A US project is looking at using technologies usually associated with cyber attacks to act as protection for IoT systems instead.
These 'side channel attacks' include techniques such as differential power analysis (DPA). This monitors the power rails of a system to work out what bits are being transferred and so break encryption keys. Many system-on-chip designers and FPGA users spend a lot of time masking the activity of bus and power lines to protect the operation from such attacks, but this hasn't really been implemented in lower cost IoT systems.
PFP Cybersecurity, a provider of unique, physics-based anomaly detection technology, has been awarded a Defense Advanced Research Projects Agency (DARPA) contract for Leveraging the Analog Domain for Security (LADS) program to study these types of techniques for a new way of protecting against attacks.
It is looking at DPA as a way to monitor a system to check that it hasn't been compromised, as the passive monitor would be entirely separate from the system and harder to attack. It would look for changes in the activity of the IoT node, protecting it by either resetting the node, or the monitor could have its own entirely separate link to the wireless network to feed back data to a separate analytic system to take other action.
“PFP is excited to be part of DARPA’s LADS program,” said Dr Aguayo Gonzalez, CTO of PFP. “We’re thrilled to be a part of ensuring the country’s cyber protection. This program will add significant enhancements to our detection technology to secure IoT devices.” PFP’s solution protects against cyber-attacks that threaten any IoT connected devices including the power grid, cars, cell phones, tablets and various other smart devices.
PFP provides software as a service (SaaS) through an IoT platform based on patented analytics for power. This is proven to detect supply chain, configuration and continuous attacks. The PFP analytics could provide alarms in machine time to an enterprise system such as SOC with strong confidence. It could also be used for forensic analysis to find out how a node was compromised.
Releases system for detecting SYNful Knock
The company is also demonstrating a solution for continuously monitoring and securing enterprise router racks in data centres. PFP’s system includes a portable unit for periodic cybersecurity checks and a small 1U rack-mount monitoring unit which can simultaneously monitor an entire rack without interfering with normal operations or adding software to the routers.
“For years it has been said home routers are a key attack point, but enterprise routers are secure. Recently, FireEye burst that bubble announcing that Cisco enterprise routers are vulnerable to a threat called SYNful Knock,” said Steven Chen, PFP CEO.
Headquartered in the Washington, D.C., PFP Cybersecurity (also known as Power Fingerprinting) uses patented technology developed by Dr. Jeff Reed and Gonzalez at Virginia Tech.