Slashdot Mirror
DARPA Is Looking For Analog Approaches To Cyber Monitoring
chicksdaddy writes: Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches, including the monitoring of analog emissions from connected devices, including embedded systems, industrial control systems and Internet of Things endpoints, Security Ledger reports.
DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.
The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."
DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.
The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."
They'll find the terrorists' messages have a much warmer sound.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
i'm so screwed.
When you have a hammer, everything looks like a nail.
When you are used to using electronic methods for intel, you ignore the non-electronic methods (aka tradecraft) and then all your high-tech expertise is useless.
It's a shame they don't teach spooks what they used to in my day.
-- Tigger warning: This post may contain tiggers! --
Dear DARPA:
Try looking in the back of your own closet (over on the NSA shelf, third bin from the left), filed under Tempest.
You're welcome.
Given neat tricks like recovering the RSA key GnuPG is using with nothing but a relatively unexceptional microphone recording of the noise emitted by the computer's power circuitry actually work; it seems quite plausible that you could detect abnormalities in operation based on measurements of the device's sound, heat, and so on.
What seems markedly trickier is dealing with devices whose behavior is variable enough that defining 'abnormality' is hard and generating a baseline 'fingerprint' isn't obvious. If the device's behavior is nice and predictable, you could theoretically force the attacker's malware to be extraordinarily similar to the legitimate software in order to evade detection. If not, though, the really nasty challenge would seem to be less in the measurement and more in knowing what signals to freak out about.
CPU utilization will go to 100%, causing all kinds of emission changes and power consumption alerts.
Admit it - we all just thought "Chipotle"
Is it just my observation, or are there way too many stupid people in the world?
This just seems like a battle destined to be lost. Sure, given enough analysis, one could decipher the meaning of the analog emissions coming from a normal device. However, long before that technology ever produces real, useful results, anyone will be able to easily obfuscate said analog emissions with some other device sitting near the subject device. Essentially, an electromagnetic white noise device that also records ambient EM and incorporates random bits of that into its own emissions. Do the same with audio, the EM going back out over the electrical connection, and even the light in the room, and you have created your own, personal, surveillance cloaking device. To the user in the room, it will be barely noticeable over the normal sound of their computer fan and normal fluctuations of light in the room. But it will be enough to make detecting and deciphering the original emissions impossible.
This sounds more like a sweet contract deal for someone's brother-in-law.
They have everything they need to secure their networks. All the federal infrastructure I worked with owned adequate technology equipment. Their networks & servers would be more secure if they used what they have now. However, many of those federal government agencies MUST hold their people accountable for poor unsatisfactory job performance. Until managers display the courage ( integrity & ethics) to 'do the right thing' by objectively enforcing policy, the deadwood eventually rots an organizations' behavior. The problem is not technology. It is people, the enemy is us.
DARPA Is Looking For Additional Approaches To Cyber Monitoring
I come here for the love
Because everyone gripes about slow startup times
a) In proper security devices the security logic doesn't execute within the same unit as the rest of the compromised device.
b) this isn't about people breaking firewalls. It's about people trying to break data diodes.
Religion is what happens when nature strikes and groupthink goes wrong.
"Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches"
This is ironic considering DARPA designed TCP/IP
Does everything really need to be connected to the Internet?
Let's through money at it, instead of fixing even the most basic compliance issues the .gov space can't seem to get.
Wish they spent the money on OPM..........
Self Defense - A Human Right www.a-human-right.com