Securing the Integrity of Network Information

By Ron Cichowicz

Research conducted in the School of Information Sciences (SIS) offers tremendous potential for practical applications. One example is the work conducted by Professor Prashant Krishnamurthy and his SIS colleagues, professors David Tipper and Joseph Kabara, who are collaborating on a project on wireless information assurance funded by the National Institute of Standards and Technology.
“When I joined Pitt, my primary research focus was wireless networking, with an additional interest in security,” said Krishnamurthy. “I came to Pitt because of the reputation of its telecommunications program, one of the best in the country.”

According to Krishnamurthy, wireless wide-area networks, such as digital cellular phone networks, and wireless local-area networks (WLANs), such as the mushrooming wireless Internet services in coffee shops, have experienced tremendous growth, becoming a crucial component of the national communications infrastructure.

“More and more WLANs are appearing everywhere, in coffee shops, malls, and in homes,” Krishnamurthy said. “People are accessing the Internet from everywhere and are involved in commercial transactions, such as placing orders, making purchases, online banking, and getting stock quotes and trading.

“The usage is currently sparse, but as it increases, security and survivability become a big concern and needs to be addressed in a fundamental way. Such networks will only be as good as the integrity of the information that flows through them.”

As wireless networks are developing into a hybrid structure—with cellular networks providing wide-area mobile data service but at low-data rates and WLANs providing indoor and “hot spot” coverage at higher-data rates—the need for the assurance (security and availability) of information flow in these networks increases, especially because of the differences between the individual components.

“Wireless networks have aspects that make security and survivability different than wired networks, and also particularly challenging,” said Krishnamurthy. “The broadcast nature of wireless communication links makes them unique in their vulnerability to security attacks. Mobile stations also are limited in computational and battery power, which also constrains information security measures. Additionally, mobile stations continually leave the network and change locations, which also affects security and reliability.

“These unique features of hybrid wireless networks negate the standard survivability and security techniques developed for wired networks. Our project seeks to develop a comprehensive treatment of information assurance in hybrid wireless networks,” said Krishnamurthy.

If successful, Krishnamurthy and his colleagues will develop methods to guarantee protection against security attacks or accidental breakdowns and provide confidentiality, data integrity, authentication, and access control as required.

“For assuring information, the wireless network architecture must provide sufficient security and survivability measures such that secure communication can continue for all critical services in the face of physical attacks, failures, or security breaches,” said Krishnamurthy.