You are here

Hardening Aircraft Systems through Hardware (HASH)


OUSD (R&E) MODERNIZATION PRIORITY: Cybersecurity TECHNOLOGY AREA(S): Air Platform,Information Systems OBJECTIVE: The effort will develop, validate and harden aircraft systems against errors, failures, and cyber-attacks arising from the introduction of electronic pilot kneeboards and maintenance connections into the cockpit. DESCRIPTION: Electronic pilot kneeboards and the cost advantages of condition- and network-based maintenance processes offer new potential mission benefits and new requirements for connectivity in the cockpit of DoD aircraft systems. At the same time, these open new concerns associated with pilot and operator errors, system failures, and cyber-vulnerabilities. Hardware hardening capabilities are required that are impervious to malicious software yet mindful of Size, Weight, and Power (SWaP) constraints. Unlike most ground-based installations, DoD aircraft defenses must respond in real-time, provide alerts to the pilot, prevent undesirable outcomes, and instantly adapt to the level of threat. The last five years have seen a quiet revolution in the underlying fabric of systems engineering with the coming of age of many enabling technologies: open standards for system and sensor busses have emerged that enable competitive acquisition processes; System-on-Chip and Field Programmable Gate Array (FPGA) devices offer new levels of integration and performance; High-Level Synthesis accelerates circuit design; Partial Reconfiguration allows real-time circuit adaptivity; formally verified software subsystems offer new levels of system assurance. These advances are revolutionizing commercial networking and systems design, but have yet to have a significant presence in the cockpit, especially on DoD legacy platforms. This SBIR topic will develop, harden and validate system design, software, and hardware innovations that improve aircraft resilience while reducing SWaP. Approaches should address the hardware to be developed, expected path of integration, metrics of success, assessment methods, and integration of solutions into robust, real-time cyber defenses of interest to the DoD. PHASE I: The Phase I feasibility study shall include the documentation of a basic prototype consisting of the co-designed software code and hardware capabilities that are demonstrably impervious to advanced cyber-attacks and malicious software infiltrations of the supply chain yet mindful of Size, Weight, and Power (SWaP) constraints for connectivity in the cockpit of DoD aircraft systems. Proposers interested in submitting a Direct to Phase II (DP2) proposal must provide documentation to substantiate that the scientific and technical merit and feasibility described above has been met and describes the potential military and/or commercial applications. Documentation should include all relevant information including, but not limited to: technical reports, test data, prototype designs/models, and performance goals/results. For detailed information on DP2 requirements and eligibility, please refer to Section 4.2, Direct to Phase II (DP2) Requirements, and Appendix B of the DARPA Instructions for DoD BAA 2022.4 PHASE II: Phase II shall produce system design, implementation, and maintenance capabilities to significantly advance the state of the art in security and resilience of cockpit connectivity and integration of modern computational architectures and user interfaces. These integrated systems of co-designed software and hardware architectures will support Artificial Intelligence (AI)-based or Neuromorphic-based capabilities, including a cyber-attack detection capability. This capability will detect anomalous sequences of instructions, using strategies for tight integration of CPUs and Artificial Intelligence (AI)/Machine Learning (ML)/neuromorphic fabrics. It will provide for effective cyber warning with an acceptable false alarm rate in a SWaP-constrained environment for efficient runtime cyber warning. Strong technical approaches will provide innovative concepts for coupling AI/ML or neuromorphic logic with conventional CPU cores. Thus, it will provide the ability to monitor an instruction queue of the frontside bus of CPU cores to mitigate cyber vulnerabilities. The AI or ML techniques shall capture an understanding of a system design and determine vulnerabilities. The DoD has requirements for implementing cyber resiliency and tamper resistance in its aircraft platforms, ordnance systems and associated support systems. The DoD has significant interest in advanced software engineering and digital design technologies that implement robust security related to Platform IT (PIT), programmable logic, and physical digital electronics hardware involving, but not limited to, the following: • Software, hardware and/or programmable logic implementing security that significantly advances the state of the art while simultaneously supporting performance and SWaP in areas regarding: 1. Protocol checking logic for detection of maliciously formed packets with advanced secure parsing and input validation logic residing on hardware or FPGA fabric, to implement a vetting function prior to reaching an objective network stack process residing on the objective CPU core. Said capability shall provide minimal impact on performance, latency and throughput. 