Conference PaperPDF Available

The vulnerability of UAVs to cyber attacks - An approach to the risk assessment

Authors:

Abstract and Figures

By 2012 the U.S. military had increased its investment in research and production of unmanned aerial vehicles (UAVs) from $2.3 billion in 2008 to $4.2 billion [1]. Currently UAVs are used for a wide range of missions such as border surveillance, reconnaissance, transportation and armed attacks. UAVs are presumed to provide their services at any time, be reliable, automated and autonomous. Based on these presumptions, governmental and military leaders expect UAVs to improve national security through surveillance or combat missions. To fulfill their missions, UAVs need to collect and process data. Therefore, UAVs may store a wide range of information from troop movements to environmental data and strategic operations. The amount and kind of information enclosed make UAVs an extremely interesting target for espionage and endangers UAVs of theft, manipulation and attacks. Events such as the loss of an RQ-170 Sentinel to Iranian military forces on 4th December 2011 [2] or the “keylogging” virus that infected an U.S. UAV fleet at Creech Air Force Base in Nevada in September 2011 [3] show that the efforts of the past to identify risks and harden UAVs are insufficient. Due to the increasing governmental and military reliance on UAVs to protect national security, the necessity of a methodical and reliable analysis of the technical vulnerabilities becomes apparent. We investigated recent attacks and developed a scheme for the risk assessment of UAVs based on the provided services and communication infrastructures. We provide a first approach to an UAV specific risk assessment and take into account the factors exposure, communication systems, storage media, sensor systems and fault handling mechanisms. We used this approach to assess the risk of some currently used UAVs: The “MQ-9 Reaper” and the “AR Drone”. A risk analysis of the “RQ-170 Sentinel” is discussed.
Content may be subject to copyright.
2013 5th Inter national Confe rence on C yber Con ict
K. Podin s, J. Stinissen , M. Maybau m (Eds.)
2013 © NATO CCD COE Publications, Tall inn
Permi ssion to ma ke digit al or hard c opies of th is publica tion for in tern al
use with in NATO and for personal or edu cational use when for non -prot
or non-c ommer cial pur pose s is gran ted prov iding th at copies b ear th is
notice and a f ull c itation on t he rs t page. Any other reproduc tion o r
tran smission requ ires prior wr itten perm ission by NATO CCD COE.
The Vulnerability of UAVs to Cyber
Attacks - An Approach to the Risk
Assessment
Kim Hartmann
Institute of Electronics, Signal Processing
and Communication
Otto-von-Guericke-University
Magdeburg, Germany
kim.hartmann@ovgu.de
Christoph Steup
Department of Distributed Systems
Otto-von-Guericke-University
Magdeburg, Germany
steup@ovgu.de
Abstract: By 2012 the U.S. military had increased its investment in research
and production of unmanned aerial vehicles (UAVs) from $2.3 billion in 2008
to $4.2 billion [1]. Currently UAVs are used for a wide range of missions such as
border surveillance, reconnaissance, transportation and armed attacks. UAVs
are presumed to provide their services at any time, be reliable, automated and
autonomous. Based on these presumptions, governmental and military leaders
expect UAVs to improve national security through surveillance or combat missions.
To fulll their missions, UAVs need to collect and process data. Therefore, UAVs
may store a wide range of information from troop movements to environmental
data and strategic operations. The amount and kind of information enclosed make
UAVs an extremely interesting target for espionage and endangers UAVs of theft,
manipulation and attacks.
Events such as the loss of an RQ-170 Sentinel to Iranian military forces on 4th
December 2011 [2] or the “keylogging” virus that infected an U.S. UAV eet at
Creech Air Force Base in Nevada in September 2011 [3] show that the efforts of
the past to identify risks and harden UAVs are insufcient. Due to the increasing
governmental and military reliance on UAVs to protect national security, the
necessity of a methodical and reliable analysis of the technical vulnerabilities
becomes apparent.
We investigated recent attacks and developed a scheme for the risk assessment
of UAVs based on the provided services and communication infrastr uctures. We
provide a rst approach to an UAV specic risk assessment and take into account the
factors exposure, communication systems, storage media, sensor systems and fault
handling mechanisms. We used this approach to assess the risk of some currently
used UAVs: The “MQ-9 Reaper” and the “AR Drone”. A risk analysis of the “RQ-170
Sentinel” is discussed.
Keywords: UAV, Risk assessment, Cyber attack, Security analysis
1. INTRODUCTION
The targets of concern to cyber conict researchers are often either civilian
infrastructures or military computer systems. However, the increasing level of
technology in modern warfare and the reliance on these technical devices enforces
the investigation of the vulnerability of advanced military devices against technical
attacks.
Unmanned aerial vehicles (UAVs) are currently reascending military aerial devices
capable of operating without human pilots on board. Previously predominately used
by military services, UAVs are becoming increasingly valuable to civil applications.
UAVs may manoeuvre autonomously, relying on on-board-computers or be remotely
controlled by pilots from ground stations.
Within the past 5 years several incidents concerning drones have been reported by
the public news agencies, showing and increasing the public interest in military and
civilian drone applications.
The U.S. military increased its investment in the research and production of UAVs
from $2.3 billion in 2008 to $4.2 billion in 2012 [1]. UAVs are currently used for a
wide range of operations such as border surveillance, reconnaissance, transport and
armed attacks.
UAVs are presumed to be reliable, automated and autonomous machines, providing
their services at any time. Based on these presumptions, governmental and military
leaders hope that UAVs improve national security. However, reviewing UAVs from
a technical point of view, UAVs must be classied as highly exposed, multiply
linked, complex pieces of hardware with high strategic and economic value.
It is interesting and bizarre that there is more research done regarding the security
of modern cars incorporating car-to-car- and car-to-infrastructure-communication
than research regarding the security of UAVs. It is unclear whether this is an effect
of the closed-source-politics due to UAVs military origins or if these devices are
simply considered to be secure due to their original tasks.
System security should never be considered as a state, but rather as a process. In
order to support this process, it is important to be capable of describing and judging
the current security status. Furthermore, it is desirable to be able to compare system
congurations in terms of security levels. In order to full these tasks, we are
confronted with the questions: What is security and how is it measured?
Focusing on the technical aspect of the questions, (information) security is dened
in the 44 USC §3542 [4] as “ … protecting information and information systems
from unauthorised access, use, disclosure, disruption, modication, or destruction
… ”. Hence, security is a value describing how good a system is protected against
the above named.
In order to determine how good a system is protected, it is important to know its
vulnerabilities. Technically, the vulnerability of a system is an aspect of the system
that heightens the probability of malfunction due to specic incidents. Depending
of the severity of the malfunction, ranging from the complete loss of control/
destruction of the system to mere errors, the vulnerability may impose a threat to
the systems security. In other words: A threat is a possible incident with a severe
impact on the systems security. An incident may either be an attack or an event [5].
In terms of system security, a risk is a combination of the severity of the impact
of an attack on the systems security, multiplied by its probability of occurrence.
Hence, risk assessment quanties the possible severity and likelihood of attacks. It
is a crucial value for any high-level security system [6].
