Skip to main content
SpringerLink
Log in

Challenges of Securing and Defending Unmanned Aerial Vehicles

  • Conference paper
  • First Online:
National Cyber Summit (NCS) Research Track 2020 (NCS 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1271))

Included in the following conference series:

Abstract

There are increasing concerns that foreign manufactured unmanned aerial systems may leak sensitive data to their manufacturers, particularly since such systems are used for reconnaissance and surveillance of critical infrastructure, for monitoring/managing industrial incidents, for tracking terrorist attacks, and more generally in applications that involve homeland/national security. In this paper we investigate the challenges of securing and defending such systems, focusing on civilian Group 1 (small) drones (quadcopters). We propose a solution based on an architecture that complies with the policies and standards of the Committee on National Security Systems for the Cybersecurity of Unmanned National Systems CNSSP 28, in which software components are adapted/modified appropriately, and security policies/mechanisms are enforced. Protection builds on isolation, encapsulation, and the use of cryptographic tools, with performance constraints expressed in terms of computation (power) and latency.

M. Burmester–Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the Naval Engineering Education Consortium and the Naval Surface Warfare Center.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The CRC for error detection of MAVLink 1.0 is not needed when HMACs are used.

  2. 2.

    One noisy drone can transmit several noisy signals.

References

  1. Arthur, M.P.: Detecting signal spoofing and jamming attacks in UAV networks using a lightweight ids. In: 2019 International Conference on Computer, Information and Telecommunication Systems (CITS), pp. 1–5. IEEE (2019)

    Google Scholar 

  2. Autopilot, A.O.S. http://ardupilot.org/

  3. Burmester, M., Munilla, J.: Lightweight RFID authentication with forward and backward security. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 1–26 (2011)

    Article  Google Scholar 

  4. CNSSP No. 28, Cybersecurity of Unmanned National Security Systems. http://www.cnss.gov/CNSS/issuances/Policies.cfm

  5. Davanian, A., Massacci, F., Allodi, L.: Diversity: A Poor Man’s Solution to Drone Takeover. In: PECCS, pp. 25–34 (2017)

    Google Scholar 

  6. Dill, E.T., Hayhurst, K.J., Young, S.D., Narkawicz, A.J.: UAS hazard mitigation through assured compliance with conformance criteria. In: 2018 AIAA Information Systems-AIAA Infotech@ Aerospace, p. 1218 (2018)

    Google Scholar 

  7. Docker Docs: AC-1 Access Control Policy and Procedures. https://docs.docker.com/compliance/reference/800-53/ac/

  8. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  9. Fang, D., Qian, Y., Hu, R.Q.: Security for 5g mobile wireless networks. IEEE Access 6, 4850–4874 (2017)

    Article  Google Scholar 

  10. Fuentes, G.: USNI News, June 19, 2018, Pentagon grounds marines’ “Eyes in the Sky” drones over cyber security concerns. http://news.usni.org/2018/06/18/pentagon-grounds-marines-eyes-sky-drones-cyber-security-concerns

  11. Güvenç, İ., Ozdemir, O., Yapici, Y., Mehrpouyan, H., Matolak, D.: Detection, localization, and tracking of unauthorized UAS and jammers. In: 2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC), pp. 1–10. IEEE (2017)

    Google Scholar 

  12. Krishna, C.L., Murphy, R.R.: A review on cybersecurity vulnerabilities for unmanned aerial vehicles. In: 2017 IEEE International Symposium on Safety, Security and Rescue Robotics (SSRR), pp. 194–199. IEEE (2017)

    Google Scholar 

  13. Kumar, A., Saxena, N., Tsudik, G., Uzun, E.: Caveat EPTOR: a comparative study of secure device pairing methods. In: 2009 IEEE International Conference on Pervasive Computing and Communications, pp. 1–10. IEEE (2009)

    Google Scholar 

  14. MAVLink Common Message Set. https://mavlink.io/en/messages/common.html

  15. MAVLink Developer Guide. https://mavlink.io

  16. MAVLink2. https://mavlink.io/en/guide/mavlink_2.html

  17. MAVROS, PX4 Development Guide: the MAVROS ROS package. https://dev.px4.io/v1.9.0/en/ros/mavros_installation.html

  18. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: International Conference on Cryptology in India, pp. 343–355. Springer (2004)

    Google Scholar 

  19. Munilla, J., Burmester, M., Peinado, A., Yang, G., Susilo, W.: RFID ownership transfer with positive secrecy capacity channels. Sensors 17(1), 53 (2017)

    Google Scholar 

  20. NIST SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007. https://csrc.nist.gov/publications/detail/sp/800-38d/final

