The Georgia Institute of Technology has been issued a $9.4 million grant from the Defense Advanced Research Projects Agency (DARPA) to develop new ways to protect low-power, embedded IoT devices.
The educational establishment says that the research grant could result in the development of a new way to wirelessly monitor IoT devices for malicious software — without the need to tamper with embedded IoT devices — components which are small, low-power and have specialized functions.
On Monday, Georgia tech researchers said in a blog post that the new technique will rely on receiving and analyzing side-channel signals — the electromagnetic emissions which are produced by devices as they execute functions and programs.
This “side-channel” noise is produced by semiconductors, capacitors, power supplies and other components, and current technologies can measure it up to half a meter away from an active IoT device. However, the team hope to eventually expand this range to up to three meters.
The researchers say that by comparing IoT device noise with a database containing data on what noise should be produced when a connected device is operating as it should, the team will be able to tell when malicious software has been installed.
“We will be looking at how the program is changing its behavior,” explained Alenka Zajic, the project’s principal investigator and an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “If an Internet of Things device is attacked, the insertion of malware will affect the program that is running, and we can detect that remotely.”
“When a processor executes instructions, values are represented as ones and zeroes, which creates a fluctuation in the current,” Zajic added. “That creates changes in the electromagnetic field we are measuring, providing a pattern for what each part of the program looks like on a spectrum analyzer.”
The four-year project, dubbed “Computational Activity Monitoring by Externally Leveraging Involuntary Analog Signals” (CAMELIA) will include members of Georgia Tech’s school of Computer Science, as well as a research team from Northrop-Grumman.
CAMELIA is part of a DARPA program called Leveraging the Analog Domain for Security (LADS) which is currently funding a total of six different projects based on improving IoT security.