{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T04:19:52Z","timestamp":1745986792009,"version":"3.40.4"},"reference-count":82,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,10,1]]},"abstract":"<p>This survey presents a classification of attacks that Software Communications Architecture (SCA) compliant Software Defined Radios (SDR) can suffer. This paper also discusses how attack mitigation strategies can impact the development of a SCA-compliant software infrastructure and identifies several research directions related to SDR security. The SCA standard was originally proposed by the Joint Tactical Radio System program (JTRS), which is a program for the development of military tactical radios sponsored by the US Department of Defense. The classification presented in this paper is based on attack results on the radio set, which can also be associated with the adversary\u2019s objectives when planning an intrusion. The identification of classes of attacks on a radio, along with the associated threats and vulnerabilities, is the first step in engineering a secure SDR system. It precedes the identification of security requirements and the development of security mechanisms. Therefore, the identification of classes of attacks is a necessary step for the definition of realistic and relevant security requirements.<\/p>","DOI":"10.4018\/jertcs.2012100104","type":"journal-article","created":{"date-parts":[[2013,1,14]],"date-time":"2013-01-14T19:22:51Z","timestamp":1358191371000},"page":"57-82","source":"Crossref","is-referenced-by-count":1,"title":["Classes of Attacks for Tactical Software Defined Radios"],"prefix":"10.4018","volume":"3","author":[{"given":"Fabr\u00edcio A. B.","family":"da Silva","sequence":"first","affiliation":[{"name":"Information Technology Division, Brazilian Army Technological Center, Rio de Janeiro, Brazil"}]},{"given":"David F. C.","family":"Moura","sequence":"additional","affiliation":[{"name":"Information Technology Division, Brazilian Army Technological Center, Rio de Janeiro, Brazil"}]},{"given":"Juraci F.","family":"Galdino","sequence":"additional","affiliation":[{"name":"Information Technology Division, Electrical Engineering Department, Brazilian Army Technological Center and Military Institute of Engineering, Rio de Janeiro, Brazil"}]}],"member":"2432","reference":[{"key":"jertcs.2012100104-0","doi-asserted-by":"publisher","DOI":"10.1145\/1609956.1609960"},{"key":"jertcs.2012100104-1","unstructured":"Aesec. (2012). GEMSOS security kernel. Retrieved from http:\/\/www.aesec.com\/"},{"key":"jertcs.2012100104-2","doi-asserted-by":"crossref","unstructured":"Agrawal, D., Archambeault, B., Rao, J. R., & Rohatgi, P. (2003). The EM side\u2014Channel(s). In B. S. Kaliski, \u00c7. K. Ko\u00e7 & C. Paar (Eds.), Proceedings of 4th International Workshop on Cryptographic Hardware and Embedded Systems (LNCS 2523, pp. 29-45).","DOI":"10.1007\/3-540-36400-5_4"},{"key":"jertcs.2012100104-3","doi-asserted-by":"publisher","DOI":"10.1504\/IJES.2006.014859"},{"key":"jertcs.2012100104-4","doi-asserted-by":"crossref","unstructured":"Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., & McGarvey, C. \u2026Ustuner, A. (2006). Thorough static analysis of device drivers. In Proceedings of the 1st ACM SIGOPS\/EuroSys European Conference on Computer Systems (pp. 73-85).","DOI":"10.1145\/1218063.1217943"},{"key":"jertcs.2012100104-5","unstructured":"Ballister, P. J., Robert, M., & Reed, J. H. (2006). Impact of the use of CORBA for inter-component communication in SCA based radio. In Proceedings of the Software Defined Radio Technical Conference, Orlando, FL."},{"key":"jertcs.2012100104-6","doi-asserted-by":"publisher","DOI":"10.1002\/9780470865200"},{"key":"jertcs.2012100104-7","doi-asserted-by":"crossref","unstructured":"Becker, C., Staamann, S., & Salomon, R. (2007). Security analysis of the utilization of Corba object references as authorization tokens. In Proceedings of the 10th IEEE International Symposium on Object and Component-Oriented Real-Time Computing (pp. 196-203).","DOI":"10.1109\/ISORC.2007.54"},{"key":"jertcs.2012100104-8","unstructured":"Beckwith, R. W., Vanfleet, W. M., & MacLaren, L. (2004). High assurance security\/safety for deeply embedded, real-time systems. In Proceedings of the Embedded Systems Conference."