2. Packet inspection logic supporting high throughput and minimal latency for detection of malicious payloads prior to reaching an objective network stack process residing on the objective CPU core. 3. Avionics networking defensive logic, especially targeting MIL-STD-1553, ARINC-429, ARINC-629, ARINC-664, Fibre Channel and Ethernet. Said approaches shall be retrofittable with minimal impact on target platforms. 4. Advanced approaches to implement secure loader and secure monitor functionality on a SoC type implementation with security core residing on fabric interacting with processes running on contained CPU cores for robust detection of malicious activity on protected CPU cores. 5. Innovative methods to improve the capability of standard FPGA security cores, regarding performance and resource utilization. a. Methods to detect and/or prevent the adversary utilizing undefined semantics for malicious purposes. b. Methods to detect and/or prevent the adversary from utilizing emergent behaviors of existing implementations for malicious purposes. c. Methods to implement Root of Trust (RoT), secure boot (cold boot), and secure restart (warm boot). d. Methods to advance the secure loading of FPGA configuration files over existing approaches. e. Methods in volume protection that increase security while simultaneously supporting high heat dissipation. 6. Methods to implement security in a powered-off state with only limited battery powered functionality available for sensors and defensive logic. a. Methods that address known computer processor hardware vulnerabilities that are retrofittable into existing systems. [IMPORTANT: Offeror in an UNCLASSIFIED proposal should not explicitly mention specific platform subject to said vulnerability.] b. Methods that address known crypto implementational security issues (not basic cryptological algorithm issues) in embedded crypto systems that are retrofittable into existing systems. [IMPORTANT: Offeror in an UNCLASSIFIED proposal should not explicitly mention specific platform subject to said vulnerability.] c. Methods to thwart Reverse Engineering (RE) of sensitive software, hardware and/or programmable logic that strongly obscures the functionality, effectively denying the ability to perform RE but provides for the ability to operate in a hidden/obfuscated/encrypted state with minimal and/or acceptable impact on performance and/or latency. d. Methods for implementing a covert communication channel (intended to be unknown to the attacker) between various avionics components or subsystems to support alerting, logging or a coordinated response to a RE attack or a cyber attack. • Techniques to provide for provability and traceability of software, hardware and programmable logic regarding: 1. Innovative approaches to formal methods that in addition to proof of correctness, provide proofs of Confidentiality, Integrity, and Availability (CIA): a. Approaches to supporting scalability of formal methods to support large scale software packages and large circuit design Hardware Description Language (HDL) code bases. b. Robust approaches to dealing with covert channels, timing channels and side channels. c. Provability regarding software targeting multiprocessing implementations including Symmetric Multi-Processing (SMP) and other multiprocessing arrangements such as Asymmetric Multi-Processing (AMP) (in part, related to the previous bullet). d. Techniques to support verification for mixed implementations involving both software with hardware and/or programmable logic, where the software is tightly coupled to hardware/programmable logic in a target such as a System on a Chip (SoC). e. Techniques to provide for formal verification of Machine Learning (ML) and neuromorphic hardware and use cases where software is coupled to a ML/neuromorphic system in support of some Naval Aviation Enterprise (NAE) application such as sensor data processing, tracking or autonomy. • Technologies that provide the ability to rapidly and effectively assess the provenance of software, programmable logic and hardware in a manner significantly more robust than code signing (cf. the recent SolarWinds attack subverting the software build environment to bypass code signing). These technologies must provide the capability to prove that no unauthorized and potentially malicious modification has been made anywhere in the supply chain or development system. They shall have traceability back to the software/hardware development system and relate to the software module/hardware cell level. They shall provide the ability to vet the individual software/IP blocks/hardware cells at the target or at the software loader/device programmer, accessing artifacts providing proof such as: 1. Software/hardware/programmable logic fully confirms to system program office approved design specification with no additional functionality. 2. Software/hardware/programmable logic was only developed and/or modified by authorized developer personnel. 3. Software/hardware/programmable logic was only developed and/or modified using approved toolchains. 4. Software/hardware/programmable logic was only developed and/or modified on approved development systems. 