alert image
  • The DHS S&T SBIR Portal website will be undergoing scheduled maintenance and will not be available on the following dates and times:
    • 11:00 PM Saturday, October 26, 2019 EDT - 06:00 AM, Sunday, October 27, 2019 EDT
    We apologize for any inconvenience. If you need assistance, please contact the help desk at dhssbir@reisystems.com.

Abstracts of FY18.1 Phase I Awards
Back to Award List

H-SB018.1-001

Company

Polestar Technologies, Inc.
220-3 Reservoir Street
Needham Heights, MA 02494-3133

Proposal Information FY18.1-H-SB018.1-001-0012-I - Wearable Fentanyl Analog Sensor
Topic Information H-SB018.1-001 - Development of a Wearable Fentanyl Analog Sensor
Award/Contract Number 70RSAT18C00000032
Abstract

A Phase I SBIR is proposed for the development of a wearable sensor to protect law enforcement and first responders from inadvertent exposure to potentially toxic levels of fentanyl and/or fentanyl analogs. The Phase I project will demonstrate the ability of the new sensor to selectively detect the presence of fentanyl analog vapors from solid samples or air-borne particulates in concentrations below ECt50 levels. The work will focus on the development of a new selective fentanyl-binding polymer integrated into a chemical sensing antenna structure and the development of a preliminary design of a low-cost, low-power set of read electronics to use with the sensing antenna. Response data from tests of the sensing antenna against non-hazardous fentanyl analogs and common clutter agents including heroin and heroin cutting compounds will be used to show the feasibility of the new sensor. The new fentanyl analog sensor will have commercial application, not only in individual personnel safety, but also in facilities or event protection where aerosolized fentanyl and fentanyl analogs could be deployed as weapons. Further, modification of the fentanyl-binding polymer layer to enable selective binding of toxic industrial chemicals or volatile organic compounds could expand the commercial potential of the sensor to fire and mine safety, as well as hazmat applications.

Company

Nano Terra, Inc.
737 Concord Ave.
Cambridge, MA 02138-1002

Proposal Information FY18.1-H-SB018.1-001-0015-I - Rapid Tox-Based Wearable Sensing Badge for Solid Aerosol and Contact Exposure to Fentanyls
Topic Information H-SB018.1-001 - Development of a Wearable Fentanyl Analog Sensor
Award/Contract Number 70RSAT18C00000017
Abstract

Nano Terra proposes to develop a low-cost and wearable detector badge that quickly and selec-tively alerts the user to the presence of solid fentanyl aerosols with an audible and visual alert. Current commercial fentanyl and opioid detectors are bulky and costly and have unsuitably-high limits of detection. Nano Terra will leverage their expertise in ultra-sensitive dosimetric detection of threat agents to advance their existing highly-selective opioid sensor for use in a compact wearable badge. The proposed system will be unobtrusive and inexpensive, while offering the necessary high sensitivity, high selectivity (distinguishes amongst fentanyl analogs and cutting agents), and rapid response time needed for the requirements of law enforcement and first responders. We will also develop and integrate a proof-of-concept toxicity-based sensor for opioids in which sensors are formulated to provide a real-time assessment of the effective human toxicity of operational environments containing multiple opioid species whose concentration or identity may not be known.

Company

Vaporsens
615 Arapeen Drive
Suite 102
Salt Lake City, UT 84108-1239

Proposal Information FY18.1-H-SB018.1-001-0022-I - Bilayer Nanofibers as Wearable Sensors for Detecting Fentanyl Compounds
Topic Information H-SB018.1-001 - Development of a Wearable Fentanyl Analog Sensor
Award/Contract Number 70RSAT18C00000018
Abstract

