Sandia tackles challenge of securing large network of hand-held devices

Researchers at Sandia National Laboratories have stitched together a large network of hand-held computing devices running the Android operating system in an experiment to learn more about how to better protect such a network from cyberattacks, the laboratory said recently.

The laboratory hopes that by linking together a virtual network of 300,000 virtual computing devices running the the Android operating system it will be able to produce a software tool that will enable others in the cyber research community to model similar environments and study the behaviors of smart phone networks in an effort to boost their security, Sandia said.

The Android project, dubbed MegaDroid, is an outgrowth of earlier work by Sandia researchers that focused on virtual Linux and Windows desktop systems. Researchers working on the project expect that they soon will be able to conduct a demonstration of MegaDroid that could be presented to potential industry or government collaborators.

At this time, Sandia's virtual Android network is insulated from other networks at the labs and the outside world, but it is capable of being built up into a realistic computing environment, the researchers said. That environment might include a full domain name service, an Internet relay chat server, a web server and multiple subnets, they said.

One key element of the Android project is a “spoof” Global Positioning System (GPS). Researchers created the simulated GPS data of a smart phone user in an urban environment, an important experiment since smart phones and such key features as Bluetooth and Wi-Fi capabilities are highly location-dependent and thus could easily be controlled and manipulated by hackers.

The researchers then fed that data into the GPS input of an Android virtual machine. Software on the virtual machine treats the location data as indistinguishable from real GPS data, which offers researchers a much richer and more accurate emulation environment from which to analyze and study what hackers can do to smart phone networks, resarchers said.

The latest development by the Sandia cyber researchers represents a significant advance for those hoping to understand and limit the damage from network disruptions due to glitches in software or protocols, natural disasters, acts of terrorism or other causes, the laboratory said.

The main challenge in studying Android-based machines, the researchers said, is the sheer complexity of the software. Google, which developed the Android operating system, wrote some 14 million lines of code into the software, and the system runs on top of a Linux kernel, which more than doubles the amount of code.

Much of Sandia’s work on virtual computing environments will soon be available for other cyber researchers via open source, the laboratory said. Researchers involved with the MegaDroid project  believe the laboratory should continue to work on tools that industry leaders and developers can use to better diagnose and fix problems in computer networks.