Intercepting Signals: New technologies for making wireless devices more secure
When was the last time you used a smart phone, or a tablet or a laptop? Has it been 30 seconds? Five minutes? Ten? Are you using one now? Odds are, you’ve got at least one within reach. Wireless devices have enmeshed themselves into our daily lives with their convenience and varied capabilities to the point that for many people, their phones are more vital than their wallets.
But that effortless incorporation of real life and the cyber world can spell trouble. With wireless devices being the receptacles for so much of what’s important to us, they make easy targets for high-tech thieves. Some Utahns, however, are developing means of foiling those current and looming threats.
More secure than Bluetooth
Orem-based Freelinc has developed a technology for use in many of the same applications Bluetooth would be used in, but does so in a more secure manner, according to Freelinc CEO Dr. Michael Abrams. “It’s almost the opposite of Bluetooth to solve the same problem,” he says.
Rather than using radio waves to transmit information, Freelinc’s near-field magnetic induction communication, or NFMI, system uses the attractive forces in magnets—for example, if you were to imagine a cartoon of a magnet, the information would travel along the wavy lines surrounding it. Because those attractive forces separate quickly, the waves don’t travel as far as Bluetooth’s radio waves, he says.
This means for anyone to try to skim information from those waves, they’d have to be close enough for someone to notice, Abrams says, whereas someone trying to steal information from Bluetooth waves has enough room to be a little more stealthy. On the other hand, others with that technology within two or three meters of each other can share information much more quickly than with Bluetooth.
The technology is gaining huge strides with the military and law enforcement due to its inherent security, says Abrams.
“What it really creates is a sort of bubble around the user, and inside the devices are connected much more powerfully than with Bluetooth,” he says. “From a security standpoint, what NFMI adds to connectivity is a new physical layer. NFMI is hugely secure without encryption.”
Those fields and the often classified nature of their information opened the gateway for NFMI to succeed, Abrams says, in that Bluetooth essentially had to prove inadequate for their needs in such a way that they were willing to adopt new technology. NFMI technology was first employed in research at MIT, but Freelinc is the only company using it commercially, he says. The company was founded in 2003 with the intention of developing wireless shoulder radios and selling them to law enforcement as a more convenient and secure means of communication.
“The way we’ve approached that is by identifying Bluetooth failures, providing our partners with solutions and getting people accustomed to connectivity with this extra layer, this extra secure layer,” he says.
In addition to use among soldiers or police, the technology has huge potential in the medical field, says Abrams, who has a medical degree and whose background before heading Freelinc was largely in various medical capabilities. Multiple medical devices could be connected in the same bubble, which means faster and more efficient communication between all of them, he says. A next-generation chip will also allow triangulation of the device within the bubble. For example, a cancer patient’s dosage of chemotherapy could only be adjusted if the device sensed the doctor’s compatible device within a certain range.
“We don’t just get rid of cables on officers; we can secure your connectivity with your car, we can allow a pacemaker to call 911 securely through your smartphones,” he says.
Abrams says he knows making NFMI a more mainstream means of data transmission is somewhat of an uphill battle, especially with the near-ubiquity of Bluetooth devices. However, he believes the rapid advancement of technology will prove NFMI’s advantages. “What we are is an Internet of Things company,” he says.
In fact, he says, devices could have both Bluetooth and NFMI capabilities, and the device could choose which connection method makes the most sense—or even use both, for ultimate security.
“The real challenge is the inertia faced by any innovation,” he says. “It’s exciting, but it’s very difficult sometimes when there’s a huge incumbent, so we’re trying to do it carefully.”
Keeping wireless data safe
Meanwhile, the data signals your phone uses could also be jeopardizing your information—or its communication capabilities could even be sabotaged by malicious users of developing wireless technology. Researchers at the University of Utah are trying to find ways to identify those who would seek to interfere with data signals and pass along the information to be decoded and used by law enforcement to shut them down.
The project is headed by Sneha Kumar Kasera, Ph. D., a professor in the School of Computing at the University of Utah, and is being funded by a three-year, $1 million grant from the National Science Foundation. Essentially, the project will crowdsource data from volunteers to find unauthorized users of certain frequencies at certain times in an effort to hone detection and location efforts of those users.
Kasera has a long history of cybersecurity research. Among his past projects is a means detecting the location of a person based on the signal going from a transmitter and a receiver, such as a wifi router and their smartphone. The practice, which was studied, not invented, by Kasera, could be used by both criminals to see when the resident of a house or office has left, or by law enforcement to see where in a building a suspect is.
For his current project, being able to detect unauthorized users of wireless spectrums has value both for communications companies, which are having their networks used or hijacked by freeloaders, and law enforcement and government agencies. Most current wireless devices are more or less assigned a certain frequency, but some newer devices use what’s known as software-defined radio, which allows users to change which frequency they use. Malicious users already are sending out jamming signals to interfere with others’ use of the spectrum, he says, and the problem will only become more prevalent as more and more devices employ this technology.
Unauthorized use of frequencies could be as minor as skimming on a wireless spectrum a user hasn’t paid for, or it could be as severe as jamming satellite signals or communications between airplanes and air traffic control towers, he says. The current technology in place by the Federal Communications Commission is cumbersome and requires data collection of a location over months or years.
“The bad guys are not going to wait for you to measure them,” Kasera says.
Kasera’s project involves building a system through which volunteers can use an app or program to take a sort of snapshot or clip of the users on a frequency in a certain area at a certain time. The volunteer would only take short glimpses of the traffic in an area at that time, and then another volunteer might take a snapshot of another frequency, or the same frequency in a different location at a different time. All together, the bits and pieces of data could be compiled into a comprehensive look at who is using what frequency where and when. It could then be decoded and compared with data of who typically uses that frequency then and there, or who is allowed to be on that frequency, by law enforcement or wireless companies.
That last part—that Kasera is seeking only to collect data, and leaving the decoding and comparison to other, authorized entities—is important, he says. The project is only seeking to help shore up leaks and improve detection; to decode the information themselves would be a massive and needless breach of privacy for the vast majority of people using the frequencies they’re supposed to in a lawful manner.
“We don’t decode the signals. We don’t have any information on the cell phone numbers or the device they’re using. All we know is someone’s trying to transmit on a certain strand at these locations. We are building techniques to localize transmitters,” he says. “We don’t have authority to do that, to decode any signals, because we aren’t law enforcement. We just want to make it easier for them. We would find illegal use of spectrum, we would locate the illegal use of spectrum, and we can give that to them.”