According to cyber experts, it could be a matter of years before hackers are able to access everything from personal files to bank accounts -- unless new technologies can beat them to it.
“This is a cat and mouse game, which means what you need to do is make it extremely more complicated for the hacker. Then the hacker will have to have more computing power and more expertise,” said Bertrand Cambou, cybersecurity researcher at Northern Arizona University and one of the lead investigators in a research project that was awarded a $6.3 million grant from the U.S. Air Force. “Essentially, in this cat and mouse, you are going to need a bigger and bigger cat to play the game.”
The project encompasses the work of numerous NAU researchers in areas from computer science to physics and mathematics, who will each contribute to one of two separate projects under the grant, led by Cambou and electrical and computer engineer Paul Flikkema. Both are professors in NAU’s School of Informatics, Computing and Cyber Systems.
Though the two researchers have different approaches to solving computer weaknesses, they agree the need for this research is vast -- and increasing.
“It seems like every other week you hear about a new virus or computer vulnerability. These have a major effect on not only our convenience, but in some cases, life and limb,” Flikkema said, mentioning examples like medical devices in hospitals or in the home. “They’re all computer controlled and so it really has to do with not just the inconvenience of your computer acting funny, but with the safety of people and the public at large.”
He said the problem with existing cybersecurity efforts is that they work to stop attacks that have already happened, instead of anticipating new types. The NAU team hopes to take a more preventative approach to cybersecurity by focusing on computer hardware instead of the software security programs that typically fight viruses.
The grant will last for three years, during which the team will design, build, and test new devices and enhancements for different types of computers so they can withstand even frequent and powerful attacks from hackers.
Much of Cambou’s work relates to nanotechnology, at the deepest internal level of a computer. Using his experience as a technologist and device physicist, he is now focusing his efforts on “post quantum computing,” a form of cyberengineering to combat quantum computers, emerging devices that could break all existing security systems as early as 2022.
“We don’t want to be static. We want to be one step ahead and stay one step ahead. If you assume what you have is good enough, then that is the first step to failure,” Cambou said. “This is not science fiction. This is the planet we are in.”
His team will work to create security solutions including a key that will uniquely encrypt information every time a user logs in, without knowing the password itself, and a technique to protect personal information like bank account numbers by better securing the path between a personal account and the organization that hosts it.
This technology, which aims to use existing assets, is based on several years’ worth of research, including work with the U.S. Department of Defense, where Cambou has spent his summers for the past three years, developing 35 patents for new technologies that the department expressed interest in as a way to protect sensitive national data.
Cambou said the goal is to create technology that will help not just organizations as a whole, but also individual users so they are not to blame if they accidentally open a virus-infected email or website.
“We are going to bring technology that is going to protect the users without victimizing the user. That’s why we call it ‘cyberengineering’: we are bringing engineering to the help of people,” Cambou said.
You have free articles remaining.
Under his direction, Cambou expects NAU to begin offering courses in post quantum computing within the next two years to prepare students for the future of cybersecurity, when quantum computers become more of a threat.
About one level closer to the user than the nanocomponents of Cambou’s work, Flikkema is working to develop an internal chip that would give computers unique identities that cannot be duplicated, particularly for devices used in civil infrastructure, like transportation systems and power plants.
“These specialized computers are especially vulnerable because they provide things like our power, light, internet, heat, gasoline -- all these things that are necessary for modern civilization,” Flikkema said.
Although not the focus of this study, this technology could eventually be used in personal devices, as well.
Unfortunately, though these systems serve diverse purposes, they are all currently too similar to be secure.
“Because all of our computers are pretty much identical -- they have identical chips inside them and identical operating systems -- you have this very, very strong vulnerability,” Flikkema said.
He compared this situation to ecological diversity: if everyone plants the exact same species of crop, an infestation of insects will wipe them all out, but if the crops were different, the pests would not do as much damage. The same is true of cyberattacks launched against millions, even billions, of computers.
The “physical unclonable functions” this chip aims to incorporate are based on Cambou’s research.
Flikkema’s team will spend the first two years of the project working with simulations before progressing to creation of the chip, which will require the team to narrow down thousands of options for internal design.
Once complete, Flikkema believes this technology will help create a new kind of computers that can still use the same software but would be inherently more resistant to a variety of cyberattacks and viruses, rather than depending on protective software programs.
For now, he recommends that people use strong passwords, keep the software on their devices up to date and not share their passwords with others.
“It absolutely makes a difference,” Flikkema said.