Attila A. Yavuz and Muslum O. Ozmen are working on adding cryptography to medical devices and air drones.
Attila Altay Yavuz has an ambitious goal to make our devices safer from cyberattacks. The good news for everyone is that Yavuz, an assistant professor of computer science at Oregon State University, has just received a prestigious Faculty Early Career Development (CAREER) award from the National Science Foundation which will guarantee funding for his research for the next five years.
The grant supports his research to advance cryptography for the plethora of interconnected devices known as the Internet of Things (IoT). He expects his work will impact everything from medical devices to flying drones. If successful, his long-term goal is to work with the United States Department of Homeland Security to integrate his techniques into the U.S. security infrastructure.
“The first step in achieving security is to establish a trust between devices, similar to the connections between people. We need to trust someone before we give them information about ourselves,” Yavuz said.
This step is called authentication. Before a device communicates with another device it will check to see if it is known and trusted before sending any data. Cryptography makes the exchange secure so hackers cannot interfere with the data transmission.
Traditional cryptography can be slow and use a lot of resources like memory and power, which can be a problem for some applications. So, Yavuz is developing new algorithms for emerging technologies that have constraints of memory or time.
Home automation devices like the Nest thermostat, and embedded medical devices such as a pacemaker, have to be very small which restricts the computing capacity. They generally have an 8-bit processor with 16 kB of memory and a very limited battery.
Security is important for these devices to keep personal information private. Without it, systems are vulnerable to hackers who could figure out when no one is home based on thermostat data, or send wrong commands to a pacemaker causing a heart attack.
Currently, pacemakers without cryptography have about five years of battery life. Adding cryptography using traditional techniques would reduce the battery life to two years. Yavuz and his graduate student, Muslum Ozgur Ozmen, are currently working on new algorithms that would potentially improve efficiency by 2,000 times. So, instead of just two years, a pacemaker could last four years and 10 months — just two months short of an unencrypted device.
“It would have very little impact on the lifespan of the device, so we can achieve longevity and security simultaneously,” Yavuz said.
Their system can also be used with small drones that have the potential for emergency response applications such as flying into a building to see if all the occupants have evacuated.
“Small drones have limited battery and the propellers take a lot of energy, so we need to reduce crypto to a minimum,” Yavuz said. “Our experiments indicate with our system the propellers would use 99 percent of the battery and crypto just one percent. So, the energy use for the cryptosystem would be negligible.”
Cryptography is also critical for autonomous systems such as self-driving cars or unmanned aerial vehicles. In order to avoid accidents, vehicles would broadcast their location to each other. Attackers could hack the system to cause accidents, but if you add traditional cryptography it would slow the system down also causing accidents.
Yavuz’s goal is to create real-time cryptosystems that would speed up the authentication processes by 100 times the current capability. He estimates the algorithms they are developing would require about four times more storage, but he doesn’t see that as a problem.
“Vehicles, even some unmanned aerial vehicles, have sufficient storage capabilities, so achieving hundred times faster communication is a favorable trade-off,” he said.
Getting out there
Yavuz’s new cryptosystems are only valuable if they are integrated into new technologies, so the grant is also supporting work with industry partners Bosch and Galois. Both companies have IoT test-beds and platforms where Yavuz’s graduate students will test out the algorithms during internships.
“They will run experiments and see how the measurements we are obtaining in our local lab fares with real-life applications,” Yavuz said.
The robotics research group in the School of Mechanical, Industrial and Manufacturing Engineering is already working with small drones and larger unmanned aerial vehicles, and so future work will collaborate with them on developing applications such as an autonomous drone fleet.
A major component of the CAREER award is to integrate education with research. To this end, Yavuz will make their test-bed available to classes at Oregon State so graduate students can try out the new cryptographic techniques and compare them to traditional methods. He will also create open-source air drone experiments for undergraduate and high-school students.
Already, Yavuz has a graduate student and two undergraduate students who are gaining research experience by working on the air drones. The ultimate goal will be to control the drones with a computer program via a communication channel that is protected by cryptography.
Once the work is complete there will be an opportunity for the research to have farther reaching impacts because everything will be open source and freely available.
“Anybody in the world could adopt and use our materials for educational purposes. So, what that means is that universities with fewer resources will be able to bootstrap their research with these packages,” Yavuz said.
The educational component is important to Yavuz who has himself been focused on authentication and integrity of systems since he was an undergraduate in Turkey. The hope would be to get more students, especially underrepresented groups, interested in cybersecurity.
“I chose to work in this area because it's the most fundamental security service, without it nothing else can happen,” Yavuz said. “It also allows you to experience both theoretical and practical aspects of computer science at the same time.”