Drug overdose is now the leading cause of death for Americans under 50 years old, with fentanyl claiming more lives than any other drug. Alarmingly, the problem is increasing, with fentanyl overdoses claiming nearly twice as many lives in 2016 compared to 2015. In addition to users, first responders are at risk for coming into contact with fentanyl as they perform their duties. Fentanyl is extremely dangerous because it is odorless and lethal in small quantities. Thus, a low-cost, wearable detector for fentanyl is required to protect first responders and other vulnerable groups. Chemical sensors are appropriate for a low-cost, wearable detector. However, fentanyl is typically found in particles and most chemical sensors are designed to detect gas molecules. Fentanyl is generally found as a salt and is nonvolatile. A method to convert the salt to vapor-phase fentanyl molecules could enable detection using chemical sensors. Vaporsens proposes development of a novel bilayer sensor based on organic nanofibers. The top layer would feature nanofibers with base groups on the surface to adsorb fentanyl particles and withdraw the acid. The bottom layer would be comprised of nanofibers designed to respond to fentanyl compounds. Compared to other chemical sensors, nanofibers offer a higher degree of sensitivity and selectivity. Sensors are small in size and consume little power, appropriate for a wearable detector. The proposed sensors could play a vital role in protecting first responders from becoming victims of the opioid epidemic.

Back to top

H-SB018.1-002

Company

Physical Optics Corporation
1845 West 205th Street
Torrance, CA 90501-1510

Proposal Information FY18.1-H-SB018.1-002-0002-I - Remote Phone Locator for Improved Emergency Rescue
Topic Information H-SB018.1-002 - Cell Phone Location Finder for Maritime and Remote Search and Rescue
Award/Contract Number 70RSAT18C00000029
Abstract

To address the Department of Homeland Security (DHS) need for a cell phone location finder for maritime and remote search and rescue (SAR), Physical Optics Corporation (POC) proposes to develop a new REmote Phone Locator for Improved Emergency Rescue (REPLIER). REPLIER leverages novel techniques recently developed at POC to extend the range of cellular communications and integrate commercial cellular communications into deployed tactical radios. Innovations in REPLIER enable localization of persons in distress from over 100 km away, with resolution of 50 m or better. REPLIER is intrinsically able to discriminate between the target and other cell phone devices, avoiding disruption of traditional cell phone services or violation of the privacy of other cell phone users. REPLIER is small and lightweight for portability and ease of integration with first responders existing equipment, such as Rescue 21. REPLIER features Ingress Protection (IP)-67 packaging to provide durability and compatibility for a wide range of maritime and remote land border environments. In Phase I, POC will develop a REPLIER proof of concept and demonstrate the technical feasibility for a range of use cases and concepts of operations, reaching technology readiness level TRL-4. In Phase II, POC plans to develop and demonstrate a TRL-6 prototype, in preparation for transition/commercialization in Phase III. The successful completion of this project at the end of Phase III will benefit the nation in both government and commercial sectors by providing an effective means to track cellular signals for SAR operations.

Company

Intelligent Automation Inc
15400 Calhoun Dr, Suite 190
Rockville, MD 20855-2814

Proposal Information FY18.1-H-SB018.1-002-0018-I - Cellphone Localization in Austere and remote Environments (CLARE)
Topic Information H-SB018.1-002 - Cell Phone Location Finder for Maritime and Remote Search and Rescue
Award/Contract Number 70RSAT18C00000030
Abstract

As cellphones have become ubiquitous, there is a growing interest in the potential to harness their radio frequency energy to assist in Search And Rescue SAR operations. Techniques to locate cellphones have significant shortcomings for operations in remote areas with little or no cellphone coverage, such as national parks, remote border areas, or waterways or seas. Furthermore, in all cellular technologies including 3G, 4G and upcoming 5G systems, the User Equipment UE is required to receive a reliable downlink control signal and system information before it can transmit any signal or message in the uplink, which means that in areas without cell coverage, cellphones will emit no RF, even if a call is initiated. We propose to develop the Cellphone Localization in Austere and Remote Environments CLARE system. CLARE directs UEs to transmit signals in the uplink. CLARE technology will be platform agnostic. For the US Coast Guard, CLARE can be deployed to any number of shore units, small patrol boats to larger cutters. In addition, airborne platforms that may use CLARE include helicopters, C27,C130 and C144 aircraft and small UAS. CLARE will use a variety of RF geolocation techniques exploiting both coherent, and incoherent features of the UE signal., and incorporate GPS and IMU sensors for selflocalization. CLARE will minimize disruption to the network, will not invade users privacy, and will not require a warrant to operate.

