This paper presents case studies of attacks aimed at tactical software defined radios based on a classification with the most common sources of vulnerabilities, classes of attacks, and types of intrusions that military radio sets may suffer. Besides that, we also describe how attack mitigation strategies can impact the development of SDR infrastructures. By using such approach, we identify several possible sources of vulnerabilities, attacks, intrusions, and mitigation strategies, illustrating them onto typical tactical radio network deployment scenarios, as an initial and necessary step for the definition of realistic and relevant security requirements for military software defined radio applications. 1. Introduction In the past, military radio design was totally focused on dedicated electronic components. Afterwards, we have witnessed the appearance of software configurable radios (SCR), in which users have the opportunity to choose the most appropriate waveforms for different combat scenarios. In recent years, though, the development of radio communication technology solutions has been submitted to a huge paradigm change—the software defined radio (SDR) technology upspring, in which previously hardware-based features became software defined and users may also introduce new application waveforms on the fly. Such progress is due to several enhancements in different areas like embedded systems, analog-to-digital converters, digital transmission, digital signal processing, multiband antennas, software architectures, and especially in novel General-Purpose Processors (GPP) evaluation capacity. Based on that, SDR foreshadows important consequences and advantages for the development of wireless solutions for military communications systems. Among the envisioned features, we can list interoperability, waveform portability, and the possibility to be updated with the most recent advances in radio communications without hardware replacement requirements. Moreover, SDR is envisioned as the most appropriate platform for cognitive radio development. At a glance, the high level functional model of an SDR consists of a front end RF subsystem which performs channel selection, downconversion to baseband, and data forwarding onto a software-based processing unit, where the associated digital bitstream is submitted onto appropriate layers (e.g., data link, network, and security modules) to perform suitable decoding tasks to extract the desired information. This process is reversed on the transmit side, where the input signal is coded and a modulated signal bearing the
References
[1]
“Interoperability and Performance Standards for Data Modems,” United States Department of Defense Interface Standard, MIL-STD-188-110B, 2000.
[2]
D. F. C. Moura, R. M. Salles, and J. F. Galdino, “A Joint method for cross-layer design over tactical wireless networks,” in Proceedings of the 8th International Information and Telecommunication Technologies Symposium (I2TS '09), Florianopolis, Brazil, December 2009.
[3]
D. F. C. Moura, R. M. Salles, and J. F. Galdino, “Generalized input deterministic service queue model: analysis and performance issues for wireless tactical networks,” IEEE Communications Letters, vol. 13, no. 12, pp. 965–967, 2009.
[4]
X. Fu, B. Graham, Bettati, and R. Zhao W, “Active traffic analysis attacks and countermeasures,” in Proceedings of the International Conference on Computer Networks and Mobile Computing (ICCNMC '03), 2003.
[5]
S. Myagmar, A. J. Lee, and W. Yurcik, “Threat modeling as a basis for security requirements,” in Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS '05), 2005.
[6]
J. Bonneau and I. Mironov, “Cache-collision timing attacks against AES,” in Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES '06), 2006.
[7]
J. F. Galdino, E. L. Pinto, and M. S. de Alencar, “Analytical performance of the LMS algorithm on the estimation of wide sense stationary channels,” IEEE Transactions on Communications, vol. 52, no. 6, pp. 982–990, 2004.
[8]
E. M. Gallery and C. J. Mitchell, “Trusted computing technologies and their use in the provision of high assurance SDR platform,” in Proceedings of the Software Defined Radio Technical Conference, Orlando, Fla, USA, November 2006.
[9]
D. Murotake and A. Martin, “A high assurance wireless computing system architecture for software defined radios and wireless mobile platforms,” in Proceedings of the Software Defined Radio Technical Conference and Product Exposition (SDR '09), 2009.
[10]
A. M. A. Filho, E. L. Pinto, and J. F. Galdino, “Simple and robust analytically derived variable step-size least mean squares algorithm for channel estimation,” IET Communications, vol. 3, no. 12, pp. 1832–1842, 2009.
[11]
R. Gallo, H. Kawakami, and R. Dahab, “On device establishment and verification,” in Proceedings of the 6th European Workshop on Public Key Services, Applications and Infrastructure (EuroPKI '09), September 2009.
[12]
R. Riley, X. Jiang, and D. Xu, “An architectural approach to preventing code injection attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 7, no. 4, pp. 351–365, 2010.
[13]
T. E. Humphreys, B. M. Ledvina, M. L. Psiaki, B. W. O'Hanlon, and P. M. Kintner Jr., “Assessing the spoofing threat: development of a portable gps civilian spoofer,” in Proceedings of the 21st International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS '08), pp. 1198–1209, September 2008.