Interestingly, attackers searching for targets go the same way as system architects
designing a secure system. An attacker is searching for a system vulnerability
imposing a high threat, implying a high risk. A system architect is trying to
eliminate vulnerabilities imposing high threats and hardens the system through the
integration of coping mechanisms.
To heighten the systems security it is essential that the system designer nds
vulnerabilities before attackers do. This is achieved by continuous risk analysis
and assessment. Risk assessment schemes dened for most types of software-
and hardware-components exist. However, none such risk assessment scheme or
guideline for UAVs was found. Alarmingly, the reported incidents regarding UAVs
indicate that the risk assessment – if used - for UAVs must be decient. This paper
aims at improving this situation through supplying a prototype scheme for the risk
assessment of UAVs and the initiation of an academic discussion on the topic.
2. UAV – BASICS
UAVs are highly exposed technical systems. To analyse an UAVs vulnerabilities,
it is important to understand what components an UAV is made of and how these
components interact. In order to analyse UAVs on a common basis, we described
UAVs in terms of component models.
Figure 1 shows a general component model of a standard UAV, without autonomous
ight entity and weapons. The model in Figure 1 describes the basic components a
UAV must incorporate.
UAV Ground Control Station
Base System
Communication
Links
Sensors
Avionics
Operators
Communication
Links
Figure 1. Right: General component model of a UAV. Left: Simple component model of a ground
station
The “UAV base system” is the foundation of the UAV linking together the UAV
components. It is needed to allow inter-component communication and controls
the sensor, navigation, avionic and communication system. It may be considered as
an UAV “operating system”. The base system also allows the integration of further
optional components such as special sensors or weapon systems.
The UAV sensor system consists of the sensory equipment of the UAV together with
integrated pre-processing functionalities. For common military UAVs these sensors
are often cameras with different capabilities. UAVs may be equipped with further
sensors, such as INS, GPS and radar.
The UAV avionic system is responsible for the conversion of received control
commands to commands of the engine, aps, rudder, stabilisers and spoilers.
The in-ight communication of UAVs is always wireless and may be divided into
two types: a) direct, line-of-sight (LOS) communication and b) indirect – mostly –
satellite communication (SATCOM).
Figure 2 displays the information ow between components of the UAV system.
Newer UAVs, such as the RQ170 Sentinel, are able to operate autonomously. They
may be additionally capable of holding and operating weapons as well as weapon
supporting systems (e.g. the MQ-9 Reaper).
UAV Ground Control Station
Base System
Communication
Links
Sensors
Avionics
Operators
Communication
Links
Figure 2. Information ow bet ween the UAV components and the ground station
To account to the above adjustments, an extended UAV component model is given
in Figure 3.
UAV Ground Control Station
Base System
Communication
Links
Sensors
Avionics
Autonomous
Control
Operators
Communication
Links
Weapons
Figure 3. Extended UAV component model
The information ow within the extended UAV component model may differ,
according to the UAV type. The exact internal communication may be relevant
for an attacker, if the attacker already has access to the internals of the system.
Otherwise it is not essential.
Unless physical access to the UAV is given, an attacker must access and inuence
the UAV externally. Luckily for an attacker, UAVs are highly dependent on external
input and therefore provide multiple input channels. Due to the “wireless nature” of
UAVs, these channels are wireless and hence difcult to harden.
There are several information ows between an UAV and its environment, as shown
in Figure 4. The two most important operational connections are 1) the bidirectional
information ow between the communications system and the ground control
station (GCS) and 2) the information ow from the environment to the sensors.
UAV Ground Control Station
Base System
Communication
Links
Sensors
Avionics
Autonomous
Control
Operators
Communication
Links
Environment
Weapons
Figure 4. Extended UAV component model with in format ion ow
However, additional inuences between the environment and the UAV must be
considered. These inuences are the changes of the attitude of the UAV induced
by the avionics, the result of weapons on the environment and the inuence of the
environment on the communication links.
The links are diverging in reliability and receptive to manipulation in different ways.
While the reliability of sensors and system components are mostly investigated
during system design, the consideration of the receptiveness of a sensor or system
component to manipulation is not common.
The key to unauthorised control of an UAV is knowledge of the receptiveness of the
system components to manipulation. To avoid third parties to take advantage of this
knowledge, the receptiveness must be considered during system design.
3. RECENT ATTACKS
The incorporation of UAVs in military services was accompanied by a series of
accidents having a broader impact on the overall security of UAVs.
One of the most recent and interesting incidents was the claimed theft an RQ-
170 Sentinel by Iranian forces. It is widely accepted that Iranian forces are in the
possession of the RQ-170 Sentinel. This claim was implicitly conrmed by a press
statement of US-President Obama, asking for the return of the UAV [2] .
However, the circumstances under which the UAV came into the possession of the
Iranian forces are controversial. Two popular theories exist that explain how the
RQ-170 Sentinel may have been lost.
The rst theory supposes that a vulnerability of the UAV sensor system with effects
on the navigation system wa s used to attack the GPS syst em, discussed by Humphr eys
[7]. The attack uses details about the GPS functionality which make it easy to attack
the GPS system of an UAV by a “GPS-spoong”-attack. The GPS-satellite-signal
is overlaid by a spoofed GPS-signal originating from a local transmitter with a
stronger signal. The spoofed GPS-signal simulates the GPS-satellite-signal, leading
to a falsied estimation of the UAVs current position. Supporter of this theory
suppose that Iranian forces jammed the satellite communication of the drone and
spoofed the GPS-signal to land the drone safely on an Iranian aireld.
Although the described attack is difcult to execute, it is not impossible [8]. If
Iranian forces possess the knowledge and techniques to complete a GPS-spoong
attack remains and open question.
The second theor y explains the loss of the UAV as a result of a technical malf unction.
The theory postulates that the UAV may have landed on Iranian territory due to a
technical malfunction. This may have allowed Iranian forces to recover the UAV.
Both theories indicate security problems. The GPS-Spoong theory emphasises the
necessity to include further and unusual components (e.g. sensors, input channels)
in the risk assessment of UAVs. Partial autonomous systems as UAVs are dependent
on their sensor systems in order to operate correctly. Furthermore, the sensor
system must be reviewed as a continuously open input channel and may hence be
prone to attacks.
Some reported incidents craved the destruction of the UAV to secure the
condentiality of sensitive data, [9], [10]. The technical malfunction theory claims
that a self-destruction of the RQ-170 Sentinel was not possible. Regardless whether
this theory is correct or not, it shows the necessity to examine the autonomous
behaviour of UAVs regarding the security implications. An UAV must be capable
of autonomously choosing the right strategy in case of a severe fault to uphold the
systems security.
Another threat to UAVs is the exposure of the GCS to vir uses as in the keylogging-
virus attack [3]. The possible consequences may range from a loss of sensitive data
to a loss of control of the assigned UAVs.
Another type of attack reported aimed directly at the communication link between
the UAV and its GCS. During this attack live video feeds of an UAV were captured
by Iraqian forces. The attack was possible due to a disabled encryption of the
communication link. The software used to accomplish the attack was worth $26
[11].