Company

Toyon Research Corporation
6800 Cortona Drive
Goleta, CA 93117-3021

Proposal Information FY18.1-H-SB018.1-002-0021-I - Advanced Receiver for Distressed Emitter Localization (ARDEL)
Topic Information H-SB018.1-002 - Cell Phone Location Finder for Maritime and Remote Search and Rescue
Award/Contract Number 70RSAT18C00000028
Abstract

A majority of U.S. adults own a cell phone and are inclined to use it in emergency situations to call for assistance. Unfortunately, in areas where the density of cell towers is low, such as in rural and off-shore environments, the ability of the wireless network to geolocate the origin of the wireless signal is poor to non-existent. Under the proposed effort, Toyon Research Corporation will develop a system to geolocate the source of radio-frequency (RF) emissions from distressed cellular calls. The system will not disrupt other users and will not require personal information to detect, identify and geolocate the emitter of interest. The proposed emitter localization system has a number of potential commercial applications including search and rescue operations and interference localization, such as in the case of GPS/GNSS jammers. During the Phase I effort, Toyon will develop the system architecture and demonstrate the performance of the system using a modular navigation and communication transceiver developed on prior contracts. Lessons learned from the demonstration will be incorporated into a preliminary prototype design, which will be finalized, built and demonstrated during the follow-on Phase II effort. The emitter locator will include one or more cooperative sensor nodes that communicate with each other without disrupting the wireless network. Each sensor node will be small, lightweight, portable and durable. A mission planning software package will be included to enable the operators to visualize and understand the expected performance of the system during operation.

Company

WGS Systems, LLC
7340 Executive Way
Suite A
Frederick, MD, MD 21704-9405

Proposal Information FY18.1-H-SB018.1-002-0025-I - WGS Systems Search and Rescue Locating Cell Phones (SARLOC-DF)
Topic Information H-SB018.1-002 - Cell Phone Location Finder for Maritime and Remote Search and Rescue
Award/Contract Number 70RSAT18C00000031
Abstract

WGS Systems LLC proposes to develop a low-cost small portable radio direction finder (DF) to locate cell phones being used for emergency communications in remote regions. This low-cost product will be used by first responders in support of the search and rescue mission. WGS understands DF technology and develops high performance DF systems for defense applications including systems that DF GSM cell phones. In addition, we understand and support the public safety market and consequently have been developing for low-cost affordable Intelligence, Surveillance and Reconnaissance (ISR) products and systems in this market space. We also initiated an internally funded effort to develop low-cost DF concepts. The approach uses single channel DF methods which reduce the cost associated with tuners. It is also using low-cost Software Defined Radios (SDRs) that are reasonably priced and low-cost processing engines. WGS is using this background to develop a unique solution for this cell phone location task. We propose to develop and demonstrate a Search and Rescue Location DF (SARLOC-DF) system used to locate phones in sparse cell phone coverage areas. SARLOC-DF uses latest low-cost COTS technology components and low-cost antenna products for the hardware platform that is in a small rugged portable package. SARLOC-DF uses the cell phone signal to define a line-of-bearing (LOB) to the phone and measures signal amplitude. The bearing and amplitude information are used to locate the phone. Our plan is to commercialize this product for use in the public safety market.

