Baylor University promotes cybersecurity research from both a technical and a human perspective. This allows for creative interdisciplinary research and engagement across the University, and from outside sources. We are on a path to increasing our partnerships with industry and government organizations, and a dual approach such as ours allows for these to develop.
- Human - Baylor research in this area focuses on cybersecurity and related policy in various contexts, including corporate, geopolitical, etc. On the behavioral side, Baylor researchers focus on impact of policy on trust, social engineering (e.g., phishing), insider threats/responses, etc. On the geopolitical policy side, Baylor researchers focus on the integration of cyber tools/weapons. Specifically, how does/should the prevalence of such capabilities for allies and adversaries impact decision making in the military domain.
- Technical - Baylor research in this area focuses primarily on assessment/awareness automation based on contextual analysis and development/deployment of resilient systems. On automated assessment, Baylor researchers focus on anomaly detection for mobile and IoT device behavior, exploring the derivation of trust measures from such information. In resilient systems, Baylor researchers explore the use of various techniques (e.g., micro-isolation) to reduce the likelihood and, when that fails, mitigate the impact of compromise. .
Baylor Cybersecurity Research Areas
Baylor cybersecurity research draws from a variety of disciplines across the university. Here’s a sampling:
Threats and Opportunities from a Political Science and Economics Perspective
The build out of communication infrastructure has already posed a serious diplomatic and intelligence threat; however, it also presents the U.S. with opportunities. We explore the use of next-generation computing technology across four interrelated spheres of interest and influence: diplomatic, intelligence, military and economic (D.I.M.E.). Examining each of these areas and some of the ways in which these spheres intersect is critical to understanding the political and economic implications of next-generation wireless communications.
For the military, such innovations promise to make the collection and dissemination of information to the commanders of a joint force even faster, enabling, in theory, more rapid and decisive decisions. In addition, these technologies could also facilitate more ethical battlefield decisions, as rapid communications help lift the fog of war and enable greater discrimination between combatants and non-combatants. However, the security vulnerabilities in these next-generation technologies also mean that a highly networked force could introduce systemic vulnerabilities that could lead to its defeat. In the economic/social sphere, such rapid innovation promises vast increases in efficiency across multiple sectors. Telehealth, driverless cars, supply chain management, and public utilities represent only a few of the areas that will take advantage. This added efficiency will lead to greater profits for private companies. But with this opportunity comes risk. In sum, the development of next-generation communications capabilities presents the U.S. and its international and private sector allies with a number of threats and opportunities.
Network and System Security
Future communication systems promise significantly increased bandwidth and reduced latency. In concert, mobile devices exhibit ever-increasing heterogeneity and capabilities with respect to speed, graphical capabilities, camera, memory, and battery life. These trends will push significant computation to the edges, require greater flexibility in communication infrastructure, and necessitate adaptive intelligence from network and application services. Such migration of computation and data presents several security risks.
Baylor cybersecurity researchers explore several areas in computation to address these challenges. First, we focus on security in network virtualization utilization in areas such as NFV (Network Function Virtualization), SDN (Software Defined Networking), and Network Slicing (physical layer virtualization). One example of research in this space explores the application of techniques in machine learning to provide better virtual function design, execution, and composition, providing adaptability to localized contexts as well as ephemeral capability to deal with temporary or unanticipated change. Second, we consider security in localized computation, capability, and communication. The move to the edge is augmented by increased computing power of user devices, such as mobile phones, vehicles, etc. Such infrastructural improvement enables novel applications, such as enhanced human assistance (i.e., Alexa Next Gen), holography, Virtual/Augmented/Mixed Reality (VR/AR/MR) wearables, etc. We propose exploration of architectural support for securing these and other such applications. Finally, we explore implementation security. This effort focuses on the integration of security as a first-order concern and core feature in future generations of communication protocol specifications and implementations. Just one example is making privacy native to next generation infrastructure through anonymization, etc., and develop privacy notification and visualization techniques that enable end users to understand and even adjust privacy exposure. Such capabilities begin to address the problems of rapid growth of sensors everywhere, which negatively impact individual privacy.