4. PROACTIVE RISK ASSESSMENT SCHEME
We assessed the risk of security violations of UAVs based on our component
models. Accordingly, the overall risk assessment of an UAV is the summation of its
components risk assessment.
The risk assessment result of the provided scheme is multi-dimensional. It provides
the risk assessment according to the type and intensity of security needed. It is
a component-wise, probability-based evaluation of integrity, condentiality and
availability of the UAV [5]. A high score in the risk assessment scheme corresponds
to a high risk regarding the loss of condentiality, integrity or availability.
The scheme provides information on the susceptibility of components to attacks
on the integrity, condentiality or availability of the component, respectively
of the UAV. According to the level of susceptibility, values between 0 and 1 are
appointed to the component (0 meaning “not susceptible”, 1 corresponds to “highly
susceptible”).
The values given by the scheme represent the susceptibility of the investigated
component to attacks inuencing integrity, condentiality or availability. To calculate
the risk, the specic probabilities of the occurrence of an attack are multiplied with
the susceptibility value [12]. The result must be evaluated according to the severity
of the loss of integrity, condentiality or availability of the investigated component/
UAV [6 ] . The aspects of security may be in conict.
The multi-dimensional risk assessment considers the different requirements of
UAVs. According to the general task of the UAV, different aspects of security play
varying roles and must be weighted accordingly. Therefore, the risk assessment of
UAVs is always mission-bound.
Threat
Analysis
Severity
Estimator
Occurence
Probability
Estimator
Risk Assessor
Occurence
Probability
Threat
Severity
UAV
Component
Mission
EnvironmentGoals
Availability
Risk
Confidantial
ity Risk
Integrity
Risk
Figure 5. General overview of the proposed UAV r isk assessment scheme.
A.
ENVIRONMENT
As seen in the component model in Figure 1, the environment inuences the UAVs
sensors, its communication links and avionics. Hence, the environment must be
considered in the UAV risk assessment. It is important to distinguish between
political and physical factors of the environment, as these inuence security aspects
differently.
The landforms may be classied according to geomorphological categories. We
considered two types of landscape (lowland and mountainous) and two political
states (friend or enemy). This selection is only for demonstration purposes.
The inuence of environmental factors on the UAVs security level in terms of
availability, condentiality and integrity is shown in Table I. The physical factors
described are not capable of inuencing the UAVs condentiality or integrity.
However, other factors such as weather conditions, altitudes etc. may inuence
integrity.
The two political factors considered have inuences on all aspects of the systems
security. An UAV moving in enemy territory may lose its availability due to a
heightened threat of destruction, takeover, signal disturbances etc.. Additionally,
the UAV is exposed to the threat of condentiality or integrity loss due to the risk
of takeover, theft or manipulation.
Table I. Prototype environmental inuence on UAV
Landscape
Integrity
Confidentiality
Availability
Lowland
0
0
0
Mountainous
0
0
0.9
Friendly
territory
0
0
0
Enemy territory
0.9
0.9
0.9
B.
COMMUNICATION LINKS
For the investigated UAVs, the satellite link tends to use the Ku-Band. The LOS-
communication with the GCS is often based on the C-band or WiFi b-/g- or
n-standard.
The following subsections give a short introduction on common communication
types.
1) TCDL Ku-band communication
The TCDL (Tactical Common Data Link) is a secured data link developed by the
U.S. military, capable of deriving data from different sources. It may furthermore
route, encrypt, de-/multiplex, encode and transmit data at high speeds.
The TCDL uses a narrowband uplink at 15.15 GHz 15.35 GHz and a wideband
downlink at 14.40 GHz – 14.85 GHz. The TCDL may be operated both with
directional and omnidirectional antennas and has ranges of 200 km at rates from
1.5 Mbit/s to 10.7 Mbit/s and low bit-error-rates. It may be used to transmit sensor
data of any kind, especially radar, images and video signals.
One characteristic of Ku-band-based communication is that it is susceptible to rain/
snow fade. Due to the high frequencies used the signal may become disturbed by
air humidity.
However, Ku-band-based communication is harder to overhear and hence harder to
actively disturb than other comparable communication links, as required by [13].
2) LOS Communication: C-Band
Generally, the C-band describes the electromagnetic spectrum ranging from 4 GHz
to 8 GHz. The C-band is used by a wide range of applications, such as weather radar
systems, satellite communication, cordless phones and WiFi communication.
The frequencies relevant to uplink/downlink of the UAV communication systems
investigated are 4.4 – 4.94 GHz and 5.25 – 5.85 GHz.
The C-band communication is less susceptible to air humidity than Ku-band
communication. Nevertheless, due to the variety of applications, several COTS-
devices exist that may interfere the radio signal and cause signal distortion.
UAVs tend to use omnidirectional antennas for C-Band communication, heightening
the threat of interception by third parties.
3) LOS Communication: WiFi a/b/g/n
WiFi, synonymously described as “WLAN”, refers to any communication based on
the IEEE 802.11-standard. The frequencies used and the transmission rates differ
according to the used standard. WiFi a, referring to the IEEE 802.11 a standard,
ranges from 5.15 GHz 5.75 GHz at transmission rates of 54 Mbit/s. The b and
g standard operate in the frequency range of 2.4 GHz – 2.4835 GHz at 11 Mbit/s
(b), respectively 54 Mbit/s (g). The WiFI n standard may operate both at 2.4 GHz
as well as in the 5 GHz range. Due to the use of MIMO (Multiple Input Multiple
Output), the n standard may transmit over longer distances and higher rates (up to
600 Mbit/s). To cover longer distances and achieve higher rates, the n standard uses
multiple data streams and up to 4 antennas.
Due to its multiple applications and free usage, the b and g standard must expect
signal interference. The frequencies above 5 GHz are restricted; hence interferences
through civil applications are less likely. However, this may change in the near
future (5 - GH z -W L A N )
Because of the omnidirectional antennae used in the WiFi standards, WiFi is
susceptible to eavesdropping. Precautions such as tunneling and encryption may
be taken, but the general risk of eavesdropping – compared to other media – is still
heightened as no knowledge of the signals direction is needed to tap the signal.
4) Summary - Scheme for communication links
The result of the general risk assessment scheme for communication links is shown
in Table II. It is important to note that - although all communication links impose
security threats to all aspects of security - the degree of susceptibility varies greatly.
The overall risk depends on the specic task.
Table II. Risk assessment results for commonly used communication links
Link type
Integrity
Confidentiality
Availability
K
u
-band
0.1
0.1
0.1
C-Band
0.1
0.5
0.5
WiFi a
0.1
0.9
0.9
WiFi b
0.1
0.9
1
WiFi g
0.1
0.9
1
WiFi n
0.1
0.9
0.9
No encryption
0
0.9
0
No signature
0.9
0
0
C.
SENSORS
Sensors may be classied according to the type of reference used. References can
be external or internal. An external reference is e.g. a GPS satellite. INS on the other
hand relies only on internal references of physical parameters, such as acceleration
or angular rates.
