Threats abound, from the RF battlefield to the web firewall

The modern RF battlefield presents a variety of threats, according to Wan Liu, a product manager at NI’s Ettus Research brand. Speaking at NIWeek’s Aerospace and Defense Summit at NIWeek in Austin in May, he cited several trends: use of COTS components, the increasing quality of assets, the increasing variety of threats, and the rapid evolution of waveforms, protocols, and devices. The threats affect not just military organizations but law-enforcement agencies, regulatory bodies, security firms, and first responders. The prevalence of drones exacerbates the threat, he said, disrupting investments in ground-based security systems.

Responding to threats, Liu said, involves spectrum monitoring to scan, detect, analyze, classify, decode, and record signals. Spectrum monitoring requires frequency-agile wide-bandwidth instruments able to capture short-duration signals in real time. Threat identification also requires direction-finding/geolocation using angle-of-arrival (AOA) and time-difference of arrival (TDOA) techniques, which require high-channel-count systems featuring phase coherency and able to evaluate compute-intensive DSP algorithms for channelization, correlation, and beamforming.

To address the threats, Ettus Research offers software-defined radios, including USRP X310 motherboards, which include 14-bit 200-MS/s ADCs and 16-bit 800-MS/s DACs plus a Kintex-7 FPGA. Each board supports 10 GbE and PCIe x4 streaming and fits in a half-wide 1U form factor; a board-only option allows for OEM integration.

The motherboards work with a variety of daughterboards, including the TwinRX, which features a dual-channel superheterodyne receiver offering up to an 80-MHz bandwidth from 10 MHz to 6 GHz.

Software suitable for SDR applications includes LabVIEW, GNU Radio, and MATLAB. Engineers might use LabVIEW for system modeling and design and then use LabVIEW FPGA to program the SDR hardware, Liu said. Or they might use GNU Radio for system modeling, C++ or Python for design, and Ettus Research’s RFNoC (RF network on chip) for the FPGA. He described GNU Radio as a free and open-source tool widely used in government, commercial, and academic environments supported by a large ecosystem of SDR vendors.

He concluded by presenting a direction-finding example using the MUSIC algorithm, an open-source reference application developed in GNU Radio. The example employed the USRP X310 and TwinRX to implement the MUSIC algorithm using a 4-element sensor array and LO sharing for phase-coherency.¹

Instruments for EW

A National Instruments white paper comments, “In markets such as signals intelligence (SIGINT), electronic warfare, test and measurement, public-safety communications, spectrum monitoring, and military communications (MILCOM), SDRs have become the de facto industry standard.”² However, other instruments, ranging from spectrum analyzers to peak power analyzers, have a role to play as well, as outlined in the article beginning on p. 12 in this issue and as described at the International Microwave Symposium in June in Philadelphia.

In addition, Tektronix in July announced the addition of IQFlow functionality to its RSA7100A wideband signal analysis solution (Figure 1). The company said this enhancement delivers the speed and flexibility needed to perform real-time digital signal processing to support hardware in the loop test for radar and electronic-warfare systems.

“The RSA7100A with IQFlow leads the market as a comprehensive solution that can quickly and easily be dropped into a wide range of test scenarios,” said Jon Baldwin, vice president and general manager, Wideband Solutions Business Unit at Tektronix, in a press release.

“IQFlow gives our customers the flexibility to process their own DSP algorithms in real time using our front-end system. They are not limited to working only with the instrument vendors’ analysis results.” EE-Evaluation Engineering’s October issue will have more on signal and spectrum analyzers.

Counterfeit and cloned ICs

Counterfeit microelectronics and cloned ICs were also topics of interest at the NIWeek Aerospace and Defense Summit. Tom Sharpe, a vice president at the distributor SMT Corp., called counterfeiting a huge issue for the industry. Cloned devices, he said, pass detailed mechanical inspections, their markings can be higher quality than those on authentic devices, and their electrical specs at room temperature can surpass those of authentic devices.

His conclusions are based on studies of more than 150 devices from 30 OCMs. He likened the clone threat to an iceberg—the danger is much greater than the perception. And whereas the problem was once confined to ICs being scraped off scrapped PCBs and sold as new, counterfeiters are now fabricating the chips themselves, performing functional die emulation and reverse engineering. The problems include not just economic loss and poor quality but also the threat of malicious hardware Trojans.³

“The ‘perfect storm’ within the semiconductor manufacturing industry is about to make landfall,” Sharpe said.

What’s to be done? Following Sharpe, Tom Bergman, program manager at Battelle Cyber Trust and Analytics, described nondestructive, destructive, and preemptive approaches. Nondestructive methods include visual inspection (often involving solvents), full functional test, and X-ray, SEM, XRF, or acoustic imaging to detect blacktopping and test material composition. Destructive methods involve decapsulation and cross-sectioning. Preemptive methods involve PUFs (physically unclonable functions), fingerprinting, and supply-chain control.

