skip to main content

Explore Research Products in the NSF-PAR

Title: Manipulating Drone Position Control
Although consumer drones have been used in many attacks, besides specific methods such as jamming, very little research has been conducted on systematical methods to counter these drones. In this paper, we develop generic methods to compromise drone position control algorithms in order to make malicious drones deviate from their targets. Taking advantage of existing methods to remotely manipulate drone sensors through cyber or physical attacks (e.g., [1], [2]), we exploited the weaknesses of position estimation and autopilot controller algorithms on consumer drones in the proposed attacks. For compromising drone position control, we first designed two state estimation attacks: a maximum False Data Injection (FDI) attack and a generic FDI attack that compromised the Kalman-Filter-based position estimation (arguably the most popular method). Furthermore, based on the above attacks, we proposed two attacks on autopilot-based navigation, to compromise the actual position of a malicious drone. To the best of our knowledge, this is the first piece of work in this area. Our analysis and simulation results show that the proposed attacks can significantly affect the position estimation and the actual positions of drones. We also proposed potential countermeasures to address these attacks.  more » « less
Award ID(s):
1662487
NSF-PAR ID:
10127231
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
2019 IEEE Conference on Communications and Network Security (CNS)
Page Range / eLocation ID:
1 to 9
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ( , 2019 International Conference on Unmanned Aircraft Systems (ICUAS))
    While more and more consumer drones are abused in recent attacks, there is still very little systematical research on countering malicious consumer drones. In this paper, we focus on this issue and develop effective attacks to common autopilot control algorithms to compromise the flight paths of autopiloted drones, e.g., leading them away from its preset paths. We consider attacking an autopiloted drone in three phases: attacking its onboard sensors, attacking its state estimation, and attacking its autopilot algorithms. Several firstphase attacks have been developed (e.g., [1]–[4]); second-phase attacks (including our previous work [5], [6]) have also been investigated. In this paper, we focus on the third-phase attacks. We examine three common autopilot algorithms, and design several attacks by exploiting their weaknesses to mislead a drone from its preset path to a manipulated path. We present the formal analysis of the scope of such manipulated paths. We further discuss how to apply the proposed attacks to disrupt preset drone missions, such as missing a target in searching an area or misleading a drone to intercept another drone, etc. Many potential attacks can be built on top of the proposed attacks. We are currently investigating different models to apply such attacks on common drone missions and also building prototype systems on ArduPilot for real world tests. We will further investigate countermeasures to address the potential damages. 
    more » « less
  2. ; ; ( , IEEE Consumer Communications and Networking Conference (CCNC))
    Although some existing counterdrone measures can disrupt the invasion of certain consumer drone, to the best of our knowledge, none of them can accurately redirect it to a given location for defense. In this paper, we proposed a Drone Position Manipulation (DPM) attack to address this issue by utilizing the vulnerabilities of control and navigation algorithms used on consumer drones. As such drones usually depend on GPS for autopiloting, we carefully spoof GPS signals based on where we want to redirect a drone to, such that we indirectly affect its position estimates that are used by its navigation algorithm. By carefully manipulating these states, we make a drone gradually move to a path based on our requirements. This unique attack exploits the entire stack of sensing, state estimation, and navigation control together for quantitative manipulation of flight paths, different from all existing methods. In addition, we have formally analyzed the feasible range of redirected destinations for a given target. Our evaluation on open-source ArduPilot system shows that DPM is able to not only accurately lead a drone to a redirected destination but also achieve a large redirection range. 
    more » « less
  3. ; ; ; ; ; ( , ACM Transactions on Cyber-Physical Systems)

    Cheapcommercial off-the-shelf (COTS)First-Person View (FPV)drones have become widely available for consumers in recent years. Unfortunately, they also provide low-cost attack opportunities to malicious users. Thus, effective methods to detect the presence of unknown and non-cooperating drones within a restricted area are highly demanded. Approaches based on detection of drones based on emitted video stream have been proposed, but were not yet shown to work against other similar benign traffic, such as that generated by wireless security cameras. Most importantly, these approaches were not studied in the context of detecting new unprofiled drone types. In this work, we propose a novel drone detection framework, which leverages specific patterns in video traffic transmitted by drones. The patterns consist of repetitive synchronization packets (we call pivots), which we use as features for a machine learning classifier. We show that our framework can achieve up to 99% in detection accuracy over an encrypted WiFi channel using only 170 packets originated from the drone within 820ms time period. Our framework is able to identify drone transmissions even among very similar WiFi transmissions (such as video streams originated from security cameras) as well as in noisy scenarios with background traffic. Furthermore, the design of our pivot features enables the classifier to detect unprofiled drones in which the classifier has never trained on and is refined using a novel feature selection strategy that selects the features that have the discriminative power of detecting new unprofiled drones.

     

    more » « less
  4. ; ( , IEEE)
    Aerial drones are becoming an integral part of application domains including but not limited to, military operations, package delivery, construction, monitoring and search/rescue operations. It is critical to ensure the cyber security of networked aerial drone systems in these applications. Standard cryptographic services can be deployed to provide basic security services; however, they have been shown to be inefficient in terms of energy and time consumption, especially for small aerial drones with resource-limited processors. Therefore, there is a significant need for an efficient cryptographic framework that can meet the requirements of small aerial drones. We propose an improved cryptographic framework for small aerial drones, which offers significant energy efficiency and speed advantages over standard cryptographic techniques. (i) We create (to the best of our knowledge) the first optimized public key infrastructure (PKI) based framework for small aerial drones, which provides energy efficient techniques by harnessing special precomputation methods and optimized elliptic curves. (ii) We also integrate recent light-weight symmetric primitives into our PKI techniques to provide a full-fledged cryptographic framework. (iii) We implemented standard counterparts and our proposed techniques on an actual small aerial drone (Crazyflie 2.0), and provided an in-depth energy analysis. Our experiments showed that our improved cryptographic framework achieves up to 35× lower energy consumption than its standard counterpart. 
    more » « less
  5. ; ; ; ; ( , The 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020))
    BBR is a new congestion control algorithm proposed by Google that builds a model of the network path consisting of its bottleneck bandwidth and RTT to govern its sending rate rather than packet loss (like CUBIC and many other popular congestion control algorithms). Loss-based congestion control has been shown to be vulnerable to acknowledgment manipulation attacks. However, no prior work has investigated how to design such attacks for BBR, nor how effective they are in practice. In this paper we systematically analyze the vulnerability of BBR to acknowledgement manipulation attacks. We create the first detailed BBR finite state machine and a novel algorithm for inferring its current BBR state at runtime by passively observing network traffic.We then adapt and apply a TCP fuzzer to the Linux TCP BBR v1.0 implementation. Our approach generated 30,297 attack strategies, of which 8,859 misled BBR about actual network conditions. From these, we identify 5 classes of attacks causing BBR to send faster, slower or stall. We also found that BBR is immune to acknowledgment burst, division and duplication attacks that were previously shown to be effective against loss-based congestion control such as TCP New Reno. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email