October 10, 2023

A Mizzou Engineer is leading efforts to establish a new cybersecurity approach to better protect classified information and communications on the battlefield.

Prasad Calyam — Greg L. Gilliom Professor of Cyber Security and director of the Mizzou Center for Cyber Education, Research and Infrastructure — is leading the project as Principal Investigator of a National Security Agency grant.

Specifically, the team is looking at designing and implementing zero trust security as it relates to military operations.

Zero trust is a cybersecurity framework based on the idea that no user, device or application is trusted until verified and granted permission. It is a security paradigm that has been well studied in the enterprise settings where there are unconstrained data center resources. However, incorporating zero trust is tricky when it comes to military operations, because information must be analyzed quickly in order to make timely decisions. On what’s known as the tactical warfighting edge, devices such as drones and sensors are collecting and transmitting video data, surveying environmental conditions, detecting hazardous threats and tracking casualties and injuries — all critical information needed in real time.

“Zero trust enterprise capabilities and activities are not effective at the tactical edge because of operational impacts from denied, disrupted, intermitted and limited environments, including limited bandwidth and other constrained resources,” Calyam said. “Innovative solutions are needed to apply the zero trust paradigm to secure warfighters’ operations involving sensitive data communication or storage, as well as data processing, and defend against threat agents.”

Because of conflicting goals to protect sensitive data while also making sure decision makers have immediate access, a zero trust architecture cannot function in a tactical warfighting edge as it is assumed to be either present or absent in an enterprise setting. Rather, Calyam and collaborators are proposing a model based on a sliding scale of zero trust presence. Permissions and accessibility would depend on a variety of factors such as whether a device or service plays a role in a particular mission.

They’re developing a suite of algorithms that would allow some permissions to be granted automatically while requiring human involvement in other scenarios.  In addition, the algorithms help ensure that any compromised devices are contained such that the adversary is prevented from moving laterally across the network to cause further damage.

“We’re enforcing the ‘law of least privilege’ access which means that any device or service with a certain role in the mission would have regulated, time-constrained access privileges,” Calyam said. “We’re creating a separation of duties where multiple, diverse entities establish risk based on a transaction rather than simply trusting a single entity, verifying the reason access is needed,”

This security approach addresses both edge resource constraints and real-time decision making, tailoring security to scenario-associated risk levels.

The team will spend the first year of the grant developing algorithms that would map permissions to associated tasks and risks, providing a proof of concept of the system. Then, they’ll spend a year evaluating the model in realistic testbed scenarios in collaboration with DoD partners such as Defense Information Systems Agency (DISA) and Naval Research Laboratory (NRL).

Although this particular grant is specific to military operations, Calyam said it could provide a framework for cybersecurity that could be applied broadly, as well.

“It could translate to everything from smart farming to public safety, manufacturing, transportation—anywhere data processing and storage as well as edge communications needs to be secure,” he said. “The idea could definitely lead to the next generation of edge cybersecurity.”

Calyam is collaborating on the project with Rohit Chadha, associate professor of electrical engineering and computer science. Both are co-directors of the CyberSecurity Center at Mizzou. They are also working with graduate students Alicia Esquivel Morel and Durbek Gafurov along with Vijay Anand from the University of Missouri-St. Louis and Reshmi Mitra from Southeast Missouri State University.

Learn more about the Mizzou Center for Cyber Education, Research and Infrastructure at Mizzou Engineering.