Modern society is inundated with different types of smart devices designed to make people’s lives easier, from virtual assistants to household appliances and health-monitoring devices — not to mention smartphones. While each device has some amount of built-in security to help combat the threat of cyberattacks, the increased prevalence of these devices in recent years has created an industry-wide need for a new, “smart” approach to protect all smart devices from cyberattacks, since the mass-production of these devices by different manufacturers prohibits them from being managed manually for security purposes.
In response to this need, researchers at the University of Missouri College of Engineering recently received a two-year, approximately $500,000 cybersecurity research grant from the National Security Agency (NSA) to develop a flexible, add-on security feature that allows different types of smart devices to intelligently learn from past cyberattacks while having a minimal need for direct human intervention. Their approach will also incorporate a collaborative network among the developers of these devices for sharing solutions in order to better respond against potential attacks in the future.
“It’s plausible that these devices can be compromised and used to launch large-scale attacks,” said Prasad Calyam, an associate professor and Greg L. Gilliom Professor in Cyber Security in the Department of Electrical Engineering and Computer Science, who is the principal investigator on the grant. “For instance, we have seen hackers take control of people’s home-based internet routers to launch massive attacks against major internet providers in recent years. Our challenge is developing a way to automate the process of securing smart devices, because it is not practical to do so manually at the large scales of deployment we are seeing in homes, businesses and government — there are no screens that can display a security problem or prompt a user to update the software on many of these devices.”
Calyam, who also directs the Center for Cyber Education, Research and Infrastructure at Mizzou, said commercial developers do not yet have the security techniques needed to keep up with the changing nature of cyberattacks, which furthers the need for this type of research and related technologies.
“Each device can use different kinds of security protocols, so determining which is the right approach to protect a device from unauthorized access is not clear because often times we don’t fully understand the changing threat being presented, and we don’t learn how a particular security approach will be able to handle that changing threat,” Calyam said. “Having too much or too little security is not ideal in response to a threat, so the key aspect in our approach is being able to use machine learning techniques to customize the response, while coupling that with use of trusted threat intelligence platforms based on blockchain to adapt to the need presented by the attack. We believe our approach will help make smart security better for smart devices.”