Adaptive and Reconfigurable Wireless Systems
At its core, the telecommunications evolution/revolution comes down to how effectively the various stakeholders can distribute and manage the electromagnetic spectrum. Proper utilization will rely on AI-based, dynamic spectrum allocation. Such automation presents significant security challenges as adversarial AI systems may be utilized to trigger unintended behaviors. In addition, such systems must be adaptive to sudden catastrophic events such as cyber attacks or natural disasters. The behavior of such systems under duress is critical for enabling cyber resilience. However, the spectrum for communication, radar, and electronic warfare is a critical natural resource currently on the brink of full use. The most publicized solution to this problem has been to try to expand the frequency range of use, turning to the higher-frequency millimeter-wave range. This has opened a significant set of design issues that are presently under consideration.
As a new generation of wireless connectivity arises, effective use of the electromagnetic spectrum for warfare in the next generation is also a national point of concern that must be addressed. Electronic warfare is a core specialty area within the Baylor faculty. In one specific research area, the team at Baylor has been studying the application of EW within emerging technology pathways. For instance, passively monitoring the location and source of all communication nodes in a battlefield allows numerous tactical advantages and is a component of future EW. The identity of a source as friendly or hostile can be used to strategic advantage.
Generalization of such monitoring allows pinpointing of all communication devices when in the transmission mode. AI will be central in the assessment and control of each source. Machine intelligence forecasting can estimate the location of units who are mobile. The resulting mapping capability will be a useful tool. Of specific interest is identification of location and action of hostile jammers whose countermeasures will necessitate frequency shifting. To maintain maximum efficiency these shifts must be accompanied by fast electronics reconfigurability.
Ethics of Information Security
Advanced high-speed mobile networks have several anticipated benefits, including higher data rates, lower latency, and increased capacity. As with all technological advancements, potential threats accompany these benefits. In particular, next-generation networks can pose significant challenges for information security. These include threats to individuals, organizations, nations, and society as a whole. Because the potential impact on humans can be beneficial and detrimental, stakeholders must carefully weigh the choices they will face. The emergent capabilities of advanced high-speed mobile networks must be detailed and understood throughout the network’s entire lifecycle of design, implementation, and disposal. As these capabilities are implemented it will enact change in current and emerging technologies.
Policymakers and developers alike have the responsibility to implement technologies that meet high standards of good faith and trust. These characteristics are embodied in the ethical responsibility of a fiduciary, one who acts in the best interests of those who are most impacted by the technology. Baylor cybersecurity researchers explore a number of areas in the intersection of ethics and information security:
Confidentiality: While the growth of information sharing has advantages, the negative consequences must also be understood before deploying technologies. Trust has been shown to be a key enabler of technology adoption, cybersecurity, and automation. With the advancement of wireless networking, the ability of corporations to exploit public trust through surveillance, data exfiltration, and loosely consented data use for corporate strategy may amplify end user risk subsequently affecting trust.
Integrity: Advancements in high-speed networking will lead to innovation in associated connected technologies that capitalize on these improvements. For instance, artificial intelligence (AI) may have access to more data increasing its predictive capabilities and precision. As the line becomes blurred between humans and computers, it is imperative to understand how false and misleading data in these widely connected systems can be used for deception and unethical influence. When the integrity of data in information systems fail, so might the very political systems and structures put into place to protect societies dependent on these mechanisms. Additionally, as companies push new AI-enabled powered technologies few ethical standards are guiding the integrity and the behavior of the companies employing them. For instance, many companies are championing AI-enabled technologies that are not feasible with current computing resources. This unethical exploitation of an uninformed public can lead to detrimental consequences for individuals, organizations, and society as a whole.
Availability: As availability to networks increases, groups that were prior victims of the digital divide might have enhanced access to information systems improving education, standards of living, and STEM skills. Conversely, advancements in communication and computing might increase the digital divide and exacerbate the disparity between some groups. Ethical considerations may emerge around fair and accessible pricing for products. End-user technologies that are compatible with advanced high-speed networks will be more expensive, further marginalizing those individuals and groups in disadvantaged socio-economic categories. For instance, safety systems in vehicles may be incrementally improved yet these “features” may not be uniformly implemented or available due to price points. Additionally, existing biases may be further reinforced by the data trying to improve prediction yet not accounting for marginalized populations without fair access to connected technologies. Individuals in some industries may find their careers disrupted as AI-enhanced technologies replace previously stable jobs across organizations leading to resistance of the very technologies that can enhance lives. Additionally, constant network connections have been shown to lead to adverse outcomes for individuals such as technostress, computer addiction, and the erosion of work-life balance. Many ethical questions will have to be answered for organizations, governments, and nations as these technologies potentially create further disparity and marginalization based on socio-economic status.