Data defenders: Researchers try to ward off increasingly sophisticated cyber attacks

Feb 02, 2010 by Anna Lynn Spitzer
Researchers Michael Goodrich (left) and Gene Tsudik, directors at UCI's Secure Computing & Networking Center, grapple with security and privacy issues in their quest to thwart "botnets" and other cyber attackers. Image: Paul R. Kennedy

(PhysOrg.com) -- Cyber attackers were busy last year. In July, a coordinated "denial of service" assault was launched on computers at the White House, Federal Trade Commission and departments of Treasury, Transportation and State, as well as the New York Stock Exchange and The Washington Post. The attack did little damage.

In August, social networking site Twitter suffered a similar assault that disabled it for hours, while and Google escaped without prolonged downtime.
In both cases, experts blamed “botnets,” huge armies of machines infected with destructive that can be remotely controlled to perpetrate network attacks.

UC Irvine researchers Michael Goodrich and Gene Tsudik, both directors at the campus’s Secure Computing & Networking Center, work to stay one step ahead of botnets and a host of other nefarious schemes.

Goodrich, Chancellor’s Professor of computer science, says that while electronic security has been a concern for more than two decades, the challenges are mounting.

“Computer viruses existed in the ’80s. They were even distributed on floppy disks, and people were just physically handing them around,” he says. “But the proliferation of networking has made security a bigger issue. There are all these problems popping up now that are a little more insidious.”

Most are the result of malware, malicious computer code hidden in email or on Web sites. Users who open the email or visit the sites unwittingly install annoying or downright dangerous programs on their computers that can inflict disaster in a number of ways.

Malware can introduce unwanted spam and advertising pop-ups or track and duplicate personal information, leading to identity theft and financial loss. It can also hijack computers to produce the havoc-wreaking botnets.

Interestingly, while network security is a thoroughly modern pursuit, the methods employed by computer scientists are rooted in ancient Greece. Mathematician Euclid, born circa 325 B.C., developed the first algorithm - a step-by-step computational procedure for solving a problem - to determine the greatest common divisor of two numbers. It is still in use, forming the foundation of RSA, one of the best-known public-key cryptography systems. Says Goodrich: “This algorithm is absolutely essential for Internet security today.”

Public- and private-key encryption, digital signatures, reverse Turing tests and boundary checks all implement algorithms in an effort to authenticate identity and prevent scams, which are becoming more and more sophisticated.

In August, a onetime government informant was indicted, along with two co-conspirators, on charges that he masterminded the largest identify theft operation ever prosecuted. Albert Gonzales of Miami is accused of infiltrating the computer systems of a payment-processing company and four large retailers, stealing more than 130 million credit and debit card numbers between late 2006 and early 2008.

The increasing use of radio-frequency identification also presents privacy and security issues. RFID tags - embedded in certain credit cards, badges, toll collection devices, hotel guest keys and passports - transmit information wirelessly to a reader, leaving personal data vulnerable to interception and misuse.

“When you swipe your ATM or credit card through a mechanical device, it’s almost impossible to eavesdrop,” says Tsudik, a computer science professor. “But when radio waves carry the same information, eavesdropping becomes very easy. Somebody could be sitting next door with a giant antenna picking up every bit of data being exchanged.”

Despite the risks, RFID systems are popular because they’re convenient and inexpensive. “But we’re paying a price,” Tsudik says, “and that’s privacy.” He and his colleagues, however, have devised a solution to this problem, and a patent is pending.

Privacy issues multiply with each new application, especially those used in mobile networks. “The Internet of the future is going to consist of a lot more devices that move around, so location won’t be stable,” Goodrich says. “There will be information you wish to share with some parties and keep from others. That brings up a whole new set of questions we’re wrestling with. How do we maintain anonymity? What does privacy mean?”

Applications allowing users to connect with others in a specific area are already available, and Goodrich expects them to proliferate. “But as soon as you enable these,” he notes, “you’re reporting your location to a network of both trusted and untrusted people. We’re just now studying those safety concerns.”

Tsudik is also working on security protocols for tomorrow’s networks of autonomous drones or sensors. “For me, true research is trying to solve problems anticipated five to 10 years from now,” he says. “Only one out of 10 of those problems may actually pop up, but we’ll already have the answer when it does.”

Adds Goodrich: “What we do is focus on authentication, integrity and authorization - factors in any solution. We’re trying to learn how to protect against things we’ve never even thought of.”

Explore further: Computerized emotion detector

Related Stories

Prosecutors say man stole 130M credit card numbers

Aug 17, 2009

(AP) -- Federal prosecutors on Monday charged a Miami man with the largest case of credit and debit card data theft ever in the United States, accusing the one-time government informant of swiping 130 million accounts on ...

Man charged in record ID theft case in plea talks

Aug 27, 2009

(AP) -- An accused computer hacker charged with stealing millions of credit and debit card numbers has been negotiating a plea deal with the federal government, people close to the case said Thursday.

Researchers to Boost 'Smart Tag' Security

Sep 26, 2006

Johns Hopkins researchers will take part in a new multi-institution project to improve the security of "smart tags," the wireless devices that allow drivers to zip through automatic tollbooths and let workers enter a secured ...

Hacker pleads guilty in huge credit card theft case

Dec 29, 2009

A 28-year-old Florida man pleaded guilty on Tuesday to hacking into corporate computer networks and carrying out what US officials have described as the largest credit card theft in US history.

Recommended for you

Who drives Alibaba's Taobao traffic—buyers or sellers?

16 hours ago

As Chinese e-commerce firm Alibaba prepares for what could be the biggest IPO in history, University of Michigan professor Puneet Manchanda dug into its Taobao website data to help solve a lingering chicken-and-egg question.

Computerized emotion detector

Sep 16, 2014

Face recognition software measures various parameters in a mug shot, such as the distance between the person's eyes, the height from lip to top of their nose and various other metrics and then compares it with photos of people ...

Cutting the cloud computing carbon cost

Sep 12, 2014

Cloud computing involves displacing data storage and processing from the user's computer on to remote servers. It can provide users with more storage space and computing power that they can then access from anywhere in the ...

Teaching computers the nuances of human conversation

Sep 12, 2014

Computer scientists have successfully developed programs to recognize spoken language, as in automated phone systems that respond to voice prompts and voice-activated assistants like Apple's Siri.

User comments : 0