},{"key":"jertcs.2012100104-9","doi-asserted-by":"crossref","unstructured":"Bell, D. E., & LaPadula, L. J. (1975). Secure computer systems: Unified exposition and multics interpretation (Tech. Rep. No. ESD-TR-75-306). Bedford, MA: Mitre.","DOI":"10.21236\/ADA023588"},{"key":"jertcs.2012100104-10","doi-asserted-by":"publisher","DOI":"10.1145\/1076211.1076229"},{"key":"jertcs.2012100104-11","doi-asserted-by":"crossref","unstructured":"Bogdanov, A. (2008). Multiple-differential side-channel collision attacks on AES. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems.","DOI":"10.1007\/978-3-540-85053-3_3"},{"key":"jertcs.2012100104-12","doi-asserted-by":"crossref","unstructured":"Bonneau, J., & Mironov, I. (2006). Cache-collision timing attacks against AES. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems.","DOI":"10.1007\/11894063_16"},{"key":"jertcs.2012100104-13","doi-asserted-by":"crossref","unstructured":"Brawerman, A., Blough, D., & Bing, B. (2004, October). Securing the download of radio configuration files for software defined radio devices. In Proceedings of the ACM international Workshop on Mobility Management and Wireless Access (pp. 98-105).","DOI":"10.1145\/1023783.1023802"},{"key":"jertcs.2012100104-14","unstructured":"Brown, T. X., & Sethi, A. (2007). Potential cognitive radio denial of service attacks and remedies. In Proceedings of the International Symposium on Advanced Radio Technologies."},{"key":"jertcs.2012100104-15","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2004.13"},{"journal-title":"Seguran\u00e7a no Software","year":"2010","author":"M. P.Correia","key":"jertcs.2012100104-16"},{"key":"jertcs.2012100104-17","unstructured":"Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., & Beattie, S. \u2026Hinton, H. (1998, January). StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX."},{"key":"jertcs.2012100104-18","doi-asserted-by":"crossref","unstructured":"Davidson, J. A. (1996). Asymmetric isolation. In Proceedings of the 12th Annual Computer Security Applications Conference (p. 44).","DOI":"10.1109\/CSAC.1996.569668"},{"key":"jertcs.2012100104-19","doi-asserted-by":"crossref","unstructured":"Davidson, J. A. (2008). On the architecture of secure software defined radios. In Proceedings of the IEEE Military Communications Conference (pp. 1-7).","DOI":"10.1109\/MILCOM.2008.4753440"},{"key":"jertcs.2012100104-20","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.47"},{"key":"jertcs.2012100104-21","unstructured":"Engler, D. R. (1997). Incorporating application semantics and control into compilation. In Proceedings of the First Conference on Domain Specific Languages (p. 9)."},{"key":"jertcs.2012100104-22","doi-asserted-by":"crossref","unstructured":"Engler, D. R., Chelf, B., Chou, A., & Hallem, S. (2000). Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the 4th Conference on Operating System Design & Implementation (Vol. 4, p. 1).","DOI":"10.21236\/ADA419626"},{"key":"jertcs.2012100104-23","unstructured":"Ezick, J., & Springer, J. (2011). The benefits of static compliance testing for SCA next. In Proceedings of the SDR Technical Conference and Product Exposition."},{"key":"jertcs.2012100104-24","unstructured":"Ezick, J., Springer, J., Litvinov, V., & Wohlford, D. (2010). A path toward cost-effective SCA compliance testing. In Proceedings of the SDR Technical Conference and Product Exposition."},{"journal-title":"Security requirements for cryptographic modules (FIPS PUB 140-2)","year":"2001","key":"jertcs.2012100104-25"},{"journal-title":"Security requirements for cryptographic modules (Revised Draft 09\/11\/09) (FIPS PUB 140-3)","year":"2009","key":"jertcs.2012100104-26"},{"issue":"1","key":"jertcs.2012100104-27","article-title":"Fostering e-mail security awareness: The West Point carronade.","volume":"28","author":"A. J.Ferguson","year":"2005","journal-title":"EDUCAUSE Quarterly"},{"key":"jertcs.2012100104-28","unstructured":"Fitton, J. J. (2002). Security considerations for software defined radios. In Proceedings of the SDR Technical Conference and Product Exposition."