Abstract
Unmanned Systems Autonomy Services (UxAS) is a set of networked software modules that collaboratively automate mission-level decision making for unmanned systems. Proposed, developed, and publicized by United States Air Force Research Laboratory (U.S. AFRL), UxAS has strong and promising implications in practice and it can be easily extended to support emulation and practical deployment of unmanned aerial vehicles (UAVs). Therefore, performing vulnerability assessment for UxAS is of significant importance. In this project, we first leveraged the threat-driven method to identify security requirements that focus on UxAS’ confidentiality, integrity, and availability. Next, we designed and developed fuzz tests to evaluate whether UxAS satisfies these requirements. Our experiments have shown that the current version of UxAS is vulnerable to a variety of attacks such as denial of service, message injection/replay, service self-destruct, and timing-based side-channel attacks. Finally, we studied the root-causes for these vulnerabilities and proposed mitigation strategies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Air Force Research Laboratory, Aerospace System Directorate, Power and Control Division: OpenUxAS (2017). https://github.com/afrl-rq/OpenUxAS
Birnbaum, Z., Dolgikh, A., Skormin, V., O’Brien, E., Muller, D., Stracquodaine, C.: Unmanned aerial vehicle security using behavioral profiling. In: 2015 International Conference on Unmanned Aircraft Systems (ICUAS), pp. 1310–1319. IEEE (2015)
Birnbaum, Z., Dolgikh, A., Skormin, V., Oâ Brien, E., Muller, D., Stracquodaine, C.: Unmanned aerial vehicle security using recursive parameter estimation. J. Intell. Robot. Syst. 84(1–4), 107–120 (2016)
He, D., Chan, S., Guizani, M.: Communication security of unmanned aerial vehicles. IEEE Wirel. Commun. 24(4), 134–139 (2017)
Hooper, M., et al.: Securing commercial Wifi-based UAVs from common security attacks. In: MILCOM 2016–2016 IEEE, pp. 1213–1218. IEEE (2016)
Javaid, A., Sun, W., Alam, M.: A cost-effective simulation testbed for unmanned aerial vehicle network cyber attack analysis. In: Safe & Secure Systems & Software Symposium S5, pp. 9–11 (2015)
Li, Y., Dai, R., Zhang, J.: Morphing communications of cyber-physical systems towards moving-target defense. In: 2014 IEEE ICC, pp. 592–598, June 2014. https://doi.org/10.1109/ICC.2014.6883383
Luo, X., Zhou, P., Zhang, J., Perdisci, R., Lee, W., Chang, R.K.: Exposing invisible timing-based traffic watermarks with BACKLIT, pp. 197–206. ACM (2011)
Mansfield, K.M., Eveleigh, T.J., Holzer, T.H., Sarkani, S.: Dod comprehensive military unmanned aerial vehicle smart device ground control station threat model. Technical report, DEFENSE ACQUISITION UNIV FT BELVOIR VA (2015)
Mitchell, R., Chen, R.: Adaptive intrusion detection of malicious unmanned air vehicles using behavior rule specifications. IEEE Trans. Syst. Man Cybern. Syst. 44(5), 593–604 (2014)
Noah Shachtman, W.: Exclusive: computer virus hits U.S. drone fleet (2011)
Rodday, N.M., Schmidt, R.O., Pras, A.: Exploring security vulnerabilities of unmanned aerial vehicles. In: 2016 IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 993–994. IEEE (2016)
Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)
Schumann, J., Moosbrugger, P., Rozier, K.Y.: R2U2: monitoring and diagnosis of security threats for unmanned aerial systems. In: Bartocci, E., Majumdar, R. (eds.) RV 2015. LNCS, vol. 9333, pp. 233–249. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23820-3_15
CNN Wire Staff: Obama says US has asked Iran to return drone aircraft (2011)
Yoon, K., Park, D., Yim, Y., Kim, K., Yang, S.K., Robinson, M.: Security authentication system using encrypted channel on UAV network. In: IEEE International Conference on Robotic Computing (IRC), pp. 393–398. IEEE (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, Y., Frasure, I., Ikusan, A.A., Zhang, J., Dai, R. (2018). Vulnerability Assessment for Unmanned Systems Autonomy Services Architecture. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-02744-5_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02743-8
Online ISBN: 978-3-030-02744-5
eBook Packages: Computer ScienceComputer Science (R0)