| NSF Org: |
OAC Office of Advanced Cyberinfrastructure (OAC) |
| Recipient: |
|
| Initial Amendment Date: | September 14, 2015 |
| Latest Amendment Date: | September 14, 2015 |
| Award Number: | 1547099 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Rob Beverly
OAC Office of Advanced Cyberinfrastructure (OAC) CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | January 1, 2016 |
| End Date: | December 31, 2018 (Estimated) |
| Total Intended Award Amount: | $488,514.00 |
| Total Awarded Amount to Date: | $488,514.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
107 S INDIANA AVE BLOOMINGTON IN US 47405-7000 (317)278-3473 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
2709 E. Tenth Street Bloomington IN US 47408-2671 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Cybersecurity Innovation |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Modern scientific instruments such as telescopes, electron microscopes, and DNA sequencers, capture and process data using on-board computers. These on-board computers transform what the instrument "sees" into digital data. In the case of a telescope, the onboard computer converts the lens' focused image into a digital jpeg file. Like most computers, these instruments are vulnerable to network-based attacks, which risk compromising data and harming the instrument. When an instrument is compromised via a network attack, the science it supports grinds to a halt. To ensure that researchers can maintain the control and integrity of their instruments and data, this project develops a device that works with the instruments' on-board computers to prevent unauthorized access and manipulation of data. The device serves as both a firewall for the instrument and as a data transfer system that ensures data collected by instrument is not altered. Technology developed through this project will have broader applications like protecting medical devices, industrial machines, and aircraft.
The project designs, develops, and tests the deployment of a small device that functions as a firewall, large file transfer facility, and network performance monitor. The device consists of a small, low-power box positioned between the instrument and the campus network. Firewall policies are configurable by the researcher (or their designate) via a cloud-based portal. The file transfer facility will transfer large data files over long distances, while maintaining reliable performance. This facility will also digitally sign files, so data integrity can be verified throughout the science workflow. In turn, the network performance monitor will interface with associated online systems, so performance bottlenecks can be easily identified. Ultimately, this architecture and implementation will ensure optimal data processing while safeguarding the integrity of the instrument and its data throughout the scientific workflow.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The principal goal of the project was to create an inexpensive device to:
- Protect science instruments (e.g., digital microscopes, DNA sequencers, CAT scan machines, etc.) from network-based cyber attacks.
- Enhance the researcher's ability to securely transfer data from the instrument to their science workflow.
- Create a "digital seal" that would reveal if data collected by the instrument had been altered since its initial creation.
We were able to create a device that provides substantial protection of the science instrument from cyber attack and enables authenticated and encrypted transfer of data to and from the instrument. While we were also able to design prototypes of a system to create a digital seal that would ensure changes in the original data would be detected, we were unsuccessful in adapting the prototype to a researcher's production workflow. Successfully integrating this type of integrity feature into existing science workflows warrants additional investigation.
The project was able to leverage and contribute to several open source projects (Linux, Guacamole, Apache, SSL, Python, etc.), as well as the work of the Raspberry Pi Foundation. The result was a low power, low-cost device that's widely available.
While the project met most of its goals, and the device was successfully used on Indiana University's Bloomington campus, to our knowledge it didn't gain adoption elsewhere (the components of the device are published open source, so it may be implemented elsewhere without our knowledge).
The diffusion of new cybersecurity technology into campus and enterprise environments is complex. During the course of the project, there's been a substantial shift if the security posture of university networks. A niche device designed to protect a hundred instruments may not be attractive when resources are focused on general protection of a sea of 100,000 network connected devices. There's also a growing awareness on behalf of the science instrument manufacturers that customers are increasingly concerned about the security vulnerability of the instruments themselves, and we've seen evidence that these concerns are reflected in improved devices.
We've shared what we've learned during this project with our peers within the higher education community, and we're encouraged by the growing activity around improving cybersecurity broadly, as well as securing network-connected devices, such as science instruments, in addition to the more traditional network-connected phones, laptops, computers, etc.
Last Modified: 04/04/2019
Modified by: Steven Wallace
Please report errors in award information by writing to: awardsearch@nsf.gov.