Back to top

H-SB018.1-003

Company

Physical Optics Corporation
1845 West 205th Street
Torrance, CA 90501-1510

Proposal Information FY18.1-H-SB018.1-003-0001-I - Miniature Intelligent Spectral Analyzer
Topic Information H-SB018.1-003 - Device to Detect Interference of Communications Systems
Award/Contract Number 70RSAT18C00000019
Abstract

To address the DHS need to rapidly detect radio interference of critical radio frequency (RF) communications channels utilized by first responders, Physical Optics Corporation (POC) proposes to develop a new Miniature Intelligent Spectral Analyzer (MISCAN) device based on a combination of commercial off-the-shelf (COTS) electronic components in a custom software-defined configuration along with intelligent anomaly detection algorithms. The system will alert first responders by visual, audible, or haptic means so they can carry out back-up, mitigation, and reporting procedures. In Phase I POC will demonstrate the feasibility of MISCAN by building and testing a preliminary prototype device and performing real-world testing using DHS reference interference waveforms. At the end of the resultant Phase I effort, the MISCAN system will reach technology readiness level (TRL)-5 and POC will submit a detailed plan to complete the system including interference geo-location capability and to ensure reaching a sub-$500 price point. In Phase II, POC plans to manufacture and field final systems for evaluation by first responders identified during the Phase I effort and will prepare the MISCAN design for low-cost manufacturing. The successful completion of this project at the end of Phase III will benefit the nation in both government and commercial sectors by providing reliable radio communications for first responders and other essential personnel. Commercial applications for this technology include applications in disaster prevention and recovery, networking and information technology, and security and surveillance.

Company

ANDRO Computational Solutions, LLC
One Beeches Place
7980 Turin Rd., Bldg. 1
Rome, NY 13440-1934

Proposal Information FY18.1-H-SB018.1-003-0004-I - Interference Detection and Analysis Device
Topic Information H-SB018.1-003 - Device to Detect Interference of Communications Systems
Award/Contract Number 70RSAT18C00000021
Abstract

Law enforcement and public safety agencies rely on the 700 MHz/800 MHz spectrum band which are affected by co-channel interference from the commercial radio networks along with unintentional as well as intentional radio frequency interferers (RFIs). The first responders need to be alerted or have prior knowledge of potential interferences at a mission site. This will enable them to adopt strategies to mitigate such potentially disruptive RFI sources and ensure reliable communication during the mission. In this effort, a cost-effective, lightweight and portable Interference Detection and Analysis Device (I-DAD) will be developed to enable robust RFI detection, characterization and localization. The situational awareness device, I-DAD, consist of two important utilities; (i) Short-time Fractional Fourier transform based intERference detectIon and characterizatioN (SNIFFER) technique capable of detecting and analyzing a wide range of RFI waveforms. SNIFFER will perform the 2D analysis of captured samples by representing the signal in time-fractional Fourier domain frequency plane measuring the angular distribution of the signal's energy. In contrast to traditional RSSI based approaches, SNIFFER is designed to detect even the lowest power RFI source. (ii) Information gathered by multiple I-DADs is used to perform geolocation. A novel SNIFF-LOC technique is proposed, that leverages the signal parameters estimated by SNIFFER to estimate the location of its source. SNIFF-LOC would present near optimal performance as it is built on the estimated signal intelligence in contrast to other traditional approaches based on TDOA, FDOA, AOA, RSSI where most of the other signal parameters are discarded.

Company

Epiq Solutions
165 Commerce Dr.
Suite 204
Schaumburg, IL 60173-5331

Proposal Information FY18.1-H-SB018.1-003-0008-I - Forensiq: Flexible RF Interference Detection in the Palm of your Hand
Topic Information H-SB018.1-003 - Device to Detect Interference of Communications Systems
Award/Contract Number 70RSAT18C00000020
Abstract

