Research Statement
Richard E. Newman
Information hiding in the forms of traffic analysis prevention, anonymity, covert channels, and steganography have been an interest for several years. Early work in traffic analysis prevention resulted in cost-effective methods for TAP presented at ACSAC and at the Oakland conference. The latter also addressed network covert channels in a generic way, with solutions that eliminate or mitigate covert channels in networks. More recently, in work with Ira Moskowitz and Paul Syverson of NRL and Andrei Sergjantov of Cambridge, I have devised information theoretic formulation for measuring the success of TAP measures. Andrei and I have will also present work analyzing timed pool mixes for anonymity. Over the past two years, I have worked with Ira Moskowitz and Li-Wu Chang of NRL on steganography, developing a steganographic embedding presented at Information Hiding 2002 that encodes data in the spatial domain of images, but is compatible with JPEG encoding. Work as yet unpublished extends that method and provides very sensitive tests for the presence of steganographically embedded data in JPEG files. It is capable of detecting all of the methods for which we have been able to create stego images. This work is supported by the Naval Research Laboratory and supports one graduate student.
Multilevel secure systems is an area of interest in which I have worked with Raytheon Systems Company. Most of this work has been done in the context of the Integrated Process and Product Development (IPPD) class, which teams an interdisciplinary group of undergraduates with a faculty coach working on a project defined (more or less) and funded by an external entity (usually a company). Over the years we have developed prototype systems for a) securing wireless communication systems (using the Layered Service Provider approach in Windows 98); b) providing compartmented access to databases using PKI attribute certificates; and c) performing network vulnerability analysis in conjunction with reconnaisance information. The current project focuses on biometric authentication systems. We are developing an evaluation framework, evaluating several BA systems, and developing middleware to combine the output of multiple BA systems in making an authentication decision. Some of this work has been presented at ACSAC and at other conferences.
Unpublished work in the area of intrusion detection systems and anomaly detection was done with Unistry Associates, Inc. We developed some network anomaly detectors based on the approach of Dr. Forrest and UNM, and have built a distributed, extensible structure for incorporating third-party system monitoring, IDS, and anomaly detection sensors into a larger context. The EGIDEM system has included snort, Tripwire, and NOCOL detectors in addition to our own homegrown detectors, all reporting to a rule-based coordinator. More recent effort has spread coordination responsibility over multiple nodes in overlapping logical structures that thwarts attacks on any single point of failure, and allows information sharing between autonomous regions.
With Randy Chow and several students, I have worked in the area of authentication and authorization across independent administrative domains. We developed the PASS system in concept, then implemented it using FreeBSD. In this, a gateway node enforces policy for access control both for outgoing messages and for incoming accesses. We have also developed systems for key derivation in cases where information flow exceptions are desired.
Some portion of my work in computer and network security has overlapped with my research in distributed collaboration and CSCW. A decade ago we had developed a LAN-based CSCW system called DCS that allowed persistent groups of people to collaborate using a specially developed concurrent text editor, a specially developed concurrent graphics editor, and a terminal window sharing system, in addition to text messaging, logging, and query processing. A voting mechanism was provided for controlling conference activities in a flexible way. Desire to translate this system to wide area networks has fueled work since then. The challenges are a bit more daunting, but after initial work concerning fault tolerance (for the servers), we have matured the system design and implemented a good portion of this design. Basic services include message security, user and server identification and authentication, distributed database services (replicated), and access control services. These are used by conference control services, file services, notification services, and decisions support services. Application management services deal with life cycle issues in applications that may not be deployed at all sites and may not be made available within a particular group. Decision support services are called by access control service for multiparty authorization for certain actions, and uses notification services to alert relevant users to the need for their input. Access control is based upon a novel model in which a variation on typed access control matrix is extended with decision template pointers, allowed group participation in access decisions.
The CSCW work is also related to research in reliable multicast and secure multicast. Earlier work in this area concerned satellite networks with point-to-point links, which pose challenges due to their frequent reconfiguration. With Dr. Chow and several students, we built a node control system that was demonstrated successfully managing and recovering from introduced network errors. Laser crosslink transceivers developed by Thermotrax Corp. in San Diego were monitored and controlled by our software. More recently, IGMP-compatible architectures for reliability and security have been devised.
I have also consulted for Intellon Corporation in Ocala, Florida, helping to develop and to analyze the HomePlug 1.0 protocol standard recently approved by the HomePlug Alliance. Devices using this standard are now on the market, and we are working on the successor protocol (which should be adopted later this year). My work there has focused on MAC layer protocols, theoretically analyzing various CSMA/CA schemes, then simulating them, and finally validating these results with field tests. Our analysis, simulation, and actual field results agree very well. Analysis included performance in the presence of impairments. This work is in the process of being published currently. Most recently, we have been running field tests of IEEE 802.11x and HomePlug 1.0 in houses (and in the open), measuring TCP throughput, link stability, and coverage. Early results have been published in various conferences, and we have a journal submission accepted in this area.
Over the years I have supervised many scores of masters students and a handful of doctoral students in these areas. I find that this involves a significant amount of teaching of skills and methods that are not covered in most classes. However, the rewards of intellectual discovery and sharing the joy of this with other researchers is well worth the effort.