TY - GEN
T1 - Security analysis of a software-defined radar
AU - Yerkes, Blake
AU - Ramsey, Benjamin
AU - Rice, Mason
AU - Pecarina, John
AU - Dunlap, Stephen
PY - 2017
Y1 - 2017
N2 - Designers frequently select Software-Defined Radios (SDRs) as their platform to implement their Radio Frequency (RF) systems. SDRs combine the flexible nature of software along with reconfigurable RF hardware to offer designers an expanded toolbox in which to develop, evaluate, and deploy their systems in a rapidly evolving spectral landscape. As is often the case, having a flexible system introduces possible security flaws. These security flaws become relevant when SDRs are embedded into real systems. Software-defined radars have been developed by defense contractors and may be poised to become the standard in a wide array of applications related to autonomous land, water, and air vehicles. However, no current work explores the security of a software-defined radar architecture. In this work, we examine example cyber attacks on small scale software-defined radar. The radar is composed of GNU Radio, a Linux framework for interacting with SDR hardware, and the Universal Software Radio Peripheral (USRP) N210, a reconfigurable RF frontend developed by Ettus Research. First we describe the operation of system from the GNU Radio software down to the packet format. This system analysis reveals that the communication channel within the radar is vulnerable to cyber attack. Specifically, it is possible to conduct Man-Inthe-Middle (MITM) attacks between GNU Radio and the USRP to alter the operation of the radar. The MITM attacks alter the hardware configuration and data used by the USRP, creating measurable effects in the distance estimates produced by the radar. We quantify these attacks by comparing the radar position estimates before and during an attack. The first MITM attack modifies hardware settings on the USRP. We observe up to a 76% error in the distance estimate by modifying the hardware configuration commands. We then create a targeted attack by modifying the RF data packets GNU Radio sends to the USRP. We show that intelligently altering the RF packet data introduces a targeted arbitrary distance offset into the radar range estimation with less than 10% error. We conclude with suggestions on how to secure a software-defined radar system assuming a similar structure to the test bed architecture.
AB - Designers frequently select Software-Defined Radios (SDRs) as their platform to implement their Radio Frequency (RF) systems. SDRs combine the flexible nature of software along with reconfigurable RF hardware to offer designers an expanded toolbox in which to develop, evaluate, and deploy their systems in a rapidly evolving spectral landscape. As is often the case, having a flexible system introduces possible security flaws. These security flaws become relevant when SDRs are embedded into real systems. Software-defined radars have been developed by defense contractors and may be poised to become the standard in a wide array of applications related to autonomous land, water, and air vehicles. However, no current work explores the security of a software-defined radar architecture. In this work, we examine example cyber attacks on small scale software-defined radar. The radar is composed of GNU Radio, a Linux framework for interacting with SDR hardware, and the Universal Software Radio Peripheral (USRP) N210, a reconfigurable RF frontend developed by Ettus Research. First we describe the operation of system from the GNU Radio software down to the packet format. This system analysis reveals that the communication channel within the radar is vulnerable to cyber attack. Specifically, it is possible to conduct Man-Inthe-Middle (MITM) attacks between GNU Radio and the USRP to alter the operation of the radar. The MITM attacks alter the hardware configuration and data used by the USRP, creating measurable effects in the distance estimates produced by the radar. We quantify these attacks by comparing the radar position estimates before and during an attack. The first MITM attack modifies hardware settings on the USRP. We observe up to a 76% error in the distance estimate by modifying the hardware configuration commands. We then create a targeted attack by modifying the RF data packets GNU Radio sends to the USRP. We show that intelligently altering the RF packet data introduces a targeted arbitrary distance offset into the radar range estimation with less than 10% error. We conclude with suggestions on how to secure a software-defined radar system assuming a similar structure to the test bed architecture.
KW - Man-in-the-middle attack
KW - Radar
KW - Software-Defined Radio
UR - http://www.scopus.com/inward/record.url?scp=85018938497&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85018938497
T3 - Proceedings of the 12th International Conference on Cyber Warfare and Security, ICCWS 2017
SP - 386
EP - 395
BT - Proceedings of the 12th International Conference on Cyber Warfare and Security, ICCWS 2017
A2 - Lopez, Juan R.
A2 - Bryant, Adam R.
A2 - Mills, Robert F.
PB - Academic Conferences and Publishing International Limited
T2 - 12th International Conference on Cyber Warfare and Security, ICCWS 2017
Y2 - 2 March 2017 through 3 March 2017
ER -