Dhananjay Phatak joined UMBC's Computer Science and Electrical Engineering
Department in the Fall of 2000 as an
Associate Professor.
Before coming to UMBC, Prof. Phatak was a faculty in the ECE Dept.
at the State University of New York at Binghamton.
He holds a Ph.D. in Computer Engineering from the University
of Massachusetts,
an MSEE in Microwave Planar Integrated Circuits
also from the University of Massachusetts, and
a B. Tech in EE from IIT Bombay(Mumbai).
In the past, he has
performed research in a many diverse areas; including Microwave
Engineering(MSEE),
Neural Networks, Mobile and High Performance Computing and Networks.
His current areas of research include Computer Arithmetic Algorithms and
Implementations, Number Theory,
Cryptology and efficient realization of cryptographic algorithms and
primitives, and
Cyber-Security at large, including
all aspects such as Computer/Network/System security,
information assurance and security,
security of hardware and designing hardware
architectures for enhancing security, software security, malware,
Virtualization and its impact, Digital Rights Management(DRM), Trust,
security of Distributed Systems (DDoS attacks, defenses), Cloud security ...
He is an active member of the Cyber Defense Laboratory(CDL)
and works in close collaboration with colleagues including
Professors Alan Sherman, Kostas Kalpakis, Anupam Joshi,
Chintan Patel and Ryan Robucci.
He received the NSF Career Award in 1999. He has also received other research grants from the NSF, GE and Aether Systems.
The title "SMartER Power Grid" might give the reader
the misleading impression
that this is (yet another) project that falls under the
broad area of the (so called) Smart Power Grid (which is a cliched
term by now).
Quite to the contrary, we describe our novel, out of the box,
cross-domain invention of methods
(including algorithms, communication protocols),
and a new system architecture to protect the
critical infrastructure(for example: refineries,
chemical plants, nuclear plants,
electric power generation stations and distribution grids, etc., ...
i.e., in general, any real-time SCADA control system)
against ALL remotely executed subversion attempts.
Our architecture leverages the last hop of the electric-power
(distribution) grid;
from the end-user's electric meter to the nearest upstream
distribution point (which is usually a curb-side transformer or
a substation) as a separate physical path to implement a
secure, out-of-band communication channel which is used to
to exchange location-authentication messages.
For more details check out the Summary of the SMartER Power Grid project   and the links therein.
The SI paradigm evolved from the "Dynamic Transport Selection (DTS)"
project, which was sponsored by Aether Systems Inc; to investigate the
following problem: Given "n" multiple data transport services(channels),
how to dynamically select any "k" out of the n available channels
in order to optimize a set of goals, such as maximize the bandwidth,
minimize the overall cost (ex using using Wi-Fi whenever
possible, vs. using cell-phone service),
in data streaming scenarios (audio, video or stream of
stock quotes, weather conditions, etc.) minimize the jitter, etc....
This turns out to be an
interesting pareto-optimization problem.
DTS naturally led to the question: How can the multiple network interfaces
and transport channels (that are widely available today) be
leveraged to enhance the security of communications?
Inspired by the spectacular success of the "Spread Spectrum" techniques at
the physical layer, I developed
the "Spread Identity" paradigm for the network layer (which is the
3rd layer of the networking stack; in the context of the Internet,
it is the "IP" layer). Since the identity of a communicating entity at the
IP layer is its IP address, SI deliberately "spreads" the identity of
a host across multiple IP address and vice-versa, i.e., multiple
hosts are assigned the same IP address to support multiple concurrent
data flows, as long as the peer-ends are distinguishable.
Perrimeter gateways (which we call SI gateways) that perform
Double-NAT(Network Address Translation) are leveraged, together with
the DNS (Domain Name Service
which translates a string such as "linuxserver2.cs.umbc.edu" into the
correspoding IP address "130.85.36.73") for the purpose of achieving the
"spreading".
The mapping between host identities and IP addresses is deliberately
made to appear as many-to-may when viewed from either side of
the SI gateway (only the SI gateway knows the underlying one-to-one
mapping).
The end result is an extremely robust, fully backward compatible and
therefore incrementally deployable framework which leads to the following
uniques capabilities: ultrafast misbehavior (and thereby
malicious intend and intrusion) detection;
leveraging the dynamically assigned destination address itself as a
flow marker, thereby substantially simplifying
tracking, processing and filtering of
flows, and more generally, the control plane;
multi-level, multi-pronged and highly effective defenses as well
as offenses against
DDoS attacks; complte resolution of the address scarcity
problem in IPv4; substantially enhanced network-level
traceback capability (edge/perrimeter-to-edge traceability);
at the same time substantially enhanced end-host anonymity etc.
All the above unique advantages are enabled simultaneously
with other well-known benefits of "dynamic indirection", such as
load-balancing, enhanced support for host mobility, etc.
For more details, see the brief description of The Spread Identity Paradigm
Office: ITE 319
Phone: 410-455-3624
E-mail: phatak@umbc.edu