By Nicole Feldman
Featuring security research by the Stanford Cyber Initiative.
Every day seems to bring a new headline about cybersecurity. From the Equifax breach to individual bouts with ransomware, many are starting to feel as though any system can be broken. The Stanford Cyber Initiative is working to make us more secure and to understand how technology can be used against everyone from your next door neighbor to the U.S. government. Here are a few projects they are working on:
As cyberattacks become more robust and varied, information is being used as a means of waging war, particularly against democracies like the U.S. But traditional means of fighting back don’t always apply. The project examines cyber-enabled conflict from various perspectives to understand what a war of information means in the modern age. “We have a world of adversaries,” said Herbert Lin, a senior research scholar for cyber policy and security. “Nations compete with one another, and these nations use many methods to take advantage.” The team aims to understand how information is used in conflict today, why these techniques work and what policymakers can do to combat them. Drawing on expertise in communications, psychology, law, political science, computer science and more, they examine technology’s impact on warfare from every aspect of society. Their goal is to develop a theory of information warfare to help policymakers develop strategies in the tech era.
Getting access to data, encrypting it and holding it for ransom has proven a successful way for cybercriminals to make a profit. Though the damage could be hundreds of millions of dollars per year, we still don’t know much about it. Who is most at risk for attack? How are their devices infected? How much do the attackers ask for, and how many individuals actually pay? This project investigates how often ransomware attacks occur, what their main characteristics are, and what behaviors put individuals most at risk of attack. “We hope this project will inform public awareness campaigns, improve users’ awareness of their online behaviors and their ability to protect themselves,” said Camelia Simoiu, a PhD candidate in management science and engineering. By better understanding how humans interact with computers, she hopes the project will inform a more human-centric design of tools that will keep people safe without hindering their use of the internet.
How often do you forget your passwords? Do you write them down? Store them on your phone? Try to bypass extra security measures like two-step authentication? According to a Janrain study, 38 percent of people “would rather undertake household chores, like cleaning the toilet or doing the dishes, than have to create another username and password.” The Cyber Initiative is working on a better security solution using behavioral biometrics, individual traits that are so unique to each individual that a hacker cannot replicate them. One avenue may be teaching people motor sequences that would take the place of a password. “Say you want to play tennis, and we train each person with a slightly different ball,” explained Bahman Bahmani, a research director in computer science. “For one person, the ball is a little bit heavier; for another, it is lighter. The attacker has not been playing with the user’s specific ball, so they cannot do their shots right.” Computer scientists have teamed up with psychologists to figure out how to use unique behavioral techniques without inconveniencing the user or making the sequence difficult to remember. Once they have determined the best ways to incorporate unique behaviors into security, the techniques could be implemented at key security points, like online bank transfers.
Ever wonder how security works on the cloud? Since 1995, the Secure Shell (SSH) has been protecting the way computers and servers communicate. The SSH is still ubiquitous, and the Cyber Initiative thinks an update is in order. The team is working on a new system to securely connect networked servers at the SLAC National Accelerator Laboratory. The researchers believe that if they can develop a system that works well for this highly-regulated and security-driven environment, they could take cloud security to the next level beyond Stanford’s borders.
Did you know that about 90 percent of email is spam, and a few thousand individuals keep it out of our inboxes? Loosely connected by volunteer organizations, non-profits and for-profit firms, these internet defenders are largely unstudied. The Cyber Initiative is engaging with this community to understand and document how they function, how a more systematic approach could help, and how designing policy and engaging with law enforcement could improve their ability to keep internet users safe.