Since the very beginning of the public conversation around 5G — the latest-generation broadband cell network boasting super fast speeds — security issues have been front and center. Most notably, back in 2019, the U.S. and several other countries announced they would ban companies from using components manufactured by China-based company Huawei in their 5G networks. Canada followed suit with a similar ban this year. The basic concern involved an allegation that the company was embedding its tech with security holes that the Chinese government could exploit for espionage or theft of intellectual property. Given these concerns, the subject of Assistant Professor Junaid Farooq's latest project might sound a little surprising. Over the next year, he and an interdisciplinary team of researchers from NYU, Colorado State University and the University of Illinois Urbana-Champaign are aiming to build a system that would allow the U.S. military to use regular commercial 5G networks for sensitive communications.
If they’re successful, it could completely change the nature of military communication. Right now, communications typically require private secured tactical networks. But in the real world, there are many situations where military units may be operating in regions where dedicated, trusted communications infrastructure simply isn’t available. What they may have access to, however, is the standard commercial 5G cellular network — the same one you use for calls, texts and checking Instagram. And if Farooq’s team can figure out a way to make that unsecure network function as a secure one, it could give military units new options for communicating when time is of the essence.
It probably goes without saying that this presents some interesting security challenges. “As everything moves to the cloud and these wireless networks, the ecosystem is becoming very complex,” Farooq says. “There are a massive number of devices connected together, and cloud services are very programmable, meaning any service can connect to any other service in any device in any place. The complexity of the interactions is just ballooning.” Farooq says one of the consequences of this complexity is that the old paradigm of security is essentially becoming obsolete. In the old days, you simply put all your users behind a firewall, and once you’d secured your network, you could allow everyone to interact without scrutiny. Now, when you have devices, and even applications on devices, interacting all the time in complex ways, often via the cloud, Farooq says you almost have to assume that everything could be compromised. In this so-called “zero trust” security environment, interactions must be continuously scrutinized and validated to ensure nothing bad is going down on your devices.
Farooq says this zero trust approach could be the key to unlocking 5G’s potential for military communications. The system he and his colleagues are developing will provide visibility into all the interactions that occur when you connect to a 5G network — including which applications might be trying to interact. That will enable a user to identify what kinds of interactions should and shouldn’t be allowed. So, for example, if a cloud application is suddenly trying to access a user’s camera application, the security system could automatically shut it down. Importantly, this approach would allow organizations to “ringfence” particularly sensitive assets — a new security approach that stops applications from interacting in unpermitted ways. Importantly, Farooq says this can stop hackers from probing more deeply into other parts of a network if they are able to gain access via a single vulnerable point.
A second security approach involves machine learning, a branch of artificial intelligence that uses data to generate powerful computer models. Pattern recognition is among the many strengths of machine learning algorithms, and by continuously monitoring a network, an algorithm can develop a sense of what usual network activity looks like. Then, once it’s built a background picture of what “normal” is, Farooq says their tool can shut down “anomalous behavior" that’s red-flagged as out of the ordinary.
The team’s work is being supported by a National Science Foundation Convergence Accelerator grant. As the name suggests, this special NSF program brings together experts working in a variety of disciplines, with a focus on creating commercializable tools that can benefit society. Farooq says this makes it a little different than some of his other grant experiences. “For example, every week, we’re doing training focused on crafting your story and pitching your ideas in a convincing way,” he says. “This makes it a little less of a strict research grant and more like a tech transition grant, where we can leverage existing work and bring it to market.” To that end, the team is also working with Illumio, a San Francisco-based company specializing in zero trust software, to develop the front-end user interface for their security tool.
The team is one of 16 recipients of this round of Convergence Accelerator funding. Each team will spend the next year developing a prototype, with the top five ideas receiving an additional two years of Phase II funding to support commercialization.
Story by Lou Blouin. Farooq’s team includes co-PIs Indrajit Ray, professor of computer science at Colorado State University; Quanyan Zhu, associate professor of electrical and computer engineering at New York University; Casey O’Brien, assistant director, Cyber Defense Education and Training, Information Trust Institute, University of Illinois Urbana-Champaign; and John Westerman, senior engineer, Illumio.