无人机安全

2019/05/29 无人机

这篇文章综述了部分关于无人机安全方向的研究。

无人机安全风险评估

The Vulnerability of UAVs to Cyber Attacks - An Approach to the Risk Assessment

Kim Hartmann与Christoph Steup提出了对无人机安全的风险评估模型。无人机的风险评估是一件复杂的事情,包括漏洞、威胁评估,还有其飞行任务的细节。他们从CIA安全需求模型出发,对无人机在不同任务下进行风险分级,并对每个安全环境进行评分。他们设计的模型从五个方面开展分析,分别是飞行地形环境、通信链路、传感器系统、数据储存、故障处理机制。论文中的实验部分使用该模型对AR.Drone、MQ-9-REAPER、RQ-170 Sentinel三种无人机进行评估。

民用无人机的安全通信

Secure Communication in Civil Drones

这篇论文提到的无人机主要是民用无人机。论文中先总结了民用无人机面临的一些安全问题,例如对无人机控制单元的欺骗(GPS欺骗、视觉传感器欺骗)、对无人机通信链路上的重放攻击与拒绝服务攻击、物理捕获无人机后对其进行拆解窃取信息。对于无人机的安全需求分析,作者同样使用了CIA安全需求模型,对控制数据与信息数据进行风险分级。

针对上面提出的安全需求,作者设计了一种安全方案,这里重点分析一下密钥管理方案。首先他们使用了ANSI X9.17标准作为密钥管理,由地面站生成密钥,应用AES-CBC密码方案。然后在密钥交换和储存方面,他们在无人机上安装独立的板载芯片用于处理安全参数,密钥分发是在无人机每一次飞行之前由地面站使用有线连接将新密钥传送到无人机上的安全芯片。简单理解为,安全芯片是无人机与地面站之间的委托,控制数据与信息数据需要经过安全芯片的安全检查后再传送给无人机。

这篇论文不针对GPS欺骗,而是关注于无人机和地面站之间数据传输的完整性和认证性。

This chapter is concerned more about providing information flow between CDs and ground station with confidentiality and authentication services. In order to achieve this, we used symmetric key cryptography. As mentioned previously, symmetric keys are generated by the ground station and are installed on the FPGA directly. This way, the shared keys can be protected as they will never be “online”.

使用机器学习来识别无人机驾驶员

Drone Pilot Identification by Classifying Radio-Control Signals

这篇论文的重点是,通过收集合法无人机驾驶员的飞行命令,使用机器学习相关的算法得出分类器,对无人机的飞行命令进行识别是否来自合法的飞行员。

论文中对飞行命令的采集主要是4类,分别是上升下降、前进后退、左右侧翻转、原地旋转。测试过程的飞行轨迹有3类,分别是垂直升降、水平三角飞行、随机飞行。测试结果显示,使用随机森林算法的准确度比较高。总结,这篇论文的目标是在无人机上应用在线分类器对飞行命令进行过滤,识别出未授权的飞行员。(尽管这篇论文看起来有点水,但这可是发表在TIFS 2018= =。)

The final target is to implement an on-line classifier that can identify authorized pilots on-the-fly. An on-line classifier uses models generated by the off-line machine learning process as presented in this paper.

MAVLink协议与无人机安全

Empirical Analysis of MAVLink Protocol Vulnerability for Attacking Unmanned Aerial Vehicles

Mavlink协议最早由苏黎世联邦理工学院计算机视觉与几何实验组的Lorenz Meier于2009年发布,并遵循LGPL开源协议。Mavlink协议是在串口通讯基础上的一种更高层的开源通讯协议,主要应用在微型飞行器的通讯上。Mavlink是为小型飞行器和地面站(或者其他飞行器)通讯时常常用到的那些数据制定一种发送和接收的规则并加入了校验(checksum)功能。

因为MAVLink协议并没有提供安全功能,是一个明文协议,因此需要依赖应用层的安全机制。这篇论文讲述的是在MAVLink协议上进行各种攻击实验,例如ICMP洪水攻击、报文注入攻击。作者提出的安全假设非常强,攻击者与受害者在同一网络环境中,攻击者可以监听到所有通信内容,对于明文协议而言,要实施攻击那简直不要太简单好吗?

