Embedded Mobile Tactical Systems -- Reverse Engineering and Countermeasures

Abstract

The National Defense Authorization Act for Fiscal Year (FY) 2014 and the Department of Defense (DoD) Appropriations Act for 2014 allocated $10.7M to assist Historically Black Colleges and Universities and Minority-Serving Institutions (HBCU/MI) and to enhance their research and education capabilities in scientific areas relevant to the defense mission. The FY 2014 program supports the acquisition of research equipment and instrumentation to augment existing capabilities and to develop new capabilities that will facilitate greater participation in DoD research programs and encourage more students to pursue careers in science, technology, engineering, and mathematics (STEM) disciplines. At the core of every embedded mobile tactical (EMT) system is a cryptographic device in the form of a field-programmable-gate array (FPGA), which is an integrated circuit that can be configured for a particular application by the user using a program written in a hardware description language. The program used to configure the FPGA is usually stored as an encrypted bitstream, which is loaded from external memory and exposed during power up. FPGAs, like most hardware such as custom logic in application specific integrated circuits and standard CPU chips executing cryptographic software or firmware, leak information through side-channels. These unintended side-channels include the instantaneous power consumption of the hardware, radiated electromagnetic fields, or timing information. Side-channel analysis (SCA) is a reverse engineering (RE) technique used to reveal the encryption key via noninvasive side-channel monitoring. SCA attacks can only be effective while the hardware is performing cryptographic operations. SCA attacks have been used successfully to uncover the encryption key of many commercial FPGAs. Countermeasures are necessary to secure the EMT systemÕs ability to withstand SCA attacks, and sustain or recover critical functions. The U.S. DoDÕs anti-tamper security policies and other security requirements mandate that devices include countermeasures against SCA. Software defined radios (SDR) are EMT systems that comprise the outer perimeter of the battlefield cyberspace. Therefore, our research objective is twofold: 1) to assess the vulnerabilities to side-channel attacks of a state-of-the-art SDR that uses Xilinx s new Zynq system-on-a-chip FPGA; and 2) to develop countermeasures to mitigate them. The proposed research is augmented by educational and outreach activities that will help us meet DOD s workforce demand for US engineers with the requisite skill set to work in cyberspace. This instrumentation funding opportunity will help Morgan State University establish the infrastructure necessary to conduct state-of-the-art basic research in reverse engineering of and countermeasures for EMT systems.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 12, 2017

Source ID

W911NF1510044

Entities

Tags