The Defense Advanced Research Projects Agency (DARPA) has issued a $9.4 million grant to the Georgia Institute of Technology to develop new ways to monitor low-power, embedded IoT devices for malicious software, without affecting their operation.
According to the researchers at Georgia Tech, the technique will rely on receiving and analyzing side-channel signals, electromagnetic emissions that are produced unintentionally by the electronic devices as they execute programs.
These signals are produced by semiconductors, capacitors, power supplies and other components, and can currently be measured up to a half-meter away from operating IoT devices, said the researchers.
By comparing these unintended side-channel emissions to a database of what the devices should be doing when they are operating normally, researchers can tell if malicious software has been installed.
Within the next four years, it is projected that 30 billion IoT devices will be in operation, doing everything from controlling home heating and air conditioning to sensing and managing critical infrastructure.
Most of these devices are small, with limited processor power and memory. Their limited computing capabilities means they can’t run the kinds of malware protection software found on laptop computers, and they cannot use virtualization and other technology to protect the system software even when an application is taken over by an attacker, said the researchers.
This means that once attackers compromise the internet-connected application, they typically “own” the entire IoT device and can even make it falsely respond to traditional queries about its own security status.
“The main challenge from a security perspective is to make these devices secure so somebody can’t take them over,” said Alenka Zajic, the project’s principal investigator and an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology.
“There will be a lot of processing power out there that needs to be monitored, but you can’t just put traditional security software on that processor because it doesn’t have enough power for both the security software and the tasks the device is supposed to be doing,” he added.
“If somebody inserts something into the program loop, the peaks in the spectrum will shift and we can detect that,” Zajic said. “This is something that we can monitor in real time using advanced pattern-matching technology that uses machine learning to improve its performance.”
Ultimately, researchers expect the project, which has been named Computational Activity Monitoring by Externally Leveraging Involuntary Analog Signals (CAMELIA), to be capable of monitoring several IoT devices simultaneously. That will require development of advanced processing techniques able to differentiate signals from each device, and new antennas able to pick up the signals from a greater distance, the researchers said.