这篇论文比较有价值的内容是实验设计以及相关工作部分。

对无人机发起中间人攻击

Exploring Security Vulnerabilities of Unmanned Aerial Vehicles

这篇论文主要是对某款无人机实施中间人攻击,攻击成功的原因有两点,首先是通信链路使用WEP协议是已知不安全的,其次是XBee 868LP link是明文通讯。

Trustworthy Repair Architecture

An Uncrewed Aerial Vehicle Attack Scenario and Trustworthy Repair Architecture

这篇论文提出了一种攻击场景,无人机执行预先设定的飞行巡检任务,攻击者在某个航点对其进行干扰,使无人机的飞行路线发生偏航。作者提出一种事件响应的弹性系统(Trusting Resilient Systems),基于原有的飞行数据和遥感数据识别出当前航线数据被破坏,然后无人机使用GenProg(基于软件自动修复评估缺陷定位技术的工具)启用修复程序,生成新的飞行数据。论文中对于如何识别出无人机被攻击以及如何对航线进行纠偏的描述很模糊。

We postulate that it is possible to detect some attack effects by examining inter-related and/or redundant telemetry data. Consider an attack causing the UAV to fly off course and falsify GPS data, including latitude, longitude, and courseof-ground estimates. In this case, while a direct runtime assessment would most likely confirm that the spoofed GPS data fits within the mission execution profile, by examining an inter-related set of observations, there is an increased likelihood of detecting the spoofed GPS data. This would be achieved by cross-checking the raw magnetometer readings against the clusters found in Figure 2.

对现有无人机的攻击汇总

Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family

这篇论文主要提出了几种攻击无人机的手段:

攻击的前提是无人机作为一个AP开放了部分端口,使得攻击者可以通过不安全的链接访问到该端口。

攻击者接入无人机AP,拿到无人机的驾驶权。这种攻击生效的原因是无人机的控制端口开放并没有认证过程。

攻击者并没有控制无人机,而是偷取无人机上储存的数据。同样的原因,由于无人机AP开放端口并没有访问控制机制。

攻击者通过telnet或者是SSH等接入无人机主系统并获取root权限,从而对无人机进行高权限的操作,例如停机。

对基于wifi的无人机进行拒绝服务攻击

Evaluation of DoS attacks on Commercial Wi-Fi-Based UAVs

这篇论文提出对基于wifi的无人机实施DoS攻击。原理是攻击者接入无人机AP,然后进行端口扫描,对开放端口实施Dos攻击,消耗无人机的处理资源,流程如下:

  1. Establish a connection between the pilot and UAVs (AR.Drone and SOLO);
  2. Pilot sends a set of commands to UAVs (taking off, short flights and landing) to understand its behavior in normal conditions (no attackers);
  3. Establish a connection between attacker and UAVs;
  4. The attacker makes reconnaissance attacks on UAVs using port scan tool;
  5. While pilot is sending a series of commands to UAVs, an attacker uses information obtained in step 4 to launch a DoS attack towards UAVs.

参考文献

  1. The Vulnerability of UAVs to Cyber Attacks - An Approach to the Risk Assessment
  2. Secure Communication in Civil Drones
  3. Drone Pilot Identification by Classifying Radio-Control Signals
  4. Empirical Analysis of MAVLink Protocol Vulnerability for Attacking Unmanned Aerial Vehicles
  5. Exploring Security Vulnerabilities of Unmanned Aerial Vehicles
  6. An Uncrewed Aerial Vehicle Attack Scenario and Trustworthy Repair Architecture
  7. Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family
  8. Evaluation of DoS attacks on Commercial Wi-Fi-Based UAVs

Search

    Table of Contents