  21. NIST SP 8000-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf

  22. NIST Special Publication 800-121: Revision 2, guide to Bluetooth security. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-121r1.pdf

  23. OWASP Cheat Sheet Series. https://www.owasp.org/index.php/OWASP Cheat_Sheet Series

  24. OWASP Enterprise Security API. https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

  25. Pearce, M., Zeadally, S., Hunt, R.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. (CSUR) 45(2), 1–39 (2013)

    Article  Google Scholar 

  26. Shakeri, R., Al-Garadi, M.A., Badawy, A., Mohamed, A., Khattab, T., Al-Ali, A.K., Harras, K.A., Guizani, M.: Design challenges of multi-UAV systems in cyber-physical applications: a comprehensive survey and future directions. IEEE Commun. Surv. Tutor. 21(4), 3340–3385 (2019)

    Article  Google Scholar 

  27. Shepardson, D.: Reuters, May 20, 2019, DHS warns of data threat from Chinese made drones. http://www.reuters.com/article/us-usa-drones-china/dhs-warns-of- data-threat-from-chinese-made-drones-idUSKCN1SQ1ZY

  28. sMAVLink, Secure MAVLink. https://docs.google.com/document/d/1upZ_KnEgK3Hk1j0DfSHl9AdKFMoSqkAQVeK8LsngvEU/edit

  29. Srinivas, J., Das, A.K., Kumar, N., Rodrigues, J.J.: TCALAS: temporal credential-based anonymous lightweight authentication scheme for internet of drones environment. IEEE Trans. Veh. Technol. 68(7), 6903–6916 (2019)

    Article  Google Scholar 

  30. Puko, K.F.T.: The Wall Street Journal, October 30, 2019, Interior Department Grounds Aerial Drone Fleet, Citing Risk From Chinese Manufacturers. http://www.wsj.com/articles/interior-dept-grounds-aerial-drone-fleet-citing-risk-from-chinese-manufacturers-11572473703

  31. Torens, C., Adolf, F.: Automated Verification and Validation of an Onboard Mission Planning and Execution System for UAVs. In: AIAA Infotech@ Aerospace (I@ A) Conference, p. 4564 (2013)

    Google Scholar 

  32. Tridgell, A., Meier, L.: Mavlink 2.0 packet signing proposal (2015). https://docs.google.com/document/d/1ETle6qQRcaNWAmpG2wz0oOpFKSF_bcTmYMQvtTGI8ns/edit#heading=h.r1r08t7lr2pc

  33. Ubuntu Server 18.04.3 LTS. https://ubuntu.com/download/server

  34. Ward, A.E.: The legal, technical, and practical challenges of countering the commercial drone threat to national security. Technical report, Naval Postgraduate School Monterey United States (2019)

    Google Scholar 

  35. What is a Container: Docker, Inc. http://docker.com. Accessed 30 Oct 2019

  36. Won, J., Bertino, E.: Securing mobile data collectors by integrating software attestation and encrypted data repositories. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), pp. 26–35. IEEE (2018)

    Google Scholar 

  37. Wyner, A.D.: The wire-tap channel. Bell Syst. Tech. J. 54(8), 1355–1387 (1975)

    Article  MathSciNet  Google Scholar 

  38. Yasrab, R.: Mitigating docker security issues. arXiv preprint arXiv:1804.05039 (2018)

Download references

Acknowledgments

This material is based upon work supported by the Naval Engineering Education Consortium (NEEC) Award N00174-19-1-0006.

Author information

Authors and Affiliations

  1. Department of Computer Science, Florida State University, Tallahassee, FL, 32304, USA

    William Goble, Elizabeth Braddy, Mike Burmester, Daniel Schwartz, Ryan Sloan, Demetra Drizis, Nitish Ahir & Melissa Ma

  2. Naval Surface Warfare Center, Panama City Division, Panama City, FL, 32407, USA

    Matt Bays & Matt Chastain

Authors
  1. William Goble
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elizabeth Braddy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mike Burmester
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Schwartz
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ryan Sloan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Demetra Drizis
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Nitish Ahir
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Melissa Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Matt Bays
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Matt Chastain
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mike Burmester .

Editor information

Editors and Affiliations

  1. Department of Information Systems, The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  2. University of Alabama in Huntsville, Huntsville, AL, USA

    Tommy Morris

  3. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert L. Peterson

  4. University of Alabama in Huntsville, Decatur, AL, USA

    Eric Imsand

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Goble, W. et al. (2021). Challenges of Securing and Defending Unmanned Aerial Vehicles. In: Choo, KK.R., Morris, T., Peterson, G.L., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2020. NCS 2020. Advances in Intelligent Systems and Computing, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-58703-1_8

Download citation

Publish with us

Policies and ethics

Search

Navigation