U.S. intelligence group gets network security patent

The U.S. government’s cryptologic organization has patented a technique for figuring out whether someone is tampering with network communication.

The National Security Agency (NSA) has written software that measures the amount of time the network takes to send different types of data from one computer to another and raising a red flag if something takes too long, according to its patent filing.

The NSA is responsible for collecting information gained from listening to foreign electronic signals and keeping government IT systems secure.

The NSA is not the only agency that has looked into the problem in the past. Others have proposed a technique called distance bounding, but the NSA patent takes a different tack, comparing different types of data travelling across the network.

More NSA news in IT World Canada

Eavesdropper’s Web site conks out

“The neat thing about this particular patent is that they look at the differences between the network layers,” said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington.

The technique could be used for purposes such as detecting a fake phishing Web site that was intercepting data between users and their legitimate banking sites, he said. “This whole problem space has a lot of potential, [although] I don’t know if this is going to be the final solution that people end up using.”

IOActive security researcher Dan Kaminsky was less impressed. “Think of it as — ‘if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets,’ ” he said via e-mail. “Sure, that’s possible. Or perhaps you’re routing through a slower path for one of a billion reasons.”

Some might think of the secretive NSA, which collects and analyzes foreign communications, as an unlikely source for such research, but the agency also helps the federal government protect its own communications.

The NSA did not answer questions concerning the patent, except to say, via e-mail, that it does make some of its technology available through its Domestic Technology Transfer Program.

The patent, granted Tuesday, was filed with the U.S. Patent and Trademark Office in 2005. It was first reported Thursday on the Cryptome Web site.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now