Novel Architecture for Software Defined Radio

Nusrat Ali

HCL Technologies, A-5 Sector 24, Noida, UP, India

Abstract — Security is a prime concern in the development of

the Software Defined Radio (SDR). This has led to the US military recommendation in the form of security supplement to the Software Communication Architecture (SCA). SCA suggests Red-Black architecture along with a crypto sub system block. This paper discusses the weakness associated with the Red-Black architecture and suggests a possible implementation for the SDR taking care of security weakness in the Red-Black architecture. It also discusses the role and a typical implementation for the cryptographic block in the prevailing Red-black architecture

Index Terms — Cryptography, SCA Security supplement, Red-Black architecture.

I. INTRODUCTION

Software Defined radio (SDR) involves implementing

majority of the radio functionality into software. The idea is to develop general purpose hardware and use it for various radio applications by implementing most of the functionality into the software. US military laid down recommendations in the form of Software Communications Architecture (SCA) to allow smooth interaction between the hardware and software for a software defined radio. To take care of the security requirement of the SDR devices a security supplement to SCA was published in 1997. This supplement defines a new set of interfaces and specifications which provides guidelines to securing SDR design. The secure architecture proposed by the Security Supplement is mainly designed with a Crypto Sub System (CSS) module. The SCA proposed architecture divides the SDR architecture to three main processing components (Red world processing, Black world processing and Crypto processing). The CSS works as a bridge between the Red and Black world. The Red side world contains unencrypted information where as Black side contains encrypted information. The CSS block insures that all the information flowing from the Red to Black side is encrypted. This minimizes the loss of information in the event of the Red side information getting transferred to black side and finally getting transmitted to the external world via Antenna

The CSS block also has a bypass interface which allows the Red side world to pass the status, control and other unencrypted information to be passed via bypass block in the CSS. This paper describes the security issues associated in the operation of the crypto bypass block and describes an

architecture which take care of security flaws associated with the bypass block in the CSS. This paper is organized as follows. Section 1 provides introduction to the SDR and SCA along with the objective of the paper Section 2 details the application of SDR devices. Section 3 describes the SCA security supplement and CSS description Section 4 discusses the proposed architecture and details the various blocks of the proposed architecture. Section 5 concludes this paper and lists remaining work. Section 6 provides the references

II. SDR DEVICES AND THEIR APPLICATIONS

The SDR concept evolved from the development of a multi-

purpose handset. The multipurpose handset (SDR) could offer AM/FM services, work as a GPS position locating device, allows connection to wireless data networks and provide cellular connectivity. The ultimate goal of the SDR implementation is to provide a single radio transceiver which is capable of working as a cordless telephone, cell phone, wireless fax, wireless e-mail system, pager, wireless videoconferencing unit, wireless Web browser, and Global Positioning System (GPS) unit operable from any location on the surface of the earth. The idea is to get as close to the antenna as is feasible by minimizing the dedicated RF hardware. Below are few typical uses of the SDR device • SDR device can be reconfigured "on-the-fly" depending

on the need and the environment. For example they can be configured to work as cordless phone, GPS receiver another, cell phone or a wireless internet gadget.

• It allows easy upgrade (like over the air) to enhance its features.

• SDR is a concept to remove the communication dependencies on the hardware i.e. irrespective of what kind of hardware (whether it is CDMA, GSM or Wireless Fax) is available at the other end. User can always communicate with his fellow member and configure his hardware at run time for desired communication.

• SDR allows building radios that have never before existed i.e. Smart radios or cognitive radios can look at the utilization of the RF spectrum in their immediate neighborhood, and configure themselves for best performance.

III. SCA SECURITY SUPPLEMENT AND CSS

The U.S. government published the SCA Security

Supplement to take of the security requirement of the software communication architecture (SCA) published in 1997. It is an open architecture framework that tells designers how elements of hardware and software are to operate in harmony within a software defined radio. This supplement defines a new set of interfaces and specifications which provides guidelines to securing SDR design. The secure architecture proposed by the Security Supplement is mainly designed with a Crypto Sub System (CSS) module.

The proposed SCA recommendation is based on Red and

Black world processing. The Black world takes care of the base band processing and is close to the antenna. The information contained in this Black world is encrypted. The encryption helps in enhancing the security of the SDR as the Antenna which could transmit the information to the external world has access to only the encrypted information. The Red side world contains the un-encrypted information. It takes care of the audio and video processing of the SDR. The crypto sub system (CSS) sits as a bridge between the Red and Black world. This insures that all the information getting exchanged between the Red side worlds to the Black side world is encrypted. There is a Bypass block in the CSS which provides an interface among the two worlds (Red and Black) to share the information without any encryption/decryption (i.e. without the involvement of crypto block). It is used to pass the control, status and other un-encrypted information to be shared without the crypto block.

