Difficulties in Providing Certification and Assurance for Software Defined Radios

1. Difficulties in Providing Certification and Assurance for Software Defined Radios John Giacomoni University of Colorado at Boulder 11/10/2005

2. Certification & Assurance • Establish a level of assurance that a product conforms to its specifications • Solve trust problems where information asymmetries exist • Product & process certification

3. Systems Problem • Historical context of trusted computing • More than components or spectrum • SDR device and aggregates (network) • Cross layer/module interactions • Spectrum/SDR Network/OS/Applications • Composition problems • Emergent behavior

4. Product Certification • Underwriters Laboratories - 1901 • Demonstrates correlation between product certification and risk • CableLabs 1988 • Solve interoperability problems • FCC testing • Adoption of external standards

5. Problems with Product Testing • The more attributes exist, the more difficult it becomes to achieve acceptable assurance • Boundary value testing • Modular design can help in some situations • Restrictive software interfaces • Restrictive physical limitations • Future products

6. Process Certification • A group’s maturity or discipline is linked to their ability to repeat past successes • Intuitive for manufacturing • Difficult when domain changes • Information products are in constant evolution • Institutional knowledge • Costly for small companies • Certifications sometimes viewed as a checklist item • Ex: ISO 9000, CMMI

7. Security Certification • Malicious users • Difficult to correctly describe a system • Need all parties involved • Difficult to correctly evaluate a system • How do we know when to stop? • Appropriate level of assurance? • Documented model ?= implemented model • Ex-post factors: • Removal from market • Assurance by insurance • Lag time to market

8. InternationalSecurity Certification • Who authors the protection profiles? • Who certifies the evaluators? • Who pays for certification? • Avoid forum shopping

9. WiFi • WiFi and Part 15 • Functionally correct • Security wise, a weak standard • WEP RC4 problem was well understood • Eventually chose to accept security flaws • Possibly a simpler problem than SDR • Predetermined operating conditions • Band/Power/Mask

10. FCC Orders • Orders • Flexibility to vendors to properly implement security • Failure results in removal of products from market and liability consequences • No TCBs • Shift from source code evaluation to “high level operational description[s] or flow diagram[s]”

11. Findings • Complexity make assurance difficult • Complexity increases with degrees of freedom • Process models may limit innovation due to overhead costs • High levels of assurance expensive • Limits small companies ability to innovate • New methods for evaluation

12. Findings Cont. • Continued vigilance in protecting existing spectrum users • Particularly for public safety&aeronautical • Increasing self determinacy within a license • Assign risk to appropriate parties • International cooperation on certification for compliance

13. Future Work • Explore how certification requirements may differ between licensing models • Modeling the impact of a misbehaving device • Evaluate likelihood of malicious users • Is spectrum access attractive? • Self regulating ham radio community • Effectiveness of ex-ante & ex-post protections/regulations at each layer

14. John Giacomoni • john.giacomoni@colorado.edu • Department of Computer Science • University of Colorado at Boulder • Boulder, CO 80309-0430