Classes of Attacks for Tactical Software Defined Radios

This survey presents a classification of attacks that Software Communications Architecture (SCA) compliant Software Defined Radios (SDR) can suffer. This paper also discusses how attack mitigation strategies can impact the development of a SCA-compliant software infrastructure and identifies several research directions related to SDR security. The SCA standard was originally proposed by the Joint Tactical Radio System program (JTRS), which is a program for the development of military tactical radios sponsored by the US Department of Defense. The classification presented in this paper is based on attack results on the radio set, which can also be associated with the adversary’s objectives when planning an intrusion. The identification of classes of attacks on a radio, along with the associated threats and vulnerabilities, is the first step in engineering a secure SDR system. It precedes the identification of security requirements and the development of security mechanisms. Therefore, the identification of classes of attacks is a necessary step for the definition of realistic and relevant security requirements.

[1]  Todd M. Austin,et al.  Fault-based attack of RSA authentication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[2]  Sheila E. Frankel,et al.  Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i , 2007 .

[3]  Jeffrey H. Reed,et al.  Understanding the software communications architecture , 2009, IEEE Communications Magazine.

[4]  Jon M. Boyens,et al.  Notional Supply Chain Risk Management Practices for Federal Information Systems , 2012 .

[5]  J.E. Mazo,et al.  Digital communications , 1985, Proceedings of the IEEE.

[7]  D. Murotake A HIGH ASSURANCE WIRELESS COMPUTING SYSTEM ( HAWCS ® ) ARCHITECTURE FOR SOFTWARE DEFINED RADIOS AND WIRELESS MOBILE PLATFORMS , 2009 .

[8]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[9]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[10]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[11]  Michael Howard,et al.  Writing Secure Code for Windows Vista , 2007 .

[12]  Tzi-cker Chiueh,et al.  Scalable network-based buffer overflow attack detection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[13]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[14]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[15]  Bernardo Wagner,et al.  Domain and type enforcement for real-time operating systems , 2003, EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696).

[16]  Vincent J. Kovarik,et al.  Software Defined Radio: The Software Communications Architecture , 2007 .

[17]  George G. Meade Common Criteria Evaluation and Validation Scheme Validation Report , 2008 .

[18]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[19]  Henrique Kawakami,et al.  T-DRE: a hardware trusted computing base for direct recording electronic vote machines , 2010, ACSAC '10.

[20]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[21]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[22]  William Yurcik,et al.  Threat Modeling as a Basis for Security Requirements , 2005 .

[23]  T. Humphreys,et al.  Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer , 2008 .

[24]  Danny Dhillon,et al.  Developer-Driven Threat Modeling: Lessons Learned in the Trenches , 2011, IEEE Security & Privacy.

[25]  Jonathan Springer,et al.  THE BENEFITS OF STATIC COMPLIANCE TESTING FOR SCA NEXT , 2011 .

[26]  A. J. Ferguson Fostering E-Mail Security Awareness: The West Point Carronade , 2005 .

[27]  Riccardo Bettati,et al.  Active traffic analysis attacks and countermeasures , 2003, 2003 International Conference on Computer Networks and Mobile Computing, 2003. ICCNMC 2003..

[28]  T. Brown,et al.  Potential Cognitive Radio Denial of Service Attacks and Remedies , 2007 .

[29]  Henrique Kawakami,et al.  FORTUNA - A probabilistic framework for early design stages of hardware-based secure systems , 2011, 2011 5th International Conference on Network and System Security.

[30]  Henrique Kawakami,et al.  On Device Identity Establishment and Verification , 2009, EuroPKI.

[31]  Ralf Salomon,et al.  Security Analysis of the Utilization of Corba Object References as Authorization Tokens , 2007, 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07).

[32]  John A. Davidson Asymmetric isolation , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[33]  R. William Beckwith High Assurance Security/Safety for Deeply Embedded, Real-time Systems , 2004 .

[34]  Srdjan Capkun,et al.  Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[35]  John J. Fitton SECURITY CONSIDERATIONS FOR SOFTWARE DEFINED RADIOS , 2002 .

[36]  Dawson R. Engler,et al.  Incorporating Application Semantics and Control into Compilation , 1997, DSL.

[37]  M. Kurdziel,et al.  An SCA security supplement compliant radio architecture , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[38]  Jim Alves-Foss,et al.  The MILS architecture for high-assurance embedded systems , 2006, Int. J. Embed. Syst..

[39]  Hal Berghel,et al.  WiFi attack vectors , 2005, CACM.

[40]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[41]  Srinivas Devadas,et al.  Offline untrusted storage with immediate detection of forking and replay attacks , 2007, STC '07.

[42]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[43]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[44]  J. Kiszka,et al.  Modelling Security Risks in Real-Time Operating Systems , 2007, 2007 5th IEEE International Conference on Industrial Informatics.

[45]  Carl Eklund,et al.  National Institute for Standards and Technology , 2009, Encyclopedia of Biometrics.

[46]  Jonathon T. Giffin,et al.  Strengthening software self-checksumming via self-modifying code , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[47]  Xuxian Jiang,et al.  An Architectural Approach to Preventing Code Injection Attacks , 2010, IEEE Transactions on Dependable and Secure Computing.

[48]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[49]  J.A. Davidson On the architecture of secure software defined radios , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[50]  Douglas M. Blough,et al.  Securing the download of radio configuration files for software defined radio devices , 2004, MobiWac '04.

[51]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[52]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[53]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[54]  Timothy X. Brown,et al.  Potential Cognitive Radio Denial-of-Service Vulnerailities and Protection Countermeasures: A Multi-dimensional Analysis and Assessment , 2007, 2007 2nd International Conference on Cognitive Radio Oriented Wireless Networks and Communications.

[55]  Philip J. Balister,et al.  Impact of the use of CORBA for Inter-Component Communication in SCA Based Radio , 2006 .

[56]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[57]  Xuxian Jiang,et al.  An Architectural Approach to Preventing Code Injection Attacks , 2010, IEEE Trans. Dependable Secur. Comput..

[58]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[59]  Guevara Noubir,et al.  Low-power DoS attacks in data wireless LANs and countermeasures , 2003, MOCO.