Slashdot Mirror
DARPA Is Looking For Analog Approaches To Cyber Monitoring
chicksdaddy writes: Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches, including the monitoring of analog emissions from connected devices, including embedded systems, industrial control systems and Internet of Things endpoints, Security Ledger reports.
DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.
The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."
DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.
The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."
They'll find the terrorists' messages have a much warmer sound.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
i'm so screwed.
When you have a hammer, everything looks like a nail.
When you are used to using electronic methods for intel, you ignore the non-electronic methods (aka tradecraft) and then all your high-tech expertise is useless.
It's a shame they don't teach spooks what they used to in my day.
-- Tigger warning: This post may contain tiggers! --
"...DARPA notes that 'attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code.'"
This just in: machines do what people tell them to do. Film at 11.
Dear DARPA:
Try looking in the back of your own closet (over on the NSA shelf, third bin from the left), filed under Tempest.
You're welcome.
// The following comment is illogical, and need not be the case:
// any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."/i
// Consider the primary and secondary OS in every Android system: One for the baseband radio, one for everything else.
// DERPA! Don't let morons run the show.
d36b d2e3 fb66 b4a6
ca9c a2bb b17d 21c0
0aa5 c82a 0596 9af8
6303 012f bcd6 8ba2
a60a 3c5e f48d 3979
fd3d 1eeb fd14 435f
9984 caad deb4 ccfd
4186 9a71 10e6 da97
Syntax Error: Unterminated itallic tag.
Context Error: <i> tags are deprecated; Use <em> instead.
Given neat tricks like recovering the RSA key GnuPG is using with nothing but a relatively unexceptional microphone recording of the noise emitted by the computer's power circuitry actually work; it seems quite plausible that you could detect abnormalities in operation based on measurements of the device's sound, heat, and so on.
What seems markedly trickier is dealing with devices whose behavior is variable enough that defining 'abnormality' is hard and generating a baseline 'fingerprint' isn't obvious. If the device's behavior is nice and predictable, you could theoretically force the attacker's malware to be extraordinarily similar to the legitimate software in order to evade detection. If not, though, the really nasty challenge would seem to be less in the measurement and more in knowing what signals to freak out about.
CPU utilization will go to 100%, causing all kinds of emission changes and power consumption alerts.
... a surge of interest in better EM shielding for electronics is on the way.
Admit it - we all just thought "Chipotle"
Is it just my observation, or are there way too many stupid people in the world?
Almost electronic devices have StandBy but it's not 100% silent in terms of wattage, why?
I've only taken a few related courses, but given the big push in machine learning and "big data" analysis, have we been able to learn anything about patterns and methodologies of attack at the bit/byte level of individual computing systems? Is there a threshold (BIOS, OS?) at which monitoring is not feasible? Al D.
This just seems like a battle destined to be lost. Sure, given enough analysis, one could decipher the meaning of the analog emissions coming from a normal device. However, long before that technology ever produces real, useful results, anyone will be able to easily obfuscate said analog emissions with some other device sitting near the subject device. Essentially, an electromagnetic white noise device that also records ambient EM and incorporates random bits of that into its own emissions. Do the same with audio, the EM going back out over the electrical connection, and even the light in the room, and you have created your own, personal, surveillance cloaking device. To the user in the room, it will be barely noticeable over the normal sound of their computer fan and normal fluctuations of light in the room. But it will be enough to make detecting and deciphering the original emissions impossible.
This sounds more like a sweet contract deal for someone's brother-in-law.
They have everything they need to secure their networks. All the federal infrastructure I worked with owned adequate technology equipment. Their networks & servers would be more secure if they used what they have now. However, many of those federal government agencies MUST hold their people accountable for poor unsatisfactory job performance. Until managers display the courage ( integrity & ethics) to 'do the right thing' by objectively enforcing policy, the deadwood eventually rots an organizations' behavior. The problem is not technology. It is people, the enemy is us.
DARPA Is Looking For Additional Approaches To Cyber Monitoring
I come here for the love
Put a pubic hair on the "T" key. If someone has intruded your system, the hair will be gone. NOBODY will put back a pubic hair to where it belongs! The "T" key.
Set up ambient air-quality monitors to detect Cheetoh and Mountain Dew farts at 3.00 AM. There's your 1337 haxx0rz.
"Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches"
This is ironic considering DARPA designed TCP/IP
... offense.
Sorry, spying is an offensive activity, not a defensive one.
Does everything really need to be connected to the Internet?
Let's through money at it, instead of fixing even the most basic compliance issues the .gov space can't seem to get.
Wish they spent the money on OPM..........
Self Defense - A Human Right www.a-human-right.com