Making room for privacy in cybersecurity
Balancing individual privacy with national security needs will continue to be a major challenge in the years to come. Annie Antón has been working on these dual objectives since the 1990s, when she was a graduate student at Georgia Tech.
“I realized then that security and privacy were both essential goals for modern computing systems,” said Antón, who returned to Georgia Tech in 2012 as chair of the School of Interactive Computing.
Antón, who presented her first privacy and security papers before the 9/11 attacks, is part of a National Research Council committee on Foundational Science in Cybersecurity. She is on security and privacy advisory boards for major corporations and has served on the Department of Homeland Security Data Privacy and Integrity Advisory Committee. She recently appeared on C-SPAN for her testimony on the role of technology and privacy in fighting terrorism.
Antón’s current research focuses on how to create systems that actually comply with regulatory, security, and privacy requirements.
This work is particularly relevant today, considering the rapid growth of the Internet of Things, which allows for communication among everyday devices such as Fitbit Trackers, smart thermostat systems, and washers/dryers that use Wi-Fi for remote monitoring.
As information for these devices is collected and stored, big data analytics will process this information and infer things about us.
“Security and privacy will need to be baked in from the start,” she said.
—Annie Antón chairs the School of Interactive Computing in the College of Computing.
Cyberanalytics: Protecting us with high-performance computing
When we think of cybersecurity, we often think of the outsider trying to hack into our computer systems. But, another challenge is how we identify and defend against an insider, oftentimes a lone wolf, who knows our procedures and safety precautions.
If we want to protect ourselves from both scenarios, we must increase our reliance on high-performance computing, especially the graph analytic research we conduct at Georgia Tech, says David Bader, chair of the School of Computational Science and Engineering in the College of Computing.
Graphs help us discover patterns and relationships hidden in massive amounts of data. These graphs are comprised of interconnected vertices (nodes) and lines (edges), and these graphs change over time.
In the realm of cybersecurity, the vertices are people, places, and things, and the edges represent their interactions. By designing fast, using theoretic algorithms on large-scale graphs, we can produce insights in near-real time. This is crucial because cybersecurity analysts often are overwhelmed with thousands of alerts to review, and our algorithms may direct them immediately to the most important ones.
We leave a digital trace every time we use a key card to get through a door, log in to a computer, or send an email. Security officers need to analyze this information so they can understand our patterns and identify potential threats.
These massive-scale datasets are often unstructured and challenging to inspect. The emerging graph technology we are developing at Georgia Tech has the potential to be the best and most efficient way to prevent future attacks where we work and live, says Bader.
—David Bader chairs the School of Computational Science and Engineering in the College of Computing.
Securing the new cyberspace revolution
We are in the midst of a revolution in cyberspace that could be as transformative as the emergence of the Internet. The most significant difference between this revolution and that of the emergence of the Internet is that the current revolution gives computing systems an unprecedented amount of control over individuals and critical infrastructure. As such, computer engineers play a key role in ensuring maximum benefit from technologies while also ensuring that systems operate safely.
One goal of the Georgia Tech Communications Assurance and Performance Group is to develop algorithms that enable a more secure and efficient current and future network infrastructure, with computer systems that are more accountable and less vulnerable to attacks and abuse.
Our efforts focus on areas that are critical to the success and security of the so-called Internet of Things (IoT) and cyber physical systems (CPS), says Raheem Beyah, an associate professor in the School of Electrical and Computer Engineering who leads the Communications Assurance and Performance Group.
IoT is comprised of everyday devices — such as irons, toasters, and thermostats — that are wirelessly connected and work to improve our quality of life. CPS deals with the use of cyberspace to manage and monitor existing physical systems, such as power grids, oil and gas generation, and distribution systems.
To improve security in these areas, we are working to understand the behavior of these systems to prevent misuse, secure the wireless networks IoT devices use to communicate, and ensure information is exchanged in a manner that preserves privacy, Beyah said. The impact of IoT and CPS on society will be tremendous, which is why we must keep it secure, he added.
—Raheem Beyah, an associate professor in the School of Electrical and Computer Engineering, leads the Communications Assurance and Performance Group.
