February 20, 2013

Fighting cybersecurity threats

Alison Major

Alison Major

Alison Major is a Weld intern.

A UAB researcher wins a federal grant to make mobile device location data more accurate.
ragib_hasan_2012_01

Image courtesy of UAB.

The U.S. Department of Homeland Security recently awarded a researcher from the University of Alabama at Birmingham a grant aimed at improving cybersecurity by tracking mobile devices in a new way.

Ragib Hasan, Ph. D., will use the $583,000 Science and Technology Directorate grant to develop a system that would verify recent locations of mobile devices such as cell phones and tablets.

Hasan, an expert in finding the origin of data objects, is the director of the UAB SECuRE and Trustworthy Computing Lab (SECRETLab), which conducts “research on computer security and digital forensics.” Hasan also works as an assistant professor in UAB’s Department of Computer and Information Sciences.

While most mobile devices come equipped with a GPS that provides their location, a user can potentially “trick” the device into believing it is located elsewhere.  The only way to currently combat that possibility involves violating the user’s privacy. But Hasan’s system is designed to verify a given device’s location using other nearby devices.

Essentially, third party devices will work as a witness to a given mobile unit’s whereabouts in the same way that a human could attest to where a friend or neighbor was at a certain time. But Hasan’s system will save time by doing the verification in a matter of milliseconds.

After that, the location information would then be stored in the device in question to provide its location history. “Ideally, this will be a part of mobile phone operating systems such as Android,” Hasan told Weld. The system could be used to eliminate contest fraud, verify where seafood comes from and even help in protecting national security.

A study recently published by Oceana, an organization focused on the conservation of oceans, found that fish are being mislabeled in many stores and restaurants across the U.S. Los Angeles topped the list of places with seafood coming from somewhere other than where its label indicates, with 55 percent of its fish being mislabeled.

According to Hasan, the danger of such a situation is magnified if other food, medicine or manufactured products originate in locations other than where they are supposed to have come from.

“Supply chain evidence can be easily faked, so the consumer can only hope that the corporation they buy from is telling the truth,” he said. “Right now there is no secure way to verify where your food or medicine comes from.”

Hasan told Weld that he plans to have tamperproof radio frequency identification-like devices attached to the packaging of such items that will use his system to track their movement as they travel to their destination. RFID chips already are commonly used for similar purposes in the retail, livestock and automotive sectors.

“The military has many areas that require a person to pass through several checkpoints, and this app we are building will prevent unauthorized people from gaining entrance to a secure location unless they have been through the proper checkpoints, in order,” said Hasan.

In matters of national security, Hasan says it’s essential knowing where technological materials come from and how they got to their destination. He noted a recent incident at Los Alamos National Laboratory, which is focused on maintaining U.S. nuclear weapons. Some of the lab’s technology was recently found to have been manufactured by the Chinese company H3C, leading to the parts being removed over security concerns.

“Who knows what [an introduced device of unknown origin] contains, or who had access?” wondered Hasan. “It could have malware embedded that contains a back door to allow hackers to get in and steal classified and dangerous intellectual material.”

The grant is part of the National Strategy to Secure Cyberspace, a program created by the DHS to prevent damage from potential attacks on cyberspace. Out of over 1,000 submitted proposals, 34 of them received funding. Among the recipients were Columbia University and Princeton University, as well as multiple defense contractors.

Hasan’s grant secures his work for two years and can support two graduate students and a postdoctoral fellow from UAB’s CIS department.

“The ultimate goal of the project is to create the theoretical foundations as well as a practical implementation of secure location history verification,” said Hasan.