INDEPENDENT RESEARCH AND DEVELOPMENT PROJECT DATA

(INFORMATION IN THIS BLOCK MUST BE UNCLASSIFIED)

Information in this block is furnished by the company in confidence with the claims that: (a) it falls within the exception under subsection (b)(4) of 5 U.S.C. 552, and (b) it is subject to 18 U.S.C. 1905. The information contained herein is furnished for the sole purpose of identifying the subject program, and the DoD shall except as required by the resolution of litigation or the direction of preemptive authority (e.g., The President, Congress, Justice Department) preclude disclosure to other than duly authorized Government Personnel. Any authorized reproduction or disclosure of the information contained herein, in whole or in part, shall include this notice.
(For Help, press F1 while cursor is on field or see Chapter 3 of the IR&D Database Contributors Guide for definition of each element.) PROJECT TITLE PROJECT NUMBER

Predictable Information Operations Capabilities and Tools

ACCESSION NUMBER TECH PLAN FY REPORT DATE PROJECT START DATE PRIOR YEAR $K

08INOP5
CURRENT YEAR $K

08044894

2008

080315

200710

0
ZIP CODE

500
ORGANIZATION NAME, ADDRESS, CITY, STATE

Johns Hopkins University Applied Physics Laboratory 11100 Johns Hopkins Road Laurel MD
ORGANIZATIONS FOCAL POINT NAME

ORG. SOURCE CODE

20723-6099

031650

TELEPHONE: 240-228-5379

Ryan, Dennis L
PROJECT MANAGER/PRINCIPAL INVESTIGATOR

EMAIL: dennis.ryan@jhuapl.edu
TELEPHONE: 240-228-7808

Blackert, William T
SUBJECT CATEGORIES AND SUBCATEGORIES
(To indicate subject categories and subcategories related to your project, choose a selection from the top drop down, then the next dropdown will fill with subcategories.)

EMAIL: william.blackert@jhuapl.edu
WORK CATEGORY A-Applied Research PROJECT SENSITIVITY UNCLASSIFIED

Most Applicable
25 - Communications 0 - All 0 - All

2nd Choice
12 - Mathematical and Computer Sciences 0 - All 0 - All

3rd Choice
15 - Military Sciences 0 - All 0 - All

KEYWORDS Computer network attack; electronic warfare. NEED In todays world, the United States is both a military and an economic giant. Exercising control over informationgetting it, understanding it, disseminating it, protecting and sometimes attacking itis key for maintaining that dominance. The global proliferation of sophisticated information and networking technology presents both opportunities and challenges. DoD has a comprehensive plan to develop information operations (IO) as a core military competency, and a key component in this overall plan is to mature IO into a reliable warfighting capability. While IO may sometimes present an attractive alternative to (or a combat multiplier for)

08INOP5_08044894

02/19/08 4:16 PM

Page 1 of 6

physical attack, there are significant uncertainties as to whether such weapons can predictably and discriminately produce the desired operational effects against adversary targets. As a result, Combatant Commanders most often favor the physical weapons with which they are more familiar. Therefore there is a significant need for a framework with which to assess these IO weapons. In addition, the target space is wide; thus tools and techniques to access or deny networks are in great demand. OBJECTIVE Given these needs, our objective for this IR&D project is to make critical advancements in tools, techniques, and ontology for a cyber war framework. The focus of this project will be the delivery and persistence aspects of IO in both the cyber and physical perspectives. Our objective will be to advance these capabilities and be able to provide solutions to our current and potential customers in the IO community. Figure 1 shows the relationships between our tools/techniques and framework activities.

Figure 1. IO IR&D project relationships. Our objectives for each of these components of the IR&D project are as follows: Cyber War Ontology. The objective of the Cyber Warfare Ontology effort is to define a functional ontology for the cyberspace domain. The ontology will be developed by identifying representative attributes and interrelationships of fundamental cyberspace elements. These relationships will be described in a concept paper that will address cyber warfare issues independent of specific underlying technologies, focusing instead on topics including cyber weaponization, integrated battlespace cognizance, effects-based planning, and cyber warfare tactics, techniques, and procedures. Tools and Techniques. The tools and techniques component of this project will be composed of four areas: cyber delivery, physical delivery, cyber persistence, and physical persistence. The objectives for each area are described below: Cyber Delivery. The objective will be to assess the security of two major technologies: wireless networks and cellular communication systems. For wireless IO (WIO), the objective is to assess emerging cognitive radio technology standards, and study and develop ways in which to disrupt or exploit these types of networks. This work will consist of two parts: threat analysis and exploit identification. Analysis will be conducted to determine the most relevant threats to a cognitive radio network and the potential goals of a threat, the potential

