Project SCISRS Cuts Into RF Security With Real-time RF Analysis and RF-PUFs

November 24, 2021 by Adrian Gibbons

Bad actors soliciting communications with sensitive radio devices can lead to data breaches. Building upon machine learning techniques, IARPA launches a new program called SCISRS for real-time RF signal analysis.

Detecting and characterizing bad actors’ “RF anomalies” in a complex radio frequency (RF) domain is an increasing concern for intelligence operators such as the Intelligence Advanced Research Projects Activity (IARPA).

Real-time analysis of overt and anomalous signals is said to be a critical capacity for the intelligence community (IC) to prevent data breaches.


Various types of RF emissions pertinent to the performance of RF security systems.

Various types of RF emissions pertinent to the performance of RF security systems. Screenshot used courtesy of IARPA


Recently, IARPA announced the start of a new command and control program called “securing compartmented information with smart radio systems,” otherwise called SCISRS (pronounced scissors). 

Today, we look at some of the industry players awarded contracts under SCISRS, the overall goals, and methods that the program will adhere to, and looking at research around using physical unclonable functions (PUFs) to characterize unique RF transmitters.


Research Contracts Under SCISRS 

Expedition Technology (EXP) is one of five recipients of research contracts under the SCISRS program. EXP’s multi-year contract is valued at more than $15M USD, and follows its previous role as prime contractor for Radio Frequency Machine Learning Systems (RFMLS) under the Defense Advanced Research Projects Agency (DARPA). 

EXP intends to leverage machine learning (ML) techniques and digital signal processing (DSP) to meet the goals of the SCISRS program. They have also sub-contracted Purdue University, along with Riverside Research, to help with generating a potential solution.

Purdue will contribute in two areas: 


Building Upon Radio Frequency Machine Learning

SCISRS is said to build on DARPA's RFMLS program, focusing on classifying normal vs. anomalous signals.

RFMLS targets applications performing four specific tasks

  • RF fingerprinting,
  • RF fingerprint enhancement,
  • Spectrum awareness, and
  • Autonomous RF system configuration

The first two elements of RFMLS deal with the quantification and "enhancement" of the natural imperfections inside a given RF transmitter. This imperfection is said to identify a transmitter uniquely. RF-PUFs techniques are an example of how the IC can take advantage of these characteristics to secure communications.

The last two goals centered around the "importance level" of various signals inside a given spectral domain and the ability to configure RF systems to detect these important signals in "harsh RF environments."


The Goals & Phases of SCISRS

The SCISRS program seeks to detect and analyze "signals that differ from the RF Baseline or that is intended to hide in the ambient RF Baseline." 

Potential system solutions, which provide this capability, must be able to contend with a low probability of intercept (LPI), altered or mimicked signals, and unintended emanations that could result in a data breach. 

Overall, consisting of three phases, potential solutions will be subject to 3rd-party tests and evaluation by Pacific Northwest National Laboratory and a second unnamed lab dictated by IARPA. Each phase adds more stringent detection and classification benchmarks.


Detection requirements over three phases of the SCISRS program.

Detection requirements over three phases of the SCISRS program. Screenshot used courtesy of IARPA


As a set of standard communication schemes, overt communications have a particularly stringent requirement. It is expected that detection systems will be capable of recognizing legitimate RF communications 98% of the time by the third phase of the program. 

Accurate metadata measurements such as power, duration, frequency, bandwidth, and modulation also increase in severity as the phases progress. 

Metadata is one of the methods that potential system solutions could use to qualify a source as a baseline signal or an anomaly. 

With that in mind, how could you protect RF networks, specifically using PUFs?


Protecting RF Networks with RF-PUFs 

As a partner of Expedition Technology, Purdue University brings its radio frequency security experience to the team with a technique called RF-PUFs. Generally, RF-PUFs apply neural networks on the receiver side to uniquely identify each transmitter in a node-based network. 


A high-level overview of an RF-PUF system.

A high-level overview of an RF-PUF system. Screenshot used courtesy of Sen et al


There are natural variations in all transmitters derived from the manufacturing process, which can create a digital fingerprint for any given wireless transceiver (TX) device.  

In this scheme, neural networks are used to correctly identify TX devices by characterizing specific features such as frequency, I-Q components, and channel features. 


Block diagram of a unique TX identification.

Block diagram of a unique TX identification. Screenshot used courtesy of Sen et al


Their research (2018) indicated a capability to uniquely identify up to 10,000 transmitters in an asymmetric Internet of Things (IoT) network with a 99% accuracy.


Final Thoughts

Data security is an ongoing challenge for the intelligence community, with innovative new threats constantly rising which are designed to circumvent existing security precautions. 

Radio signal proliferation across numerous spectral environments with various modulations, hardware configurations, and user equipment makes finding anomalous signals challenging. 

SCISRS program manager, Dr. Paul Kolb, says that analyzing terabytes per second across a broad spectrum is "extremely challenging… it's an RF needle in a haystack."