The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for DARPA

By

This is the Pentagon’s new acquisition structure

The Pentagon’s new acquisition plan creates almost a dozen new offices, in what the department hopes will be a streamlined organization better able to manage the needs of today while developing the technologies of tomorrow.

On Aug. 1, 2017 the department delivered to Congress its plan for devolving the undersecretary of defense for acquisition, sustainment and technology, or AT&L, into two smaller organizations — the undersecretary of defense for research and engineering, or USDR&E, and the undersecretary of defense for acquisition and sustainment, or USDA&S.

Those changes are required to be implemented by Feb. 1, 2018.

Among the notable changes, three quasi-independent offices — the Strategic Capabilities Office, the Defense Innovation Unit Experimental and the Defense Advanced Research Projects Agency — will be folded two levels under the USDR&E, while a new analysis cell will be set up to drive how the Pentagon invests its money for the future.

The Missile Defense Agency will also be rolled under the USDR&E, at a time when the Trump administration has made missile defense a priority for the department.

Keep reading this article at: https://www.defensenews.com/breaking-news/2017/08/02/this-is-the-pentagons-new-acquisition-structure

See DoD’s complete restructuring plan at: https://www.scribd.com/document/355353372/Section-901-FY2017-NDAA-Report

By

Georgia Tech pursues new technique for wireless malware monitoring of Internet devices

A $9.4 million grant from the Defense Advanced Research Projects Agency (DARPA) could lead to development of a new technique for wirelessly monitoring Internet of Things (IoT) devices for malicious software – without affecting the operation of the ubiquitous but low-power equipment.

DARPAThe technique will rely on receiving and analyzing side-channel signals, electromagnetic emissions that are produced unintentionally by the electronic devices as they execute programs. These signals are produced by semiconductors, capacitors, power supplies and other components, and can currently be measured up to a half-meter away from operating IoT devices.

By comparing these unintended side-channel emissions to a database of what the devices should be doing when they are operating normally, researchers can tell if malicious software has been installed.

“We will be looking at how the program is changing its behavior,” explained Alenka Zajic, the project’s principal investigator and an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “If an Internet of Things device is attacked, the insertion of malware will affect the program that is running, and we can detect that remotely.”

The four-year project will also include two faculty members from Georgia Tech’s School of Computer Science: Professors Milos Prvulovic and Alessandro Orso. Also part of the project will be a research team from Northrop-Grumman, headed by Matthew Welborn. Details of an early prototype of the side-channel technique, called “Zero-Overhead Profiling” because the monitoring doesn’t affect the system being observed, were presented July 20th at the International Symposium on Software Testing and Analysis (ISSTA).

Within the next four years, an estimated 30 billion IoT devices will be in operation, doing everything from controlling home heating and air conditioning to sensing and managing critical infrastructure. The devices are usually small with limited processor power and memory. Their limited computing capabilities means they can’t run the kinds of malware protection software found on laptop computers, and they cannot use virtualization and other technology to protect the system software even when an application is taken over by an attacker. This means that once attackers compromise the internet-connected application, they typically “own” the entire IoT device and can even make it falsely respond to traditional queries about its own security status.

“The main challenge from a security perspective is to make these devices secure so somebody can’t take them over,” explained Zajic. “There will be a lot of processing power out there that needs to be monitored, but you can’t just put traditional security software on that processor because is doesn’t have enough power for both the security software and the tasks the device is supposed to be doing.”

Zajic and Prvulovic pioneered research on measuring side-channel signals emitted from devices. These emissions differ from the signals the devices were intended to produce for communicating information across the Internet to other devices. The researchers have already shown that they can pick up the signals close to the devices using specially designed antennas, and one project goal is to extend the range to as much as three meters.

“When a processor executes instructions, values are represented as ones and zeroes, which creates a fluctuation in the current,” Zajic said. “That creates changes in the electromagnetic field we are measuring, providing a pattern for what each part of the program looks like on a spectrum analyzer.”

Key to detecting changes in the signals is getting a “before” recording of what these signals should look like to draw a comparison with an “after” set of signals for each combination of device and software. The researchers plan to evaluate each IoT device, sampling and recording its typical operation to create a database. To avoid recording overwhelming amounts of data, the system will take periodic samples from different stages of program loops.

“If somebody inserts something into the program loop, the peaks in the spectrum will shift and we can detect that,” Zajic said. “This is something that we can monitor in real time using advanced pattern-matching technology that uses machine learning to improve its performance.”

Detecting malware, however, is more of a challenge.

“The technique is currently 95 percent accurate at profiling – pinpointing the exact point in the IoT program code that is currently executing,” explained Prvulovic. “However, detection of malware is a much more difficult problem. Profiling is about identifying which part of the program is the best match for the signal, whereas malware detection is about detecting, with sufficient confidence, that the signal does not match any part of the original program, even when the malware is designed to resemble the original code of the application.”

Zajic and Prvulovic have been studying a wide range of devices to determine the emissions produced.

“We have more than one source on a circuit board, so we have been trying to localize the sources so we can build an antenna to give us the best possible signal,” said Zajic. “There are multiple places on the board where you connect to the same information, though it may be modulated at different frequencies.”

