It's All About Trust
William Martin Uses Math to Advance Cryptography and Information Security
by Alexander Gelfand
As individuals and organizations find themselves increasingly dependent on information stored and transmitted electronically, there is growing unease about just how safe that data really is. For researchers working in the rapidly evolving field of information security, including William Martin, professor of mathematical sciences, and Berk Sunar, associate professors of electrical and computer engineering, the goal is to overcome that anxiety by making digital devices and networks more trustworthy, and the data they handle more secure.
Most information security schemes are based on a model dating to the 1970s. It assumes that key components of a computer network—the computers themselves, for example, or the wires that connect them—can be trusted. But that model no longer applies. The proliferation of wireless networks and mobile computing devices, the trend toward cloud computing (in which data and software live on the Web and not on one's computer), and the growing sophistication of both software and hardware-based attacks (including physical tampering at the level of computer chips themselves) have conspired to create an environment in which no single piece of the network can be fully trusted.
"Now you have a situation where every single device is untrustworthy," says Martin, whose research, funded by the National Security Agency, includes work on the theory of cryptography. "No longer is there a boundary between what's trusted and what isn't. You can't trust the channel, you can't trust the device in your hand—you can't trust any component of the network, in fact."
Martin collaborates with Sunar, whose work focuses on cryptography and security, to make public key cryptography run effectively on the kind of ultra–low power, computationally limited hardware found in sensor networks and the RFID (radio frequency identification devices) used for everything from tracking inventory in warehouses to making purchases with smart credit cards. The ability to tailor powerful cryptographic primitives—the basic algorithms from which security protocols are constructed—to such constrained environments will become increasingly important as RFID tags become more common, and as sensor designers dispense with batteries in favor of power-scavenging devices that harvest minute quantities of ambient energy from the environment.
In another collaboration, Martin is helping Sunar develop a technique for safeguarding devices like microchips. Manufacturers' growing reliance on foreign chip fabricators raises a serious security concern, since Trojan circuits can be surreptitiously baked into chips, awaiting some trigger to launch a malicious attack at the hardware level. To prevent this, Sunar and a group of collaborators at IBM's Watson Research Center have developed a method for "fingerprinting" families of chips using their unique power signals. A chip containing Trojan circuits won't share the fingerprint of a normal one and can be weeded out long before it has a chance to wreak havoc.
Sunar and former PhD student Ghaith Hammouri also developed a technique for fingerprinting CDs that uses nanoscale variations in the physical characteristics of the discs to generate cryptographic keys. Martin is currently helping Sunar improve the extraction technique further. These "hardware primitives" (based on so-called physically uncloneable functions, or PUFs), could be used to combat piracy by tying a software license to a single CD. Sunar and Martin have received NSF funding to develop similar hardware primitives for use with computer chips.
"Basically, I come up with a crazy application or problem, and Bill comes up with a conceptual-level solution," says Sunar. "We formulate it mathematically, and then it's like being a kid in a candy shop; I have the problems, and he has the solutions."
Ideally, Martin says, researchers will eventually develop a new model capable of assuring security across an entire network even if no single link in the chain is secure. At the moment, he adds, that simply is not possible. But as researchers develop ways of restoring trust in the individual components of computer networks, a broader and more integrated model—one capable of securing the whole system—will inevitably arise.
(From the 2009 edition of WPI Research, the university's research magazine)