Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs

Enamus droone kasutab lennundusest pärit GPS navigatsiooniseadmeid, millel puuduvad turvaprotokollid ning nende riskioht pahatahtlike rünnakute sihtmärgina on kasvanud hüppeliselt lähimineviku arengute ja progressi tõttu SDR ja GNSS simulatsioonitarkvara valdkonnas. See on loonud ligipääsu tehnikale amatöörkasutajatele, millel on saatja aadressi võltsimise jõudlus. Need potensiaalsed rünnakud kuuluvad lihtsakoeliste kategooriasse, kuid selle uurimustöö tulemusena selgus, et nendes rünnakute edukuses on olulised erinevused teatud GPS vastuvõtjate ja konfiguratsioonide vahel. \n\rSee uurimustöö analüüsis erinevaid saatja aadressi võltsimise avastamise meetodeid, mis olid avatud kasutajatele ning valis välja need, mis on sobilikud mini- ja mikrodroonide tehnonõuetele ja operatsioonistsenaariumitele, eesmärgiga pakkuda välja GPS aadresside rünnakute avastamiseks rakenduste tasandil avatud allikakoodiga Ground Control Station tarkvara SDK. Avastuslahenduse eesmärk on jälgida ja kinnitada äkilisi, abnormaalseid või ebaloogilisi tulemväärtusi erinevates drooni sensiorites lisaallkatest pärit lisainfoga. \n\rLäbiviidud testid kinnitavad, et olenevalt olukorrast ja tingimustest saavad saatja aadressi võltsimise rünnakud õnnestuda. Rünnakud piiravad GPS mehanismide ligipääsu, mida saab kasutada rünnakute avastuseks. Neid rünnakuid puudutav info asetseb infovoos või GPSi signaalprotsessi tasandis, kuid seda infot ei saa haarata tasandile kus SDK tarkvara haldab kõigi teiste sensorite infot.Most of UAVs are GPS navigation based aircrafts that rely on a system with lack of security, their latent risk against malicious attacks has been raised with the recent progress and development in SDRs and GNSS simulation software, facilitating to amateurs the accessibility of equipment with spoofing capabilities. The attacks which can be done with this setup belong to the category simplistic, however, during this thesis work there are validated different cases of successful results under certain GPS receivers’ state or configuration.\n\rThis work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK. The detection solution is intended to monitor and correlate abrupt, abnormal or unreasonable values of different sensors of the UAV with data obtained from available additional sources.\n\rThe conducted tests validate the cases and circumstances where the spoofing attacks were successful. Limitations include the lack of mechanisms to access GPS values which can be useful for detection spoofing attacks, but reside in the data bit or signal processing layer of the GPS and can not be retrieve to the layer where the SDK in computing all data of other sensors

Evaluation of DoS attacks on Commercial Wi-Fi-Based UAVs

One of the biggest challenges for the use of Unmanned Aerial Vehicles (UAVs) in large-scale real-world applications is security.  However, most of research projects related to robotics does not discuss security issues, moving on directly to studying classical problems (i.e., perception, control, planning). This paper evaluates the effects of availability issues (Denial of Service attacks) in two commonly used commercially available UAVs (AR.Drone 2.0 and 3DR SOLO). Denial of Service (DoS) attacks are made while the vehicles are navigating, simulating common conditions found both by the general public and in a research scenario. Experiments show how effective such attacks are and demonstrate actual security breaches that create specific vulnerabilities. The results indicate that both studied UAVs are susceptible to several types of DoS attacks which can critically influence the performance of UAVs during navigation, including a decrease in camera functionality, drops in telemetry feedback and lack of response to remote control commands. We also present a tool that can be used as a failsafe mechanism to alert the user when a drone is reaching out a determined flight limit range, avoiding availability issues

Risk driven models & security framework for drone operation in GNSS-denied environments

Flying machines in the air without human inhabitation has moved from abstracts to reality and the concept of unmanned aerial vehicles continues to evolve. Drones are popularly known to use GPS and other forms of GNSS for navigation, but this has unfortunately opened them up to spoofing and other forms of cybersecurity threats. The use of computer vision to find location through pre-stored satellite images has become a suggested solution but this gives rise to security challenges in the form of spoofing, tampering, denial of service and other forms of attacks. These security challenges are reviewed with appropriate requirements recommended. This research uses the STRIDE threat analysis model to analyse threats in drone operation in GNSS-denied environment. Other threat models were considered including DREAD and PASTA, but STRIDE is chosen because of its suitability and the complementary ability it serves to other analytical methods used in this work. Research work is taken further to divide the drone system into units based in similarities in functions and architecture. They are then subjected to Failure Mode and Effects Analysis (FMEA), and Fault Tree Analysis (FTA). The STRIDE threat model is used as base events for the FTA and an FMEA is conducted based on adaptations from IEC 62443-1-1, Network and System Security- Terminology, concepts, and models and IEC 62443-3-2, security risk assessment for system design. The FTA and FMEA are widely known for functional safety purposes but there is a divergent use for the tools where we consider cybersecurity vulnerabilities specifically, instead of faults. The IEC 62443 series has become synonymous with Industrial Automation and Control Systems. However, inspiration is drawn from that series for this work because, drones, as much as any technological gadget in play recently, falls under a growing umbrella of quickly evolving devices, known as Internet of Things (IoT). These IoT devices can be principally considered as part of Industrial Automation and Control Systems. Results from the analysis are used to recommend security standards & requirements that can be applied in drone operation in GNSS-denied environments. The framework recommended in this research is consistent with IEC 62443-3-3, System security requirements and security levels and has the following categorization from IEC 62443-1-1, identification, and authentication control, use control, system integrity, data confidentiality, restricted data flow, timely response to events and resource availability. The recommended framework is applicable and relevant to military, private and commercial drone deployment because the framework can be adapted and further tweaked to suit the context which it is intended for. Application of this framework in drone operation in GNSS denied environment will greatly improve upon the cyber resilience of the drone network system

