project, which harnesses the combined power of
personal computers worldwide to operate like a
supercomputer, have been claiming work they haven't done
or submitting false results.
So far, fewer than 1 percent of the work units appear
to have been tampered with, but the effort to clean the
data have consumed a significant portion of the
project's resources.
Now Philippe Golle and Ilya Mironov, both of Stanford
University, have developed security schemes to foil
cheaters.
In a paper presented last month at a conference in
San Francisco, the students said they can verify that
distributed computing work, the basis of
SETI@home, has been done by inserting special
checkpoints, or "ringers," into data packets.
If the processed data is returned to a project like
SETI@home without the marker, the organization
knows the data was not processed and the results are
fraudulent.
The potential for cheating is a research problem for
SETI@home and could become a business problem for
a growing set of commercial ventures that offer cash or
credit to distributed-computer-project
participants.
Tedious data cleaning
SETI@home relies on unpaid volunteers, some of
whom seek glory on the project's Web page for having
processed the most data. As such, it is seductive to
hackers and there is little incentive beyond honor for
producing quality or reliable results.
Users donate their computers' downtime by downloading
and installing software to crunch data collected by a
huge radio dish at the
Radio Observatory in Puerto Rico. When
operational, the program appears as a vibrant purple
signal-graph screensaver on computers. The processed
data are returned to the project.
The SETI@home folks have caught some cheaters
by comparing data processed multiple times to
cross-check for matches.
Cheaters' work is thrown out and their
SETI@home accounts are canceled. Of course,
cheaters could sign up under new usernames.
99.9 percent do not cheat
SETI@home software designers have regularly
inserted patches into their software over the years to
plug small security breaches, said chief scientist Dan
Werthimer.
Other software fixes are intended to detect bad data
that might be a result of home computer glitches or
Internet problems. These fixes often help to thwart
hackers too, Werthimer said.
"Some of the things [Golle and Mironov] propose are
things we've already done," Werthimer told
SPACE.com, adding that there are also some new
security recommendations in the paper that
SETI@home may consider implementing.
"It's been a minor nuisance that we've had to deal
with these occasional cheaters," Werthimer said,
stressing that 99.99 percent of the volunteers do not
cheat.
But there's a casual competition via the project's
Web site for how many work units a person's computer can
process, Werthimer explained. So a handful of people
have tried to cheat the system, "even though they
haven't actually done that work, so they can kind of get
their name in the lights."
Werthimer said the tampering has not compromised any
of the project's science. And if the Big Message ever
appears to arrive from space via someone's home
computer, there's a plan: "If you ever send us a result
that says you found ET, we'll just go check the data
ourselves," he said.
But improving security is not the only concern.
Werthimer said there is only a few months' worth of
funding in the SETI@home bank, and further
security enhancements would likely take a backseat to
continued fund-raising efforts.