Embedded security systems in SDRs

Article By : Brendon McHugh

Here are several security techniques and countermeasures that are able to protect the SDR from enemy attacks, including jamming, spoofing, and other RF-related threats associated with electronic warfare.

As RF technology evolved over the past few decades, the use of the wireless electromagnetic spectrum in military activities grew exponentially, particularly in defense-related applications. Radar systems, GPS-guided missiles, and spectrum monitoring for tactical battlefield communication are some examples of RF applications in military security. Such systems are constantly at risk of hostile attacks, including jamming and spoofing, so electronic warfare (EW) techniques are needed to secure the spectrum.

Differing from legacy radio systems consisting purely of analog components, modern RF devices are based on software-defined radios (SDRs), which are directly connected to host computers or communication networks. This, combined with the software-based nature of SDRs, creates the need for cybersecurity solutions to prevent unauthorized access from cyberspace. The combination between EW techniques and cybersecurity algorithms is an exciting new field in warfare technology and the perfect environment for the development of novel information and security technologies.

This article covers several security techniques and countermeasures that are able to protect the SDR from enemy attacks, including jamming, spoofing, and other RF-related threats associated with EW. On the software side, we will discuss how to prevent malicious attacks and reconfigurations over a network by applying a robust and secure middleware layer. Finally, we discuss the need for a strong collaboration between cybersecurity algorithms and EW techniques and the roles that SDR devices play in this overlap, by allowing the orchestration of complex and robust security layers for military RF systems and associated networks.

Cyber/EW attacks on SDRs

An SDR consists of a radio front end (RFE) and a digital back end. The RFE contains the receive (Rx) and transmit (Tx) channels, which are designed to work over a wide tuning range. The highest-performing SDRs on the market contain an RFE capable of 3 GHz of instantaneous bandwidth on each channel and multiple independent channels. The digital back end, on the other hand, has its functionality based on software and performs most of the radio functions and signal processing — such as modulation, demodulation, frequency tuning, and data packetization over Ethernet links — by using an FPGA with on-board DSP capabilities. The FPGA provides flexibility and robustness for the SDR, allowing complete reconfiguration of the radio scheme without any change in hardware.

The digital nature of the FPGA makes it possible to implement various security features on the digital back end as part of the network stack. One typical example is the implementation of network encryptors, wherein the encryption/decryption engines, as well as packet processing and other key functions, can be implemented within the tamper boundary of the FPGA (Figure 1). FPGAs can implement AES, Suite A, Suite B, and dedicated encryption algorithms with ease while maintaining the necessary interoperability between networks and meeting the size, weight, and power requirements. Furthermore, FPGAs can implement EW functions, such as frequency hopping and cognitive radio techniques.

SDR and host with security schemes
Figure 1: SDR and host with security schemes

The advancement of SDRs has made it easier to develop EW devices capable of launching attacks on widely used RF bands simply by downloading open-access software onto the digital back end of commercial-off-the-shelf SDRs. On the battlefield, this is particularly important, as modern military equipment relies greatly on RF signals, including radio links for unmanned aerial vehicles, GPS navigation systems, tactical radios, radars, and guided missiles.

To handle most of the required RF communication and data flux, the military needs a reliable and robust IT infrastructure, which includes the SDRs of the many battlefield devices. This means that cybersecurity and EW are intimately related, as the SDR can be accessed by malicious agents through the computer host. In this sense, the higher layers of the network OSI model are dominated by the cybersecurity algorithms, whereas the lower layers are dominated by the EW, with both overlapping significantly in between. Thus, both cybersecurity and EW professionals are needed in the development and operation of these networks.

Attacks on RF systems are typically aimed at the physical layer of the stack, trying to disrupt or intercept the target signals. However, modern threats are increasingly migrating to the upper layers of the model, with attackers using cybersecurity exploits as access points to compromise the network completely via software.

Several types of attacks can be performed on SDR systems. The traditional record-and-replay attack, for example, targets the personal role radios (PRRs) used by the armed forces. In this threat, the attacker eavesdrops on the tactical radio transmission and resends or delays it to mislead the receiver. A similar technique, the meaconing attack, applies the same approach to GPS signals, rebroadcasting tampered navigation signals to misdirect the targets. Other traditional EW attacks are jamming and spoofing, which are used in radar attacks and deception.

As SDRs shifted RF communication design toward software, wireless communication networks became significantly more flexible and reconfigurable; updates could be downloaded over the air with minor hardware upgrades. However, the shift also made these networks more vulnerable to cybersecurity exploitation. By having access to the host computer, hackers can target vulnerabilities in the SDR’s firmware so that they can decode information, tamper with data, and compromise the whole operation. Amplifying the problem, most security protocols in RF systems focus on privacy issues instead of software implementation. Examples of threats in this area include unintentional interference, network shutdown, and extraction of confidential data.

Using SDRs for security in cyber/EW applications

To provide a standard approach for software-defined systems design, the U.S. Department of Defense (DOD) funded the development of the Software Communications Architecture (SCA). To account for the security threats discussed in the previous section, the SCA describes several security features that should be embedded onto SDRs and associated APIs, including encryption/decryption, information integrity, authentication/non-repudiation, access control, alarms, auditing, key/certificate management, policy enforcement/management, configuration and memory management, and standardized installation mechanisms.

In the context of SCAs, the SDR software can be classified into four categories: Radio Operating Environment (ROE), Radio Applications (RA), Service Provider Applications (SPA), and User Applications (UA). Each class deals with certain aspects of the SDR (for instance, the RA is the software that controls the RF functions, while the ROE is the core framework of the SDR) and presents different requirements for the SCA security features. Research in this field has been ongoing as computing technology, SDRs, and the SCA itself have advanced.

The need for convergence of EW and cybersecurity

Compared with EW, cybersecurity is a relatively recent topic in warfare technology, but it quickly has become the main source of adversary threats. With the explosive growth of wireless devices and networks in military applications, the overlap between EW and cyber grew to a point at which it is nearly impossible to discuss the fields separately. Nevertheless, security professionals from both areas still struggle to combine the paradigms to create better security schemes, which may be attributed to the lack of adequate hardware frameworks to implement collaborative solutions.

In this context, SDRs can significantly simplify the collaboration between cybersecurity and EW. They support state-of-the-art signal processing and cognitive radio schemes in the off-the-shelf back end, including parallel processing of MIMO channels, direction-finding systems, and frequency-hopping modulation. This is extremely desirable for EW professionals, who can design complex security schemes with high levels of flexibility. On the other hand, the SDR provides the output signals and controls on a host computer, which facilitates the work of cybersecurity professionals to develop code. Intimate collaboration between EW and cybersecurity provides a better framework to develop more effective attack/defense systems and robust networks.

The advent of software-defined communication systems brought a new perspective to integration between RF devices and the network. However, it also added another layer of network vulnerabilities by providing paths for malicious attacks at the higher layers of the network model. This is particularly problematic in military applications, such as radar, navigation, and battlefield communication. In this context, SDRs can be used to implement several security schemes by means of a digital back end based on high-end FPGAs. This back end provides a robust and reconfigurable framework to implement and upgrade new security schemes without any hardware modification, using off-the-shelf components and smart design.

Most importantly, SDRs facilitate collaboration between EW and cybersecurity personnel by integrating the RF aspects of the network directly with the higher layers of the communication scheme.

This article was originally published on EE Times Europe.

Leave a comment