With the ever-increasing availability of commercial jamming equipment, the risk to public safety communications has never been higher. While public safety has operational backup plans for communications, jamming has proven problematic to detect in the field. The purpose of this project is to solve this critical problem of detection and characterization simply and seamlessly, for the first responder, the incident commander, and the system operator. In this project, Epiq Solutions will develop technology based on its miniaturized unique and commercially successful software defined radio (SDR) in conjunction with network detection and decoding capabilities. The key innovations made during the execution of this project are: the development of an effective detection algorithm for RF jamming waveforms of interest, the prototype development of a small, unobtrusive, power-optimized RF interference detection sensor leveraging Epiq Solutions' existing efforts in small form factor SDR, and the development of a sensor network architecture to support geolocation of RF jamming signals of interest via distributed sensors. Today public safety has few options to detect jamming, spoofing, and denial-of-service in its RF communications. The development of a small, unobtrusive detection tool provides a broad use case and will greatly reduce the risk to public safety in critical situations.

Back to top

H-SB018.1-004

Company

Setter Research, Inc.
3306 Windrift Drive
Greensboro, NC 27410-3950

Proposal Information FY18.1-H-SB018.1-004-0002-I - Augmented Commercial Radio for Navigation (ACORN)
Topic Information H-SB018.1-004 - Deterministic Augmentation of RF Transmissions for PNT
Award/Contract Number 70RSAT18C0000026
Abstract

The Global Positioning System (GPS) and other global navigation satellite systems (GNSS) have become critical elements of diverse activities including safe and efficient ground and air transportation, manufacturing, power generation, financial transactions, farming, cellular communications, first responder operations, law enforcement, consumer activities, all in addition to military operations for which they were originally designed. The widespread adoption and integration of GPS has created significant risks due to the known threats to GPS signals. With low signal power at the earth's surface, transmission in well-known and well-defined spectral bands, and sensitivity to interfering signals, GPS signals are easily jammed, spoofed, blocked, or otherwise corrupted. These risks to GPS can have tremendous economic and public health and safety impacts. This proposal takes a new approach to providing a nationally available, highly accurate, and low-cost position, navigation, and timing (PNT) system by augmenting existing commercial broadcast transmissions. Augmented Commercial Radio for Navigation (ACORN) is a general purpose PNT capability, supporting an unlimited number of simultaneous users, applicable indoors, outdoors, and airborne. ACORN should be more accurate than GPS L1 CA code, entirely independent of GPS and other GNSS, equally accurate and available indoors and outdoors, and very difficult to jam or spoof. ACORN is a significant step toward achieving assured PNT.

Back to top

H-SB018.1-005

Company

Catalyst Communications Technologies Inc.
2107-D Graves Mill Road
Forest, VA 24551-4293

Proposal Information FY18.1-H-SB018.1-005-0005-I - LMR-P25 and LTE Mission Critical Push to Talk Interface Service
Topic Information H-SB018.1-005 - LMR-P25 and LTE Mission Critical Push to Talk Interface Service
Award/Contract Number 70RSAT18C00000042
Abstract

In this Phase I project, we will determine the feasibility of building an interworking solution to provide interoperability between LTE and LMR systems for mission critical operations, while improving interoperability between current LMR systems. In Phase I we will build upon the requirements work already done by NPSTC to determine the feasibility of meeting requirements for interworking when standard interfaces are used. In Phase II, we will combine innovations created through this study with our interoperability products to deliver a software-based prototype LMR to LTE MCPTT solution and will commercialize this interworking service software product in Phase III. To support the transition to LTE MCPTT, we will create a scalable architecture that leverages Radio over IP technology that we have perfected over the last twenty years. As part of our research and development, we will summarize feasibility results by creating comprehensive solutions matrices of standards interfaces versus interworking requirements. We will focus on Project 25 standard interfaces such as ISSI and also evaluate other standards-based systems and proprietary LMR systems. The Catalyst team brings many years of real-world experience in delivering interoperability solutions, ensuring the successful completion of this SBIR program for DHS. The result for DHS and other critical communicators will be smoother transitions to LTE at a lower cost. We have identified a multimillion dollar market for the resulting product that would allow each Public Safety agency to independently route PTT voice between its existing LMR system, FirstNet's LTE network, and other LMR systems.

