CybersecuritySelf-contained, Android-based network to study cyber disruptions, help secure hand-held devices

Published 3 October 2012

Researchers linked together 300,000 virtual hand-held computing devices running the Android operating system so they can study large networks of smartphones and find ways to make them more reliable and secure; the work is expected to result in a software tool that will allow others in the cyber research community to model similar environments and study the behaviors of smartphone networks

As part of ongoing research to help prevent and mitigate disruptions to computer networks on the Internet, researchers at Sandia National Laboratories in California have turned their attention to smartphones and other hand-held computing devices.

A Sandia release reports that Sandia cyber researchers linked together 300,000 virtual hand-held computing devices running the Android operating system so they can study large networks of smartphones and find ways to make them more reliable and secure. Android dominates the smartphone industry and runs on a range of computing gadgets.

The work is expected to result in a software tool that will allow others in the cyber research community to model similar environments and study the behaviors of smartphone networks. Ultimately, the tool will enable the computing industry to better protect hand-held devices from malicious intent.

The project builds on the success of earlier work in which Sandia focused on virtual Linux and Windows desktop systems.

“Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers,” said Sandia’s David Fritz. “But even though they are easy targets, no one appears to be studying them at the scale we’re attempting.”

The Android project, dubbed MegaDroid, is expected to help researchers at Sandia and elsewhere who struggle to understand large scale networks. Soon, Sandia expects to complete a sophisticated demonstration of the MegaDroid project that could be presented to potential industry or government collaborators.

The virtual Android network at Sandia, said computer scientist John Floren, is carefully insulated from other networks at the Labs and the outside world, but can be built up into a realistic computing environment. That environment might include a full domain name service (DNS), an Internet relay chat (IRC) server, a web server and multiple subnets.

A key element of the Android project, Floren said, is a “spoof” Global Positioning System (GPS). He and his colleagues created simulated GPS data of a smartphone user in an urban environment, an important experiment since smartphones and such key features as Bluetooth and Wi-Fi capabilities are highly location-dependent and thus could easily be controlled and manipulated by rogue actors.

The researchers then fed that data into the GPS input of an Android virtual machine. Software on the virtual machine treats the location data as indistinguishable from real GPS data, which offers researchers a much richer and more accurate emulation environment from which to analyze and study what hackers can do to smartphone networks,