“I believe we have reached the turning point where long sought after security protections are within our grasp, and we now have the opportunity to turn the tide of the cybersecurity arms race.”
-- Eric Osterweil, assistant professor of computer science
When you tap your phone to make a purchase or fill out a health or financial information form online, you hope your private data is secure.
But cyberattacks occur, partly because "our systems remain hamstrung by the Internet’s yet-to-be-secured foundations,” says cybersecurity researcher Eric Osterweil, an assistant professor in Mason Engineering’s department of computer science.
“I believe we are losing the cybersecurity arms-race, but a combination of basic research and operational innovation would give us the tools we need to combat today's and tomorrow's cybersecurity threats.”
His goal is to create a more secure, stable infrastructure for the Internet. “The foundation has to be built on bedrock. It needs to be as secure as it can be.”
Osterweil, who joined Mason in fall 2018, is building a team of researchers to investigate ways to improve the security of core Internet protocols, including inter-domain routing, the super-highway of the Internet that carries all traffic, and the Domain Name System (DNS), the system that gives names to all Internet resources. He’s also working to extend those protections into other security mechanisms and tools throughout Internet systems.
This work could help prevent many common malicious attacks including data theft, problems with authentication and authorization, and distributed denial of service (DDoS) attacks—massive volumes of cyberattack traffic that routinely make headlines by knocking large websites offline, he says. “It will help secure email, the internet of things, mobile health, cyber-physical systems like those in cars.”
“I’m investigating solutions that will, for example, ensure no one—not even your email provider—can see the email conversations that you have with others.”
Sanjeev Setia, chair of the computer science department, says, “The Domain Name System is critical to the functioning of the internet, and Eric is one of the world's leading experts on the subject of DNS security.”
His research expertise in Internet security complements the department’s existing strengths in cryptography and security of mobile networks and cyber-physical systems, Setia says.
Osterweil spent almost 20 years working in industry, operations, standards, and policy communities to gain insights into cybersecurity. He’s working with them now, fostering collaborations and pursuing funding.
He says he’s “thrilled to be working with Mason’s talented researchers who have a great reputation in the computer science and cybersecurity communities."
“We need to secure the Internet’s foundation in a way that enables coherent, consistent, and useable security all the way up the layers of software, so users feel secure when they tap their phones, bring connected devices into their homes, and rely on the safety systems in their cars,” he says.
“I believe we have reached the turning point where long sought after security protections are within our grasp, and we now have the opportunity to turn the tide of the cybersecurity arms race.”