Figure-1: Typical Red-Black Architecture for SDR

The Figure-1 provides a pictorial representation of the SCA proposed Red-Black architecture. It consists mainly three blocks (Red world, Crypto Sub System and Black world). Red world takes care of Access Control, Identification, Authentication, Integrity, Audit, Virus Check, Remote Control, and Classified Applications. Black world does the processing for TRANSEC Stream, TRANSEC Processing, Access Control, Virus Check, Human Machine Interface Remote Control, Processing, Authentication, and Software Integrity. Crypto sub system is supposed to take care of

Encryption, Decryption, Key Loading, Key Management, Algorithm Processing, Integrity Authentication, Bypass (User Information, Radio Control)

This architecture needs the Bypass block and its control to be secured as otherwise it may cause important information to be shared between the Red and Black world without passing through the crypto block. The general implementation practice is to put the control of the bypass block in the Red side world. The Red world will run both the secure and unsecure applications. The implementation imposes threat to the proper use of the bypass block. The architecture needs to insure security from the malicious applications which may try to use the bypass block to send important information to the Black side world

IV. PROPOSED ARCHITECTURE FOR SDR

The bypass block in the CSS provides a channel between the Red and Black world. The channel allows un-encrypted data to be exchanged between the Red and Black world. Generally the information shared through the bypass channel consists of the control and status information. Control of the bypass channel is quite critical since it provides a mechanism which allows the un-encrypted information to be shared between the Red and Black word. If the access to the bypass channel is not scrutinized then it may cause important un-encrypted information to be communicated to the Black side through the bypass channel and finally getting transmitted through the antenna. The proposed architecture for the SDR insures the right uses of bypass block in the CSS i.e. any misuse of the bypass block to transmit important information from the Red world to the Black world is blocked. This removes any chance for the malicious applications to transmit the important information from the Red world to the Black world through the bypass block. Figure-2 describes the proposed architecture for the hardware to control the access to the bypass logic in the Crypto sub system (CSS). This architecture minimizes any misuse of the bypass block in the CSS i.e. even if there is a malicious application present in the Red world, it will not be able to compromise the security of the SDR by misuse of the bypass path in the CSS. The key blocks of the architecture are described below

Figure-2: Proposed architecture for the SDR

• CSS access controller: The CSS access controller

lies in the Red world. It works as a bridge between the Crypto Sub system and the Red Side word. At one side it connects to the Red side world through bypass interface and Crypto Interface. On the other side it connects to the Bypass controller present in the CSS. The CSS access controller grants access to only one interface at a time. It generates the control signal (bypass enabled or disabled) based on the data received from the two interfaces (Crypto Interface or Bypass interface) to the bypass controller contained in the CSS.

• Bypass controller: The bypass controller receives

the data from the CSS access controller along with the bypass enable signal. It passes the data to the bypass block or to the crypto block based on the bypass enabled signal. The crypto block will first encrypt the data before transmitting it to the Black world where as the bypass block will pass the information without any encryption to the black side world

• Central DMA: The central DMA is the only block

which has access to the bypass interface. It is configured to differentiate the information which needs to be sent to the bypass interface or to the crypto interface. The central DMA does this based on the address ranges configured in its configuration register. The central DMA block is suggested to have two categories of registers. One category should be of secure registers and the other should be of normal registers. The secure registers of the central DMA should be accessible by only the secure applications. In addition to this the secure register of the central DMA should be configured only once during system boot up thereafter the modification to the secure register configuration should not be allowed and any such event should result into error operation and should be captured in the status register. The central DMA can either be event should result into error operation and should be captured in the status register. The central DMA can either be either hard

coded or configured during boot time disallowing any further changes to the configuration after the boot

• Bus Fabric: The bus fabric works as a switching fabric between the various masters/slaves connected. The bus fabric should control the access to slave i.e. only the approved masters should be allowed to access the slave. All the information/data contained in the Red side world which is to be send through the crypto blocks should be accessible to only those master which have access to the crypto block data memory. In the Figure-2 any bus master other than the central DMA should not be allowed access to the bypass interface. This configuration could be hardwired in the bus fabric. This will insure that no other bus master can make use of the bypass block in the CSS. Further the central DMA also should also be controlled by hard wiring the address ranges or the limiting configuration where bypass access is permissible.