actions of a threat, and the potential ramifications of those actions. We will also examine many of the multimedia applications that are commonly offered across many radio access types. In particular, the IP Multimedia Sub-System (IMS) architecture will be considered and examined for potential vulnerability. IMS threat analysis will be conducted to gain insight into the potential techniques of a threat, and detailed exploits will be designed and tested against prevalent IMS technologies, such as voice and video distribution services. The objective of the Cellular Resource Management (CRM) task is to analyze the methods and technologies that protect the cyber delivery of software to cellular phones. The primary focus will be analyzing existing approaches used to update a phones software by experimenting with commercially available tools in the laboratory. We are motivated by an increase in the amount of data users store on their portable devices, such as contact information, documents, photographs, and email. Since software deployment is being performed overthe-air with greater frequency, it is even more important to understand the associated security properties of the delivery system. There have been incidents where viruses that collect and destroy information have infected portable devices over wireless connections [1-3]. Portable wireless devices are widely used in the government, so ensuring data integrity and confidentiality is of particular importance. Finally, under the IO Research Framework Extension (IORF-X) our objective will be to demonstrate the feasibility of expanding a previously developed IO research framework to technologies of interest in the cyber domain. Physical Delivery. The objective will be the exploitation of new modes and types of delivery of IO weapons, directed energy (DE) and over-the-horizon (OTH) propagation. Current non-kinetic attack operations are developed and conducted in stove-pipes. Electronic warfare (EW) capabilities are mature, and the areas of DE weapons and computer network operations (CNO) are emerging. One may, in fact, view the non-kinetic attacks as providing the warfighter with a continuum of options from subtle manipulation of communications of CNO to the disruptive or destructive DE. There is currently no unifying approach to DE/EW/CNO concepts, and we seek to determine a framework for how DE can be implemented as an extension of EW for a range of platforms and scenarios. The purpose of this OTH effort is to investigate the feasibility of conducting OTH IO attacks against commercial communication networks. The motivation for this study arises from recent experimental work by JHU/APL demonstrating that RF ducting is capable of significantly enhancing propagation. These studies showed that ducting is capable of enabling interception of RF emissions well beyond the radio horizon on over-ocean propagation paths. In addition to ducting, several other propagation mechanisms are known to enable OTH communication on land at certain RF frequencies and with various frequencies of occurrence. These land-based mechanisms include troposcatter, meteor burst, and occasionally surface and elevated ducting. The proposed activity will assess the relative feasibility of exploiting these propagation mechanisms for OTH IO attacks using appropriate analytical and computer-based modeling tools. Cyber Persistence. The objective of this area is to determine the security of techniques for accessing and persisting in networks and computing platforms. As part of the MC-4PO effort, we will extend previous work that characterized the mobile code attributes of probe, pinpoint, propagate, and persist to measuring the effectiveness in specific scenarios of interest. The purpose of the trusted computing IR&D project is to build a capability and tools/techniques in trusted computing at JHU/APL. Trusted computing refers to any piece of the trusted computing architecture put forward by the Trusted Computing Group, the foundation of which is the Trusted Platform Module (TPM). The TPM is an integrated circuit that is currently being included on many PC motherboards. Specifically, the IR&D project aims to investigate the robustness of the chain of trust in the cyber world created between trusted computing applications and the TPM. Physical Persistence. The objective of this area is to determine capabilities for IO tools/techniques to exploit the physical aspects of a network or computing infrastructure with an emphasis on persistence. The goal of the Embedded Storage Systems for Mobile Devices (ESSMD) IR&D project is to investigate and understand how

08INOP5_08044894

02/19/08 4:16 PM

Page 3 of 6

information and programs are physically stored and accessed in mobile device non-volatile storage and later retrieved when power to the device is cycled back on. The reduction in size of mobile devices coincides with the consolidation of features into fewer physical integrated circuits. Flash chips currently used in mobile devices provide not only storage capabilities but also functionality to initialize the mobile device at power on. Understanding how flash chips function will permit an analysis of the integrity of the information and programs that persist on the mobile device. The schedule is as follows: Milestones (Current Year) 1. Cyber War ontology 1a. Initial studies and assessment 1b. Functional ontology development 2. Tools/techniques 2a. Initial survey/studies 2b. IO technique assessment 2c. Technique refinement and performance I X II X X III IV

