By Ioana Patringenaru
UC San Diego cybersecurity expert Stefan Savage, whose work examines a wide range of technologies, from cars, to spam emails to cryptocurrencies, was elected to the National Academy of Engineering.
It’s the latest in a long series of accolades for Savage, who has also received a MacArthur “genius” award, the ACM Prize in Computing, which recognizes the greatest achievements in the field, and is a member of the American Academy of Arts and Sciences. He is also the first researcher to have received the “Test of Time” award from each of the leading computer security conferences: IEEE Security & Privacy, ACM Computer and Communications Security and USENIX Security.
Savage is being recognized for contributions to the security, privacy and reliability of network systems, transforming approaches to problems in these areas. He is a professor in the Department of Computer Science and Engineering at the UC San Diego Jacobs School of Engineering, where he is the Irwin Mark and Joan Klein Jacobs Professor in Information and Computer Science
“Stefan is an outstanding scholar, whose work has had an incredibly positive impact on people's lives around the world,” said Albert P. Pisano, Dean of the UC San Diego Jacobs School of Engineering. “Stefan is also an incredible role model who inspires people to think deeply about technical challenges while always keeping the human component front and center. I’m thrilled to see him become a fellow NAE member.”
During his career as a faculty member, which has been spent exclusively at UC San Diego, Savage has worked with his students, and academic and industry collaborators on a broad range of problems. They hacked into cars remotely to point out security vulnerabilities. They tracked the financial transactions responsible for funding email spam campaigns and botnets around the world. His team also found ways to track cryptocurrency transactions on the Internet, even though these are supposed to be anonymous and are used by criminals as a result. And they found ways to pinpoint the source of attacks that cripple the internet and large websites such as Amazon and Facebook.
“Professor Savage has made lasting contributions to systems, networking and security, with tremendous practical impact. What truly sets him apart are his creativity, passion, generosity and ultimately a unique ability to always push the boundaries, no matter when, where, or how, in ways previously unimaginable,” said Sorin Lerner, chair of the Department of Computer Science and Engineering at UC San Diego.
Making cars safe from cybersecurity attacks
Perhaps the broadest-reaching work Savage undertook is focused on cybersecurity–or lack thereof–in cars.
A team co-led by Savage and Yoshi Kohno, a UC San Diego Ph.D. alumnus now a professor at the University of Washington, first found cybersecurity vulnerabilities in automobiles. They showed that they could take over a sedan while having direct access to the vehicle as well as remotely. They were able to control the car’s engine, brakes, lights and more.
“It was this work, and uniquely this work, that forced the automotive industry to significantly invest in security,” Savage said.
General Motors went from having a few cybersecurity experts scattered around the company to creating a cybersecurity team of more than 100, with a chief information security officer at its helm.
The National Highway and Traffic Safety Administration created a laboratory dedicated to cybersecurity testing. DARPA and the Department of Homeland Security both created programs to try and develop solutions to car-related security issues.
In addition, the Society of Automotive Engineering, which is the group dictating standards for the U.S. automotive industry, created a cybersecurity working group and has released two generations of security standards for cars.
Throttling email spam
Savage also co-led a team with fellow UC San Diego computer science professor Geoff Voelker focused on better understanding the business of cybercrime. The effort was funded by a five-year, $10 million from the National Science Foundation to map out illicit activities taking place in the cybersecurity underworld.
Savage and colleagues were able to identify a critical bottleneck for spam email campaigns and online counterfeit goods transactions: only a few banks accept the credit card transactions necessary for these online ventures to monetize their activities. These findings allowed drug and credit card companies to disrupt the business models of several counterfeit drug rings to such an extent that they collapsed. One such example was shutting down all merchant accounts involved in receiving money from the sale of counterfeit Microsoft software online. As a result, it was largely impossible to buy counterfeit Microsoft software online for 18 months. The researchers’ work is described in more detail in Brian Krebs’ book “Spam Wars.”
Many of the techniques the team pioneered, including the automatic classification of malicious Web links and tracking the price of accounts sold on the black market to measure the effectiveness of anti-abuse mechanisms (e.g., such as CAPTCHAs) are now standard practice at major online companies such as Google, Microsoft, Facebook and Yahoo.
Tracking cryptocurrency transactions to fight crime
One of Savage’s Ph.D. students, Sarah Mieklejohn, with support from his research group and colleagues, developed transaction clustering techniques to trace cryptocurrency payments on the dark web. Mieklejohn is now on faculty at University College London.
The techniques developed at UC San Diego were adopted by the private sector and law enforcement to track down criminals who used Bitcoin for illicit transactions. WIRED reporter Andy Greenberg has detailed this work in his new book, “Tracers in the Dark.”
Cloud security and denial of service attacks
Savage and another UC San Diego Ph.D. student, Tom Ristenpart, now a professor at Cornell Tech, with colleagues now at UT Austin and Columbia, did the first significant work on cloud security. They showed that having computations from different organizations running on the same hardware creates side channels, which are a real security risk. As a result of this work, cloud providers started offering products that guarantee a given set of servers will only handle that specific client’s computations.
Earlier in his career, Savage and fellow computer science professor Geoff Voelker worked to better understand denial-of-service attacks that disable servers linked to the internet by overloading them with messages, which usually contain false source addresses (“spoofing”) to conceal the location of the attacker. They used key features of those forged addresses to detect and track the attacks. The resulting measurement infrastructure, known as the UCSD Network Telescope, has been used by countless groups to measure Internet activity.
In addition, the data researchers obtained on worms, as part of this work, allowed them to show how existing models of how disease spreads could be applied to viruses and worms on the Internet. Based on that research, the Department of Defense made significant investments into research to address these threats.
Savage received a bachelor’s degree in applied history from Carnegie Mellon University in 1991 and a Ph.D. in computer science from the University of Washington in 2002. He is part of both the Systems and Networking Group and the Security Group in the Department of Computer Science and Engineering at the UC San Diego Jacobs School of Engineering. He is also the co-director ofUC San Diego's Center for Networked Systems. He has published more than 150 peer-reviewed journal and conference papers in the wide-ranging areas of the economics of e-crime, characterizing availability, automotive systems, routing protocols, and data center virtualization. His Ph.D. students have gone on to work at prestigious academic institutions and Silicon Valley companies, including New York University, University College London, Google, Facebook and Microsoft.
He joins 32 UC San Diego-affiliated researchers who are NAE members.