Performance Comparison Of Weak And Strong Learners In Detecting GPS Spoofing Attacks On Unmanned Aerial Vehicles (uavs)

Unmanned Aerial Vehicle systems (UAVs) are widely used in civil and military applications. These systems rely on trustworthy connections with various nodes in their network to conduct their safe operations and return-to-home. These entities consist of other aircrafts, ground control facilities, air traffic control facilities, and satellite navigation systems. Global positioning systems (GPS) play a significant role in UAV\u27s communication with different nodes, navigation, and positioning tasks. However, due to the unencrypted nature of the GPS signals, these vehicles are prone to several cyberattacks, including GPS meaconing, GPS spoofing, and jamming. Therefore, this thesis aims at conducting a detailed comparison of two widely used machine learning techniques, namely weak and strong learners, to investigate their performance in detecting GPS spoofing attacks that target UAVs. Real data are used to generate training datasets and test the effectiveness of machine learning techniques. Various features are derived from this data. To evaluate the performance of the models, seven different evaluation metrics, including accuracy, probabilities of detection and misdetection, probability of false alarm, processing time, prediction time per sample, and memory size, are implemented. The results show that both types of machine learning algorithms provide high detection and low false alarm probabilities. In addition, despite being structurally weaker than strong learners, weak learner classifiers also, achieve a good detection rate. However, the strong learners slightly outperform the weak learner classifiers in terms of multiple evaluation metrics, including accuracy, probabilities of misdetection and false alarm, while weak learner classifiers outperform in terms of time performance metrics

People Counting and occupancy Monitoring using WiFi Probe Requests and Unmanned Aerial Vehicles

Smart phones have become an important part of our daily lives due to their capabilities of accessing the web using WiFi and mobile data networks. These WiFi equipment are constantly sending out packets referred as probe requests, which can be tracked using wireless sniffers. In this thesis, first we investigate capturing of WiFi probe request packets using the help of WiFi Pineapple devices, and analyze how we can use signal strength information of probe request data for indoor occupancy monitoring. Applications of such occupancy monitoring into building surveillance and building energy management are also discussed. After completing the initial test indoors, research was moved to outdoor monitoring with the help of unmanned aerial vehicles (UAVs) flying in various trajectories and capturing probe request messages. The information captured from the probe requests is used to identify and localize WiFi users with a single UAV, which can be instrumental in search and rescue applications. Finally, we study in detail various security, privacy, and public safety issues related to drones equipped with wireless communications capabilities

Fifty feet above the wall: cartel drones in the U.S.-Mexico border zone airspace, and what to do about them

Over the last decade, the U.S. military and homeland security research groups have contemplated the issue of how to counter unmanned drones. Recently, border security agencies responsible for securing the U.S.–Mexico border are having to contend with the emerging threat of Mexico’s drug cartel narcotics-smuggling drones, also known as narco-drones. Narco-drones are an example of cartel innovation for smuggling, among other deviant purposes, that U.S. border security will need a strategy to counter. This study aimed to build on the conceptual framework related to hostile drones in the airspace and specifically to find a strategy that the Department of Homeland Security could pursue to manage the narco-drone problem in the border-zone airspace. The author argues that the Mexican drug cartels adopt innovative drone tactics in response to border security measures or lack thereof, as well as through organizational learning. This thesis concludes that leveraging U.S. military experience, anti-drone doctrine, and detection assets -developed for countering terrorist drones in the war zones of Iraq, Syria, and Afghanistan is an effective strategy for countering narco-drones at the U.S.–Mexico border.http://archive.org/details/fiftyfeetbovewal1094558364Lieutenant, United States NavyApproved for public release; distribution is unlimited

Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Vehicle

The rapid growth of robotic aerial vehicles (RAVs) has attracted extensive interest in numerous public and civilian applications, from flying drones to quadrotors. Security of RAV systems has become increasingly challenging as RAV controller software becomes more complex, exposing a growing attack surface. Memory isolation separates the memory space and enforces memory access control via privilege separation to limit the attacker’s capability so that the attacker cannot compromise other software components by exploiting one memory corruption vulnerability. Memory isolation has been adopted into the resource-constrained systems such as RAVs by lightweight privilege mode switching to meet real-time requirements. In this paper, we propose ARES, a new variable-level vulnerability excavation framework to find deeper bugs from a combined cyber-physical perspective. We present a data-driven method to illustrate that, despite state-of-the-art memory isolation efforts, RAV systems are still vulnerable to adversarial data manipulation attacks. We augment RAV control states with intermediate controller variables by tracing accessible control parameters and vehicle dynamics within the same isolated memory regions. With this expanded state variable space, we apply multivariate statistical analysis to investigate inter-variable quantitative data dependencies and search for vulnerable state variables. ARES utilizes a learning-based method to show how an attacker can exploit memory corruption bugs in a legitimate memory view and elaborately craft adversarial variable values to disrupt a RAV’s safe operations. We demonstrate the feasibility and capability of ARES on the widely-used Ardupilot RAV framework. Our extensive empirical evaluation shows that the attacker may leverage these vulnerable state variables to achieve various RAV failures during its real-time operations, and even evade existing defense solutions