A new force in the world of cyber defence systems
After completing his primary degree at RWTH Aachen University in Germany, Turkish-born Sakir Sezer first discovered his passion for designing hardware-based network processing following a student exchange programme with Queen's University and subsequent employment at a local high-tech start-up.
Internet and network security threats have evolved from harmless pranks into widespread cybercrime involving viruses, worms and intrusions that cause disruptions and collateral damage worth hundreds of billions of pounds every year. According to the latest Cabinet Office report, the annual cost to the UK economy alone is £27bn.
Within the next five years however, groundbreaking computer hardware now in development at the Centre for Secure Information Technologies (CSIT) could be used to put an end to many of those threats before they can cause any harm.
The innovative technology is being developed with funding from EPSRC by a team led by Sakir who was recently appointed to the newly-created chair of Secure Information Technologies at Queen's University. Their work will allow Internet traffic to be inspected and analysed in real time for malicious content, protocols and anomalies. This will enable risky or threatening online behaviour to be pinpointed and stopped in its tracks.
"Conventional processor technology is unable to meet the real time and throughput constrains of Internet security processing. Content, in particular, is only processed character-by-character at the present time," says Sakir.
"That means it is currently impossible to police, control and manage the phenomenal volume of online traffic. Even advanced firewalls and similar measures offer only limited protection. If a personal/home-PC is not well protected by security software, for example, the Internet can be a dangerous environment, especially for children and anyone who isn't computer literate.
"Research like ours is therefore vital in the development of new technologies that will make the Internet a safer place and in the long term, eliminate the need for users to defend themselves with a set of complex security tools."
Central to CSIT's breakthrough is a new type of highly powerful content processor capable of handling data between 100 and 10,000 times faster than existing solutions. Each one can prescreen huge volumes of information, equivalent to the Internet traffic produced by over 100,000 households, for malicious content, protocols, and behaviour.
Sakir believes that the rapid take-off of cloud services and the wider use of cloud storage for public and personal data will see a dramatic increase in the demand for this type of complex content processing for security, html/xml parsing, data mining and indexing.
"Our technology significantly outperforms existing solutions both in terms of power consumption and speed throughout. We believe it has the potential to do for cloud computing what Cambridge-based ARM Holdings' processors have done for mobile wireless communications.
"We're developing parallel processors that can be scaled to process up to 32 characters at once, making complex content processing of huge data volumes possible in real time.
"Network providers will soon be able to install and use this technology to provide much better protection for Internet users, improved quality of service and more efficient utilisation and management of network resources."
To maximise the impact of the hardware, Sakir's team is working on new intrusion and malicious code detection algorithms and on optimising proven rules for custom processing. These may be used to govern which website requests to block as well as to identify traffic potentially generated by malicious software or unsolicited emails that may carry damaging content.
"This new generation of hardware optimised security algorithms and detection rule sets combined with custom-purpose parallel processing capability will improve Internet security beyond recognition. Together, they will enable the prevention of Denial of Service (DOS) attacks in real time without constraining the bandwidth and speed of the Internet. They will also provide real time intrusion detection and prevention capabilities to mitigate against emerging targeted attacks."
Sakir's team brings together experts in Internet traffic/threat mining, policy/rule set definition, System-on-Chip design and programming and system-level security. Throughout the project, they have been working in close consultation with UK and US equipment manufacturers, security vendors and network operators to ensure their technology meets market needs and delivers real-world benefits as quickly as possible.
"Our research has led to the development of a high performance system we are confident will become a vital component of Internet and cloud security and cyber defence systems.
"It has attracted a large amount of international interest and a spinout company, Titan IC systems, has been set upto commercialise some of the technology that has been developed through the project."