UAB wins grant from DHS for securing mobile devices

UAB researcher awarded Department of Homeland Security grant to develop system for verifying mobile device provenance.

A University of Alabama at Birmingham (UAB) researcher has been awarded a U.S. Department of Homeland Security (DHS) Science and Technology Directorate grant for cyber security research and development.

ragib_hasan_sRagib Hasan, Ph.D., director of the UAB SECuRE and Trustworthy Computing Lab (SECRETLab) and an assistant professor in the Department of Computer and Information Sciences, received the $583,000 grant to build a system for verifying the location history and chronological track of mobile devices such as cell phones.

Practical applications of such a system could range from eliminating contest fraud, to verifying the origin of sea food, to protecting national security.

“Preventing forged location history is important for many classified and non-classified applications,” said Hasan, whose research is part of the UAB Center for Information Assurance and Joint Forensics Research (CIA|JFR). “As an example, the military has many areas that require a person to pass through several checkpoints, and this app we are building will prevent unauthorized people from gaining entrance to a secure location unless they have been through the proper checkpoints in order.”

Modern mobile devices are equipped with GPS chips that provide their location coordinates. For example, Foursquare, a popular location-based social networking tool, allows users to “check-in” at locations and businesses. Users with the most check-ins at a business may win incentives, but malicious users can misreport their location to win fraudulently.

Mobile devices can also be tracked from a centralized location, but this violates the user’s privacy. A popular approach is to get a statement from location owners that the user was present, but existing systems for decentralized location tracking can be manipulated by malicious users who collude with location owners – much like a criminal with a fake alibi.

A recent study published by Oceana, an international organization focused on ocean conservation, found widespread mislabeling of fish in grocery stores, restaurants and sushi vendors in major U.S. cities. Raghib Hasan, Ph.D., has been awarded a grant from the Department of Homeland Security to develop a system that verifies mobile device provenance. He says the same technology will one day be used to confirm food type and origin.

Percent of mislabeled fish by city:

  • Los Angeles: 55 percent
  • New York City: 49 percent
  • Boston: 48 percent
  • Miami: 31 percent

Hasan developed his secure location provenance system using insights from human trust and social behavior. The system collects location proofs in a distributed manner, not as a centralized tracking system. It prevents collusion by using a third-party witness, much like a real person would provide an alibi. However, instead of a Q&A session between people, this is a digital conversation that takes milliseconds.

A challenge is sent to the mobile device in question to validate its physical presence. A third-party witness device belonging to another user present in the same location endorses the proof of presence. This information is then stored in the mobile device’s provenance chronology to prove location history.

Hasan is an expert on securing the provenance of data objects. His previous work earned him the 2009 Computing Innovation Fellowship from the Computing Research Association (CRA) and the National Science Foundation (NSF), as well as a 2012 Google Faculty Research Award.

Hasan plans to expand his work on secure location provenance. He recognizes that threats to national security go well beyond people carrying mobile devices. A recent incident at Los Alamos National Laboratory is the perfect example, he said: Los Alamos, one of only two labs in the United States working on classified design of nuclear weapons, removed Chinese technology from its facilities based on security fears.

Hasan says knowing the origin and location history of technology materials is critical to security.

Read more about Los Alamos decision here.

“What if someone introduces a device of an unknown origin and provenance to a network – who knows what it contains, or who had access to the device?” said Hasan. “It could have malware embedded that contains a back door to allow hackers to get in and steal classified and dangerous intellectual material.”

The technology Hasan’s team is developing could also be used to prove the origin of goods.

He points to a recent study published by Oceana, an international organization focused on ocean conservation, which found widespread mislabeling of fish in grocery stores, restaurants and sushi vendors in major U.S. cities. Hasan says fraud can happen anywhere with food, medicine or any manufactured product.

“Supply chain evidence can be easily faked, so the consumer can only hope that the corporation they buy from is telling the truth,” said Hasan. “Right now there is no secure way to verify where your food or medicine comes from, but we are working in the SECRETLab to change that.”

The DHS program is part of the National Strategy to Secure Cyberspace. Its goal is to develop enhanced technologies to prevent and respond to cyber-attacks on critical information infrastructure.

The DHS received more than 1,000 proposals and chose only 34 for funding. UAB joins a select group, including Ivy League schools such as Columbia University and Princeton University, as well as defense contractors such as Northrop Grumman Information Systems and Raytheon BBN Technologies. Hasan’s grant to work on secure location provenance is for two years. This grant will support two graduate students and one postdoctoral fellow in the UAB Department of Computer and Information Sciences.