To determine the risks of the individual sensor systems, the characteristics of the
sensor, the importance of the aspect observed and the mechanisms to detect spoofed
or false sensor values must be considered.
Sensors with external references are more susceptible to jamming and spoong
than sensors with internal references. External references generally impose a risk
to the integrity of the system.
Sensors relying on internal references must cope with value drifts, a certain
deviation from the correct value over time. This phenomenon is due to the lack
of external synchronisation and inherent errors. Reliable coping strategies exist
and an external synchronisation may additionally take place when appropriate. It is
widely accepted, that internal reference systems impose no additional risk.
Aspects of the environment that are crucial to the correct execution of the mission
must be observed correctly and reliably. If such an aspect is observed solely by a
sensor with an external reference, a risk for the integrity and the availability of the
system may emerge. An UAV relying on GPS-based navigation is prone to attacks
on the GPS-sensors, which may be jammed or spoofed. In this case, due to the
reliance on the external reference and the lack of control and coping mechanisms,
the correct autonomous behaviour of the UAV cannot be guaranteed [7].
However, sensors observing non-critical aspects of the environment may also
impose security threats. If the values delivered by the sensors are incorrect and
other components rely on these values, the implications may be severe. Hence, all
sensor data needs to be checked before used. Consequently, only optional sensors
with reliable failure and attack detection mechanisms impose no additional risk for
the integrity.
The redundancy mechanisms used to compensate sensor values may additionally
contribute to the systems security. If several - but different - sensors are used to
observe one aspect of the environment, the acquired values are considered more
reliable. It is less likely that multiple, different sensors are jammed or spoofed
collectively. Therefore, it may be concluded that single sensor observations impose
an additional threat for the systems integrity. If one sensor observes a crucial value,
such as ight attitude, this imposes a threat to the availability* of the system, as
jamming or spoong of this sensor may lead to the loss of the UAV.
The above observations lead to the risk assessment according to Table III.
The risk assessment must be done for each sensor in the UAV system as well as
every observed mission aspect. Since depending on the mission, different aspects
need to be considered and different aspects are critical, a mission specic sensor
setup will provide better options to lessen the risk for the UAV system. Also the
application of sensor fusion mechanisms, as described in [14], for cross-checking
and enhancement may lessen the risk of integrity or availability loss.
Commonly combined sensor systems as GPS, INS, camera and radar will now be
discussed based on the results of the general analysis.
INS is a traditional sensor to observe positional data and ight attitude for planes.
INS is often pa ired with GPS as an additiona l sensor to acquire absolute position d ata.
GPS relies on external references, creating +1 for integrity. However, a navigation
system based on an INS and a camera system are combined to observe optical
feature - see [15] - it poses no immediate security risk, even though the increasing
deviation is still present. If all three systems are combined, jammed/spoofed GPS
values are overruled by the INS and the optical features. This combined sensor
system poses no additional security risk.
Table III. General sensor risk assessment, overview
Sensor system property
Integrity
Confidentiality
Availability
Sensor with external
reference
0.9
0
0
Mandatory sensor with
external reference
0
0
0.9
Mandatory sensor without
redundancy
0.9
0
(0.9)*
Optional sensor without
attack or fault detection
0.9
0
0
To control an UAV, awareness of the UAVs current situation is needed. This accounts
to autonomous and human control. In current UAVs the situation awareness is
created by camera or radar systems. The multiple camera system MTS-B that is
used in the MQ9-Reaper consists of infrared, daylight and light enhancing cameras,
which are automatically fused to provide an optimal image. This heterogeneous
setup decreases the risk of jammed or spoofed sensor data due to cross-checking
and mutual enhancement. Although it is theoretically still possible to jam the
cameras, the used light would need to cover a wide frequency spectrum, making it
impractical and unlikely.
The results of the sensor system discussion are shown in Table IV.
Table IV. Risk assessment results for different sensor combinat ions and mission aspects
Aspect
Sensor System
Integrity
Availability
Navigation
INS
0
0.9
Navigation
GPS
1.8
0.9
Navigation
INS + GPS
0.9
0
Navigation
INS + Optical Flow
0
0
Navigation
INS + GPS + Optical
Flow
0
0
Flight Attitude
INS
0
0.9
Flight Attitude
INS + Optical Flow
0
0
Situation
Awareness
Single Camera
0.9
0
Situation
Awareness
Multiple Cameras
0
0
D.
DATA STOR AGE
The risk assessment of data storage mechanisms considers three main aspects:
1. Volati l it y
2. Encryption
3. Signature
The usage of volatile storage imposes a risk to the availability of the stored data.
If appropriate coping strategies are lacking, this may also lead to an inconsistent
storage state and hence result in a loss of integrity of the stored data. However, the
sole use of volatile storage does not impose an additional risk to the condentiality
of the stored data.
The use of encryption mechanisms may preserve the condentiality of stored
data. The lack of encryption generally heightens the risk of condentiality loss.
Encryption mechanisms do not prevent the stored date from being overwritten,
which implies a risk for data integrity. To secure the integrity, mechanisms such
as signatures or forgery detection must be integrated. These mechanisms have no
inuence on the condentiality or availability of the data.
Using the above considerations, the resulting observations are:
- The availability of the data is based on the volatility of the storage medium.
- Solid state storage imposes no risk on the availability, as it is considered
robust.
- Hard drive based storage and magnetic tapes are susceptible to force and
magnetic elds, resulting in a higher risk of data loss.
- Volatile memory such as RAM is considered to impose no risk for the
condentiality but may impose a risk of availability and integrity loss.
We considered magnetic tapes, hard drive storage, solid state storage and temporary
storage through RAM. The risk assessment for the considered storage media is
shown in Table V.
Table V. Risk assessment of com mon data storage media
Storage type
Integrity
Confidentiality
Availability
Analog
magnetic tape
0.9
0.9
0.9
Hard drive
based storage
(0.9)
(0.9)
0.9
Solid state
based storage
(0.9)
(0.9)
0
RAM
0.9
0
0.9
The numbers in brackets imply that the actual value depends on the encryption and
signature used and may be 0. The values converge to zero if the data stored is signed
and encrypted using strong encryption mechanisms.
E.
FAULT HANDLING MECHANISMS
Fault handling mechanisms are difcult to assess regarding their “usefulness”
in terms of security aspects. Although it is obvious that a “good fault handling
mechanism” should improve the systems overall security, it is not obvious what
good fault handling mechanisms for UAVs are. This is a common research problem
of U AVs .
UAVs are technical systems and prone to faults in all of their components. Faults
create errors, unhandled errors lead to malfunctions and disrupt the mission. To
prevent this, the emerging of faults must be prohibited or faults must be masked by
appropriate fault handling mechanisms [16].
Examples for fault handling mechanisms are “triple modular redundancy” or “fail-
safe states”. These mechanisms may cause restrictions on the functionality of the
UAV, but enable the continuation of the mission. However, the fail-safe state may
impose new threats to the security if the state is chosen unwisely.