Company

Murus Cybersecurity, LLC
503 S Dartmouth Ln
Schaumburg, IL 60193-2520

Proposal Information FY18.1-H-SB018.1-005-0006-I - A Universal Interworking Function (UIWF) for LMR and LTE Networks
Topic Information H-SB018.1-005 - LMR-P25 and LTE Mission Critical Push to Talk Interface Service
Award/Contract Number 70RSAT18C00000040
Abstract

Interoperability has been a communications objective for for first responders in the United Stats for many years. The need for digital interoperability brought about the establishment of the Telecommunications Industry Association (TIA) Association of Public Safety Communications Officials (APCO) Project 25 standard in 1989. Today, P25 standards are very mature, and include an Inter-RF Subsystem Interface (ISSI) which allows interconnection of P25 standard systems. As LTE is commercially available, a number of proprietary broadband Push-To-Talk (PTT) solutions have seen substantial operational uptake and have arguably made the problem of interoperability worse. These Pre-MCPTT services are often communications islands with few if any provisions for interoperability. With the allocation of 700MHz spectrum to a nationwide, interoperable LTE network and creation of Firstnet a new generation of interoperability is now needed. A final challenge to MC LTE-LMR interoperability is the fact that 3GPP defines the Mission Critical Interworking Function (IWF) as out of scope of the standards. This leaves a blank space between LMR and MC LTE. The purpose of this project is to develop the requirements, feature sets, architecture, and design analysis to establish the feasibility of a Universal Interworking Function (UIWF) that closes the gap between standards-based MC LTE and P25 ISSI as well as establishing solutions for MC LTE to Pre-MCPTT and other LMR system types.

Back to top

H-SB018.1-006

Company

Next Century Corporation
2701 Technology Drive
Suite 300
Annapolis Junction, MD 20701-1018

Proposal Information FY18.1-H-SB018.1-006-0006-I - CPACT (CheckPoint Advanced Computerized Tomography)
Topic Information H-SB018.1-006 - Improved Human Systems for Computed Tomography
Award/Contract Number 70RSAT18C00000041
Abstract

Next Century proposes development of CPACT (CheckPoint Advanced Computed Tomography), providing an innovative user interface that makes processing 3D CT images sufficiently intuitive and straightforward for the operator, so as to streamline their use at baggage checkpoints. The proposed CPACT solution will enable TSA and our nation to reap the benefits of the increased security that these 3D images afford. To ensure tangible results and adequate vetting of our approach, Next Century will assemble a Phase I proof-of-concept interface prototype that demonstrates the user interface concepts, paradigms, and functional capabilities of our CPACT solution. Phase II will then focus on evolving this capability for operational field use. To date, no vendor is known to have stepped forward to offer a Common GUI for use across CT scanning platforms in the security market. This opens a window of opportunity for the CPACT solution proposed herein to fill that void and become the front-end interface of choice for these systems, especially if it garners the support and recommendation of DHS. In addition, the intuitive-yet-powerful analysis capabilities of the CPACT user interface are likely to garner interest from the medical community as well, given its heavy reliance upon and use of CT imagery. Potential for interest also exists in the law enforcement, military, and intelligence domains.

