The Internet of things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data. Each thing is uniquely identifiable through its embedded computing system but is able to inter-operate within the existing Internet infrastructure.
IoT is transforming a wide range of civilian activities by improving their productivity, efficiency, and profitability. These range from management of power and water resources; effective monitoring and coordination of manufacturing, supply chains and transportation systems; precision agriculture, environmental monitoring; monitoring the performance of jet engines, and improved patient monitoring and disease diagnosis. There is great potential for IoT technologies to revolutionize modern warfare, leveraging data and automation to deliver greater lethality and survivability to the warfighter while reducing cost and increasing efficiency.
The rapid growth in IOT devices, however will offer new opportunities for hacking, identity theft, disruption, and other malicious activities affecting the people, infrastructures and economy. Some incidents have already happened, FDA issued an alert about a connected hospital medicine pump that could be compromised and have its dosage changed. Jeep Cherokee was sensationally remote-controlled by hackers in 2015.
The implementation of IoT in military domain shall also make military systems and networks vulnerable to cyber and other attacks from adversaries, hackers, and terrorists. There is threat of unauthorized monitoring or even seizure and control of vital networks critical to military operations.
DARPA has launched Leveraging the Analog Domain for Security (LADS) Program for developing revolutionary approaches for securing Military Internet of things. LADS will develop a new protection paradigm that separates security-monitoring functionality from the protected system, focusing on low-resource, embedded and Internet of Things (IoT) devices.
The program will explore technologies to associate the running state of a device with its involuntary analog emissions across different physical modalities including, but not limited to, electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations. This will allow a decoupled monitoring device to confirm the software that is running on the monitored device and what the current state of the latter is (e.g., which instruction, basic block, or function is executing, or which part of memory is being accessed).
DARPA’s Revolutionary Approach “LADS” for IoT Security
DARPA, the Department of Defense’s Advanced Research Projects Agency, issued a call for “innovative research proposals” for the Leveraging the Analog Domain for Security (LADS) Program. The program is directing $36 million into developing enhanced cyber defense through analysis of involuntary analog emissions, including things like “electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations.”
LADS seeks to enable a new protection paradigm that separates security-monitoring functionality from the protected system, such that even a full compromise of the latter cannot lead to compromise of the monitoring logic.” By isolating the weakest links in the overall system chain, LADS intends prevent the downfall of large systems through simple hacking methods.
DARPA notes that even with “defense in-depth” approaches to cyber defense “attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker’s code.”
The overall goal for the LADS program is to develop techniques for detecting attackers in digital devices by monitoring their analog emissions across a variety of modalities. Expected program deliverables include algorithms, tools, and devices for mapping analog emissions of digital devices back to the underlying digital artifacts that caused these emissions, and the demonstration of these techniques to the successful detection of cyber intrusions. The Physical modalities are like electromagnetic emissions, acoustic emanations, power fluctuations, and thermal output variations.
Under the guidelines, the monitor itself could have its own power supply or could be an ASIC or FPGA tied to the power bus on the IoT motherboard or be connected via a USB port that draws power only.
Winning submissions will be able to “identify and quantify analog channels that convey useful information about the internal state of the device,” and map changes on the device to an analog emissions model that can capture interesting attacker behaviors. For example, changes such as loading unknown firmware or injecting malicious code should lead to noticeable changes in emissions that can be detected. It seeks a tool that can detect anomalous behavior that might indicate attacks.
The detection technology must be able to work around various physical constraints such as noise, distance from the device, and so on. DARPA aims to establish a functional cybersecurity solution by mid-2020
Vencore Labs to Provide Cyber Defense Analysis to DARPA
Vencore Labs, Inc., wholly owned subsidiary of Vencore, Inc., announced today that it has been awarded a prime contract from the U.S. Defense Advanced Research Projects Agency (DARPA) to deliver research in the area of enhanced cyber defense by developing a fully air-gapped detection system based on analysis of involuntary analog emissions. The four-year contract has a total ceiling value of $8.3M and will be performed as part of DARPA’s Leveraging the Analog Domain for Security (LADS) program.
The ultimate goal of the LADS program, sponsored in conjunction with the Air Force Research Laboratory (AFRL), is to develop technology for the detection of malicious behavior of embedded and Internet of Things (IoT) devices by monitoring their analog emissions. Specifically, Vencore Labs will look at radio frequency, acoustic, and power signatures produced by the system being monitored in order to determine if the system is operating normally or is under attack. This would allow for true air gap monitoring of critical systems, leaving no way for an attacker to know that such defenses are in place.
“Securing the Internet of Things is a real challenge,” said Petros Mouchtaris, Ph.D., president of Vencore Labs. “But the potential threat is also very real. We look forward to expanding our partnership with DARPA in order to develop an innovative technique to solve this complex problem.” This new work draws on Vencore Labs’ expertise with very low-level signals in noisy environments, binary program analysis, and machine learning techniques. Additionally, the Vencore Labs team will bring a deep rooted legacy in protecting mission-critical systems and national cyber infrastructure to the project.
Georgia Tech awarded DARPA grant to develop new IoT protection
A $9.4 million grant from the Defense Advanced Research Projects Agency (DARPA) could lead to development of a new technique for wirelessly monitoring Internet of Things (IoT) devices for malicious software – without affecting the operation of the ubiquitous but low-power equipment.
The technique will rely on receiving and analyzing side-channel signals, electromagnetic emissions that are produced unintentionally by the electronic devices as they execute programs. These signals are produced by semiconductors, capacitors, power supplies and other components, and can currently be measured up to a half-meter away from operating IoT devices. By comparing these unintended side-channel emissions to a database of what the devices should be doing when they are operating normally, researchers can tell if malicious software has been installed.
“We will be looking at how the program is changing its behavior,” explained Alenka Zajic, the project’s principal investigator and an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “If an Internet of Things device is attacked, the insertion of malware will affect the program that is running, and we can detect that remotely.”
The researchers have already shown that they can pick up the signals close to the devices using specially designed antennas, and one project goal is to extend the range to as much as three meters.
References and Resources also include: