The system Shue plans to develop will consist of several interconnected components. The first of these is the network router. As the device that connects a home network to the Internet, the router is the portal through which all network traffic must pass. The system Shue envisions will begin by transforming the router already installed in a home by deploying new firmware that will change the way the router manages the flow of information within the network.
One of the principal jobs of a router is to act as traffic manager, directing incoming data to the appropriate device on the network (an email message to the computer, a streaming movie to the TV, an online game to a game console, etc.) and sending outgoing traffic to the appropriate Internet destination. Instead, routers with the new firmware will direct most traffic, incoming and outgoing, over a secure pathway to a cloud-based security system consisting of a controller and a set of virtual computers called middleboxes.
The middleboxes will be loaded with current information about the Internet, including which sites are known to be authentic and safe and which pose a risk. When the controller diverts traffic to a middlebox, whether it is information headed into a home network from a site on the Internet or a stream of data flowing out to a particular site, the middlebox will check the site’s profile against its stored information. If the identity of the site can be verified, the middlebox will let the traffic proceed. If not, it will stop the traffic in its tracks.
Shue said it is important to check traffic moving into and out of a home network to catch nefarious sites attempting to get access to computers and devices in the home, but also to detect the activities of devices that may already have been compromised. “We are seeing the rapid expansion of the Internet of Things, or IoT,” he said, “which includes all manner of devices—smart TVs, home security systems, appliances—that are connected to the Internet.”
“Many of these technologies have weak or even nonexistent security, and even when manufacturers provide security, few homeowners realize that these devices can be hacked, let alone know how to protect themselves. This is why the IoT makes an inviting target for hackers and why devices like TVs and webcams have already been used in large-scale denial of service attacks.” Shue said the consequences of inadequate security could be severe if connected devices, like light bulbs, stoves, and home heating systems, were made to run amok and cause fires or other property damage.
Because the key steps in verifying the identity of an Internet server or host occur in the early moments of a network connection (a series of information exchanges known as a handshake), Shue said the remote security system should not noticeably slow network performance. “Once the middlebox has verified the authenticity of the connection you are trying to establish with Netflix, for example,” he said, “the middlebox can get out of the way and rest of that transaction can be routed directly to the Netflix server. So while the initial handshake is handled by the middlebox, the movie you want to stream can pass directly from Netflix to your TV.”
Handing off security decisions to a cloud-based service will have multiple benefits, Shue said. For one, by preventing home networks from communicating directly with potentially nefarious Internet hosts, the remote service will reduce the risk that residential computer users will fall victim to scams, identity theft, and attacks, such as malware and ransomware, which may damage or destroy files or even render computers unusable. It will also make it harder for hackers to commandeer computers or other networked electronic devices and turn them into platforms for launching malicious attacks on other computers or networks.
While the focus of Shue’s research is providing reliable security to individual residential computer networks, the work could also increase the security of the Internet more broadly, he noted. “Given the generally weak security measures in residential networks, an improvement that makes them less likely to be targets of attacks or vectors for attacks will make the Internet, as a whole, more secure.” Shue said that since employees often bring to work laptops, mobile devices, or flash drives that can be contaminated by infected home networks, improved home security will also benefit enterprise networks.
Shue said his project also aims to develop what he calls “a new subfield of deployable residential network security.” In addition to being able to keep residential routers updated with the latest security firmware, he said the cloud-based security providers could be used to deploy and evaluate new and previously underutilized security techniques—for example protocols that could flag insecure e-commerce transactions or serve as early warning systems for bot attacks. The platform could also be used to detect and learn about new IoT devices and then quickly deploy that knowledge to other residential networks. “This approach will provide the opportunity to conduct research and deploy new innovations to residential networks in a way that has not previously been possible,” he said.
