Cyber Defender

Professor discovers new way to safeguard vital electronic information

Raheem Beyah

As Americans have more and more of their personal information stored online, that information has become very vulnerable - and valuable - to hackers.

Examples of intrusions abound, including the recent breaches of Sony PlayStation's and Citigroup's servers, which put untold numbers of their customers at risk.

While many attacks come from the outside, sometimes the threat can come from an authorized user on a network. Raheem Beyah, an assistant professor of computer science, is working on a new security system that will give administrators a more effective way to hunt down and identify inappropriate usage, which could be key in stopping an attack.

Beyah's project is funded by a $400,000 grant from the Defense Advanced Research Projects Agency, or DARPA. DARPA, part of the U.S. Department of Defense, is responsible for the development of new technology for use by the military.

Specifically, Beyah is researching ways to detect when unauthorized devices are on a network. "If we can see externally from network traffic ... generated [by unauthorized usage], and if devices [on a network] are being utilized in a way that they shouldn't, then perhaps someone has compromised the system," Beyah said.

Administrators trying to find inappropriate usage might be fooled, however, because a hacker may have configured the system to throw them off. For example, one way administrators keep an eye on a network is monitoring its nodes, such as a modem or hub.

"You don't want to rely necessarily on the node itself because it could be lying," Beyah said.

Beyah's new method, on the other hand, seeks to go beyond detecting unauthorized usage to identifying unauthorized devices - even if they are linked by people who have IDs and passwords for that particular network - by detecting the device's "signature."

Beyah theorizes that every computer hardware device hooked into a network has an inherent communications pattern. Every piece of hardware, in other words, has its own signature, or voice.

"The components that make up different types of computers are unique. A Mac, for example, has different components than a Dell," he said. "If you have these heterogeneous components, they interact with each other to create a voice."

Detecting these devices, Beyah said, is crucial in the fight to protect vital data. For example, a person who works at a business or government agency could bring his or her own personal laptop, desktop or even an iPhone and connect it to a network in order to steal sensitive information, he said.

"It's really a big deal to detect devices, even if the user is authorized to be on the network," he said. "We developed hardware signatures, which are a function of the composition of various devices." Ultimately, Beyah hopes to develop computer programs that will be able to detect these signatures. The program would also prevent authorized users from copying data from the system, for example, and then sharing it with outsiders