Can your computer be used without your knowledge when you're online?
As this ScienCentral News video reports, researchers say your everyday Internet
communications can be tapped to perform calculations.
Parasitic computing
As the popular SETI@home
project has demonstrated, a little bit of computer processing contributed
by millions of individual computers over the internet can add up to a whole
lot of number-crunching. Most so-called "distributed
computing" projects involve downloading a screensaver that taps your computer's
excess power.
Vincent Freeh and his
colleagues at the University of Notre Dame wondered if distributed computing
could be done without computer users' knowledge or consent. He dubbed this
idea "parasitic
computing."
"Parasitic computing kind of sits between voluntary use of your computer--
donating your computer through screensavers-- and hacking, which is breaking
into somebody's computer unauthorized," says Freeh, who will begin
teaching at North Carolina State University in January.
Like the voluntary screensavers, parasitic computing doesn't harm your computer,
Freeh explains. It simply takes advantage of something your computer already
has to do to communicate online.
"We asked, if the Internet is one big computer, can we compute on the
Internet? And we found out that, yes, you can actually compute with the common
protocols that create the Internet," Freeh says.
Any of the hundreds of millions of computers on the Internet uses the TCP protocol
to communicate. In TCP, many small packets of information are sent back and
forth between online computers. To verify the integrity of each packet, the
receiving computer adds up all the data in the packet and compares it to a
"check sum." If it doesn't add up, that packet contains errors.
"That's the computation that we are able to exploit with parasitic computing,"
says Freeh. He found a way to formulate a message that forces the receiver
to return a computation. The research was featured in the journal Nature.
While parasitic computing "does violate the protocol," it certainly
doesn't break any laws. But Freeh wants people to be aware that going online
is like living in a community with few rules.
"It's really easy to tell when somebody walks across your front yard,
and it's really easy to conceive of a measure to prevent them from walking
across your front yard," Freeh says. "But how many of you know when
somebody enters your computer from the outside? It happens almost every time
you log on. Every time you connect to the Internet there's some packet out
there that you didn't ask for, that you didn't authorize, that has come and
probed your computer in some way."
Freeh's method isn't profitable, because it costs him as much to send the message
as it does to receive the answer, so no real parasites out there are likely
to use it. But could someone devise a method that is profitable? Possibly,
says Freeh, but he's noncommittal on whether that would be a bad thing. He
feels the norms of proper online behavior need to be worked out by society.
"The Internet is a brand-new emerging community and we're all connected,"
he says. "There are good people and bad people and there's good behavior
and bad behavior, and right now we're in the process of figuring out what
that should be. We're figuring it out in the laboratories and in the legislature
and in the courts of our land."
As for whether it ought to bother individual Internet users, Freeh warns that
most computer users, "even computer professionals," don't police
their systems adequately to protect against even more malicious attacks.
For those it does bother, however, Freeh has devised a rule called SNORT
that can be used with most popular firewalls to detect parasitic computing
attacks.