How to tell when your computer is lying to you

In Department of Computer and Information Science and Engineering, News, Research & Innovation

UF Cybersecurity team develops a “polygraph machine” for machines.

It’s late morning and you’re sound asleep, having that recurring dream – the one where you relax on the couch after a long day of research while your Roomba cleans your apartment.

But you’re not in your apartment. You’re in a hotel room, a thousand miles and a score of hours from your last decent meal. Last night’s flight was rough. Or rather, the layover was. You found a place to charge your dying phone while you waited for your connection. But when you plugged it in, it all went wrong. Screen flashing, you quickly powered off. Malware.

You walk to the bathroom and find that the bar of soap you tore into the night before has been replaced. Housekeeping came? While you slept?

You walk straight to your laptop, where you left it on the desk.

You turn the computer over. One of the screws is loose on the casing. Airport security? Did they use a screwdriver to examine your machine? In the pit of your empty stomach, something feels wrong.

First the phone trouble at the airport. Now the maid – or someone pretending to be one – may have tampered with your hard drive. You thought scenarios like these were fiction.

Those UF Cybersecurity experts had warned you to use caution at public charging stations. They told you to pack an expendable laptop when traveling out of the country, to be very, very careful where you take your primary computer. But you didn’t listen.

They told you that they had developed a simple USB-delivered code that from a mobile phone could benchmark several physical characteristics during the initial handshaking that goes on between your computer and its components when it first powers up – features like voltage and timing – and create a digital fingerprint. Something uniquely identifiable, and incredibly hard to forge.

They told you that with this open source code, a simple phone, and a USB port, you could know for certain if your computer – or really anything with a USB port – is lying to you about who it is or what it wants. All from a three-second glimpse at what are basically . . . vital signs.

They told you they’d created a polygraph machine for machines.

But you said nah. You said your virus protection software would save you.

How can you trust anything your kernel says, they questioned, if you’re not sure it’s your kernel?

Now the hotel room is spinning. You slowly set the computer down, and the sound of a distant Roomba suddenly fills your head.

Who are UF Cybersecurity’s Experts?

Dr. Kevin Butler is a cybersecurity research expert at the University of Florida, which was recently named a National Center of Academic Excellence in Cyber Defense Research. Dr. Butler is an associate professor in the UF Department of Computer & Information Science & Engineering, and a co-director of the Southeastern Security for Enterprise and Infrastructure (SENSEI) Center. He and his team of graduate students recently published a paper on their breakthrough techniques to establish a computer’s identity through the USB port using consumer devices, work that was funded by a National Science Foundation grant.

Jen Ambrose is the writer for the UF College of Engineering.