In-brief: DARPA is directing $36m for the first stage of a program called LADS – Leveraging the Analog Domain for Security, which is looking into analog methods of cyber threat detection, including power consumption monitoring.
Frustrated by adversaries continued success at circumventing or defeating cyber defense and monitoring technologies, DARPA is looking to fund new approaches, including the monitoring of analog that don’t rely on traditional on-device or on-network monitoring.
DARPA, the Department of Defense’s Advanced Research Projects Agency, issued a call for “innovative research proposals” for the Leveraging the Analog Domain for Security (LADS) Program on September 25. The program is directing $36 million into developing “enhanced cyber defense through analysis of involuntary analog emissions,” including things like “electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations.”
The goal, according to a DARPA document describing the program (PDF), is to “develop new cybersecurity capabilities by exploring the intersection of the analog and digital domains” and to extend monitoring to a category of devices that are often unprotected. These are what DARPA refers to as EMSDs – or “embedded and mission-specific devices.”
At the root of the program is frustration and a lack of confidence in digital monitoring and protection technologies developed for general purpose computing devices like desktops, laptops and servers. The information security community’s focus on “defense in-depth” approaches to cyber defense are not suited for embedded systems because of cost, complexity or resource limitations. Even if that were possible, DARPA notes that “attackers have repeatedly demonstrated the ability to pierce protection boundaries, exploiting the fact that any security logic ultimately executes within the same computing unit as the rest of the (compromised) device software and the attacker’s code.”
In contrast, the technology DARPA is soliciting with its LADS program seeks to deliver a “high‐fidelity” view of the state of monitored devices that is “the combination of analog signal analysis…and program analysis techniques.”
Winning submissions will be able to “identify and quantify analog channels that convey useful information about the internal state of the device,” and map changes on the device to an analog emissions model that can capture interesting attacker behaviors. For example, changes such as loading unknown firmware or injecting malicious code should lead to noticeable changes in emissions that can be detected. The detection technology must be able to work around various physical constraints such as noise, distance from the device, and so on.
While DARPA is known for funding long shot ideas, analog monitoring to detect cyber threats isn’t one of them. In fact, there are already funded startups on the market with products that do much of what DARPA’s LADS program is looking for.
Notably, this blog wrote about Virta Labs, a Michigan-based startup that has introduced a new device, dubbed PowerGuard, that it says can spot malicious software running across a wide range of devices by studying the patterns of power consumption on those devices. The device is in beta deployment now.
Virta is the brainchild of Professor Kevin Fu of the University of Michigan, a leading expert on the security of medical devices and Denis Foo Kune, a former postdoctoral researcher at the University of Michigan’s department of Computer Science and Engineering. The company’s product looks like a standard power strip, but contains intelligence that can spot changes in a device’s operation that may be unrelated to malicious activity. Because the device doesn’t require software or hardware to be installed on the actual device, it is easier for healthcare organizations to deploy it without being concerned that it will interfere with the operation of the device that is being monitored.
Another firm, PFP Cybersecurity, a Vienna, Virginia-based company is marketing similar technology, marketed as anomaly detection software for critical infrastructure, supply chain and the Internet of Things that can detect the presence of malicious software by monitoring the way that software changes the patterns of power consumption or RF (radio frequency) radiation. PFP grew out of research funded by the U.S. Departments of Defense and Homeland Security.
Proposals for the LADS program are due in to DARPA by November 10, 2015. DARPA said that multiple awards may be possible including procurement contracts.