DARPA - Tech to Protect the Internet of Things
DARPA Wants to Make the Internet of Things Power Efficient.
The Pentagon's emerging technology agency wants to know what a device's thermal output shows about potential cyber-intrusions.
The Defense Advanced Research Projects Agency's Information Innovation Office plans to award tens of millions of dollars, $36 million for the first phase, for technology that could monitor devices in the Internet of Things (a term that could connote anything from high-tech washing machines to sensors in industrial factories.)
The DARPA program, called "Leveraging the Analog Domain for Security," intends to examine involuntary emissions from devices -- electromagnetic, acoustic, thermal, as well as power fluctuations -- to determine the software running on the device. Those indicators could also tell researchers which functions the device is executing or which part of its memory it's accessing, an announcement said.
This monitoring system could be a separate device, a component within the device being monitored or an external component. The end goal, according to DARPA, is "algorithms, tools and devices for mapping analog emissions of digital devices."
While desktop computers and servers have many layers of protection including hardware and software defense, these security systems often can't be applied to "mission-specific devices" and devices with embedded computing chips because of "computational cost, complexity, or other system requirements," the announcement said.
"Attackers have repeatedly demonstrated the ability to pierce protection boundaries," taking advantage of the fact that security systems are often within the same computing unit as the rest of a compromised device's software, according to DARPA.
Interested teams should explain their plans to navigate the tradeoff between the monitoring system's accuracy and distance from the device being monitored, and also describe if the technology can operate even in a noisy environment, among other factors.
The program has three phases -- the first two are 18 months each, and the final is 12 months. Initial proposals are due by November.
The widespread use of connected devices "requires the exploration and development of new cybersecurity capabilities that are conducive to these devices’ limitations," the announcement said.