Ultimately, researchers expect the project – dubbed Computational Activity Monitoring by Externally Leveraging Involuntary Analog Signals (CAMELIA) – to be capable of monitoring several IoT devices simultaneously. That will require development of advanced processing techniques able to differentiate signals from each device, and new antennas able to pick up the signals from a greater distance.

CAMELIA is part of a DARPA program called Leveraging the Analog Domain for Security (LADS), which is investing in six different initiatives to address IoT security. The Georgia Tech-Northrop Grumman project is the only one of the projects led by an academic institution.

The research is supported by the DARPA LADS program under contract FA8650-16-C-7620. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the sponsoring agency.

Source: http://www.news.gatech.edu/2016/07/31/monitoring-side-channel-signals-could-detect-malicious-software-iot-devices

By

DARPA needs vendors cleared for classified research

The Defense Advanced Research Projects Agency (DARPA) works on technologies and ideas at the bleeding edge of research, most of which have at least some tangential military use.  

DARPA“Often, these projects are classified and can only be solicited from a limited number of sources,” according to a July 11 request for information issued by the agency.

“DARPA must maintain up-to-date knowledge about potential performers to maximize the number of sources that can be solicited for classified, highly specialized, [cyberspace operations] R&D initiatives.”

Keep reading this article at: http://www.federaltimes.com/story/government/cybersecurity/2016/07/11/darpa-vendor-clearance/86947934/

 

By

Georgia Tech snags $2.9 million DARPA contract to develop defense against denial-of-service attacks

Georgia Tech researchers have been awarded a $2.9 million contract from the U.S. Defense Advanced Research Projects Agency (DARPA) to develop a cybersecurity method that will identify and defend against low-volume distributed denial of service (DDoS) attacks.

DARPAHigh-volume DDoS attacks that overwhelm servers with large amounts of malicious traffic in order to shut down a particular website have received a significant amount of study. However, low-volume attacks have not.

Low-volume attacks — while generally receiving less attention from scholars and media outlets — account for a significant percentage of all DDoS assaults. They can take down a website and be as damaging, but may use less bandwidth, are often shorter in duration, and may be designed to distract a security team from the aftershocks of follow-on attacks. In fact, according to Neustar, Inc., around 54 percent of DDoS attacks were found to be relatively small at less than 5 Gbps, yet 43 percent leave behind malware or viruses. Neustar’s April 2016 report found that 82 percent of corporations were attacked repeatedly.

GT College of Computing“This has been a 25-year problem with no practical solution,” says Taesoo Kim, lead principal investigator for the study and assistant professor in Georgia Tech’s School of Computer Science. “Our goal is to create a precise and timely detection method that identifies attacks by how they subtly change the resource consumption of a machine. With little to no degradation of system performance, we believe we can mitigate the threat and write a new signature for it inside the hardware within approximately 10 seconds so a network interface card will recognize it again. This effectively puts an anti-virus patch into your hardware in real time.”

Under the project name ROKI, Kim and colleagues propose to first establish a baseline of resource consumption using three Intel hardware features. Next, they will develop continuous analysis algorithms to compare a packet’s effect on system performance against historical consumption under similar scenarios. A new path-reconstruction engine will then produce a sequence of instructions to nullify an attack and encode the finding into the network interface card to stop current or future attack traffic.

“ROKI has the potential to achieve both timeliness and precision,” says Wenke Lee, co-PI on the project and co-director of the Institute for Information Security & Privacy at Georgia Tech. “We don’t need to know what an attack looks like, just that it deviates from the baseline. Existing defenses against low-volume DDoS attacks lack precision and they cannot create a response in a timely manner. This will.”

The research is part of DARPA’s Extreme DDoS Defense (XD3) program (awarded under contract #HR0011-16-C-0059) and began in April. First deliverables are expected in approximately 18 months, beginning with a prototype to demonstrate the core idea. The project is expected to be complete in three years. Field exercises to mitigate previously unknown DDoS attacks will occur in 2019.

 

Source: http://www.cc.gatech.edu/news/532141/georgia-tech-dismantle-pervasive-cyberattacks-10-seconds-or-less

By

SecDef Carter enlists Silicon Valley to transform the military

The “Doomsday Plane” weighs 800,000 pounds when fully loaded and can withstand the effects of a nuclear bomb or asteroid blast while remaining aloft for 12 hours without refueling.

Tech Sector Remains Wary of Government Contracting 11.2015First deployed in 1974, the Boeing E-4B has been the preferred mode of long-range transportation for US secretaries of defense ever since. But when Ashton Carter’s staff discovered the behemoth would literally crush the runway in Sun Valley, Idaho, where he planned to attend the annual gathering of tech elite at the Allen & Co. conference, the SecDef nimbly switched to a sleek Gulfstream V. He jetted in with just a few aides, his wife (the conference is something of a family affair), an overnight bag weighing less than 10 pounds—and the message that the US military has a new spirit of agile entrepreneurialism.

The DOD of course has a long history of jump-starting innovation. Historically, it has taken the megafunding and top-down control structures of the federal government to do the kind of investing required to create important technology for the military. Digital photography, GPS, the Internet itself—all were nourished by defense contracts before being opened up to the private sector, which then turned them into billion-dollar industries.

Keep reading this article at: http://www.wired.com/2015/11/secretary-of-defense-ashton-carter

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter