[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Challenges of Securing and Defending Unmanned Aerial Vehicles

  • Conference paper
  • First Online:
National Cyber Summit (NCS) Research Track 2020 (NCS 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1271))

Included in the following conference series:

Abstract

There are increasing concerns that foreign manufactured unmanned aerial systems may leak sensitive data to their manufacturers, particularly since such systems are used for reconnaissance and surveillance of critical infrastructure, for monitoring/managing industrial incidents, for tracking terrorist attacks, and more generally in applications that involve homeland/national security. In this paper we investigate the challenges of securing and defending such systems, focusing on civilian Group 1 (small) drones (quadcopters). We propose a solution based on an architecture that complies with the policies and standards of the Committee on National Security Systems for the Cybersecurity of Unmanned National Systems CNSSP 28, in which software components are adapted/modified appropriately, and security policies/mechanisms are enforced. Protection builds on isolation, encapsulation, and the use of cryptographic tools, with performance constraints expressed in terms of computation (power) and latency.

M. Burmester–Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the Naval Engineering Education Consortium and the Naval Surface Warfare Center.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 71.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 89.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The CRC for error detection of MAVLink 1.0 is not needed when HMACs are used.

  2. 2.

    One noisy drone can transmit several noisy signals.

References

  1. Arthur, M.P.: Detecting signal spoofing and jamming attacks in UAV networks using a lightweight ids. In: 2019 International Conference on Computer, Information and Telecommunication Systems (CITS), pp. 1–5. IEEE (2019)

    Google Scholar 

  2. Autopilot, A.O.S. http://ardupilot.org/

  3. Burmester, M., Munilla, J.: Lightweight RFID authentication with forward and backward security. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 1–26 (2011)

    Article  Google Scholar 

  4. CNSSP No. 28, Cybersecurity of Unmanned National Security Systems. http://www.cnss.gov/CNSS/issuances/Policies.cfm

  5. Davanian, A., Massacci, F., Allodi, L.: Diversity: A Poor Man’s Solution to Drone Takeover. In: PECCS, pp. 25–34 (2017)

    Google Scholar 

  6. Dill, E.T., Hayhurst, K.J., Young, S.D., Narkawicz, A.J.: UAS hazard mitigation through assured compliance with conformance criteria. In: 2018 AIAA Information Systems-AIAA Infotech@ Aerospace, p. 1218 (2018)

    Google Scholar 

  7. Docker Docs: AC-1 Access Control Policy and Procedures. https://docs.docker.com/compliance/reference/800-53/ac/

  8. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  9. Fang, D., Qian, Y., Hu, R.Q.: Security for 5g mobile wireless networks. IEEE Access 6, 4850–4874 (2017)

    Article  Google Scholar 

  10. Fuentes, G.: USNI News, June 19, 2018, Pentagon grounds marines’ “Eyes in the Sky” drones over cyber security concerns. http://news.usni.org/2018/06/18/pentagon-grounds-marines-eyes-sky-drones-cyber-security-concerns

  11. Güvenç, İ., Ozdemir, O., Yapici, Y., Mehrpouyan, H., Matolak, D.: Detection, localization, and tracking of unauthorized UAS and jammers. In: 2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC), pp. 1–10. IEEE (2017)

    Google Scholar 

  12. Krishna, C.L., Murphy, R.R.: A review on cybersecurity vulnerabilities for unmanned aerial vehicles. In: 2017 IEEE International Symposium on Safety, Security and Rescue Robotics (SSRR), pp. 194–199. IEEE (2017)

    Google Scholar 

  13. Kumar, A., Saxena, N., Tsudik, G., Uzun, E.: Caveat EPTOR: a comparative study of secure device pairing methods. In: 2009 IEEE International Conference on Pervasive Computing and Communications, pp. 1–10. IEEE (2009)

    Google Scholar 

  14. MAVLink Common Message Set. https://mavlink.io/en/messages/common.html

  15. MAVLink Developer Guide. https://mavlink.io

  16. MAVLink2. https://mavlink.io/en/guide/mavlink_2.html

  17. MAVROS, PX4 Development Guide: the MAVROS ROS package. https://dev.px4.io/v1.9.0/en/ros/mavros_installation.html

  18. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: International Conference on Cryptology in India, pp. 343–355. Springer (2004)

    Google Scholar 

  19. Munilla, J., Burmester, M., Peinado, A., Yang, G., Susilo, W.: RFID ownership transfer with positive secrecy capacity channels. Sensors 17(1), 53 (2017)

    Google Scholar 

  20. NIST SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007. https://csrc.nist.gov/publications/detail/sp/800-38d/final

  21. NIST SP 8000-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf

  22. NIST Special Publication 800-121: Revision 2, guide to Bluetooth security. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-121r1.pdf

  23. OWASP Cheat Sheet Series. https://www.owasp.org/index.php/OWASP Cheat_Sheet Series

  24. OWASP Enterprise Security API. https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

  25. Pearce, M., Zeadally, S., Hunt, R.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. (CSUR) 45(2), 1–39 (2013)

    Article  Google Scholar 

  26. Shakeri, R., Al-Garadi, M.A., Badawy, A., Mohamed, A., Khattab, T., Al-Ali, A.K., Harras, K.A., Guizani, M.: Design challenges of multi-UAV systems in cyber-physical applications: a comprehensive survey and future directions. IEEE Commun. Surv. Tutor. 21(4), 3340–3385 (2019)

    Article  Google Scholar 

  27. Shepardson, D.: Reuters, May 20, 2019, DHS warns of data threat from Chinese made drones. http://www.reuters.com/article/us-usa-drones-china/dhs-warns-of- data-threat-from-chinese-made-drones-idUSKCN1SQ1ZY

  28. sMAVLink, Secure MAVLink. https://docs.google.com/document/d/1upZ_KnEgK3Hk1j0DfSHl9AdKFMoSqkAQVeK8LsngvEU/edit

  29. Srinivas, J., Das, A.K., Kumar, N., Rodrigues, J.J.: TCALAS: temporal credential-based anonymous lightweight authentication scheme for internet of drones environment. IEEE Trans. Veh. Technol. 68(7), 6903–6916 (2019)

    Article  Google Scholar 

  30. Puko, K.F.T.: The Wall Street Journal, October 30, 2019, Interior Department Grounds Aerial Drone Fleet, Citing Risk From Chinese Manufacturers. http://www.wsj.com/articles/interior-dept-grounds-aerial-drone-fleet-citing-risk-from-chinese-manufacturers-11572473703

  31. Torens, C., Adolf, F.: Automated Verification and Validation of an Onboard Mission Planning and Execution System for UAVs. In: AIAA Infotech@ Aerospace (I@ A) Conference, p. 4564 (2013)

    Google Scholar 

  32. Tridgell, A., Meier, L.: Mavlink 2.0 packet signing proposal (2015). https://docs.google.com/document/d/1ETle6qQRcaNWAmpG2wz0oOpFKSF_bcTmYMQvtTGI8ns/edit#heading=h.r1r08t7lr2pc

  33. Ubuntu Server 18.04.3 LTS. https://ubuntu.com/download/server

  34. Ward, A.E.: The legal, technical, and practical challenges of countering the commercial drone threat to national security. Technical report, Naval Postgraduate School Monterey United States (2019)

    Google Scholar 

  35. What is a Container: Docker, Inc. http://docker.com. Accessed 30 Oct 2019

  36. Won, J., Bertino, E.: Securing mobile data collectors by integrating software attestation and encrypted data repositories. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), pp. 26–35. IEEE (2018)

    Google Scholar 

  37. Wyner, A.D.: The wire-tap channel. Bell Syst. Tech. J. 54(8), 1355–1387 (1975)

    Article  MathSciNet  Google Scholar 

  38. Yasrab, R.: Mitigating docker security issues. arXiv preprint arXiv:1804.05039 (2018)

Download references

Acknowledgments

This material is based upon work supported by the Naval Engineering Education Consortium (NEEC) Award N00174-19-1-0006.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mike Burmester .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Goble, W. et al. (2021). Challenges of Securing and Defending Unmanned Aerial Vehicles. In: Choo, KK.R., Morris, T., Peterson, G.L., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2020. NCS 2020. Advances in Intelligent Systems and Computing, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-58703-1_8

Download citation

Publish with us

Policies and ethics