Project SCISRS Cuts Into RF Security With Real-time RF Analysis and RF-PUFs
Bad actors soliciting communications with sensitive radio devices can lead to data breaches. Building upon machine learning techniques, IARPA launches a new program called SCISRS for real-time RF signal analysis.
Detecting and characterizing bad actors’ “RF anomalies” in a complex radio frequency (RF) domain is an increasing concern for intelligence operators such as the Intelligence Advanced Research Projects Activity (IARPA).
Real-time analysis of overt and anomalous signals is said to be a critical capacity for the intelligence community (IC) to prevent data breaches.
Various types of RF emissions pertinent to the performance of RF security systems. Screenshot used courtesy of IARPA
Today, we look at some of the industry players awarded contracts under SCISRS, the overall goals, and methods that the program will adhere to, and looking at research around using physical unclonable functions (PUFs) to characterize unique RF transmitters.
Research Contracts Under SCISRS
Expedition Technology (EXP) is one of five recipients of research contracts under the SCISRS program. EXP’s multi-year contract is valued at more than $15M USD, and follows its previous role as prime contractor for Radio Frequency Machine Learning Systems (RFMLS) under the Defense Advanced Research Projects Agency (DARPA).
EXP intends to leverage machine learning (ML) techniques and digital signal processing (DSP) to meet the goals of the SCISRS program. They have also sub-contracted Purdue University, along with Riverside Research, to help with generating a potential solution.
Purdue will contribute in two areas:
- Detect RF emanations from unintentional radiators
- Build upon their research expertise in radio frequency PUF
Building Upon Radio Frequency Machine Learning
SCISRS is said to build on DARPA's RFMLS program, focusing on classifying normal vs. anomalous signals.
RFMLS targets applications performing four specific tasks:
- RF fingerprinting,
- RF fingerprint enhancement,
- Spectrum awareness, and
- Autonomous RF system configuration
The first two elements of RFMLS deal with the quantification and "enhancement" of the natural imperfections inside a given RF transmitter. This imperfection is said to identify a transmitter uniquely. RF-PUFs techniques are an example of how the IC can take advantage of these characteristics to secure communications.
The last two goals centered around the "importance level" of various signals inside a given spectral domain and the ability to configure RF systems to detect these important signals in "harsh RF environments."
The Goals & Phases of SCISRS
The SCISRS program seeks to detect and analyze "signals that differ from the RF Baseline or that is intended to hide in the ambient RF Baseline."
Potential system solutions, which provide this capability, must be able to contend with a low probability of intercept (LPI), altered or mimicked signals, and unintended emanations that could result in a data breach.
Overall, consisting of three phases, potential solutions will be subject to 3rd-party tests and evaluation by Pacific Northwest National Laboratory and a second unnamed lab dictated by IARPA. Each phase adds more stringent detection and classification benchmarks.
Detection requirements over three phases of the SCISRS program. Screenshot used courtesy of IARPA
As a set of standard communication schemes, overt communications have a particularly stringent requirement. It is expected that detection systems will be capable of recognizing legitimate RF communications 98% of the time by the third phase of the program.
Accurate metadata measurements such as power, duration, frequency, bandwidth, and modulation also increase in severity as the phases progress.
Metadata is one of the methods that potential system solutions could use to qualify a source as a baseline signal or an anomaly.
With that in mind, how could you protect RF networks, specifically using PUFs?
Protecting RF Networks with RF-PUFs
As a partner of Expedition Technology, Purdue University brings its radio frequency security experience to the team with a technique called RF-PUFs. Generally, RF-PUFs apply neural networks on the receiver side to uniquely identify each transmitter in a node-based network.
A high-level overview of an RF-PUF system. Screenshot used courtesy of Sen et al
There are natural variations in all transmitters derived from the manufacturing process, which can create a digital fingerprint for any given wireless transceiver (TX) device.
In this scheme, neural networks are used to correctly identify TX devices by characterizing specific features such as frequency, I-Q components, and channel features.
Block diagram of a unique TX identification. Screenshot used courtesy of Sen et al
Their research (2018) indicated a capability to uniquely identify up to 10,000 transmitters in an asymmetric Internet of Things (IoT) network with a 99% accuracy.
Data security is an ongoing challenge for the intelligence community, with innovative new threats constantly rising which are designed to circumvent existing security precautions.
Radio signal proliferation across numerous spectral environments with various modulations, hardware configurations, and user equipment makes finding anomalous signals challenging.
SCISRS program manager, Dr. Paul Kolb, says that analyzing terabytes per second across a broad spectrum is "extremely challenging… it's an RF needle in a haystack."