It's All About Trust
Wenjing Lou, associate professor of electrical and computer engineering, with PhD candidate Ming Li, explores security issues with cloud computing.
by Alexander Gelfand
As individuals and organizations find themselves increasingly dependent on information stored and transmitted electronically, there is growing unease about just how safe that data really is. For researchers working in the rapidly evolving field of information security, including William Martin, professor of mathematical sciences, and Wenjing Lou and Berk Sunar, associate professors of electrical and computer engineering, the goal is to overcome that anxiety by making digital devices and networks more trustworthy, and the data they handle more secure.
The Age of Insecurity
Most information security schemes are based on a model dating to the 1970s. It assumes that key components of a computer network—the computers themselves, for example, or the wires that connect them—can be trusted. But that model no longer applies. The proliferation of wireless networks and mobile computing devices, the trend toward cloud computing (in which data and software live on the Web and not on one’s computer), and the growing sophistication of both soft ware and hardware-based attacks (including physical tampering at the level of computer chips themselves) have conspired to create an environment in which no single piece of the network can be fully trusted.
"Now you have a situation where every single device is untrustworthy," says Martin, whose research, funded by the National Security Agency, includes work on the theory of cryptography. "No longer is there a boundary between what’s trusted and what isn’t. You can’t trust the channel, you can’t trust the device in your hand—you can’t trust any component of the network, in fact."
Several years ago, Sunar and Lou began independent projects aimed at securing a new generation of wireless networks that are particularly vulnerable to attack. These wireless systems, which include wireless sensor networks (WSNs), mesh networks, and mobile ad hoc networks, are already used by the military and may one day be employed in fields as diverse as environmental monitoring and healthcare.
Because they are made up of many tiny, widespread wireless devices with few if any wired connections, these networks are especially prone to eavesdropping. In addition, the devices' tiny processors and meager power supplies limit their ability to run the kinds of strong crypto systems (including public key cryptography, the backbone of Internet security) that protect data in more robust computing environments. The security and privacy concerns raised by these next-generation wireless networks will only grow in the years ahead as they become pervasive, enabling everything from the operation of battlefield drones to the remote monitoring of patients' vital signs.
With funding from the National Science Foundation (NSF), including a prestigious CAREER Award, Lou has addressed this problem by devising novel schemes for encrypting data in mesh and mobile ad hoc networks. Her protocols would allow a wireless network to function securely even if one or more of its nodes were compromised, and would grant users a measure of privacy that could nonetheless be revoked if they were suspected of acting maliciously. (In security parlance, her scheme would allow both anonymity and accountability.) She now concentrates her wireless security efforts in the realm of e-health applications, including the development of protocols for body area networks, which transmit data from biosensors attached to a patient’s body.
" No longer is there a boundary between what’s trusted and what isn’t. You can’t trust the channel, you can’t trust the device in your hand—you can’t trust any component of the network, in fact."
Meanwhile, Sunar, whose work focuses on cryptography and security, has collaborated with Martin to make public key cryptography run effectively on the kind of ultra–low power, computationally limited hardware found in sensor networks and the RFID (radio frequency identification devices) used for everything from tracking inventory in warehouses to making purchases with smart credit cards. The ability to tailor powerful cryptographic primitives—the basic algorithms from which security protocols are constructed—to such constrained environments will become increasingly important as RFID tags become more common, and as sensor designers dispense with batteries in favor of power-scavenging devices that harvest minute quantities of ambient energy from the environment.
Safety in the Cloud
The nature of information security changes as quickly as digital technology itself. Over the past year or two, all three researchers have shifted their attention to newly emerging areas of concern. Lou is exploring security issues surrounding cloud computing, in which data and software applications live on the Internet rather than locally on a computer’s hard drive. The security implications of cloud computing are not yet well understood, but they are troubling. For one thing, the data servers in the cloud, which store user data and execute user programs, are no longer fully trustworthy. And there is no method currently in place that would allow users to verify the integrity and completeness of the data they have stored in the cloud without maintaining a local copy for comparison—something that would eliminate the advantages of cloud computing.
Searchable encryption will let users store encrypted data in the cloud and query it, yet still hide it from prying eyes.
"Some people argue that a service provider will not have the motivation to destroy or hide your data," Lou says. "But in reality, it's always possible. Data might get lost or corrupted due to system failure. Or a disgruntled employee may delete your data. Many people will only trust the cloud with their data when they are sure that effective security and privacy protection is in place."
Lou has devised a new protocol that uses cryptographic algorithms in combination with random sampling techniques to verify data stored in the cloud without requiring comparison with a local copy. Much remains to be done. For example, Lou has just begun work on searchable encryption, which would allow users to store encrypted data in the cloud yet still query it, all while hiding both the underlying information and the search itself from prying eyes. Such protection would be crucial for a bank that wanted to store its customers’ financial records in the cloud while preventing hackers from tracing its transactions and collecting enough information to compromise the data.
William Martin, right, professor of mathematical sciences, and Berk Sunar, associate professor of electrical and computer engineering, are collaborating on research that puts a new spin on security for digital media, like CDs. The work involves creating fingerprints that are based on nanoscale variations in the physical characteristics of the discs. These variations become the basis for cryptographic keys that can help prevent software piracy.
Security Gets Physical
Whereas Lou has shifted her gaze outward to the cloud, Sunar is looking inward at the smallest network components: individual microchips. Manufacturers' growing reliance on foreign chip fabricators raises a serious security concern, he says, since Trojan circuits can be surreptitiously baked into chips, awaiting some trigger to launch a malicious attack at the hardware level. To prevent this, Sunar and a group of collaborators at IBM's Watson Research Center have developed a method for "fingerprinting" families of chips using their unique power signals. A chip containing Trojan circuits won't share the fingerprint of a normal one and can be weeded out long before it has a chance to wreak havoc.
Sunar and former PhD student Ghaith Hammouri also developed a technique for fingerprinting CDs that uses nanoscale variations in the physical characteristics of the discs to generate cryptographic keys. Martin is currently helping Sunar improve the extraction technique further. These "hardware primitives" (based on so-called physically uncloneable functions, or PUFs), could be used to combat piracy by tying a software license to a single CD. Sunar and Martin recently received NSF funding to develop similar hardware primitives for use with computer chips. "Basically, I come up with a crazy application or problem, and Bill comes up with a conceptual-level solution," says Sunar. "We formulate it mathematically, and then it’s like being a kid in a candy shop; I have the problems, and he has the solutions."
Says Berk Sunar, "I come up with a crazy application or problem, and Bill comes up with a conceptual-level solution. We formulate it mathematically, and then it's like being a kid in a candy shop; I have the problems, and he has the solutions."
Ideally, Martin says, researchers will eventually develop a new model capable of assuring security across an entire network even if no single link in the chain is secure. At the moment, he adds, that simply is not possible. But as researchers develop ways of restoring trust in the individual components of computer networks, a broader and more integrated model—one capable of securing the whole system—will inevitably arise.
"The big picture is going to emerge," says Sunar. "But not unless we first look at the individual links."