X X X X X

APPROACH Cyber War Ontology. The Cyber Warfare Ontology effort will begin by conducting a survey of current relevant work from sources in the military and intelligence community domains. The existing work will be augmented with proposed fundamental elements derived from recent operational experience. The effort will seek to fill gaps between the highly academic technology-based taxonomies and the highly generalized threatbased taxonomies. Finally, the effort will go beyond naming cyber things by introducing some more abstract cyber phenomena for consideration. In doing so, we will create an ontology that truly reflects the technical, operational, and cognitive aspects of cyberspace. We will use the developed functional ontology to draft a Theory of Cyber Warfare. The paper will adapt the notions of traditional warfare to the cyberspace domain and introduce unique warfare principles for consideration as appropriate. Broad warfare concepts such as operational maneuver, navigation, weaponization, battlespace cognizance, planning, and tactics will be considered. Cyber Delivery. To establish the performance of the cyber delivery techniques we will conduct both analytical and empirical studies in both the wireless networks and cellular communication systems in this area. In WIO, we will continue cognitive radio (i.e., draft 802.22) threat analysis and posit and analyze exploits and adversary tactics. Metrics of interest will include probability of success, risk of detection, effective computer network attack/computer network exploitation (CNA/CNE) range, and cost to develop and deploy. We will also continue R&D of secure cognitive radio architectures with a focus on trust models, respect models, cognitive processes, and secure machine learning as it pertains to securing a decision-making process in cognitive networks. We will assess IP Multimedia Sub-system (IMS) exploits and opportunities by extending previous cross-layer techniques for WiMAX to this new multi-layer technology. We will also develop passive WiMAX IO opportunities, which may include fingerprinting and geolocation. To perform the CRM research, we will set up a test bed composed of commercial phones and a compatible management server that implements a software delivery capability. With the test bed complete, the implemented communication mechanisms and standards specification will be analyzed. The authentication process between the phone and management server will be given special attention in this phase. Next, we will study the internal processes needed to store and apply software updates and the implemented internal security mechanisms such as authentication and integrity verification. Last, an emulator will be used to simulate an over-the-air software update based on instructions

from the server, and the security of the entire process will be evaluated. Finally, the IORF-X effort will select a target technology area and develop an understanding of the details relevant to the extension. The research framework will then be extended to enable inclusion of the relevant technology. The resulting extended platform will be tested and used in constructing a demonstration. Physical Delivery. JHU/APL has developed and validated a framework for unification of EW and CNO in a concept called intelligent jamming. This has been shown to be highly effective through empirical studies and operational use and will be leveraged for the DE part of the physical delivery activity. We will seek to develop the DE IO framework through four major steps. First, we will understand the state of the art for targets (e.g., receiver designs) and DE weapons (e.g., narrowband DE). Next, we will examine the operational concepts for DE employment to include viability of platforms from large aircraft down to portable configurations. Then, we will consider frequency ranges for effective operations and isolation of blue force communications. Through these steps we will make comparisons to conventional EW with a focus on front-door, narrowband attacks on communication systems. Finally, we will propose an operationally viable and effective system design concept that fits in an overall framework of DE and EW. In this context we will consider collateral damage (e.g., blue force communications, civilian systems). For the OTH modality, we will examine multiple propagation modes including ducting, troposcatter, and meteor burst communications. Although the propagation phenomena addressed in this study are well known and have been studied in the past, the proposed project would be the first known effort to evaluate the feasibility of using these propagation mechanisms to conduct IO attacks from beyond the horizon, which would provide obvious advantages of stealth and security for the attacking platform. Our approach will be to use and adapt existing propagation models we have developed for the scenarios of interest. For propagation modes that are not in our library, we will research best available models and implement them in software. Using the IO techniques, for example, required signal level at a target, we can then predict the ability of a platform to reach a target through an OTH mode. This will result in a set of capabilities for potential use in this application. Cyber Persistence. On the MC4PO effort we will move beyond effective measurements based on graphtheoretic calculations (e.g., shortest path from source to destination) to consider the occurrence of atomic events (e.g., number of scans seen by an intrusion detection system), which is a more practical measurement and can be used more directly in real-world situations. We will leverage this by examining relevant use cases to determine representative, and less theoretic, effectiveness and stealth metrics. Previous efforts provided a number of possible strategies for each component, resulting in a large number of combined strategies. The modularized design of the new simulation environment increases reusability, making it possible to simulate a larger number of strategies. With representative metrics and a modular environment, we hope to gain further insight into the behavior of mobile code so that we may improve our detection and mitigation techniques. For TPM, our approach will be to study the TPM as it is currently being used on PCs to discover potential vulnerabilities and determine its usefulness for high assurance applications. Physical Persistence. The approach of the ESSMD will be to survey a set of existing flash chips used in commercially available mobile devices, select one that best represents the set, and then study the storage and initialization features that affect the integrity of the stored data. These features include security and fault tolerance mechanisms and strategies. The findings of the study will be documented in a white paper. References 1. http://www.scmagazineus.com/First-iPhone-remote-exploit-revealed/article/35192/ 2. http://video.msn.com/v/us/msnbc.htm?g=7CC8D499-CC1E-4ACF-A5F3A78BD0DA68BF&f=00&fg=email

08INOP5_08044894

02/19/08 4:16 PM

Page 5 of 6

3. http://searchmobilecomputing.techtarget.com/qna/0,289202,sid40_gci1210876,00.html PROGRESS This is a new project.