Virginia Tech Researchers Working on Software-Defined Radio Protection

There are many tools available to protect your computer from attacks over the Internet--antivirus software, spyware removers, firewalls, etc.--but what's the best way to protect your software defined radios (SDR) from attack by hackers? Virginia Tech engineering researchers won a $400,000 Cyber Trust grant from the National Science Foundation to answer that question.

Jung-Min Park, an assistant professor in Virginia Tech's Bradley Department of Electrical and Computer Engineering and director of the Laboratory for Advanced Research in Information Assurance and Security said, "In a civilian SDR network, the motive of a malicious user may be to simply cause mayhem to other users or to receive notoriety. This would be the equivalent of computer hackers. Malicious users also could try to extort money from providers who operate SDR networks and services. In a military setting, an adversary could try to interfere with communications to gain a tactical advantage."

Park said that his group was planning a comprehensive investigation of critical security issues, according to Virginia Tech News. Areas of exploration include an examination of security threats posed by an adversary installing malicious software on an SDR, and the effective countermeasures for such an attack. He said that such problems are unique to SDR networks and have not been studied systematically by the network security community.

Park acknowledged that international standards body SDR Forum is developing measures to prevent corrupt software from being downloaded, installed or instantiated on SDR devices, but cautioned "preventative measures can only act as the first line of defense. Other security measures need to be employed to fortify those measures."

By changing software, the frequencies, power level and modulation methods of SDRs can be changed. This flexibility allows the radios to match changing market demands and spectrum availability, but Virginia Tech says the software is vulnerable to failure, as well as malicious tampering.