[14]
3GPP, Security Threats and Requirements (Release 4), Technical Specification Group Services and System Aspects, 3rd Generation Partnership Project, 2001.
[15]
T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer, “Social phishing,” Communications of the ACM, vol. 50, no. 10, Article ID 1290968, pp. 94–100, 2007.
[16]
R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor, “Trustworthy hardware: identifying and classifying hardware trojans,” Computer, vol. 43, no. 10, Article ID 5604161, pp. 39–46, 2010.
[17]
D. F. C. Moura, R. M. Salles, and J. F. Galdino, “Multimedia traffic robustness and performance evaluation on a cross-layer design for tactical wireless wetworks,” in Proceedings of the 9th International Information and Telecommunication Technologies Symposium (I2TS '10), Rio de Janeiro, Brazil, December 2010.
[18]
U. Lindqvist and E. Jonsson, “How to systematically classify computer security intrusions,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 154–163, May 1997.
[19]
A. A. Pereira Junior and J. F. Galdino, “Secrecy rate of adaptive modulation techniques in flat-fading channels,” Revista IEEE América Latina, vol. 8, pp. 332–339, 2010.
[20]
D. Murotake and A. Martin, “System threat analysis for high assurance software radio,” in Proceedings of the Software Defined Radio Technical Conference and Product Exposition (SDR '04), Phoenix, Ariz, USA, November 2004, SDR Forum.
[21]
P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis: leaking secrets,” in Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (Crypto '99), vol. 1666 of Lecture Notes in Computer Science, pp. 388–397, Springer.
[22]
A. J. Goldsmith and S. G. Chua, “Adaptive coded modulation for fading channels,” IEEE Transactions on Communications, vol. 46, no. 5, pp. 595–602, 1998.
[23]
A. Pellegrini, V. Bertacco, and T. Austin, “Fault-based attack of RSA authentication,” in Proceedings of the Design, Automation and Test in Europe Conference and Exhibition (DATE '10), pp. 855–860, March 2010.
[24]
R. W. Beckwith, W. M. Vanfleet, and L. MacLaren, “High assurance security/safety for deeply embedded, real-time systems,” in Proceedings of the Embedded Systems Conference, 2004.
[25]
M. P. Correia and P. J. Sousa, Seguran?a No Software, FCA Editora de Informática, 2010.
[26]
F.-X. Standaert, T. G. Malkin, and M. A. Yung, “Unified framework for the analysis of side-channel key recovery attacks,” in Proceedings of the 28th Annual International Conference on Advances in Cryptology: The Theory and Applications of Cryptographic Techniques (Eurocrypt '09), vol. 5479 of Lecture Notes in Computer Science, pp. 443–461.
[27]
B. Chevallier-Mames, M. Ciet, and M. Joye, “Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity,” IEEE Transactions on Computers, vol. 53, no. 6, pp. 760–768, 2004.
[28]
P. Kocher, “Timing attacks on implementations of diffie-hellman, RSA, DSS and other systems,” in Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (Crypto '96), vol. 1109 of Lecture Notes in Computer Science, pp. 104–113, August 1996.
[29]
D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi, “The EM side-channel(s),” in Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES '02), vol. 2523 of Lecture Notes in Computer Science, pp. 29–45, August 2002.
[30]
J. Goodchild, Social engineering: the basics, 2010, http://www.csoonline.com/article/514063/social-engineering-the-basics.
[31]
A. J. Ferguson, “Fostering e-mail security awareness: the west point carronade,” Educause Quarterly, vol. 28, no. 1, 2005.
[32]
H. Berghel and J. Uecker, “WiFi attack vectors,” Communications of the ACM, vol. 48, no. 8, pp. 21–28, 2005.
[33]
T. X. Brown and A. Sethi, “Potential cognitive radio denial of service attacks and remedies,” in Proceedings of the International Symposium on Advanced Radio Technologies (ISART '07), 2007.
[34]
A. González, R. Carlos, C. B. Dietrich, and J. H. Reed, “Understanding the software communications architecture,” IEEE Communications Magazine, vol. 47, no. 9, pp. 50–57, 2009.
[35]
S. Frankel, B. Eydt, L. Owens, and K. Scarfone, Establishing Wireless Robust Security Networks: A Guide To IEEE 802.11i—Recommendations of the National Institute of Standards and Technology, 2007, NIST Special Publication 800-97.
[36]
F. H. Hsu, F. Guo, and T. C. Chiueh, “Scalable network-based buffer overflow attack detection,” in Proceedings of the 2nd ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS '06), pp. 163–171, December 2006.
[37]
J. Alves-Foss, W. S. Harrison, P. Oman, and C. Taylor, “The MILS architecture for high assurance embedded systems,” International Journal of Embedded Systems, vol. 2, no. 3-4, pp. 239–247, 2006.
