Dynamic operational watermarking for software and hardware assurance

US 9,081,957 B2
Filed: 02/07/2013
Issued: 07/14/2015
Est. Priority Date: 02/07/2013
Status: Active Grant

First Claim

Patent Images

1. A dynamic watermarking method comprising:

receiving, at a monitor device, a physical watermark and a logical watermark of a defended apparatus, wherein the logical watermark includes at least one of execution timing of the defended apparatus, execution sequencing of the defended apparatus, data transaction of the defended apparatus, input activity of the defended apparatus, output activity of the defended apparatus, and function periodicity of the defended apparatus, and wherein the physical watermark includes a temperature of the defended apparatus or a power-consumption rate of the defended apparatus;

setting a baseline for the defended apparatus at the monitor device, the baseline including the physical watermark and the logical watermark;

continuously monitoring, by a processor of the monitor device, the defended apparatus in real-time for a change in the physical watermark or the logical watermark;

in response to detecting a change in the physical watermark or the logical watermark, comparing the change to a threshold;

in response to determining the change is less than the threshold updating the baseline to include the change; and

in response to determining the change is greater than the threshold performing a defensive action,wherein performing the defensive action includes generating false decoy data and recording the false decoy data into a memory of the defended apparatus such that tampering with the defended apparatus only uncovers the false decoy data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure addresses systems and methods for the protection of proprietary information by monitoring operational watermarks of an apparatus. A monitoring device may receive logical or physical watermark data from a defended apparatus. Watermark data may include any operational or environmental variable related to the defended apparatus. The monitoring device may maintain a baseline profile for the defended apparatus that includes watermark data. During monitoring of the defended apparatus by the monitor device, changes in the watermark data may be analyzed to determine if the baseline should be dynamically updated, or if the change indicates an anomaly. Anomalies may indicate an attempt to tamper with the defended apparatus. In response to the change that indicates an anomaly, the monitoring device may scrub the contents of the defended apparatus. In an embodiment, the monitoring device may also scrub its own memory in response to an anomaly.

10 Citations

View as Search Results

19 Claims

1. A dynamic watermarking method comprising:
- receiving, at a monitor device, a physical watermark and a logical watermark of a defended apparatus, wherein the logical watermark includes at least one of execution timing of the defended apparatus, execution sequencing of the defended apparatus, data transaction of the defended apparatus, input activity of the defended apparatus, output activity of the defended apparatus, and function periodicity of the defended apparatus, and wherein the physical watermark includes a temperature of the defended apparatus or a power-consumption rate of the defended apparatus;
  
  setting a baseline for the defended apparatus at the monitor device, the baseline including the physical watermark and the logical watermark;
  
  continuously monitoring, by a processor of the monitor device, the defended apparatus in real-time for a change in the physical watermark or the logical watermark;
  
  in response to detecting a change in the physical watermark or the logical watermark, comparing the change to a threshold;
  
  in response to determining the change is less than the threshold updating the baseline to include the change; and
  
  in response to determining the change is greater than the threshold performing a defensive action,wherein performing the defensive action includes generating false decoy data and recording the false decoy data into a memory of the defended apparatus such that tampering with the defended apparatus only uncovers the false decoy data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the monitor device and the defended apparatus are co-located.
  - 3. The method of claim 2, further comprising:
    - receiving, by the processor of the monitor device, the physical watermark and the logical watermark, wherein the setting of the baseline is performed in response to an initial reception of the physical watermark and the logical watermark.
  - 4. The method of claim 3, wherein the change includes a deviation from the baseline of the physical watermark or the logical watermark, the deviation indicating an attack on the defended apparatus.
  - 5. The method of claim 2, wherein monitoring the defended apparatus for the change in the physical watermark or the logical watermark includes continuously receiving environmental data and execution data from the defended apparatus.
  - 6. The method of claim 5, wherein performing the defensive action includes scrubbing the defended apparatus and the monitor device, and transmitting a notification of the change.
  - 7. The method of claim 6, wherein scrubbing the defended apparatus includes erasing an erasable memory coupled to a processor of the defended apparatus and wherein scrubbing the monitor device includes erasing a portion of the memory of the monitor device.