Consider the following example: An UAV which is controlled remotely through a
communication link must switch into a fail-safe state if the communication link
is lost. One possible fail-safe state is to maintain the current position until the
communication link is restored. In this case the UAV needs to aviate based on its
on-board sensors, making the impact of manipulated sensor data tremendous. An
example of this type of attack is the GPS-signal spoong [7].
To assess the threats imposed by the fault handling mechanisms of an UAV
it is necessary to categorise the possible faults. A ne grained categorisation is
discussed in [17]. We categorise security threats by severity of the fault and fault
type (transient or permanent).
Transient faults are often external temporary disturbances, such as communication
interferences due to weather conditions. Permanent faults are mainly hardware
damages.
The risk assessment of fault handling mechanisms in UAVs considers transient
and permanent mission critical fault handling mechanisms and analyses their
implications on integrity, condentiality and availability.
Different fault-handling strategies for mission critical faults exist, examples are
“self-destruct”, “automatic-return”, “land” and “hover”. Not all strategies may be
equally appropriate for all faults [18].
The possible fault handling mechanisms for severe faults of general UAV
components are shown in Table VI.
The “hover” strategy requires working avionics and navigation. For transient faults
“hover” provides the ability to continue the mission after recovery. However, due to
possibly limited sensor and communication facilities the UAV is more likely to be
attacked through spoofed or manipulated data. This invokes threats to the integrity
of the mission.
The “automatic-return” strategy provides the best chance of retrieving a functional
UAV, but it imposes the same risks as the “hover” strategy.
Table VI. Component-dependent fail-safe states
Component
Fault handling mechanism
Base system
self-destruct
Data Storage
land, self-destruct, (automatic-return)
Sensors
hover, (automatic-return), land, self-destruct
Communication
hover, automatic-return, land, self-destruct
Avionics
Land, (automatic-return), self-destruct
The “land”-strategy needs a minimal set of working components and is also
applicable in the case of engine failure. However, in enemy territory it imposes a
risk on integrity and condentiality.
The “self-destr uct” strategy has the lowest risk of misuse or exposure of sensitive
data, but it destroys the availability of any UAV component or data.
The deduced risk assessment values are shown in Table VII.
Table VII. Fail-safe state risk assessment results
Strategy
Integrity
Confidentiality
Availability
Hover
0.9
0
0
Land
0.9
0.9
0.9
Automatic-return
0.9
0
0
Self-destruct
0
0
0.9
The risk assessment shows that the security aspects are hardly compatible. This
implies that fault handling mechanisms should be adapted to the preferred security
aspect.
5. RE S U LT S
This section presents the results of applying the described scheme to modern UAVs.
A.
AR.DRONE
The parrot AR.Drone is a remotely controlled quadrocopter originally designed
for augmented reality video games. Meanwhile, the AR.Drone is commonly
used as a research platform [19]. Apart from research institutions, the AR.Drone
was also used during the “occupy wall street” actions to realise a robust police
reconnaissance system [20].
The basic hardware setup incorporates a single IEEE 802.11b/g [21] compatible
wireless communication link and an android or IOS based smartphone as GCS.
The antenna is omnidirectional and the link is usually not encrypted.
Apart from RAM (used to buffer video streams), the AR.Drone does not possess
any storage media. It contains two video cameras, an ultra-sonic range nder, a
low-altitude altimeter and an INS as sensory equipment.
The fault handling mechanism in case of an error of the communication link is to
enter the hover mode. Every other er ror results in instantaneous landing manoeuvres
(land mode).
The results of our risk assessment for the AR.Drone are shown in Table VIII.
Table VIII. AR.Drone r isk assessment results
Component
Integrity
Confidentiality
Availability
Communication
links
1.1
2.7
2
Data storage
0.9
0
0.9
Sensors
2.7
0
0.9
Fault handling
1.8
0.9
0.9
Total
6.5
2.6
4.7
The sensor risk value results from the following observations: The used INS is
accompanied by an optical ow measurement of the ground to track the position
[15], which represents a checked mandatory sensor. The additional low-altitude
distance sensor can be used to manipulate the ight height of the drone, which is a
risk comparable to an unchecked mandatory aspect sensor with external reference.
The cameras never overlap, prohibiting image cross-validation.
B.
MQ-9-REAPER
The General Atomics MQ-9 Reaper is a remotely controlled UAV. It is the successor
of the MQ-1 Predator. It uses the TCDL satellite communication system (SATCOM)
as well as a direct LOS C-band communication.
The control of the UAV is done by a GCS. The default equipment of the UAV consists
of several cameras bundled in a multi-spectral targeting system (MTS-B). These
cameras detect infrared, daylight and intensive light. The data is automatically pre-
processed and fused by the MTS-B. The navigational sensors are INS and GPS.
The MQ9-Reaper contains digital storage for video data. The encryption and
signature mechanism are unknown.
The results of the risk assessment are shown in Table IX.
Table IX. MQ-9-Reaper Risk assessment results
Component
Integrity
Confidentiality
Availability
Communication links
0.2
0.6
0.6
Data storage
0.9
0.9
0
Sensors
0.9
0
0
Fault handling
0.9
0.9
0.9
Total
2.9
2.4
1.5
The communication system uses two independent links, which are both encrypted
and signed.
The data storage is non-volatile, the encryption and signature methods used are
unknown. For our calculations we presumed the worst-case-scenario; no encryption
or signature methods.
The used camera system is redundant and uses fusion. The used combination of
INS and GPS poses a risk for the integrity of the data as the GPS uses an external
reference.
The accident described in [18] shows that the remote pilot must cope with
permanent faults manually. Furthermore, the self-destruct mechanism is activated
manually. This may lead to uncontrolled landings or ights and imposes threats to
the availability, integrity and condentiality of the system.
C.
RQ-170 SENTINEL
Due to the current investigations of the Iranian claim to have attacked an RQ-170
Sentinel, publically available and reliable sources regarding the equipment of the
RQ-170 are rare. The data available allows only a partial risk analysis of the UAV.
The sensory equipment of the UAV consists of infrared and daylight cameras as
well as GPS and INS. The equipment is similar to the MQ-9-Reaper. The risk
assessment of these sensors and the combinations are equal to the MQ-9. It is likely
that the scores of the Sentinel are similar to the MQ-9-Reapers scores, if not better.
The data storage is non-volatile; the encryption and signature mechanisms are
unknown. The communication link and the fault handling mechanisms are
unknown.
6. CONCLUSIONS
The risk assessment of UAVs is a complex task consisting of vulnerability and
threat analysis and is additionally dependent on mission details. The discussed
UAV related incidents imply that risk assessment schemes for UAVs are lacking or
insufcient.
The provided scheme is a rst attempt to describe and formalise the risk assessment
of UAVs. A component model of UAVs was designed to categorise and dene a
component-based risk assessment.
The components “communication system”, “data storage” and “sensor system” were
analysed based on the used technology and known vulnerabilities. Environmental
factors and fault handling mechanisms were additionally investigated. Security was
dened following the denition in the 44 USC $ 3542.