},{"journal-title":"Establishing wireless robust security networks: A guide to IEEE 802.11i - Recommendations","year":"2007","author":"S.Frankel","key":"jertcs.2012100104-29"},{"key":"jertcs.2012100104-30","unstructured":"Fu, X., Graham, B., Bettati, R., & Zhao, W. (2003). Active traffic analysis attacks and countermeasures. In Proceedings of the International Conference on Computer Networks and Mobile Computing (p. 31)."},{"key":"jertcs.2012100104-31","unstructured":"Gallery, E. M., & Mitchell, C. J. (2006, November). Trusted computing technologies and their use in the provision of high assurance SDR platform. In Proceedings of the Software Defined Radio Technical Conference, Orlando, FL."},{"key":"jertcs.2012100104-32","doi-asserted-by":"crossref","unstructured":"Gallo, R., Kawakami, H., & Dahab, R. (2009). On device identity establishment and verification. In Proceedings of the 6th European Conference on Public Key Infrastructures, Services and Applications (pp. 130-145).","DOI":"10.1007\/978-3-642-16441-5_9"},{"key":"jertcs.2012100104-33","doi-asserted-by":"crossref","unstructured":"Gallo, R., Kawakami, H., & Dahab, R. (2011). FORTUNA \u2013 A probabilistic framework for early design stages of hardware-based secure systems. In Proceedings of 5th International Conference on Network and System Security (pp. 184-191).","DOI":"10.1109\/ICNSS.2011.6059999"},{"key":"jertcs.2012100104-34","doi-asserted-by":"crossref","unstructured":"Gallo, R., Kawakami, H., Dahab, R., Azevedo, R., Lima, S., & Araujo, G. (2010, December). T-DRE: A hardware trusted computing base for direct recording electronic vote machines. In Proceedings of the 26th Annual Computer Security Applications Conference (pp. 191-198).","DOI":"10.1145\/1920261.1920291"},{"key":"jertcs.2012100104-35","doi-asserted-by":"crossref","unstructured":"Giffin, J., Christodorescu, M., & Kruger, L. (2005, December). Strengthening software self-checksumming via self-modifying code. In Proceedings of the 21st Annual Computer Security Application Conference (pp. 23-32).","DOI":"10.1109\/CSAC.2005.53"},{"issue":"9","key":"jertcs.2012100104-36","article-title":"Understanding the software communications architecture.","volume":"47","author":"A.Gonz\u00e1lez","year":"2009","journal-title":"IEEE Communications Magazine"},{"key":"jertcs.2012100104-37","unstructured":"Goodchild, J. (2010). Social engineering: The basics. Retrieved from http:\/\/www.csoonline.com\/article\/514063\/social-engineering-the-basics"},{"journal-title":"Writing secure code for Windows Vista","year":"2007","author":"M.Howard","key":"jertcs.2012100104-38"},{"key":"jertcs.2012100104-39","doi-asserted-by":"crossref","unstructured":"Hsu, F.-H., Guo, F., & Chiueh, T.-C. (2006). Scalable network-based buffer overflow attack detection. In Proceedings of the ACM\/IEEE Symposium on Architectures for Networking and Communications Systems (pp. 163-172).","DOI":"10.1145\/1185347.1185370"},{"key":"jertcs.2012100104-40","unstructured":"Humphreys, T. E., Ledvina, B. M., Psiaki, M. L., O'Hanlon, B. W., & Kintner, P. M., Jr. (2008, September). Assessing the spoofing threat: Development of a portable GPS civilian spoofer. In Proceedings of the ION GNSS Conference."},{"key":"jertcs.2012100104-41","unstructured":"International Telecommunication Union. (2012). X.731 - ITU X.731 ISO\/IEC10164-2 State Management. Retrieved from http:\/\/www.itu.int\/rec\/T-REC-X.731-199201-I\/en"},{"key":"jertcs.2012100104-42","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290968"},{"key":"jertcs.2012100104-43","unstructured":"Jin, Y., & Makris, Y. (2008). Hardware trojan detection using path delay fingerprint. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust (pp. 51-57)."