Company

Design Interactive, Inc.
3504 Lake Lynda Drive
Suite 400
Orlando, FL 32817-1484

Proposal Information FY18.1-H-SB018.1-006-0009-I - Advanced Computer Topography Interaction Design (ACT-ID)
Topic Information H-SB018.1-006 - Improved Human Systems for Computed Tomography
Award/Contract Number 70RSAT18C00000036
Abstract

This effort proposes development of the Advanced Computer Topography Interaction Design (ACT-ID), an innovative, user-centered interface design for optimization of threat detection and resolution of carry-on baggage using CT X-ray technology. ACT-ID will incorporate human factors and user experience design methodologies in visual display design, human visual perception, multimodal design, interaction design and ergonomics into a universal interface that demonstrates reduced CT X-ray screening system operator burden and reduced image review time compared to current interfaces, equaling or improving upon performance seen with today's AT2 X-ray technology. Benefits of ACT-ID include increased security effectiveness, reduced operator burden, and reduced image review time. The resultant Phase I prototype design will combine visual displays with interaction methods that combine to best support a human operator in manipulating, reviewing, and assessing image contents in an effective and efficient manner, thereby optimizing security effectiveness.

Company

IDSS Holdings Inc
430 Bedford Road, Suite 204
Armonk, NY 10504-2002

Proposal Information FY18.1-H-SB018.1-006-0011-I - Improved Human Systems for Computed Tomography Speed of Image Review
Topic Information H-SB018.1-006 - Improved Human Systems for Computed Tomography
Award/Contract Number 70RSAT18C00000027
Abstract

IDSS in partnership with Tufts University Human Factors Engineering Program, a leader in Engineering Phycology, proposes to study CT screening system operator burden and reduce image review time by reviewing the GUI and the current man-machine interaction, perform a cognitive and behavioral analysis of the interaction, perform a time an motion study and recommend and perform limited prototyping of potential improvement to the operator interface and toolset.

Back to top

H-SB018.1-008

Company

Sekurity LLC
155 Washington St, Apt 1907
1907
Jersey City, NJ 07302-4588

Proposal Information FY18.1-H-SB018.1-008-0005-I - Principled Security Analysis of the Firmware Binaries via Guaranteed Formal Verification and Scalable Dynamic Monitoring
Topic Information H-SB018.1-008 - Automated & Scalable Analysis of Mobile & IoT Device Firmware
Award/Contract Number 70RSAT18C00000022
Abstract

Consequently, to protect the mobile/IoT platforms against complex security attacks, there is a need for effective analysis of mobile/IoT firmware. Such a solution is currently missing in the market. In this DHS SBIR effort, we will develop BINSEC, a mobile/IoT firmware binary security analysis framework. To ensure acceptable scalability, usability, and universality across different firmware binary formats, BINSEC will use a combination of advanced binary reverse engineering, malware analysis, programming languages techniques, formal methods, and dynamic vulnerability assessment algorithms to generate accurate and human-perceivable reports in a timely manner. The anticipated ultimate outcome of our project will be an IoT firmware binary security analysis framework (BINSEC) that has the following features: i) universal: unlike the existing limited technologies, BINSEC will support a variety of common and widely-used IoT device ISAs, and binary formats through its code lifting procedures and use of common intermediate representation; ii) scalable: BINSEC will provide security analysis results in a timely manner for complex firmware binaries through its optimizations and use of parallel processing; iii) usable: BINSEC's human perceivable reports and interface will make it easy-to-use by security analysts without deep binary analysis knowledge requirements; iv) efficient: BINSEC will be leverage static and dynamic techniques to ensure the performance of its analysis across various firmware versions of the same device as well as the accuracy of its binary vulnerability assessment results; v) holistic: BINSEC will corroborate its firmware analysis results with network traces (e.g., invocation of the malicious code identified in the firmware).

