Any views expressed in this article are those of the author and not of Thomson Reuters Foundation.
A computer costing only US$35, the Raspberry Pi, could be used to create a firewall to improve ‘security hygiene’ in developing countries, says the researcher behind the idea.
Internet users in developing countries have risen from 408 million in 2005 to an estimated 1,942 million this year, according to UN agency the International Telecommunication Union.
But many people in these countries lack home internet access, so they often rely on internet cafés, with old computers and slow and unreliable internet connections — and which carry a higher cybersecurity risk.
“Internet cafés are the predominant access point for people in the developing world, but the internet security hygiene of these cafés is very poor. Most of the computers are infected with viruses, botnets and malware,” says Zubair Nabi, a researcher at IBM Research in Dublin, Ireland.
“They don’t even need to know how it works. All they need to do is plug it in and then they have a firewall running.”
Zubair Nabi, IBM Research
Most such computers are running old operating systems for which the providers no longer offer support and which have known security flaws, he says.
“The owners of these cafés know that there is a problem, but they have no incentive to install antivirus programs as they are so expensive,” he says. “Even if they were affordable, the programs have such huge files to download that the poor connectivity often doesn’t allow this.”
Many of the security problems associated with computers in developing countries can also end up affecting computers in richer countries, so security needs to be improved on a global scale, says Robert Mullins, a senior lecturer in the computer laboratory at the University of Cambridge, United Kingdom.
“It is to everyone’s advantage that the security of machines and networks is improved, so there is a herd immunity element to this,” he says.
Nabi says that improving internet security and infrastructure in the developing world is not necessarily a technical challenge, but rather about ensuring the technology that is both cheap and easy to use.
Simple and cheap protection
Nabi wanted to see whether a low-cost computer such as the Raspberry Pi could support a security firewall that would monitor internet traffic and filter out malicious items for a network of other PCs.
Firewalls are based on a predetermined ‘rules’ that allow a computer to send traffic to or receive traffic from particular programs, system services, computers or users. Firewalls have varying numbers of rules, and Nabi experimented with increasing this number from zero to 20,000 to see how this affected computer performance.
With 800 rules, the number found in an average firewall, the Raspberry Pi allows a sufficient capacity to allow 160 people to have simultaneous Skype video conversations, measured as a ‘throughput’ of 20 megabits per second, Nabi says. This shows that “this system works as a firewall and could be deployed in the real world as of today”, he adds.
Using Raspberry Pis to set up the firewall, rather than personal computers, has various benefits, Nabi says, including their affordability, their low energy consumption and the ability to plug them into TVs.
They also have fewer parts than desktop computers, so there is less chance of failure due to factors such as extreme weather and intermittent power that are common in the developing world, he says.
The firewall program is contained on an SD memory card designed for portable devices, allowing users with low computer literacy to be able to use it.
“They don’t even need to know how it works. All they need to do is plug it in and then they have a firewall running,” says Nabi.
Deploying the security system via an SD card also allows updates to be sent to users through the post, he explains. Alternatively, one computer could be used to download and cache new firewall rules from the internet, allowing them to be shared among local users.
“The rules will be seamlessly downloaded from the internet by the firewall application itself without any human intervention,” Nabi says. “This would be very similar to how an antivirus program automatically updates its virus signature database. The rules can either be hosted and updated by an NGO or a charity organisation, or that service might be provided by the philanthropy of a large company, something along the lines of internet.org by Facebook.”
Link to IBM Research report on the firewall