5. Software/hardware/programmable logic was only developed and/or modified during an approved period. Successful offerors in their proposals will demonstrate a strong understanding of the technology areas that they respond to and they will articulate a compelling necessity for S&T funding to support their respective proposed technology approaches over existing capabilities. Schedule/Milestones/Deliverables Phase II fixed payable milestones for this program shall include: • Month 2: New Capabilities Report, that identifies additions and modifications that will be researched, developed, and customized for incorporation in the pilot demonstration. • Month 4: PI meeting presentation material, including demonstration of progress to date, PowerPoint presentations of accomplishments and plans. • Month 6: Demonstration Plan that identifies schedule, location, computing resources, and any other requirements for the pilot demonstration. • Month 9: Initial demonstration of stand-alone pilot application to DARPA; identification of military transition partner(s) and other interested DoD organizations • Month 12: PI meeting presentation material, including demonstration of progress to date, PowerPoint presentations of accomplishments and plans. • Month 15: Demonstration to military transition partners (s) and other DoD organizations. • Month 18: PI meeting presentation material, including demonstration of progress to date, PowerPoint presentations of accomplishments and plans. • Month 21: PI meeting presentation material, including demonstration of progress to date, PowerPoint presentations of accomplishments and plans. • Month 24: Final software and hardware delivery, both object and source code, for operation by DARPA or other Government personnel for additional demonstrations, with suitable documentation in a contractor proposed format. Deliver a Final Report, including quantitative metrics on decision making benefits, costs, risks, and schedule for implementation of a full prototype capability based on the pilot demonstration. This report shall include an identification of estimated level of effort to integrate the pilot capability into an operational environment, addressing computing infrastructure and environment, decision making processes, real-time and archival data sources, maintenance and updating needs; reliability, sensitivity, and uncertainty quantification; and transferability to other military users and problems. The report shall also document any scientific advances that have been achieved under the program. (A brief statement of claims supplemented by publication material will meet this requirement.) Provide Final PI meeting presentation material. Phase II Option: The option shall address preliminary steps toward the certification, accreditation and/or verification of the resulting base effort's hardening capability. Schedule/Milestones/Deliverables for Phase II Option Phase II fixed payable milestones for this program option shall include: • Month 2: Plan that identifies the schedule, location, computing resources and/or any other requirements for the hardening capability's certification, accreditation, and/or verification. • Month 4: Presentation on the detailed software and hardware plan for the technical capability. • Month 7: Interim report on progress toward certification, accreditation and/or verification of the technical capability. • Month 10: Review and/or demonstration of the prototype capability with the documentation supporting certification, accreditation and/or verification. • Month 12: Final Phase II option report summarizing the certification, accreditation and/or verification approach, architecture and algorithms; data sets; results; performance characterization and quantification of robustness. PHASE III DUAL USE APPLICATIONS: (U) The DoD and the commercial world have similar challenges with respect to maintaining the cyber integrity of their computing and communications infrastructure. The Phase III effort will see the developed technical capability transitioned into a DoD enterprise aircraft system that can be used to discover, analyze, and mitigate cyber threats. Government and commercial aircraft systems have similar challenges in tracking, understanding, and mitigating the varied cyber threats facing them in the cockpit of aircraft systems. Thus, the resulting hardening capability is directly transitionable to both the DoD and the commercial sectors: military and commercial air, sea, space and ground vehicles; commercial hardening of critical industrial plant (i.e. control systems, manufacturing lines, chemical processes, etc.) through secure programmable logic controllers; securing cloud infrastructure associated with optimization of industrial processes and condition-based maintenance of air, sea, space and ground vehicles. As part of Phase III, the developed capability should be transitioned into an enterprise level system that can be used to detect heavily obfuscated or anti-debugging and integrity checking techniques employed by a cyber intruder. The resulting hardening capability is directly transitionable to the DoD for use by the services (e.g., Naval Aviation Enterprise (NAE), etc.) that have requirements for implementing cyber resiliency and tamper resistance in its aircraft platforms. This is a dual-use technology that applies to both military and commercial aviation environments affected by cyber adversaries. REFERENCES: 1. C. Adams, “HUMS Technology”, Aviation Today, May 2012. 2. 3. Shanthakumaran, P. (2010) “Usage Based Fatigue Damage Calculation for AH-64 Apache Dynamic Components”, The American Helicopter Society 66th Annual Forum, Phoenix, Arizona. 4. P. Murvay and B. Groza, "Security Shortcomings and Countermeasures for the SAE J1939 Commercial Vehicle Bus Protocol," in IEEE Transactions on Vehicular Technology, vol. 67, no. 5, pp. 4325-4339, May 2018, doi: 10.1109/TVT.2018.2795384. KEYWORDS: aircraft systems, cyber attacks, operator errors, cyber vulnerabilities, hardware hardening
US Flag An Official Website of the United States Government