NPS Computer Science Professor Geoffrey Xie, recent NPS graduate Lt. Scott Huchton, and Assistant Professor Robert Beverly were awarded the 2011 Fred W. Ellersick Military Communications (MILCOM) Award for the Best Paper in the Unclassified Technical Program, presented at the MILCOM Conference last month.
Their paper, titled “Building and Evaluating a k-Resilient Mobile Distributed File System Resistant to Device Compromise,” looked at the securing sensitive mobile networks that may be appealing targets for adversaries.
With the growing popularity of smartphones and mobile devices, the question of security is always a cause for concern. In response to those challenges, the paper explores a prototype storage system called the Mobile Distributed File System (MDFS), designed to compliment existing authentication, privacy and integrity techniques.
“Our system ensures data privacy through a group secret sharing scheme instead of relying on conventional independent encryption keys per device or per user,” explained Xie. “As a result, the system is resistant to total device compromise as long as fewer than k devices are captured or lost, where k is a customizable parameter. We call such a storage system k-resilient in withstanding device captures and note that when k > 1 the system provides a stronger security guarantee than simply encrypting stored data per-device.”
The paper was an extension of Huchton’s thesis, and a topic that will continue to be a focus for the defense community.
“Information, particularly information at rest, is a difficult problem for the Navy, DoD or any branch of the military to deal with,” said Huchton. “There are a number of ways to approach solving the security issues or the resiliency issues, but they are either very expensive or are not computationally practical in a mobile environment with limited power. I believe we've just scratched the surface with a demonstration of feasibility in the thesis and a presentation of practical metrics and limitations in the MILCOM paper.”
Xie explained that the team sees the concepts outlined in their paper having real-world applications for troops in theater. They looked at what options are available for recovering lost data, and ensuring that it doesn't fall into the wrong hands.
“Suppose a team of soldiers are on a mission where access to, and sharing of, data is critical to mission success. The soldiers require devices capable of transmitting and storing sensitive data, but the loss of one or more of those devices could prove devastating if the enemy is able to gain access to the sensitive data,” Xie said. “Encryption on the mobile device only partially solves this problem and does not address the issue that the data stored on the lost device is no longer available to the rest of the team. More importantly, if the encryption key were coerced or otherwise recovered, all data residing on the compromised device is revealed. Building a “remote kill” feature into the mobile devices can mitigate the problem, but such a solution works only when the captured devices remain connected to the network.”
The team’s hard work received positive attention from attendees at the MILCOM Expo, and reinforced the idea that network security is a real concern that needs to be addressed. Their paper went through a rigorous vetting process, competing against 300 other submissions to be selected for the award.
“I think the fact that we won the Ellersick Award for best unclassified paper is a testament to the hard work that went into writing it,” said Huchton. “I'm honored to share the award with people I so highly respect.”