Figure-3: Proposed architecture for the Red Side

Typical implementation for the red side world is shown in the Figure 3. It consist of the following • Central DMA

o Secure registers o Non secure registers

• Peripheral with built in DMA • Memory Controller • Bypass Interface • Crypto Interface The Central DMA is responsible for offloading the red side

processor. It should consist of two types of registers (secure registers and non secure registers). The secure registers should be one time configurable i.e. any effort to re-configure the

registers should be blocked and should result in erroneous response to the processor as attempt to breach the security. The processor can take appropriate action based on security policy of the SDR system. The secure registers should only be configured during boot. These registers should fix the address ranges. The content of these locations can only be passed on to the Bypass block in the CSS. This may contain the applications etc which needs to be passed on to the black world. The peripherals with built in DMA may consist of the other bus masters sitting on the red side world. It can be any peripherals having built in DMA like USB, Ethernet and SATA etc. The memory controller works as a bridge for between the Red side memory and the bus fabric.

The bus fabric works as a bridge between the various bus

masters and slaves connected in the Red world. The bus fabric limits the access of bus masters to the various slaves i.e. bus master which is not authorized to access the salve should be blocked by the bus fabric. In the Figure 3 the bus fabric allows access to the bypass interface only from the central DMA. All other bus masters (Peripherals with built in DMA etc) are restricted to make use of the bypass block in the CSS. The crypto interface is accessible via all the bus masters (Peripherals with built in DMA).

The crypto and bypass interface store the data transferred

by the bus masters connected to the bus fabric and then they pass the data to the CSS access controller. The figure 5 and figure 6 respectively shows the implementation for the crypto and bypass interface. It consists of a small on chip memory for storage and an interface controller for communicating with the CSS access controller.

Figure-4: Implementation of Crypto Interface

Figure-5: Implementation of Bypass Interface

V. CONCLUSION AND FURTHER WORK This paper provides a brief overview of the hardware implementation for the SDR from bypass block perspective. It provides a solution which will minimize the dependency on the software to insure the proper use of the bypass block in the CSS. The complete implementation of Secure SCA compliant radio is a challenge. The proposed architecture looks at the security requirement for just the bypass block. The complete SDR design will have to take care of many other security threats

ACKNOWLEDGEMENT

The authors wish to acknowledge the assistance and support

of Arvind Kumar and Ravinder Rao Soogoor.

REFERENCES

[1] SOFTWARE COMMUNICATIONS ARCHITECTURE SPECIFICATION, JTRS STD. 2.2.2, REV. FINAL, MAI 2006. [ONLINE]. AVAILABLE: HTTP://SCA.JPEOJTRS.MIL/

[2] SECURITY SUPPLEMENT TO THE SOFTWARE COMMUNICATIONS ARCHITECTURE SPECIFICATION, APRIL 30, 2004, JTRS STD. 2.2.1, APRIL 2004.[Online]. Available: HTTP://SCA.JPEOJTRS.MIL

[3] D. K. MUROTAKE, "AN OPEN ARCHITECTURE SEA REFERENCE PLATEFORM," IN PROCEEDING OF THE SDR 07 TECHNICAL CONFERENCE AND PRODUCT EXPOSITION, 2007.

[4] SIERRA II DATASHEET, HARRIS CORP., 2005. [ONLINE].AVAILABLE: HTTP://WWW.RFCOMM.HARRIS.COM

[5] M. KURDZIEL, J. BEANE, AND J.J. FITTON, "AN SEA SECURITY SUPPLEMENT COMPLIANT RADIO ARCHITECTURE," IN PROC. IEEE MILITARY COMMUNICATIONS CONFERENCE MILCOM 2005, 17-20 OCT. 2005, PP. 22442250.

[6] COMMUNICATIONS RESEARCH CENTRE, CANADA, STEVEN, BERNIER PROJECT LEADER, "SCA REFERENCE IMPLEMENTATION" AVAILABLE FOR DOWNLOAD AT: HTTP://WWW.CRC.CA/EN/HTML/SCARI/HOME/HOME [7] Fitton, J., "SECURITY CONSIDERATIONS FOR SOFTWARE DEFINED RADIO", SDR FORUM TECHNICAL CONFERENCE, PAPER NO. SW3-04, NOVEMBER 2002. [8] PUBLICATION OF THE SOFTWARE DEFINED RADIO (SDR) FORUM, "SDR FORUM STRUCTURE AND 2002 UNIFIED WORK PLAN",SDRF-02-A-0001-VO.00, FEBRUARY2002, AVAILABLE ON-LINE AT: HTTP://WWW.SDRFORUM.ORG/PUBLIC/02_A_001_V0_00_W_ORKPLAN_08_26_02.PDF