Unlocking Cybersecurity at the Physical Layer

As global communications systems grow more complex and interconnected, securing these networks requires innovative approaches that go beyond traditional cybersecurity measures. The Device-level Anomaly fRamEwork (DARE), developed by the National Institute of Standards and Technology (NIST), represents a significant advancement in this direction—addressing cyber threats from the foundational level of wireless communication: the physical layer. 

Traditional cybersecurity solutions primarily operate at higher layers of the network stack through analyzing software behavior, network traffic, or cryptographic protocols. However, they often overlook the physical layer, where critical vulnerabilities can arise. It would be like locking the front door of a house but forgetting to close the windows. This oversight is particularly concerning in the era of 5G and emerging next-generation 6G networks, where timing, signal integrity, and low-latency requirements increase the risk and impact of physical-layer events. 

DARE was conceived to fill this gap. Led by Dr. Jeanne Quimby and developed within the NIST Communications Technology Laboratory (CTL), the program was built on the premise that the physical signals transmitted between user equipment (UE) and base stations carry valuable information about the security posture of the system. By observing and analyzing small variations in these signals, DARE enables the detection of cybersecurity anomalies that would otherwise remain invisible. 

A Metrology Driven Framework 

Central to the DARE Program approach is the use of rigorous metrology and real-world test environments. Rather than relying on theoretical models or simulated data, the team deployed a commercial-grade radio access network (RAN) in the National Broadband Interoperability Testbed (NBIT) to capture authentic, high-fidelity communication data. This testbed infrastructure supports both 4G and 5G systems and enables controlled experimentation under realistic operational conditions. 

As part of their comprehensive research, the DARE Program collected more than 500 distinct types of communication data including measuring at the physical layer, medium access control (MAC) layer, and network layer across multiple test runs and scenarios. This data serves as the foundation for developing anomalous state detectors, machine learning models trained to identify deviations from expected system behavior that may indicate cybersecurity events, misconfigurations, or emerging threats. 

Notably, the DARE detectors are not limited to a single class of cybersecurity events. The project has demonstrated detection of on base station misconfigurations via disabled encryption settings which are conditions that are otherwise difficult or impossible to verify from the perspective of the user. 

Scientific Contributions, Standards Alignment, and National Impact 

The DARE team focuses on reproducibility and scientific rigor, reflected in an evaluation approach that transforms raw signal data into statistical distributions and applies multilayer analysis to develop low-error, robust detectors validated through independent testing. Performance metrics, including Receiver Operating Characteristic (ROC) curves across multiple bands, highlight the accuracy of the detectors and adaptability. These efforts have led to a Technology Readiness Level (TRL) 3 demonstration—indicating proven effectiveness in real-world outdoor telecom environments. The maturity of the program also extends to simulation, with a software-based suite in development to replicate urban network conditions and test algorithms against verified testbed results.  

Innovations from DARE are already informing national and international standards. The project was invited to contribute to the Institute of Electrical and Electronics Engineers (IEEE) P1952, a working group developing test plans to evaluate the resilience of commercial timing systems to cybersecurity events and Positioning, Navigation, and Timing (PNT) adversity. Additionally, the DARE methodology and results have been adopted by the Defense Advanced Research Projects Agency (DARPA) QuANet program, which explores quantum-based sensing solutions for secure, next-generation internet infrastructure. This cross-domain applicability, from classical wireless networks to quantum communication, demonstrates the versatility of the framework and enduring relevance. 

A key outcome of DARE is the public release of curated, labeled datasets—enabling the broader research community to develop, test, and validate anomaly detection algorithms using trusted, real-world data. These datasets are already in use by academic partners and are being integrated into the Next G Alliance Artificial Intelligence/Machine Learning (AI/ML) Readiness Initiative, supporting the transition to AI-native 6G systems. 

By making commercial-grade testbed data accessible, CTL is empowering universities, startups, and independent researchers to contribute to the next wave of secure telecommunications technologies. 

Looking Ahead 

The DARE program is advancing alongside new threats and technologies, with future research focused on AI-driven cyberattacks, quantum sensing integration, and enhanced detection for complex threat environments. By unlocking the cybersecurity potential of the physical layer, DARE supports the NIST mission and helps build more secure and resilient communications systems. 

To learn more please visit the Device-level Anomaly fRamEwork (DARE) page on NIST.gov.