},{"key":"jertcs.2012100104-44","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2010.299"},{"key":"jertcs.2012100104-45","doi-asserted-by":"crossref","unstructured":"Kiszka, J., & Wagner, B. (2003). Domain and type enforcement for real-time operating systems. In Proceedings of the 9th IEEE International Conference On Emerging Technologies and Factory Automation, Lisbon, Portugal (pp. 439-446).","DOI":"10.1109\/ETFA.2003.1248732"},{"key":"jertcs.2012100104-46","doi-asserted-by":"crossref","unstructured":"Kiszka, J., & Wagner, B. (2007). Modelling security risks in real-time operating systems. In Proceedings of the 5th IEEE International Conference on Industrial Informatics (pp. 125-130).","DOI":"10.1109\/INDIN.2007.4384743"},{"key":"jertcs.2012100104-47","doi-asserted-by":"crossref","unstructured":"Kocher, P. (1996) Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In N. Koblitz (Ed.), Proceedings of the 16th Annual International Conference on Advances in Cryptology (LNCS 1109, pp. 104-113).","DOI":"10.1007\/3-540-68697-5_9"},{"key":"jertcs.2012100104-48","doi-asserted-by":"crossref","unstructured":"Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis: Leaking secrets. In M. Wiener (Ed.), Proceedings of the 19th Annual International Conference on Advances in Cryptology (LNCS 1666, pp. 388-397).","DOI":"10.1007\/3-540-48405-1_25"},{"key":"jertcs.2012100104-49","doi-asserted-by":"crossref","unstructured":"Kurdziel, M., Beane, J., & Fitton, J. J. (2005). An SCA security supplement compliant radio architecture. In Proceedings of the Military Communications Conference (pp. 2244-2250).","DOI":"10.1109\/MILCOM.2005.1606003"},{"key":"jertcs.2012100104-50","doi-asserted-by":"publisher","DOI":"10.1145\/961268.961277"},{"key":"jertcs.2012100104-51","doi-asserted-by":"crossref","unstructured":"Lindqvist, U., & Jonsson, E. (1997). How to systematically classify computer security intrusions. In Proceedings of the IEEE Symposium on Security and Privacy (p. 154).","DOI":"10.1109\/SECPRI.1997.601330"},{"key":"jertcs.2012100104-52","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.60"},{"key":"jertcs.2012100104-53","unstructured":"Murotake, D., & Martin, A. (2004, November). System threat analysis for high assurance software radio. In Proceedings of the SDR Technical Conference, SDR Forum, Phoenix AZ."},{"key":"jertcs.2012100104-54","unstructured":"Murotake, D., & Martin, A. (2009). A high assurance wireless computing system architecture for software defined radios and wireless mobile platforms. In Proceedings of the SDR Technical Conference and Product Exposition."},{"key":"jertcs.2012100104-55","unstructured":"Myagmar, S., Lee, A. J., & Yurcik, W. (2005). Threat modeling as a basis for security requirements. In Proceedings of the Symposium on Requirements Engineering for Information Security."},{"key":"jertcs.2012100104-56","unstructured":"National Institute of Standards and Technology. (2008). Common criteria evaluation and validation scheme validation report. Green Hills Software: INTEGRITY-178B Separation Kernel. Retrieved from http:\/\/www.commoncriteriaportal.org\/files\/epfiles\/st_vid10119-vr.pdf"},{"journal-title":"Profile for High Frequency (HF) radio data communication","year":"2000","key":"jertcs.2012100104-57"},{"key":"jertcs.2012100104-58","unstructured":"OMG. (2002). CORBA security service v1.8. Retrieved from http:\/\/www.omg.org\/spec\/SEC\/1.8\/PDF\/"},{"key":"jertcs.2012100104-59","unstructured":"OMG. (2012). DDS portal. Retrieved from http:\/\/portals.omg.org\/dds\/"},{"key":"jertcs.2012100104-60","doi-asserted-by":"crossref","unstructured":"Pellegrini, A., Bertacco, V., & Austin, T. (2010). Fault-based attack of RSA authentication. In Proceedings of the Design, Automation and Test in Europe Conference (pp. 855-860).","DOI":"10.1109\/DATE.2010.5456933"},{"journal-title":"Digital communications","year":"2001","author":"J. G.Proakis","key":"jertcs.2012100104-61"},{"key":"jertcs.2012100104-62","unstructured":"rd Generation Partnership Project (3GPP). (2001). Security threats and requirements (Release 4). Technical specification group services and system aspects. Sophia-Antipolis, France: Author."},{"key":"jertcs.2012100104-63","doi-asserted-by":"crossref","unstructured":"Renauld, M., Standaert, F. X., & Veyrat-Charvillon, N. (2009). Algebraic side-channel attacks on the AES: Why time also matters in DPA. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (pp. 97-111).","DOI":"10.1007\/978-3-642-04138-9_8"},{"key":"jertcs.2012100104-64","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2010.1"},{"key":"jertcs.2012100104-65","unstructured":"Software Communications Architecture (SCA). (2001). Security supplement to the software communications architecture specification. Retrieved from http:\/\/sca.jpeojtrs.mil\/"},{"key":"jertcs.2012100104-66","unstructured":"Software Communications Architecture (SCA). (2001). Specification, v.2.2. Retrieved from http:\/\/sca.jpeojtrs.mil\/"},{"key":"jertcs.2012100104-67","unstructured":"Software Communications Architecture (SCA). (2006). Specification, v.2.2.2. Retrieved from http:\/\/sca.jpeojtrs.mil\/"},{"key":"jertcs.2012100104-68","unstructured":"Software Communications Architecture (SCA). (2011). Next specification v. 1.0. Retrieved from http:\/\/www.public.navy.mil\/jpeojtrs\/sca\/Pages\/scanext.aspx"},{"key":"jertcs.2012100104-69","unstructured":"Software Communications Architecture (SCA). (2012). Specification, v.4.0. Retrieved from http:\/\/sca.jpeojtrs.mil\/"},{"key":"jertcs.2012100104-70","doi-asserted-by":"crossref","unstructured":"Standaert, F.-X., Malkin, T. G., & Yung, M. (2009). A unified framework for the analysis of side-channel key recovery attacks. In A. Joux (Ed.), Proceedings of the 28th Annual International Conference on Theory and Applications of Cryptographic Techniques (LNCS 5479, pp. 443-461).","DOI":"10.1007\/978-3-642-01001-9_26"},{"key":"jertcs.2012100104-71","unstructured":"Stango, A., & Prasad, N. R. (2009). Policy-based approach for secure radio software download. In Proceedings of the SDR Technical Conference and Product Exposition."},{"key":"jertcs.2012100104-72","doi-asserted-by":"crossref","unstructured":"Strasser, M., Popper, C., Capkun, S., & Cagalj, M. (2008). Jamming-resistant key establishment using uncoordinated frequency hopping. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 64-78).","DOI":"10.1109\/SP.2008.9"},{"key":"jertcs.2012100104-73","unstructured":"Swanson, M., Bartol, N., & Moorthy, R. (2010). Piloting supply chain risk management practices for federal information systems (Draft NIST IR 7622). Retrieved from https:\/\/buildsecurityin.us-cert.gov\/swa\/presentations_032011\/JonBoyens-PilotingSupplyChainRiskMgmtPractices.pdf"},{"journal-title":"Thread modeling","year":"2004","author":"F.Swiderski","key":"jertcs.2012100104-74"},{"key":"jertcs.2012100104-75","unstructured":"Tempest. (1982). Tempest fundamentals (NSA-82-89). Retrieved from http:\/\/cryptome.org\/jya\/nacsim-5000\/nacsim-5000.htm"},{"key":"jertcs.2012100104-76","unstructured":"Tempest. (1995) NSTISSAM TEMPEST\/2-95: Red\/black installation guidance. Retrieved from http:\/\/cryptome.org\/jya\/tempest-2-95.htm"},{"journal-title":"Interoperability and performance standards for data modems (MIL-STD-188-110B)","year":"2000","key":"jertcs.2012100104-77"},{"key":"jertcs.2012100104-78","unstructured":"van de Ven, A. (2005, July). Limiting buffer overflows with ExecShield. Red Hat Magazine."},{"key":"jertcs.2012100104-79","doi-asserted-by":"crossref","unstructured":"van Dijk, M., Rhodes, J., Sarmenta, L. F. G., & Devadas, S. (2007). Offline untrusted storage with immediate detection of forking and replay attacks. In Proceedings of the Second ACM Workshop on Scalable Trusted Computing (pp. 41-48).","DOI":"10.1145\/1314354.1314364"},{"key":"jertcs.2012100104-80","unstructured":"Wireless Innovation Forum. (2002, November). Requirements for download for radio software RF reconfiguration (Approved Document SDRF-02-S-007-V1.0.0). Brussels, Belgium: Author."},{"key":"jertcs.2012100104-81","unstructured":"Wireless Innovation Forum. (2010, July). Securing software reconfigurable communications devices (Approved Document WINNF-08-P-0013, Version 1.0.0). Brussels, Belgium: Author."}],"container-title":["International Journal of Embedded and Real-Time Communication Systems"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=74344","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,29]],"date-time":"2025-04-29T17:08:00Z","timestamp":1745946480000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jertcs.2012100104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2012,10,1]]},"references-count":82,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2012,10]]}},"URL":"https:\/\/doi.org\/10.4018\/jertcs.2012100104","relation":{},"ISSN":["1947-3176","1947-3184"],"issn-type":[{"type":"print","value":"1947-3176"},{"type":"electronic","value":"1947-3184"}],"subject":[],"published":{"date-parts":[[2012,10,1]]}}}