The provided scheme was applied to the AR.Drone and MQ-9-Reaper. A brief risk
analysis of the RQ-170 Sentinel was done, however the curre ntly public available data
is insufcient to draw any further conclusions. It appears that the RQ-170 Sentinel
will at least score at the same rates as the MQ-9-Repear. However, depending on the
further system setup, it is equally likely that this impression is false.
The calculated values give an indication of the susceptibility of the investigated
UAV to attacks inuencing availability, integrity or condentiality.
Within this scope, risk was dened as the result of the susceptibility of an UAV
multiplied by the probability of occurrence of a specic attack on a component’s
vulnerability, multiplied by the severity of the attack. It was shown that the risk
assessment of an UAV is highly dependent on the assigned task/mission.
The described method is a rst approach to a general scheme for the risk assessment
of UAVs. The risk analysis and assessment of each of the named components
describes an individual research area. This paper understands itself as a basic but
crucial introduction to the risk assessment of UAVs in terms of structure, tactics
and analysis.
REFERENCES
[1] Lolita C. Baldor, «Flashy drone strikes raise status of remote pilots,» The Boston Globe,
pp. online at 01.11.2012: http://www.bostonglobe.com/news/nation/2012/08/11/air-
force-works-ll-need-for-drone-pilots/ScoF70NqiiOnv3bD3smSXI/story.html, 2012.
[2] CNN Wire Staff, «Obama says U.S. has asked Iran to return drone aircraft,» 2011.
[3] Noah Shachtman, «Computer Virus Hits U.S. Drone Fleet,» Wired, pp. online at
01.11.2012: http://www.wired.com/dangerroom/2011/10/virus-hits-drone-eet, 2011.
[4] Cornell University Law School. [Online]. http://www.law.cornell.edu/uscode/
text/44/3542
[5] Matt Bishop, Introduction to Computer Security, 1st ed., Addison-Wesley, Ed. Boston,
USA: Pearson Education, 2004.
[6] Andrew Jaquith, Securit y Metrics: replacing Fear, Uncertaint y, and Doubt, 1st ed.,
Addison-Wesley, Ed. Boston, USA: Pearson Education, Inc., 2010.
[7] Todd Humphreys, «Statement on the vulnerability of civil unmanned aerial vehicles
and other systemes to civil gps spoong,» Austin, 2012.
[8] David Cenciotti. (2011, December) The Aviationist. [Online]. http://theaviationist.com/
category/captured-stealth-drone/page/2/
[9] US Air Force. (2007, November) United States Air Force. [Online]. http://usaf.aib.law.
af.mil/ExecSum2008/MQ-1L_AOR_29Nov07.pdf
[10] US Air Force. (2007, December) United States Air Force. [Online]. http://usaf.aib.law.
af.mil/ExecSum2008/MQ-1B_AOR_17Dec07.pdf
[11] British Broadcasting Corporation. (2009, December) BBC News. [Online]. BBC News:
online at http://news.bbc.co.uk/2/hi/world/middle_east/8419147.stm
[12] Carl Young, Metrics and Methods for Security Risk Management.: Syngress Media,
2010.
[13] Erdal Torun, «UAV Requirements and Design Consideration,» in RTO-MP-44, Ankara,
Turkey, 2000, pp. B4-1 - B4-8.
[14] D.L. Hall and J. Llinas, «An introduction to multisensor data fusion,» in Proceedings
of the IEEE, 1997, pp. 6 -23.
[15] Pierre-Jean Bristeau, François Callou, David Vissière, and Nicolas Petit, «The
Navigation and Control Technology Inside the AR.Drone Micro UAV,» in 18th IFAC
World Congress, Milano, Italy, 2011, pp. 1477-1484.
[16] Jane W. S. Liu, Real-Time Systems, 1st ed., Prentice Hall, Ed., 2000.
[17] Algirdas Avizienis, Jean-Claude Laprie, and Brian Randell, «Fundamental Concepts of
Dependability,» Newcastle, 2001.
[18] US Air Force. (2009, March) United States Air Force. [Online]. http://usaf.aib.law.
af.mil/ExecSum2009/MQ-9_FortIrwin_20Mar09.pdf
[19] Vojtěch Vonásek,Daniel Fišer,Jan Faigl Tomáš Krajník, «AR-Drone as a Platform for
Robotic Research and Education,» in Research and Education in Robotics - EUROBOT
2011, Prague, Czech Republic, 2011, pp. 172-186.
[20] N. Sharkey and S. Knuckey. (2011, December) The Guardian. [Online]. http://www.
guardian.co.uk/commentisfree/cifamerica/2011/dec/21/occupy-wall-street-occucopter-
tim-pool
[21] IEEE, «IEEE Standard for Information technology–Telecommunications and
information exchange between systems Local and metropolitan area networks–Specic
requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical
Layer (PHY) Specications,» IEEE Std 802.11-2012, pp. 1-2793, Mar 2012.
[22] Laurence R. Newcome, Unmanned aviation: a brief history of unmanned aerial
vehicles. Michigan, USA: American Institute of Aeronautics and Astronautics, 2004.
[23] P. W. Singer, Wire d for War: The Robo t ics Re vol utio n and Co nic t in th e 21st Cen t ur y.:
Penguin Books, 2009.
[24] Bill Yenne, Bi rd s of Prey: Pre dators, Rea pe rs and Amer ica’s Ne we st UAVs in Co mbat.
Pasadena, CA, United States: Specialty Pr, 2010.
[25] Ian Palmer, Unmanned Aerial Vehicles: Robotic Air Warfare 1917-2007. Essex, United
Kingdom: Osprey Publishing, 2008.
[26] Kimon P. Valavanis, Advances in Unmanned Aerial Vehicles. Dordrecht, The
Netherlands: Springer Netherland, 2008.
[27] Army UAS CoE Staff, «»Eyes of the Army» U.S. Army Roadmap for Unmanned
Aircraft Systems 2010-2035,» U.S: Army UAS Center of Excellence, Fort Rucker,
Alabama United States, 2010.
[28] J. R. Wilson, «A new generation,» Aerospace America, pp. 28-32, January 2007.
[29] T. J. Nugent and Kare J.T., «Laser Power for UAVs,» LaserMotive, Kent, WA United
States, White Paper.
[30] Secretary of Defense, «Unmanned Systems Roadmap 2007 - 2032,» U.S. Department
of Defense, Washington D.C., USA, Roadmap December 2007.
[31] John R. Vacca, Computer and Information Security Handbook.: Morgan Kaufman,
2009.
[32] Douglas L. Landoll, The Security Risk Assessment Handbook: A Complete Guide for
Performing Security Risk Assessments.: Crc Pr Inc, 2011.
... Block diagram of a UAV system. Source: Hartmann and Steup[1]. ...
