SDR and security
For those of you who are following software-defined radio, FCC rules, communications security, or the tinkering issue, take a look at this SDR Forum report on software-defined radio and security. It's wide-ranging, but a lot of it has to do with mitigating security threats involving end-user modifications to radios. The FCC, in its Report and Order on SDR, made some allusions to the importance of preventing SDR transmitters from transmitting on the wrong frequencies or with greater-than-licensed power, and I think there were suggestions in there that this meant that the transmitters should be built in such a way that the software driving them couldn't be modified by end-users.
The SDR Forum has picked up on that suggestion and expanded upon it with a long discussion of the importance of, well, preventing end-users from modifying the software in radios, mainly with a view to avoiding interference and spoofing, but also apparently in order to prevent certain other behaviors.
There seems to be very little discussion in this report (just as there was practically no discussion in the FCC's Report and Order) of whether it is important to prevent users from modifying the software in software-based receivers. I've talked in the past about the idea that it may be appropriate to specify only "wire protocols" (even for wireless systems) instead of specifying the design of a device which implements those protocols. That is the approach taken by virtually all Internet RFCs, and by most communications standards, but not always by FCC regulations.
It seems that the SDR Forum is responding directly to the FCC's suggestion that industry should consider security issues related to SDR. And they've considered precisely those security issues which the FCC asked them to consider. That means that it's still totally unclear whether the FCC or the industry has thought from the point of view of security about SDRs which are only receivers and not transmitters. (See, I know of one of those. They've considered the possibility of implementing transmitter functions in the future, but none of them have been implemented to date. The commercial members of the SDR Forum all seem to be working exclusively with systems which are capable of transmitting.)
Now I'm wondering to what extent it's been required by law in the U.S. that systems which are designed to radiate RF energy must not only comply with certain frequency and power limitations but must also be designed to resist modification by a user. Anybody?
