work on an untrusted network. If you are only accessing a few webpages on an open Wifi network, using a browser plugin like HTTPS Everywhere may be enough to ensure your traffic is encrypted. However, if you need to use a variety of networked programs (e.g., email clients or other programs synchronizing data over the Internet), it is safer to use a VPN. In addition, accessing sensitive network resources on a corporate network should be done using a VPN, as liability for a breach may fall on the company instead of just you!
What qualities do you look for in a VPN?
In evaluating a VPN, you need to ensure that they are using a common software implementation that provides traffic tunneling, as this will give you some assurance that the software has been carefully vetted and that your data is correctly encrypted. In addition, using a well-reviewed service with a clear user agreement outlining how customer data is handled can help ensure that your data isn’t being mishandled by the VPN provider.
What does your current research concern and what discoveries have you made in the past?
My research focuses on network protocols and preserving user data privacy. As a part of this work, I have had the opportunity to develop cryptographic protocols that protect user data stored in the cloud, as well as evaluate the privacy leakage from Internet protocols such as DNS.
How did you become interested in cyber security?
My original decision to pursue Computer Science was tentative because I enjoyed working with computers growing up but was uncertain how well I would enjoy the mathematical aspects of the degree. However, once I started the program, I found the math-related courses were some of my favorites. It was also during this time that I discovered a knack for explaining technical concepts, which motivated me to pursue a career in teaching. After college I was accepted into the graduate program at Georgia Tech, where I developed my expertise in computer security and cryptographic protocols, which led me to my role as an assistant professor at Villanova.
The first security course I took in college was a summer course in network security and cryptography. I was fascinated by the design and proofs of correctness for cryptographic protocols, as well as the sensitivity of these tools to minor errors which can lead to significant security vulnerabilities. That course inspired me to choose cryptography as the topic of my graduate study when I went to graduate school.
What do you wish the average person knew about cyber security?
It’s a lot easier to break into computer systems than people think! That being said, there are some simple defensive measures that can make attacks a lot harder for hackers, which is often all you need to get them to give up and chase an easier target. Also, use a password manager! Cracking human-memorable passwords is VERY easy, and using the same password across multiple sites is very dangerous.