A systematic literature review on Security of Unmanned Aerial Vehicle Systems

Unmanned aerial vehicles (UAVs) are becoming more common, and their operational range is expanding tremendously, making the security aspect of the inquiry essential. This study does a thorough assessment of the literature to determine the most common cyberattacks and the effects they have on UAV assaults on civilian targets. The STRIDE assault paradigm, the challenge they present, and the proper tools for the attack are used to categorize the cyber dangers discussed in this paper. Spoofing and denial of service assaults are the most prevalent types of UAV cyberattacks and have the best results. No attack style demands the employment of a hard-to-reach gadget, indicating that the security environment currently necessitates improvements to UAV use in civilian applications.Comment: 10 Pages, 4 Figure

Malicious Digital Penetration of United States Weaponized Military Unmanned Aerial Vehicle Systems: A National Security Perspective Concerning the Complexity of Military UAVs and Hacking

The United States’ (US) military unmanned aerial vehicle (UAV) has seen increased usage under the post 9/11 military engagements in the Middle East, Afghanistan, and within American borders. However, the very digital networks controlling these aircrafts are now enduring malicious intrusions (hacking) by America’s enemies. . The digital intrusions serve as a presage over the very digital networks the US relies upon to safeguard its national security and interests and domestic territory. The complexity surrounding the hacking of US military UAVs appears to be increasing, given the advancements in digital networks and the seemingly inauspicious nature of artificial intelligence and autonomous systems. Being most victimized by malicious digital intrusions, the US continues its military components towards growing dependence upon digital networks in advancing warfare and national security and interests. Thus, America’s netcentric warfare perspectives may perpetuate a chaotic environment where the use of military force is the sole means of safeguarding its digital networks

Real-time Adaptive Sensor Attack Detection and Recovery in Autonomous Cyber-physical Systems

Cyber-Physical Systems (CPS) tightly couple information technology with physical processes, which rises new vulnerabilities such as physical attacks that are beyond conventional cyber attacks.Attackers may non-invasively compromise sensors and spoof the controller to perform unsafe actions. This issue is even emphasized with the increasing autonomy in CPS. While this fact has motivated many defense mechanisms against sensor attacks, a clear vision of the timing and usability (or the false alarm rate) of attack detection still remains elusive. Existing works tend to pursue an unachievable goal of minimizing the detection delay and false alarm rate at the same time, while there is a clear trade-off between the two metrics. Instead, this dissertation argues that attack detection should bias different metrics (detection delay and false alarm) when a system sits in different states. For example, if the system is close to unsafe states, reducing the detection delay is preferable to lowering the false alarm rate, and vice versa. This dissertation proposes two real-time adaptive sensor attack detection frameworks. The frameworks can dynamically adapt the detection delay and false alarm rate so as to meet a detection deadline and improve usability according to different system statuses. We design and implement the proposed frameworks and validate them using realistic sensor data of automotive CPS to demonstrate its efficiency and efficacy. Further, this dissertation proposes \textit{Recovery-by-Learning}, a data-driven attack recovery framework that restores CPS from sensor attacks. The importance of attack recovery is emphasized by the need to mitigate the attack\u27s impact on a system and restore it to continue functioning. We propose a double sliding window-based checkpointing protocol to remove compromised data and keep trustful data for state estimation. Together, the proposed solutions enable a holistic attack resilient solution for automotive cyber-physical systems

Protecting Actuators in Safety-Critical IoT Systems from Control Spoofing Attacks

In this paper, we propose a framework called Contego-TEE to secure Internet-of-Things (IoT) edge devices with timing requirements from control spoofing attacks where an adversary sends malicious control signals to the actuators. We use a trusted computing base available in commodity processors (such as ARM TrustZone) and propose an invariant checking mechanism to ensure the security and safety of the physical system. A working prototype of Contego-TEE was developed using embedded Linux kernel. We demonstrate the feasibility of our approach for a robotic vehicle running on an ARM-based platform.Comment: 2nd Workshop on the Internet of Things Security and Privacy - Iot S&P'19, November 15, 2019, London, United Kingdom. ACM ISBN: 978-1-4503-6838-4/19/1

Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Vehicle

The rapid growth of robotic aerial vehicles (RAVs) has attracted extensive interest in numerous public and civilian applications, from flying drones to quadrotors. Security of RAV systems has become increasingly challenging as RAV controller software becomes more complex, exposing a growing attack surface. Memory isolation separates the memory space and enforces memory access control via privilege separation to limit the attacker’s capability so that the attacker cannot compromise other software components by exploiting one memory corruption vulnerability. Memory isolation has been adopted into the resource-constrained systems such as RAVs by lightweight privilege mode switching to meet real-time requirements. In this paper, we propose ARES, a new variable-level vulnerability excavation framework to find deeper bugs from a combined cyber-physical perspective. We present a data-driven method to illustrate that, despite state-of-the-art memory isolation efforts, RAV systems are still vulnerable to adversarial data manipulation attacks. We augment RAV control states with intermediate controller variables by tracing accessible control parameters and vehicle dynamics within the same isolated memory regions. With this expanded state variable space, we apply multivariate statistical analysis to investigate inter-variable quantitative data dependencies and search for vulnerable state variables. ARES utilizes a learning-based method to show how an attacker can exploit memory corruption bugs in a legitimate memory view and elaborately craft adversarial variable values to disrupt a RAV’s safe operations. We demonstrate the feasibility and capability of ARES on the widely-used Ardupilot RAV framework. Our extensive empirical evaluation shows that the attacker may leverage these vulnerable state variables to achieve various RAV failures during its real-time operations, and even evade existing defense solutions

Security and the smart city: A systematic review

The implementation of smart technology in cities is often hailed as the solution to many urban challenges such as transportation, waste management, and environmental protection. Issues of security and crime prevention, however, are in many cases neglected. Moreover, when researchers do introduce new smart security technologies, they rarely discuss their implementation or question how new smart city security might affect traditional policing and urban planning processes. This systematic review explores the recent literature concerned with new ‘smart city’ security technologies and aims to investigate to what extent these new interventions correspond with traditional functions of security interventions. Through an extensive literature search we compiled a list of security interventions for smart cities and suggest several changes to the conceptual status quo in the field. Ultimately, we propose three clear categories to categorise security interventions in smart cities: Those interventions that use new sensors but traditional actuators, those that seek to make old systems smart, and those that introduce entirely new functions. These themes are then discussed in detail and the importance of each group of interventions for the overall field of urban security and governance is assessed

Countering Terrorism on Tomorrow’s Battlefield: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 2)

Every day, malicious actors target emerging technologies and medical resilience or seek to wreak havoc in the wake of disasters brought on by climate change, energy insecurity, and supply-chain disruptions. Countering Terrorism on Tomorrow’s Battlefield is a handbook on how to strengthen critical infrastructure resilience in an era of emerging threats. The counterterrorism research produced for this volume is in alignment with NATO’s Warfighting Capstone Concept, which details how NATO Allies can transform and maintain their advantage despite new threats for the next two decades. The topics are rooted in NATO’s Seven Baseline requirements, which set the standard for enhancing resilience in every aspect of critical infrastructure and civil society. As terrorists hone their skills to operate lethal drones, use biometric data to target innocents, and take advantage of the chaos left by pandemics and natural disasters for nefarious purposes, NATO forces must be prepared to respond and prevent terrorist events before they happen. Big-data analytics provides potential for NATO states to receive early warning to prevent pandemics, cyberattacks, and kinetic attacks. NATO is perfecting drone operations through interoperability exercises, and space is being exploited by adversaries. Hypersonic weapons are actively being used on the battlefield, and satellites have been targeted to take down wind farms and control navigation. This handbook is a guide for the future, providing actionable information and recommendations to keep our democracies safe today and in the years to come.https://press.armywarcollege.edu/monographs/1953/thumbnail.jp