One might not think of Portland State as a leading institution in computer science and internet security, but a grant from Google’s Eric Schmidt suggests otherwise.
Two weeks ago, professor Tom Shrimpton received an email from Schmidt telling him that he was awarded a $96,000 “New Age Digital Grant” in support of his research in Internet encryption technology. Shrimpton, along with a small team of students and fellow professors both within PSU’s computer science department and from out-of-state universities, developed a technique that helps circumvent online censorship.
“The recipients chosen for the New Digital Age Grants are doing some very innovative and unique work, and I’m proud to offer them this encouragement,” Schmidt said in a March 10 press release. “I felt it was important to encourage organizations that are using it to solve some of our most pressing problems.”
Shrimpton worked with his student Kevin Dyer, as well as colleagues Thomas Ristenpart at the University of Wisconsin and Scott Coull of RedJack, LLC, a network analytics company. They designed their technique to improve current encryption technologies, which they believed were not as sound as they could have been.
“We worked on another paper that was about how successful normal encryption is at hiding what website you visit,” Shrimpton said. “People had thought if you want to visit a website and you want to hide that website, [that] if you were to encrypt everything that you sent, you can hide everything—and it turns out that it doesn’t.”
An observer can still determine the frequency and number of encrypted users visiting one website. So Shrimpton and his colleagues found themselves confronted with the question: Is it possible to take this encrypted data and make it look like normal, boring web traffic?
The answer so far seems to be a resounding yes, though it’s still far from perfect.
In spring of last year, Shrimpton bought a month of time on a virtual server farm in China and installed his client there. The other end of that connection was installed at the University of Washington.
For one month they did everything they could think of that would attract attention from internet observers, such as visiting Facebook and Google searches for anything that could be considered hostile and so on. For that month they got no signs of outside observers.
“This is not an anti-censorship app,” Shrimpton said. “In some countries if people were to use programs to hide encryption data, there will be real harm—whether physical, economic, anything—so we’re trying to be extremely careful.
“We’re not pushing this to be used for everyone in the world, there’s still much work to be done.”