8. At least one non-transitory machine-readable storage medium comprising a plurality of instructions that in response to being executed on a computing device, cause the computing device to:
- receive a physical watermark and a logical watermark of a defended apparatus, wherein the logical watermark includes at least one of;
  
  execution timing of the defended apparatus, execution sequencing of the defended apparatus, data transaction of the defended apparatus, input activity of the defended apparatus, output activity of the defended apparatus, or function periodicity of the defended apparatus; and
  
  wherein the physical watermark includes a temperature of the defended apparatus or a power-consumption rate of the defended apparatus;
  
  set a baseline for the defended apparatus, the baseline including the physical watermark and the logical watermark;
  
  continuously monitor the defended apparatus in real-time for a change in the physical watermark or the logical watermark;
  
  in response to detecting a change in the physical watermark or the logical watermark, compare an amount of the change to a threshold;
  
  in response to determining the change is less than the threshold, update the baseline to include the change;
  
  and in response to determining the change is greater than the threshold, perform a defensive action in response to the change,wherein performing the defensive action includes generating false decoy data and recording the false decoy data into a memory of the defended apparatus such that tampering with the defended apparatus only uncovers the false decoy data.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The machine-readable storage medium of claim 8, wherein the monitor device and the defended apparatus are co-located in a single device.
  - 10. The machine-readable storage medium of claim 9, wherein the plurality of instructions further cause the computing device to:
    - receive the physical watermark and the logical watermark, wherein the setting of the baseline is performed in response to an initial reception of the physical watermark and the logical watermark.
  - 11. The machine-readable storage medium of claim 8, wherein monitoring the defended apparatus for the change in the physical watermark or the logical watermark includes continuously receiving environmental data and execution data from the defended apparatus.
  - 12. The machine-readable storage medium of claim 9, wherein performing the defensive action includes scrubbing the defended apparatus and the monitor device.
  - 13. The machine-readable storage medium of claim 12, wherein scrubbing the defended apparatus and the monitor device includes erasing the machine-readable medium and wherein scrubbing the monitor device includes erasing a portion of the memory of the monitor device.

14. A system comprising:
- a defended apparatus including a processor, one or more sensors, and a first erasable memory coupled to the processor; and
  
  a shadow monitor including a processor coupled to the defended apparatus, a second erasable memory coupled to the processor of the shadow monitor, the shadow monitor being configured to receive a physical watermark and a logical watermark from the defended apparatus, wherein the logical watermark includes at least one of;
  
  execution timing of the defended apparatus, execution sequencing of the defended apparatus, data transaction of the defended apparatus, input activity of the defended apparatus, output activity of the defended apparatus, or function periodicity of the defended apparatus; and
  
  wherein the physical watermark includes a temperature of the defended apparatus or a power-consumption rate of the defended apparatus,the shadow monitor configured to establish a baseline for the physical watermark and the logical watermark, store the baseline in the second erasable memory, and continuously monitor the defended apparatus in real-time for data indicating a change in the physical watermark or the logical watermark including comparing the data indicating the change to a threshold,in response to determining the change is less than the threshold updating the baseline to include the change,and in response to determining the change is greater than the threshold perform a defensive action in response to the change;
  
  wherein performing the defensive action includes generating false decoy data and recording the false decoy data into a memory of the defended apparatus such that tampering with the defended apparatus only uncovers the false decoy data;
  
  wherein the physical watermark includes data from the one or more sensors of the defended apparatus, and the change includes a deviation from the baseline, the deviation indicating an attack on the defended apparatus.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein the shadow monitor and the defended apparatus are coupled by a network.
  - 16. The system of claim 14, including:
    - a wireless transceiver coupled to the shadow monitor and the defended apparatus;
      
      wherein the shadow monitor and the defended apparatus are co-located.
  - 17. The system of claim 16, wherein the defended apparatus includes a real-time operating system executing on the processor of the defended apparatus.
  - 18. The system of claim 17, wherein the processor of the shadow monitor and the processor of the defended apparatus are implemented in a single device.
  - 19. The system of claim 17, wherein the defensive action includes:
    - transmitting a notification of the change via the wireless transceiver; and
      
      overwriting the first erasable memory and the second erasable memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
Ryatheon BBN Technologies Corporation
Inventors
Roden, Thomas Gilbert III
Primary Examiner(s)
Shaw, Yin-Chen
Assistant Examiner(s)
King, John B

Application Number

US13/761,675
Publication Number

US 20140223554A1
Time in Patent Office

887 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/577 Assessing vulnerabilities a...

Dynamic operational watermarking for software and hardware assurance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic operational watermarking for software and hardware assurance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links