Article
Full-text available
This paper discusses the vulnerabilities of perimeter surveillance unmanned aerial vehicles to cyber-physical security threats and discusses some approaches to manage them, as most cyber threats to the UAVs coming through their onboard wireless transceiver, we are suggesting an Antennas propagation type that limit the vector of the threat, also the importance of vulnerabilities scanner to evaluate the system risks. And addressing the limited energy and computation power resources onboard, a computation efficient onboard encryption method is proposed, and a sign cutting machine vision algorithm to provide warning of suspicious activity detected on interrupted surveillance imagery. The focus of this analysis is to manage the vulnerabilities of the system during both its operation time and its standby time, this is done by performing a checklist of computerized tests periodically and comparing two or more results to discover any unexpected changes. We showed that the onboard resources can be utilized more efficiently securing itself and the system from possible intrusion, however, some heavy calculation tasks still need to be performed on the ground control station which is causing some latency problem to such time sensitive operation. We have demonstrated that image registration techniques have produced useful results when applied to analyze the differences between two scene images.
... Furthermore, the possibilities of cyber-attacks are very broad. Surveys of the risks of cyber-attacks on public transport, vehicle to vehicle communication and unmanned aerial vehicles (UAVs) can be found in respectively [53], [54], and [55,56]. In [10], using two 2009 cars, it was demonstrated that attackers can remotely brake or disable the gas pedal. ...
Thesis
Full-text available
Without us realizing it, solutions for safety and security are present all around us. However, everyone has undoubtedly also experienced how inconvenient some safety and security measures can be. For example, think about security checks at the airport, the need to wear a bicycle helmet, or being asked to perform 2-factor authentication to log into an online account. Such inconveniences caused by safety and security measures can delay or even prevent their implementation, which is undesired. This reluctance to tolerate inconveniences for the sake of safety and security provides a challenge for engineers to find solutions with minimal impact on normal behaviour. This challenge is especially pronounced in so-called cyber-physical systems (CPSs), in which digital automation is used to coordinate the actions of one or more physical systems. Examples of CPSs are airplanes, robotic arms or the power grid. Such CPSs have the combined advantages of the physical and cyber world, but are also subject to both threats to safety and security. In fact, the integration of physical and cyber parts in a CPS means that security issues can cause safety issues, and although less common safety issues can cause security issues. Measures for safety and security of CPSs are categorized as prevention, resilience, and detection & accommodation. These different types of precautions can be used independently, but typically they need to be combined to provide adequate safety and security of a CPS. In this dissertation, three advances within safety and security of CPSs are presented which cover contributions on each of the different types of safety and security measures. Firstly, anomaly detection is addressed by extending existing sliding mode observer (SMO) based anomaly estimation methods with detection capability. To this end, two SMO based anomaly detectors are presented, which are applicable to a large class of SMOs. These detectors, by design, have no false alarms and allow for strong theoretical guarantees on detectability. Secondly, a topology-switching coalitional control technique which integrates resilience, detection and accommodation is designed for safe control of a collaborative vehicle platoon (CVP) subjected to man-in-the-middle (MITM) cyber-attacks. Here resilience to undetected attacks is achieved by means of scenario-based model predictive control (MPC) and detected anomalies are accommodated by disabling the affected communication links. Lastly, a real-time implementation of encrypted control based on fully homomorphic encryption (FHE) is presented. FHE allows for manipulation of encrypted data, such that it can prevent confidentiality breaches during communication and computation. Each contribution of this dissertation addresses a specific topic within safety and security of CPSs. By doing so, they demonstrate the potential of these methods to increase safety and security of CPSs while minimizing their impact on normal behaviour. This will promote the adaptation of safety and security measures and allows for safety and security throughout the continued progress in automation.
... Any sort of vulnerability exploitation in these applications relying on fully automated CPS can lead to devastating consequences [1]. For instance, in the past, we have witnessed many CPS security breaches, namely, the DTrack Malware attack at the Kudankulam Nuclear power plant [2], Automotive System Car Jeep Hack [3], the Stuxnet attack [4], the RQ-170 UVA attack [5], Maroochy attack [6], and so on. The researchers have evaluated the feasibility of machine learning (ML) and deep learning (DL) for cyber security in general and the cyber security of CPS in particular. ...
Article
Full-text available
The increased usage of Cyber-Physical Systems (CPS) has gained the focus of cybercriminals, par-ticularly with the involvement of the internet, provoking an increased attack surface. The in-creased usage of these systems generates heavy data flows, which must be analyzed to ensure se-curity. In particular, Machine Learning (ML) and Deep Learning (DL) algorithms have shown feasibility and promising results to fulfill the security requirement through the adoption of intel-ligence. But the performance of these models strongly depends on the model structure, hy-per-parameters, dataset, and application. So, the developers only possess control over defining the model structure and its hyper-parameters for diversified applications. Generally, not all models perform well in default hyper-parameter settings. Their specification is a challenging and com-plex task and requires significant expertise. This problem can be mitigated by utilizing Hy-per-Parameter Optimization (HPO) techniques, which intend to automatically find efficient learning model hyper-parameters on specific applications or datasets. This paper proposes an enhanced intelligent security mechanism for CPS by utilizing HPO. Specifically, exhaustive HPO techniques have been considered for performance evaluation and evaluation of computational requirements to analyze their capabilities to build an effective intelligent security model to cope with security infringements in CPS. Moreover, we analyze the capabilities of various HPO tech-niques, normalization, and feature selection. To ensure the HPO, we evaluated the effectiveness of a DL-based Artificial Neural Network (ANN) on a standard CPS dataset under manual hy-per-parameter settings and exhaustive HPO techniques, such as Random Search, Directed Grid Search, and Bayesian Optimization. We utilized the min-max algorithm for normalization and SelectKBest for feature selection. The HPO techniques performed better than the manual hy-per-parameter settings. It achieved accuracy, precision, recall, and an F1 score of more than 98%. The results highlight the importance of HPO for performance enhancement and reduction of computational requirements, human efforts, and expertise.
... Security and Privacy issue [31] Provide the first approach to a UAV-specific risk assessment based on the provided services and communication infrastructures. ...
Preprint
Full-text available
Unmanned aerial vehicles (UAVs) are becoming more common, and their operational range is expanding tremendously, making the security aspect of the inquiry essential. This study does a thorough assessment of the literature to determine the most common cyberattacks and the effects they have on UAV assaults on civilian targets. The STRIDE assault paradigm, the challenge they present, and the proper tools for the attack are used to categorize the cyber dangers discussed in this paper. Spoofing and denial of service assaults are the most prevalent types of UAV cyberattacks and have the best results. No attack style demands the employment of a hard-to-reach gadget, indicating that the security environment currently necessitates improvements to UAV use in civilian applications.
... UAV generally uses inertial navigation system (INS) sensors that are assisted by global navigation satellite system (GNSS) to maintain the state estimator for navigation and positioning [3]. Satellite navigation spoofing interference technology has gradually become a hotspot of interference technology research due to its great harm and high concealment [4]. Concealment of spoofing is an important problem to explore because it is the key to the success of spoofing, which can help the spoofer effectively control the unidentified UAV. ...
