Slashdot Mirror
DARPA Is Looking For Analog Approaches To Cyber Monitoring
chicksdaddy writes: Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches, including the monitoring of analog emissions from connected devices, including embedded systems, industrial control systems and Internet of Things endpoints, Security Ledger reports.
DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.
The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."
DARPA is putting $36m to fund the Leveraging the Analog Domain for Security (LADS) Program (PDF). The agency is looking for proposals for "enhanced cyber defense through analysis of involuntary analog emissions," including things like "electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations." At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers.
The information security community's focus on "defense in-depth" approaches to cyber defense are ill suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that "attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker's code."
i'm so screwed.
Given neat tricks like recovering the RSA key GnuPG is using with nothing but a relatively unexceptional microphone recording of the noise emitted by the computer's power circuitry actually work; it seems quite plausible that you could detect abnormalities in operation based on measurements of the device's sound, heat, and so on.
What seems markedly trickier is dealing with devices whose behavior is variable enough that defining 'abnormality' is hard and generating a baseline 'fingerprint' isn't obvious. If the device's behavior is nice and predictable, you could theoretically force the attacker's malware to be extraordinarily similar to the legitimate software in order to evade detection. If not, though, the really nasty challenge would seem to be less in the measurement and more in knowing what signals to freak out about.
90 pct of all stolen mil data is due to cleared individuals doing stupid things.
9 pct is due to human ops.
Only 1 pct is due to technical means.
Where do you think we should focus our resources?
-- Tigger warning: This post may contain tiggers! --