To date, much security work for software defined radio (SDR) focuses on traditional communications security issues, particularly the confidentiality of voice and data transmissions. So when people hear “security,” they think about data encryption, key management and the separation of classified and unclassified data. However, SDR security involves a broader range of issues, many under the rubric of software assurance. In short, radio users need to have confidence that radio software will perform as advertised—to know that the code was developed using reliable software development methods, was thoroughly tested by someone they trust and wasn’t changed after the testing was completed.

Radio Software Assurance

Ultimately, software assurance may be more important to many radio users than traditional communications security. In today’s world, the risk that an adversary will expend resources to crack the cryptography protecting real-time or tactical wireless communications is small relative to other threats. Conversely, the risk that bad code could cause a radio to malfunction or cause interference with other legitimate radio communications is very real. In a worst-case scenario, bad code may have worm-like replicating behavior, impacting the radio communications of an entire organization or community of users. In the absence of appropriate controls, adversaries interested in compromising communications security may find that replacing SDR code on a radio platform is much easier than cracking its cryptosystem. To explain the difference between communications security and software assurance, Table 1 lists potential attacks on both.

Assurance is significantly more difficult for SDR than it is for traditional hardware-based radios. Once a hardware radio design has been certified to meet functional and security requirements, users can be confident that radios off the production line will meet the requirements through the radio’s lifetime. Tampering with radios is possible, but it can only be done to one radio at a time. The adversary must have physical contact with the radio and technical expertise.

SDR changes the threat. Software updates can modify multiple radios simultaneously. Physical contact is not necessary because malicious code can be inserted during the development process or during remote software downloads. User-friendly software tools may allow adversaries to modify radio code and its behavior with relatively little expertise.

Software Certification

Software certification can provide required levels of assurance. Comprehensive SDR certification could ensure that adversaries cannot circumvent security controls. It should include examination of the SDR device boot procedure and mechanisms to achieve process separation and memory isolation. Table 2 lists potential controls and countermeasures that should be tested during certification.

SDR certification is largely in its infancy. The National Security Agency (NSA) provides the most comprehensive program—security testing of SDR technology developed for the Joint Tactical Radio System (JTRS). But details of the program are classified, which limits the scope to the U.S. DoD, effectively precluding other SDR users, including U.S. allies, from leveraging it.

The Federal Communications Commission (FCC) also has an SDR certification program, but it has no defined methodology, preferring a case-by-case approach at this stage in the evolution of SDR technology. Only one company—Vanu—has successfully navigated the process to obtain a license. The good news is that most FCC proceedings are public, which means others will benefit from advances made in this area. The not-so-good news is that FCC’s interests are narrowly focused on illegal radio interference, which is only one aspect of the range of SDR security issues to be addressed. Typically, FCC activities are not applicable to military or non-U.S. communications.

For the commercial aviation industry, the U.S. Federal Aviation Administration’s Advisory Circular 20-115B establishes Radio Technical Commission for Aeronautics (RTCA) DO-178-B guidelines as a de facto assurance standard for software development. But these guidelines do not specifically address radio software or security considerations, focusing instead on development practices and documentation.