Cybersecurity for System of Systems Architectures


Principal Investigator:  Dr. David Umphress, Auburn University (david.umphress@auburn.edu)

Timeframe: August 2016 to August 2017

Category: Trusted Systems


Description

Objective: This project is designed to examine the battlefield from a systems of systems perspective. The vulnerability study will focus on a battle command system operating as a whole by using information collected and analyzed from various individual elements to paint a systemic intelligence picture. The researchers propose to assume the role of a cyber foe against an AMD system and determine what vulnerabilities can be discovered by students using open source information and tools. The purpose of this work is to

  1. demonstrate that people who are not familiar with military systems can use their technical skills to collect intelligence, and
  2. backtrack through the collection effort and analyze how the exploit came about in an effort to determine if it could have been prevented.

Approach:

  • Task 1: Identify potential cyber attack surfaces of AMD battle command systems based on information gathered from the open source. Participants will keep a log of approaches taken to identify threats with the goal of identifying promising strategies that can be repeated.
  • Task 2: Develop a cyber intelligence collection strategy based on attack surfaces identified in Task 1. Areas of consideration include: sniffing wifi network data for intelligence on traffic analysis;
    analyzing wifi network data content for intelligence clues; evaluating the intelligence value of wifi network data relative to our analysis capabilities so that we can determine if we should move to
    another network signal; employing network surveillance to identify what equipment is in the battlespace and where is might be located; attempting to fuse information obtained from multiple network signals to piece together a systems-of-systems intelligence picture. The collection strategy will be tested in a quarantined area that equipment set up to simulate command and control.
  • Task 3: Design a prototype cyber intelligence collection device. Ultimately, we would like to surveil an area of interest with a drone that autonomously seeks out and collects signals of intelligence
    value. As this is not feasible within a year, we will identify a candidate flight vehicle, intelligence collection hardware, and support software.
  • Task 4: Post mortem previous tasks to
    1. codify how to identify and exploit vulnerabilities;
    2. map vulnerabilities to points of origin in the acquisition lifecycle for the purposes of improving the systems engineering process with respect to cybersecurity;
    3. propose follow-on work for refining our concepts with actual Army equipment and, eventually, in an actual military exercise.

Deliverables

Major Deliverables:

  • Final Technical Report (due at the completion date)

Publications

Publications: None to date

Research Team

Researchers:

  •  David Umphress, Auburn University
  • Anthony Skjellum, Auburn University

Collaborating Institutions