Company

RAM Laboratories, Inc.
591 Camino de la Reina
Suite 610
San Diego, CA 92108-3108

Proposal Information FY18.1-H-SB018.1-008-0008-I - Automated and Scalable Analysis of Mobile and IoT Device Firmware
Topic Information H-SB018.1-008 - Automated & Scalable Analysis of Mobile & IoT Device Firmware
Award/Contract Number 70RSAT18C00000024
Abstract

As Internet of Things (IoT) and mobile devices become increasingly popular and widely used, the security of the firmware running on these devices is paramount. However, due to the lack of an efficient and scalable analysis framework, combined with the increasing pressure to get products to market as quickly as possible, the software running on these devices is never properly checked for security vulnerabilities and backdoors. This results in a large potential attack surface, with millions of devices owned by individuals, enterprises, and government agencies that could be exploited by external adversaries. To fill this gap RAM Laboratories is proposing Firmalytics, a modular and scalable framework that automatically analyzes firmware images for security vulnerabilities, backdoors, and malware. The results, along with any metadata gathered about the firmware, are added to a database to support a correlation engine used for identifying groups of similar firmware. This grouping helps give contextual information of what vulnerabilities might be common among the firmware, allowing for us to prioritize vulnerabilities to search for when scanning the image. Additionally, our framework supports the use of more advanced vulnerability detection methods that rely on complex techniques such as symbolic execution. While these techniques have trouble scaling, we can utilize the correlation engine to intelligently sample images from the firmware database to analyze and potentially find 0-day vulnerabilities that have yet to be discovered. We can then verify which similar images might also be vulnerable and report the results back to the end user.

Company

Kryptowire, LLC
5352 Brandon Ridge Way
FAIRFAX, VA 22032-3282

Proposal Information FY18.1-H-SB018.1-008-0009-I - SAFARI: Scalable Analysis of Firmware for AndRoid and IOS
Topic Information H-SB018.1-008 - Automated & Scalable Analysis of Mobile & IoT Device Firmware
Award/Contract Number 70RSAT18C00000025
Abstract

To address the supply chain threats that stem from vulnerable or malicious software distributed through firmware on mobile and IoT devices via binary firmware images, we propose a scalable, comprehensive, and automated framework to detect firmware-borne threats, both malicious and (un)intentionally insecure, present in Android and iOS devices. We use a workflow encompassing three analysis techniques: forced-path execution, static analysis, and dynamic analysis across multiple software modules and applications. The novelty of our approach is based on its capability to provide analysis of software across different vendors, operating system versions, and applications as opposed to single application testing that has been our aim for previous work on mobile application testing. Being able to identify and trace data and control flow between different applications, the operating system, and back-end services for Android and iOS devices (mobile and IoT) is necessary to uncover code vulnerabilities and threats in the presence of software bundles such as the firmware images. In addition, recognizing that no single binary code analysis approach is without its shortcomings, so we address and complement the shortcomings of each individual approach, by employing a more comprehensive analysis using a diversity of analysis techniques. We detail a feasibility study for the design and implementation of, a novel system that will automatically identify, trigger, and analyze vulnerabilities in firmware. Our goal is to uncover any code vulnerabilities and design errors and their effects by efficiently enumerating and null-fuzzing all statically and dynamically accessible software components on the firmware.

Company

Red Balloon Security
336 West 37th Street
Suite 1024
New York, NY 10018-4592

Proposal Information FY18.1-H-SB018.1-008-0010-I - Firmware Automated Analysis at Scale with Testing
Topic Information H-SB018.1-008 - Automated & Scalable Analysis of Mobile & IoT Device Firmware
Award/Contract Number 70RSAT18C00000023
Abstract

The firmware running on mobile, embedded, and Internet of things devices is often treated as a blackbox by organizations. These firmware images can contain a myriad of n-day vulnerabilities, both malicious and unintentional backdoors, and other unwanted functionality. Unfortunately, analyzing these firmware images is a difficult and time-consuming task as each firmware can be packed with layers of compression and obfuscation along with specialized operating systems and filesystems. We propose Firmware Automated Analysis at Scale with Testing (FAAST), a technology built on top of Red Balloon Security's FRAK technology, a proprietary framework for unpacking, analyzing, modifying, and packing firmware images. FAAST will integrate additional specialized FRAK analyzers and utilize FRAK's client server architecture to automatically unpack and analyze firmware images returning human and machine readable reports back to the user.

Back to top
Back to Award List