Security analysis of a software-defined radar

Blake Yerkes, Benjamin Ramsey, Mason Rice, John Pecarina, Stephen Dunlap

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Designers frequently select Software-Defined Radios (SDRs) as their platform to implement their Radio Frequency (RF) systems. SDRs combine the flexible nature of software along with reconfigurable RF hardware to offer designers an expanded toolbox in which to develop, evaluate, and deploy their systems in a rapidly evolving spectral landscape. As is often the case, having a flexible system introduces possible security flaws. These security flaws become relevant when SDRs are embedded into real systems. Software-defined radars have been developed by defense contractors and may be poised to become the standard in a wide array of applications related to autonomous land, water, and air vehicles. However, no current work explores the security of a software-defined radar architecture. In this work, we examine example cyber attacks on small scale software-defined radar. The radar is composed of GNU Radio, a Linux framework for interacting with SDR hardware, and the Universal Software Radio Peripheral (USRP) N210, a reconfigurable RF frontend developed by Ettus Research. First we describe the operation of system from the GNU Radio software down to the packet format. This system analysis reveals that the communication channel within the radar is vulnerable to cyber attack. Specifically, it is possible to conduct Man-Inthe-Middle (MITM) attacks between GNU Radio and the USRP to alter the operation of the radar. The MITM attacks alter the hardware configuration and data used by the USRP, creating measurable effects in the distance estimates produced by the radar. We quantify these attacks by comparing the radar position estimates before and during an attack. The first MITM attack modifies hardware settings on the USRP. We observe up to a 76% error in the distance estimate by modifying the hardware configuration commands. We then create a targeted attack by modifying the RF data packets GNU Radio sends to the USRP. We show that intelligently altering the RF packet data introduces a targeted arbitrary distance offset into the radar range estimation with less than 10% error. We conclude with suggestions on how to secure a software-defined radar system assuming a similar structure to the test bed architecture.

Original languageEnglish
Title of host publicationProceedings of the 12th International Conference on Cyber Warfare and Security, ICCWS 2017
EditorsJuan R. Lopez, Adam R. Bryant, Robert F. Mills
PublisherAcademic Conferences and Publishing International Limited
Pages386-395
Number of pages10
ISBN (Electronic)9781911218258
StatePublished - 2017
Externally publishedYes
Event12th International Conference on Cyber Warfare and Security, ICCWS 2017 - Dayton, United States
Duration: Mar 2 2017Mar 3 2017

Publication series

NameProceedings of the 12th International Conference on Cyber Warfare and Security, ICCWS 2017

Conference

Conference12th International Conference on Cyber Warfare and Security, ICCWS 2017
Country/TerritoryUnited States
CityDayton
Period03/2/1703/3/17

Keywords

  • Man-in-the-middle attack
  • Radar
  • Software-Defined Radio

Fingerprint

Dive into the research topics of 'Security analysis of a software-defined radar'. Together they form a unique fingerprint.

Cite this