A View from Emerging Technology from the arXiv
The $35 Firewall For The Developing World
Poor security hygiene is increasingly being blamed for the rise in malware from the developed world. Now a security researcher has tested an affordable solution
The internet has had a profound influence on life in the developed world. By some estimates, more than 20 per cent of the increase in GDP in developed countries between 2006 and 2011 was related to the Internet. That’s not to mention its worth as a repository of human knowledge and as a medium of communication on a global scale.
And yet, the internet environment in the developed world is unlike anything that most users in the developed world experience. Online connections are slow and unreliable, computers are often old and poorly maintained and the level of computer literacy is low.
That’s had an important effect on the way people use the internet. In particular, the low bandwidth and unreliable connections mean that security updates are often neglected. Consequently, computers in the developing world are vulnerable to attack and indeed, often are attacked.
Due to the rapid expansion of internet connectivity without these security features, a unique ecosystem of internet use has emerged in which malware has flourished. Countries such as India, Brazil and China have become the top sources of spam. And the number of botnets in these countries is expected to surpass those in developed countries in the next few years. “In the future, Internet security battle-lines will be drawn in the developing world,” says Zubair Nabi at IBM Research in Dublin, Ireland.
That raises an important question: how can internet security be significantly improved in regions where people live on less than $2 a day?
Today, Nabi puts forward a suggestion. His idea is that low cost computers such as the $35 Raspberry Pi or the $59 Cubieboard could work as firewalls that monitor traffic and filter out malicious traffic as it arrives. And he says the cost of buying and running these computers is within the reach of communities in the developing world.
The basic question that Nabi aims to answer is whether these platforms can operate as effective firewalls while allowing a reasonable throughput of traffic. Standard firewalls work by examining the data packets passing through them and accepting, rejecting, dropping or logging them based on a pre-determined set of rules. The average firewall has some 800 of these rules,while some run up to 2000.
His experiments are straightforward. He runs a set of rules on both platforms and measures how the throughput changes as the number of rules increase. With no rules, the Raspberry Pi allows a throughput of 58 Mbps compared to 54 Mbps for the slightly more powerful CubieBoard.
However, the performance of the Cubieboard degrades more gracefully as the number rules increase due to its higher processing power (1GHz v 700MHz for the Pi). With 800 rules, the CubieBoard allows a throughput of 30 Mbps v 20Mbps for the Raspberry Pi. “The analysis shows that both platforms are capable of sufficient throughput,” says Nabi.
He goes on to calculate that the Raspberry Pi has a power rating of 3.5W which means it can operate at a cost of $0.01 per day or $2.45 per year (using 8 cents/kWh, the price of electricity in India).
This kind of firewall has other advantages too. Nabi points out that both platforms can be updated quickly and cheaply by flashing the SD card containing the system software on each model.
What’s more the devices can also be used for other tasks such as content caching to reduce download times.
That’s an interesting idea that could dramatically change the online security environment in the developing world. However, significant challenges remain, not least of which will be the distribution of the physical devices and the educational programs necessary to persuade people in these regions that a $35 investment in a Pi, for example, is worth prioritising.
Those difficulties will not be easy to solve but they’re certainly worth tackling and not just for altruistic reasons. If spam and other malicious software is increasingly evolving in these parts of the world, perhaps it’s in the best interests of developed countries to significantly subsidise efferts to improve online security there. The choice is to invest in preventing malicious attacks now or fork out later to repair the damage they do.
In other words, pay now or pay later. No prizes for guessing the likely outcome of that dilemma.
Ref: arxiv.org/abs/1405.2517 : A $35 Firewall for the DevelopingWorld