The Internet is the backbone of our lives, supporting everything from doing business to communicating with loved ones to managing home appliances. Cars, medical equipment, agricultural equipment and security systems depend on it. Even the currency, once known as “cold, hard cash”, is now traded in purely virtual form by more than 100 million people globally.
It is easy to assume that this connectivity is secure and reliable, but the online world is subject to many dangers. The growing field of cyber security aims to protect systems – and us – from cybercriminals: from state entities to small groups of saboteurs to lone wolves to modern-day crooks who can wreak havoc from their living rooms.
Cyber security is a growing emphasis at the University of Oregon’s Department of Computer and Information Sciences. Department faculty at the UO Center for Cyber Security and Privacy, together with colleagues in philosophy, law, business and other fields, conducts research and helps thwart threats to Internet traffic, cryptocurrencies, social media networks, infrastructure security, and more.
denying deniers
Lei Xiao, an assistant professor in the Department of Computer Science, focuses on how to negate deniers – those who try to disrupt others’ computers by launching Distributed Denial of Service (DDoS) attacks, which can be accessed from a laptop. , can cripple a bunch of computers, or an entire multinational company. Xiao was recently awarded a fellowship by Ripple Labs, the US-based developer of the cryptocurrency platform, as part of a university research initiative.
In a DDoS attack, hackers launch large amounts of data traffic towards a victim, taking a toll on the recipient’s computer bandwidth. The receipt or transmission of legitimate information becomes impossible for the victim.
Internet service providers such as AT&T and Comcast attempt to thwart these intrusions by operating “scrubbing centers” — data centers containing multiple computers programmed to detect and defeat the intruder. Malicious traffic is filtered into scrubbing centers, and the rest is sent to clients. These centers are located across the country, and it is up to each service provider to determine which one to use, which traffic flow to divert, and how many computers to allocate to the center for each suspicious incident.
Xiao is developing “smart algorithms” – computers that can follow instructions to make these decisions. “My algorithms will automatically and efficiently tell Internet service providers what the best decisions are to deal with every attack,” he says, “so they don’t have to address each one manually.”
cracking down on crypto-criminals
Ripple professor Yingjiu “Joe” Lee and PhD student Sanidh Arora focus on flash loan attacks on cryptocurrency exchanges.
Cryptocurrency—currency that exists only in digital form—is traded on decentralized platforms that do not rely on the oversight of institutions such as banks or governments. “Cryptocurrencies are very convenient and cost-effective for users,” says Lee. “Since participants have complete control over their files, they feel secure. Plus, anyone can interact with these financial services without being censored or blocked by a third party.”
The cryptocurrency market had a record year in 2021, briefly crossing $3 trillion in November. Recent research from the Pew Research Center found that 16 percent of Americans say they have invested in, traded or used cryptocurrency. “It’s a very fast-growing platform,” Lee says.
While cryptocurrencies reduce the hacking risks facing centralized exchanges such as the New York Stock Exchange, decentralized systems offer a lot of opportunities for cybercriminals.
Individual “coin” ownership is stored in a digital blockchain database, with part of the information shared equally among the entire network of users. “The practical operation of blockchain exchanges goes far beyond security measures,” says Lee. “Increasing security is imperative to protect users from economic loss.” According to the Chainalysis 2022 Crypto Crime Report, in 2021, criminals earned around $14 billion from digital currency exchanges, investors and users.
A flash loan attack occurs when someone borrows potentially millions or even billions of dollars worth of cryptocurrency assets, uses them to purchase currency, illegally manipulates the price through a vulnerability in computer coding, And then pays off the loan, making a huge profit at least. as 30 seconds. For example, in February, hackers took advantage of a vulnerability to steal over $320 million in cryptocurrency from Wormhole, a decentralized financial platform.
Lee and Arora are studying how to increase the security of the protocols governing exchanges. Some existing hedge exchanges monitor systems and identify flash loan attacks after the fact, but may not recover damages. Lee adds: “A better strategy is to improve the protocol design in these decentralized exchanges to prevent instant loan attacks or to detect and block them before they cause any economic harm. This is a topic we are on. working.”
master of Disaster
With the help of more than $3 million in grants from the National Science Foundation and others, Ram Durairajan is making the network more innovative and more robust.
Durairajan, an assistant professor in the department, is working with PhD student Matthew Hall on denial of service threats by reconfiguring the paths of the wavelengths that transmit data.
He uses the idea of a museum thief as a metaphor for an attacker. “Imagine someone trying to steal a painting hanging in a museum,” says Durairajan. “The museum is the network. The painting is the service the attacker is trying to steal. We can change the floor plan of the museum — that is, the configuration of the wavelengths the data is carrying — every time so the thief won’t know that where to go.”
Durairajan also studies how we can protect our ability to stay connected despite earthquakes, tsunamis and rising seas. The West Coast, specifically the Oregon Coast, is the landing point for many of the underwater fiber cables connecting our continent to Asia. It is also the site of the Cascadia Subduction Zone, a fault line that separates two major tectonic plates and is overdue for a devastating earthquake.
Durairajan, with the help of undergraduate Juno Meyer, developed an assessment tool called ShakeNet to analyze the risk that earthquake-induced aftershocks affect wired and wireless infrastructure in the Northwest. He collaborated with colleagues from the Department of Earth Sciences, who helped develop ShakeAlert, an early earthquake warning system. Durairajan combined a map of earthquake-prone areas with one of the fiberoptic infrastructure and found that about 65 percent of the fiber infrastructure and cell towers on the west coast would be damaged during a violent earthquake.
Using ShakeNet’s route planner capability, data during an earthquake can be sent via longer but less sensitive routes. For example, data transfer between Seattle and Portland can be done via Kennewick and Boise, avoiding the I-5 corridor, which can be affected by strong tremors. “There’s this tension between what Internet service providers do and what Mother Nature does,” says Durairajan. “Our aim is to take that tension away so that you won’t find the shortest path, but you will find a stronger path.”
Durairajan has also studied the threats posed by climate change. They recently found that thousands of miles of fiberoptic cable in the US—mainly in the areas around New York, Miami and Seattle—will be severely affected by rising sea levels.
He acknowledges that his focus on unpleasant scenarios may lead some to tease about having a serious outlook.
“I’m seriously not a fun person,” Durairajan says. “But as long as people are safe and the Internet works well, I’m happy to be a negative person.”
Source: University of Oregon
