ISCAP Proceedings: Abstract Presentation
Remote Protocol Analysis with a Logic Analyzer
Michael Ham
Dakota State University
Shawn Zwach
Dakota State University
Kyle Cronin
Dakota State University
Abstract
Protocol analysis is a critical skill for cybersecurity engineers. As society’s dependency on interconnected wireless devices increases, so does the threat landscape to the security of supporting communication protocols. The importance of this skillset is underlined by prestigious academic designation standards, such as those from The National Security Agency’s Center of Academic Excellence (NSA-CAE). The NSA-CAE designation specifically highlights knowledge units regarding networking and communication protocols. Learning to analyze non-routable communication protocols (e.g., Infrared, Zigbee, or Bluetooth), especially those used in Internet of Things (IoT) applications, is helpful for those engaged in threat hunting and intelligence gathering. These findings can ultimately lead to appropriate vulnerability disclosure and a strengthened security posture of such devices.
Physical access to these devices in an on-campus environment allows students to interact with and capture communications in a lab setting. Experiential labs help students attain applied skillsets that translate directly into professional working skills and experiences. However, remote learners are disadvantaged when studying the same content, as they need physical access to target devices. As a result, they cannot capture signals that do not transmit over other routable carriers in real time for protocol analysis, a critical component to furthering one’s understanding of the area.
Cost and regulations hinder some solutions to the issue of remote learners needing direct access to transmitting devices. Requiring students to purchase certain hardware to study can be cost-prohibitive and challenging due to supply issues. Depending on the learner’s physical location, import/export controls may prevent them from attaining certain hardware. Simply having the target devices transmit at a higher output is also not feasible due to geographic and regulatory limitations. Lastly, encapsulating communication over standard routable carriers (e.g., TCP/IP) to remote learners does not reliably depict the actual timing of a signal, a critical component to accurate analysis. An internet-accessible lab platform connected to the target devices is necessary to give online learners similar learning opportunities.
A logic analyzer is a hardware device capable of helping engineers debug, analyze, and take digital measurements. By utilizing multiple hardware channels, a logic analyzer can connect to various circuit components and graphically show input and output to the device. With appropriate connections, a logic analyzer can show wireless communication waveforms in real-time; this allows cybersecurity engineers and students to study the underlying communication protocols.
The researchers propose an online platform to enable online learners to remotely interact with a logic analyzer connected to a target device and perform basic control via a web platform (i.e., triggering the device to send, configuring basic input, etc.). As a proof-of-concept, researchers configured an infrared transmitter capable of sending encoded messages. By remotely connecting to a logic analyzer session, remote students can view the IR communication protocols to study in the context of threat hunting and vulnerability analysis. This approach lessens the barriers to entry for online students while simultaneously giving them a more realistic, applied learning environment. Researchers hypothesize that such a platform will increase learners’ progress toward defined learning outcomes.