Defending the U.S. against cyber warriors
A new generation of cyber warriors has suited up for battle and is targeting U.S. interests.
The Georgia Tech Research Institute (GTRI) is a leader in developing the technologies that secure, defend, and respond to threats within our country’s information, distribution, and network systems on the virtual battlefield.
The Cyber Technology and Information Security Laboratory (CTISL) conducts applied research focused on cyber threats and countermeasures, secure multilevel information sharing, resilient command and control network architectures, reverse engineering, vulnerability identification, and high-performance computing and analytics.
CTISL has six strategic thrusts: Reverse Engineering, Vulnerability Identification, and Exploitation; Resilient Network Systems Engineering; Malicious Software Analysis, Threat Intelligence, and Penetration Testing; High-Performance Computing and Analytics; Multilevel, Secure Software Systems, and Collaboration Tools; and Professional Education, Outreach, and Awareness.
CTISL engineers develop and apply cutting-edge technologies in computing, network architectures, signal and protocol analysis, network forensics, malware analysis, and reverse engineering (hardware and software) to solve tough problems, says Andrew Howard, senior research scientist at GTRI.
Howard, along with other GTRI experts in his lab, is tackling tough security issues within military and non-military networks, developing new tools and methods for securing information, educating and increasing awareness in the cyber domain, and applying leading technologies in network design to keep us safe now — and in the future. CTISL brings this knowledge to the classroom by providing professional education offerings across the cyber landscape.
—Andrew Howard directs the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute.
Attacking botnets before they attack the Internet
Large-scale attacks on the Internet are typically launched using a botnet, which is a large number of infected machines under the control of an attacker.
Wenke Lee, who directs the Georgia Tech Information Security Center, and his research group are leaders in botnet detection, and were among the first to work on this problem starting in 2005.
They have focused on the key characteristics of botnets — for example, the need for a command-and-control infrastructure — that separate them from the previous generations of Internet-based attacks. They have developed and deployed several algorithms and have demonstrated their effectiveness in early-warning, detection, and attribution of Internet-scale attacks.
More importantly, their work has had a significant practical impact. In 2006, Lee co-founded Damballa Inc., which focuses on delivering anti-botnet technologies to enterprises, and now has about 90 employees. It counts all major Internet service providers in the U.S. and many Fortune 500 companies as its customers.
Lee’s group was the first to conduct a systematic study of the security of iOS as well as Apple’s app review and management process. While many in the industry and academia believe that iOS is (almost) immune to malicious programs, their work showed that it is possible to inject malicious code on iOS devices, and even create an iOS botnet. Their work revealed a number of vulnerabilities in iOS and has led Apple to implement several security improvements.
—Wenke Lee, a professor of Computer Science in the College of Computing, directs the Georgia Tech Information Security Center.
Adjusting to today’s cyber realities
In August 2013, less than a week after joining the faculty at Georgia Tech, Peter Swire was tapped to serve on President Barack Obama’s Review Group on Intelligence and Communications Technology. Swire became one of the five authors of a major report that was issued that December.
The work on the Review Group is part of Swire’s two decades of research and government service on issues of cybersecurity and privacy. He previously served as chief counselor for privacy under President Bill Clinton, where cybersecurity topics included encryption, intrusion detection for federal systems, and how to update wiretap laws for the Internet age. In the subsequent decade, Swire served on security advisory boards.
This year, he is teaching a privacy course and one on “Information Security Strategies and Policy.” Among his multiple research projects, he’s looking at how to refine the debate about when information sharing should take place for cybersecurity.
“As personal data flows everywhere, security issues are everywhere as well,” Swire said.
He’s also looking at how well secrets will be kept in the future, noting the effect of the “declining half-life of secrets” on the workings of intelligence agencies.
“Today’s cyber realities mean people and government on the outside can find out what the agencies are doing,” Swire said. “We’re going to have to get used to a world where we can’t keep things classified for 25 or 50 years and assume they are going to stay hidden.”
—Peter Swire is the Nancy J. and Lawrence P. Huang Professor of Law and Ethics in the Scheller College of Business.