Article
Once the spoofer has controlled the navigation system of unmanned aerial vehicle (UAV), it is hard to effectively control the error convergence to meet the threshold condition only by adjusting parameters of estimation if estimation of the spoofer on UAV has continuous observation error. Aiming at this problem, the influence of the spoofer's state estimation error on spoofing effect and error convergence conditions is theoretically analyzed, and an improved adaptively robust estimation algorithm suitable for steady-state linear quadratic estimator is proposed. It enables the spoofer's estimator to reliably estimate UAV status in real time, improves the robustness of the estimator in responding to observation errors, and accelerates the convergence time of error control. Simulation experiments show that the mean value of normalized innovation squared (NIS) is reduced by 88.5%, and the convergence time of NIS value is reduced by 76.3%, the convergence time of true trajectory error of UAV is reduced by 42.3%, the convergence time of estimated trajectory error of UAV is reduced by 67.4%, the convergence time of estimated trajectory error of the spoofer is reduced by 33.7%, and the convergence time of broadcast trajectory error of the spoofer is reduced by 54.8% when the improved algorithm is used. The improved algorithm can make UAV deviate from preset trajectory to spoofing trajectory more effectively and more subtly.
Article
Unmanned Aerial Vehicles (UAVs) are becoming one of the main technological supports for commercial applications, embracing many domains ranging from human safety to the medical field, agriculture and environment, multimedia production, and even commercial delivery. This rise in popularity, however, is causing an increasing interest from criminals, making UAVs the target of new attacks. To fully characterize the current UAV cybersecurity landscape, we perform a complete literature review, digging into drone security historic facts and scientific studies on the matter, reviewing specialized articles and scientific papers focusing on cybersecurity threats and gaps in the context of small UAVs in commercial applications. Being a recent research and development area, most of the articles have been published between 2016 and 2020 as a direct consequence of the increase of security concerns and interest in the drone field. Papers in this review deal with UAV cyberthreats and related vulnerabilities, identifying flaws experimented in a lab or describing incidents detected in the field. Communication, sensors, and system misconfigurations are among the most important threat vectors, while sensor spoofing/jamming and malware DoS/control are among the most cited threats. Threat vectors permit depicting a complete overview of the topic and potential countermeasures known to date, with related gap analysis, also accounting for the recent Unmanned Aircraft System evolution toward ad hoc or cloud-based UAV networks. Countermeasures include the adoption of traditional communication encryption and standard protocols, GPS spoofing/jamming mitigation, encryption and privacy-aware implementations, and counter-malware techniques, to name the most adopted. It also emerges that often attacks are simply ported or adapted from other attacks in similar domains, while peculiar attacks still remain such as targeted physical attacks, specific UAV malware, and GPS spoofing/jamming.
Conference Paper
Full-text available
This paper presents the AR-Drone quadrotor helicopter as a robotic platform usable for research and education. Apart from the description of hardware and software, we discuss several issues regarding drone equipment, abilities and performance. We show, how to perform basic tasks of position stabilization, object following and autonomous navigation. Moreover, we demonstrate the drone ability to act as an external navigation system for a formation of mobile robots. To further demonstrate the drone utility for robotic research, we describe experiments in which the drone has been used. We also introduce a freely available software package, which allows researches and students to quickly overcome the initial problems and focus on more advanced issues.
Book
This book presents information on how to analyze risks to your networks and the steps needed to select and deploy the appropriate countermeasures to reduce your exposure to physical and network threats. It also imparts the skills and knowledge needed to identify and counter some fundamental security risks and requirements, inlcuding Internet security threats and measures (audit trails IP sniffing/spoofing etc.) and how to implement security policies and procedures. In addition, this book also covers security and network design with respect to particular vulnerabilities and threats. It also covers risk assessment and mitigation and auditing and testing of security systems. From this book, the reader will also learn about applying the standards and technologies required to build secure VPNs, configure client software and server operating systems, IPsec-enabled routers, firewalls and SSL clients. Chapter coverage includes identifying vulnerabilities and implementing appropriate countermeasures to prevent and mitigate threats to mission-critical processes. Techniques are explored for creating a business continuity plan (BCP) and the methodology for building an infrastructure that supports its effective implementation. A public key infrastructure (PKI) is an increasingly critical component for ensuring confidentiality, integrity and authentication in an enterprise. This comprehensive book will provide essential knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications. This book will include discussion of vulnerability scanners to detect security weaknesses and prevention techniques, as well as allowing access to key services while maintaining systems security. Chapters contributed by leaders in the field cover theory and practice of computer security technology, allowing the reader to develop a new level of technical expertise. This book's comprehensive and up-to-date coverage of security issues facilitates learning and allows the reader to remain current and fully informed from multiple viewpoints. Presents methods of analysis and problem-solving techniques, enhancing the readers grasp of the material and ability to implement practical solutions.
Book
Not only are corporations and other organizations sometimes targeted by competitors in order to steal their information, they are also targets of political and/or religious groups who understand their economic and symbolic importance. However, a realistic security strategy requires a big-picture approach. At the same time, budgets are decreasing while security departments are dealing with threats that demand greater vigilance. In the wake of the 2008-2009 global economic melt-down, corporate executives are asking difficult questions about effectiveness and efficiency. The need for both information security and physical security is greater today than ever before, and not only to address more complex and dangerous crisis situations, but also to ensure that the methods deployed are indeed proportionate to risk.The notion of risk is the lens from which all such problems must be viewed. This book identifies and explains these foundational principles, and shows how they directly relate to an assessment of physical security risk. This book provides the modern security professional with a useful reference that facilitates both rigorous thinking and sensible decisions about key strategic choices.500,000 security professionals need to manage the risks that face their organizations in the 21 st c.Covers topics needed by homeland security professionals as well as IT and physical security managersIntegrated approach to assessing security risk offers vital safeguards for business continuity. © 2010 Carl S. Young Published by Elsevier Inc. All rights reserved.
Book
The second edition of this comprehensive handbook of computer and information security serves as a professional reference and practitioner's guide providing the most complete view computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advancements. It explores practical solutions to a wide range of security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into nine parts composed of 61 contributed chapters by leading experts in the areas of networking and systems security; information management; cyber warfare and security; encryption technology; privacy; data stora physical security; and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more. Chapters contributed by leaders in the field cover theory and practice of computer security technology, allowing the reader to develop a new level of technical expertise. This book's comprehensive and up-to-date coverage of security issues facilitates learning and allows the reader to remain current and fully informed from multiple viewpoints. Presents methods of analysis and problem-solving techniques, enhancing the readers grasp of the material and ability to implement practical solutions.
Article
Various companies are moving ahead on designing and building a broad range of types of unmanned aerial vehicles (UAV). The new generation of UAVs includes a broad array ranging from Predator and the hand-launched Ravens, used for quick area surveillance and reconnaissance, and a high-altitude, long-range, long-endurance platform with a wingspan as wide as a Boeing 737. Major prime competitors such as Northrop Grumman and Boeing, and specialized companies such as General Atomics Aeronautical Systems and AeroVironment have pursued UAV programs. Farnborough Air show also unveiled the twin-engine Polecat, a tailless flying wing design, similar to a B-2 bomber, which is intended for both tactical and strategic applications, with flight ranging from 10 to 23 hr. Lockheed Martin is also creating a corporate-wide Integrated Product Team (IPT) that can offer competitive advantages.