Designing ‘smart’ security for smart devices
University of Missouri researchers received a grant from the National Security Agency to explore the need for "smart" approaches to security.
Modern society is inundated with different types of smart devices designed to make people’s lives easier, from virtual assistants to household appliances and health-monitoring devices — not to mention smartphones.
While each device has some amount of built-in security to help combat the threat of cyberattacks, the increased prevalence of these devices in recent years has created an industry-wide need for a new, “smart” approach to protect all smart devices from cyberattacks, since the mass-production of these devices by different manufacturers prohibits them from being managed manually for security purposes.
In response to this need, researchers at the University of Missouri College of Engineering received a two-year, approximately $500,000 cybersecurity research grant from the National Security Agency (NSA) to develop a flexible, add-on security feature that allows different types of smart devices to intelligently learn from past cyberattacks while having a minimal need for direct human intervention. Their approach will also incorporate a collaborative network among the developers of these devices for sharing solutions in order to better respond to potential attacks in the future.
“It’s plausible that these devices can be compromised and used to launch large-scale attacks,” said Prasad Calyam, an associate professor and Greg L. Gilliom professor in cybersecurity in the Department of Electrical Engineering and Computer Science, who is the principal investigator on the grant.
“For instance, we have seen hackers take control of people’s home-based internet routers to launch massive attacks against major internet providers in recent years. Our challenge is developing a way to automate the process of securing smart devices. Because it is not practical to do so manually at the large scales of deployment we are seeing in homes, businesses and government — there are no screens that can display a security problem or prompt a user to update the software on many of these devices.”
Calyam, who also directs the Center for Cyber Education, Research and Infrastructure at Mizzou, said commercial developers do not yet have the security techniques needed to keep up with the changing nature of cyberattacks, which furthers the need for this type of research and related technologies.
“Each device can use different kinds of security protocols, so determining which is the right approach to protect a device from unauthorized access is not clear because oftentimes we don’t fully understand the changing threat being presented, and we don’t learn how a particular security approach will be able to handle that changing threat,” Calyam said. “Having too much or too little security is not ideal in response to a threat, so the key aspect in our approach is being able to use machine learning techniques to customize the response, while coupling that with use of trusted threat intelligence platforms based on blockchain to adapt to the need presented by the attack. We believe our approach will help make smart security better for smart devices.”
The grant, “Automated and Intelligent Threat Detection and Defense of Future IoT Edge/Cloud Systems,” was awarded by the NSA’s National Centers of Academic Excellence in Cybersecurity, through their Cybersecurity Research Innovation 2021 Program. Calyam is collaborating with Jianli Pan, an associate professor in computer science at the University of Missouri-St. Louis, who is a co-principal investigator on the grant.