New 4-Year Construction Project To Create an Open Cybersecurity Testbed: SPHERE

by Leila Okahata

Photo Credit: TBD

The internet is young, but the field of cybersecurity is even younger. Officially born in 1983, the internet was initially designed with accessibility and connectivity in mind, but not so much security or privacy—a weakness cybercriminals continuously abuse today as commercial defenses and research solutions play catch-up.

With our lives becoming progressively digitized, protections against online threats are needed more than ever. Ransomware attacks have more than tripled since 2017, DDoS attacks have doubled from 2021 to 2022, and data breaches have increased by 70%, said David Balenson, Associate Director of the Networking and Cybersecurity Division at the USC Information Sciences Institute. Critical infrastructure, including banking, energy and medical systems, have become increasingly targeted; Even scientific infrastructure such as observatories and researcher’s computers are being hacked, he added.

To foster innovative cybersecurity and privacy research and experimentation that leads to new defensive systems and protections, a team of researchers from ISI’s Networking and Cybersecurity Division and Northeastern University are constructing an open testbed called SPHERE: Security and Privacy Heterogeneous Environment for Reproducible Experimentation. The National Science Foundation recently awarded the ISI-led team with an $18 million Mid-Scale Research Infrastructure-1 award to fund the construction.

What is SPHERE?

SPHERE is a testbed—a realistic environment made with real hardware, virtualized systems, and control software—in which cybersecurity and privacy research and experimentation can be conducted. “For example, it can simulate and emulate a variety of real-world infrastructure, such as electric and water plants, and different attacks, like ransomware and intrusion detection,” said Balenson, who is the Community Outreach Director on this project.

The testbed will be constructed over the next four years to support a broad range of cybersecurity and privacy research, said Jelena Mirkovic, Principal Scientist at ISI and Principal Investigator on this project. The team’s goal is to ensure that the variety of hardware types offered would serve the community’s needs. This greatly expands upon the functions of ISI’s predecessor testbed DETERLab, which was deployed in 2004 and offered a fraction of SPHERE’s envisioned capabilities, Mirkovic added.

Amongst SPHERE’s new supported hardware types is a lab with IoT devices, commonly known as smart devices, ranging from smart bulbs to smart refrigerators. ISI researchers recruited help from the Mon(IoT)r Research Group at Northeastern University to implement up to 500 IoT devices into the research infrastructure. “No one has ever done this before,” said David Choffnes, Executive Director of the Cybersecurity and Privacy Institute at Northeastern and Co-Principal Investigator on this project, adding that his lab currently only supports 100 devices. He hopes that “the research conducted in the new testbed can help increase consumer awareness of the security risks of using smart devices at home.”

To meet the needs of different classes of users, SPHERE will provide six user portals, accessed via a single user interface. “The portals will support exploratory research, mature research, novice users, use in education, use by artifact evaluation committees, and human user studies,” Mirkovic said. 

“Users will be able to access all portals from the user interface and obtain a consistent view of their experiments while being able to switch between portals as their needs evolve,” she added.

Fostering Collaboration and Reproducibility

This research infrastructure will also allow researchers to collaborate in a shared space and build on each other’s work. “Cybersecurity research is often done in isolation, and documenting every network, device, connection, wire and script used in order to allow other researchers to repeat the same experiment is difficult,” said Terry Benzel, Director of the Networking and Cybersecurity Division and Associate Director of ISI.

But in this new testbed, experiments can be publicly archived, allowing users to easily reuse and expand upon previous work without recreating it from scratch, she said.

“My hope is that we will see faster progress and be able to free up more of researchers’ time so that they can focus on their work instead of how to build the whole world in a small setting,” Mirkovic said.

Empowering Current and Future Generations

This project will also be accessible to educators and students. In 2010, a set of teaching materials was created and housed in DETERLab to allow classrooms to safely experiment with cybersecurity systems, Mirkovic said. Students learned, for example, how to create firewalls and network address translations. The team plans to create educational exercises for SPHERE’s hardware and allow educators to contribute their own assignments.

The team also plans to provide an internship opportunity, starting in 2024, for undergraduate students from communities underrepresented in the computing workforce. Students will learn how to build and maintain large-scale cybersecurity systems.

ISI has a legacy of operating resources that serve the research community and will continue to pave the way with a modern, open, and rich research infrastructure that advances cybersecurity and privacy.

“The bad guys, they have the whole world as their testbed. They can try out any attack for as long as they want until they get it right,” Benzel said. “Our goal is to provide the good guys with a research infrastructure for experimentation at the scale and complexity of what the bad guys are trying to do out there.”

Published on December 4th, 2023

Last updated on May 16th, 2024

Want to write about this story?