We’ve got information coming out our ears — and our phones and social accounts — and ASU researchers are working to protect it
In today’s fast-moving, high-tech world, we leave digital footprints nearly everywhere we go, our sensitive personal information is under attack from those who want to track our habits or steal our identities, and there are those seeking to influence our thinking through misinformation such as “fake news” on social media platforms.
Students and research faculty at Arizona State University’s School of ComputingPart of the Ira A. Fulton Schools of Engineering, Informatics, and Decision Systems Engineering, one of six schools in the Ira A. Fulton Schools of Engineering, are exploring a wide range of cybersecurity issues, including social media analysis, data security on the web and mobile devices, data forensics and the use of blockchain technology — the technology that underlies digital currencies such as Bitcoin and Dash.
“Everything electronic that we touch, even physical objects we touch like our cars, any of our transactions, our searches, even our use of a GPS device, leaves a digital footprint,” said Sandeep Gupta, director of the School of Computing, Informatics, and Decision Systems Engineering. “Computing is embedded in microwave ovens, refrigerators and other appliances — even toys.
“Everything is connected through the internet of things. And for every device that is connected, somebody is collecting data from it, applying machine learning and doing analysis on the data. That’s how they make money — by collecting your data.
“Mining for data is like mining for oil. Data is the oil. People want to sell you things. They want to understand you — how you work, how you vote. They can learn a lot of things about you.”
Ghazaleh Beigi, a fourth-year doctoral student in ASU’s Data Mining and Machine Learning Lab, points out that President Donald Trump signed a measure in April 2017 that repealed internet privacy rules, allowing internet service providers to sell the personal data of people without their explicit consent.
“We’re working on a defense which could manipulate the browsing history so we can help users protect themselves,” Beigi said. “If the data does get published, we know it can’t be mapped to the real identity of the users.”
It’s the kind of research that Gupta said has made ASU “a powerhouse in cybersecurity research and education.”
Not surprisingly, there is a robust job market for cybersecurity analysts like the ones ASU’s Fulton Schools is turning out.
The U.S. Bureau of Labor Statistics projects that demand for cybersecurity analysts will increase by 28 percent through 2026, and lists the median annual salary for cybersecurity analysts in Arizona at $93,975. The unemployment rate in the cybersecurity field? Zero.
“Students who graduate from our programs are hired by the top companies in this area,” Gupta said. “They are in high demand.”
Using biosignatures to secure data
Securing data and authenticating the identity of users is a challenge, according to Gupta.
“Think about the autonomous cars that you see everywhere nowadays,” he said. “We’re going to have software-controlled driving with multiple chips. If somebody launches a bug, it could cause an accident.”
The focus of Gupta’s research is on biosecurity — using signals from the human body, such as brain waves and the electrocardiographic signals from the heart — to create cryptographic keys to secure data.
“Like a fingerprint is unique, heart signals are unique,” he said. “And from these signals you can generate unique cryptographic keys that can be used for authentication within a network as well as to encrypt data in a way that it can be secure.
“We have also developed a technique for compressing this data for lifelong storage. Everybody’s body generates a lot of data, and some people might like to store it for later if trouble arises.”
But like those autonomous automobiles, Gupta said an electronic device embedded in the body can also be susceptible to a computer attack, so part of his research is aimed at protecting systems for embedded devices.
“It has to be secure, right?” he said, adding, “People want more functionality and flexibility, and it has to be programmable. We want to have remote access, which is good, but it can be exploited.”
Fighting misinformation on social networks
Students in Professor Huan Liu’s Data Mining and Machine Learning Lab are delving into areas that are as fresh as today’s headlines — including the detection of “fake news” on social media.
Kai Shu, a doctoral candidate in the lab, is researching methods for detecting fake news and tracking it. Fake news is just the latest entry in the larger misinformation game that includes spreading rumors, bias, urban legend and spam — always with an agenda.
“It has become widespread because people can initiate it and amplify it on social media,” Shu said.
“It’s challenging because the spreaders of misinformation try to behave like something they’re not,” said Liang Wu, another doctoral student in the lab. “They disguise themselves and make friends with regular users. Our statistics show that all of the [fake news] spreaders have at least one regular user friend and for more than 90 percent, the majority of the friends are regular users. They spread legitimate content until you trust them, then they spread misinformation.”
Their hope, he explained, is for regular users to amplify the spread of misinformation. To accelerate the amplification, spreaders often utilize “bots” — software programs that mimic social media users.
One study conducted by ASU students determined that almost 10 percent of active users in a topic were actually bots. And those bots generated nearly 40 percent of the content.
“Our goal is to suspend all the bot accounts, and we devised a learning algorithm to improve bot detection,” Wu said. “We keep patching the algorithm by adding another classifier until all the bots are detected.”
Blockchain to the rescue
One of the latest innovations in cybersecurity is blockchain technology, which produces a ledger that anyone involved in a computer ecosystem can access. It is the technology that underlies digital currency, allowing transactions that are transparent and trackable without the use of a third party, such as a bank.
But Dragan Boscovic, director of ASU’s Blockchain Research Laboratory, said emerging blockchain technology has the potential for many more applications.
“Think of blockchain as just a distributed database which does not necessarily need a central authority to be managed and secured,” Boscovic said. “So in that context, it is really good for any application that has a need for sharing data across different entities; for instance, a supply chain. You can track where goods are, the sources of those goods and their status.
“Every participant in a transaction is a check on everyone else in that ecosystem. So it is very difficult to cheat because everybody else can see it.”
He said ASU’s research — much of which is being funded by Dash, the digital currency company that was launched in the Phoenix metro area — includes “applications in law, in civil engineering, managing water rights, tracking data records.
“We have partners in a wide range of industries,” he said. “We have partners in supply chain, in manufacturing, financial businesses, data-hosting businesses, insurance businesses, even in the semiconductor business.”
Whenever he speaks to potential partners these days, Boscovic said, the talk invariably focuses on blockchain.
“They would like to understand what we’re doing and how they can get involved.”
Putting on the detective hat
Inevitably, despite the best efforts to secure data, breaches occur. That’s where forensic analysis comes into play.
“We’re building systems that are more secure and improving defenses, but at the end of the day you’re going to be attacked and your data will be compromised,” said Adam Doupé, associate director of ASU’s Center for Cybersecurity and Digital Forensics. “So what do you do after that?
“You need a detection system to know you’ve been attacked or that your data has been compromised. If you don’t have that, you don’t even know you need to start the forensic process.”
Once a breach is detected, analyzing how it occurred is still a challenge, especially with evolving technology such as the cloud.
“One thing we’re really interested about is the forensic process when data isn’t on a hard drive of a laptop or desktop,” Doupé said.
To give students hands-on experience, the program has about 80 laptops loaded with top-of-the-line forensic software, which they can use to solve challenges.
“It is very easy to espouse the theory of such and such vulnerabilities,” Doupé said. “But when you actually do it, and put fingers to keyboard and see that you can actually do it and how it works, it opens their minds and improves their skills.”
A good offense is only as good as a solid defense.
“You can’t be a good defender if you don’t know the possible capabilities of the attacker. You have to think like an attacker,” he said.
For more about ASU’s work on digital security, visit the School of Computing, Informatics, and Decision Systems Engineering.
Story by Bob Young. Top photo: Nakul Chawla is a computer science major and a self-proclaimed blockchain enthusiast, and one of the co-founders of the Blockchain Innovation Society; all photos by Brandon Sullivan. This story appeared in the spring 2018 issue of ASU Thrive magazine.