Battelle’s own initiative in this area, Bergan said, is electronic component authentication based on systemic manufacturing variations and machine learning to determine the “signature” of an authentic component resulting from deterministic variations unique to the manufacturing process and die layout. Battelle has developed an instrument called Barricade to derive the signature of an authentic device. Use of Barricade involves purchasing authentic chips from multiple authorized suppliers, interpreting the data sheet, devising test vectors, and collecting data.

Deep packet inspection

Deep packet inspection (DPI) has been one area of focus for Rohde & Schwarz, which in July announced that it is now supplying Indigo Software with its R&S PACE 2 DPI engine to enhance Indigo Software’s web application security solution with protocol and application classification capabilities. R&S PACE 2 now serves as the core for Indigo’s web application firewalls (WAFs), providing granular visibility of network traffic to analyze HTTP requests and responses to detect malicious behavior.

A case history describes an Indigo Software WAF as an indispensable component in the application delivery infrastructure. “Indigo Software firewalls offer Layer 7 web application security on a more refined level to help organizations provide a fast, reliable, and secure delivery of mission-critical web applications. Its WAF detects and blocks malicious activities behind inconspicuous website traffic that may slip through traditional security solutions.”⁴

Indigo Software says it offers next-generation software-defined firewall (SDF) and web application firewall (WAF) solutions designed to provide network and application layer security on a very large scale. “The Indigo SDF provides all of the integrated next-generation security of a next-generation firewall along with centralized management. WAF capabilities also defend against SQL injection and other application layer attacks, while anti-DDoS protects the availability of not only your network infrastructure but also subscribers’ hosted services.”⁵

Since Indigo Software integrated the DPI engine R&S PACE 2 into its WAF, the company reports that customer satisfaction has increased because customers saw improvements in application performance and availability, as well as a reduction in lag time. Before Indigo Software deployed the new solution, false positives in previous vendors’ products had made it difficult for customers to manage and control applications within their networks.

“We had evaluated open-source alternatives as the core for our web application firewall; however, they did not offer the performance and reliability required by our customers,” said Adam Murad, CTO at Indigo Software, in a press release. “The Rohde & Schwarz DPI engine gave us what we needed—from carrier-class performance and reliability to the detection of applications, protocols, and even encrypted applications to excellent developer documentation and sample code.”

Secure control architecture

And finally, The International Society of Automation and The Open Group have agreed to a liaison memorandum of understanding (MOU) to facilitate cooperation in advancing and harmonizing the development of a multivendor, interoperable, secure control architecture for application across the process industries. Activities will include sharing of best practices, document review, and joint forums.

The Open Group is an industry consortium of more than 625 companies and organizations that develops open, vendor-neutral technology standards and certifications. The new liaison agreement pertains specifically to The Open Group Open Process Automation Forum (OPAF), which is focused on developing a standards-based open, secure, interoperable process-control architecture.

ISA, a member association of approximately 40,000 automation professionals worldwide, develops standards in an open consensus process accredited by the American National Standards Institute (ANSI). The Geneva-based International Electrotechnical Commission (IEC) has adopted many of ISA’s American National Standards as international standards.
Key ISA/IEC standards on cybersecurity and enterprise-control integration are primary motivating factors in the agreement, pointed out Dennis Brandl, cochair of the OPAF Standards Working Group and chair of the OPAF Technology Architecture Subcommittee.

“This MOU shows the commitment from ISA and The Open Group to develop open standards that implement the best practices in the industry,” stated Brandl in a press release. “The widely used ISA/IEC enterprise-control system integration standards (ISA-95) and ISA/IEC 62443 standards (ISA-99) for the security of automation and control systems are key elements of the OPAF specifications.”

ISA will host an upcoming meeting of OPAF Sept. 11-13, 2018, in Research Triangle Park, NC. EE

References
1. “Direction-of-Arrival (DoA) Demo for GNU Radio (OOT) with the USRP X-Series and TwinRX,” Ettus Research, GitHub, 2106.
2. Software Defined Radio: Past, Present, and Future, White Paper, National Instruments, 2017.
Kwiat, Kevin, and Born, Frank, “Simulation for strategic hardware Trojans testing,” EE-Evaluation Engineering, March 2018, p. 18.
3. Deep packet inspection for web application security, Case Study, Rohde & Schwarz, 2018.
How Software-Defined Firewalls/WAFs Enable Communications Companies to Secure Networks, Grow Revenue and Comply with Regulations,” White Paper, Indigo Software, 2018.
4. Deep packet inspection for web application security, Case Study, Rohde & Schwarz, 2018.
5. How Software-Defined Firewalls/WAFs Enable Communications Companies to Secure Networks, Grow Revenue and Comply with Regulations,” White Paper, Indigo Software, 2018.