An official website of the United States government
Although consumer drones have been used in many attacks, besides specific methods such as jamming, very little research has been conducted on systematical methods to counter these drones. In this paper, we develop generic methods to compromise drone position control algorithms in order to make malicious drones deviate from their targets. Taking advantage of existing methods to remotely manipulate drone sensors through cyber or physical attacks (e.g., [1], [2]), we exploited the weaknesses of position estimation and autopilot controller algorithms on consumer drones in the proposed attacks. For compromising drone position control, we first designed two state estimation attacks: a maximum False Data Injection (FDI) attack and a generic FDI attack that compromised the Kalman-Filter-based position estimation (arguably the most popular method). Furthermore, based on the above attacks, we proposed two attacks on autopilot-based navigation, to compromise the actual position of a malicious drone. To the best of our knowledge, this is the first piece of work in this area. Our analysis and simulation results show that the proposed attacks can significantly affect the position estimation and the actual positions of drones. We also proposed potential countermeasures to address these attacks.
more »
« less
Compromising Flight Paths of Autopiloted Drones
While more and more consumer drones are abused in recent attacks, there is still very little systematical research on countering malicious consumer drones. In this paper, we focus on this issue and develop effective attacks to common autopilot control algorithms to compromise the flight paths of autopiloted drones, e.g., leading them away from its preset paths. We consider attacking an autopiloted drone in three phases: attacking its onboard sensors, attacking its state estimation, and attacking its autopilot algorithms. Several firstphase attacks have been developed (e.g., [1]–[4]); second-phase attacks (including our previous work [5], [6]) have also been investigated. In this paper, we focus on the third-phase attacks. We examine three common autopilot algorithms, and design several attacks by exploiting their weaknesses to mislead a drone from its preset path to a manipulated path. We present the formal analysis of the scope of such manipulated paths. We further discuss how to apply the proposed attacks to disrupt preset drone missions, such as missing a target in searching an area or misleading a drone to intercept another drone, etc. Many potential attacks can be built on top of the proposed attacks. We are currently investigating different models to apply such attacks on common drone missions and also building prototype systems on ArduPilot for real world tests. We will further investigate countermeasures to address the potential damages.
more »
« less
- Award ID(s):
- 1662487
- PAR ID:
- 10127232
- Publisher / Repository:
- IEEE
- Date Published:
- Journal Name:
- 2019 International Conference on Unmanned Aircraft Systems (ICUAS)
- Page Range / eLocation ID:
- 1316 to 1325
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Although some existing counterdrone measures can disrupt the invasion of certain consumer drone, to the best of our knowledge, none of them can accurately redirect it to a given location for defense. In this paper, we proposed a Drone Position Manipulation (DPM) attack to address this issue by utilizing the vulnerabilities of control and navigation algorithms used on consumer drones. As such drones usually depend on GPS for autopiloting, we carefully spoof GPS signals based on where we want to redirect a drone to, such that we indirectly affect its position estimates that are used by its navigation algorithm. By carefully manipulating these states, we make a drone gradually move to a path based on our requirements. This unique attack exploits the entire stack of sensing, state estimation, and navigation control together for quantitative manipulation of flight paths, different from all existing methods. In addition, we have formally analyzed the feasible range of redirected destinations for a given target. Our evaluation on open-source ArduPilot system shows that DPM is able to not only accurately lead a drone to a redirected destination but also achieve a large redirection range.more » « less
-
It is now possible to deploy swarms of drones with populations in the thousands. There is growing interest in using such swarms for defense, and it has been natural to program them with bio-mimetic motion models such as flocking or swarming. However, these motion models evolved to survive against predators, not enemies with modern firearms. This paper presents experimental data that compares the survivability of several motion models for large numbers of drones. This project tests drone swarms in Virtual Reality (VR), because it is prohibitively expensive, technically complex, and potentially dangerous to fly a large swarm of drones in a testing environment. We model the behavior of drone swarms flying along parametric paths in both tight and scattered formations. We add random motion to the general motion plan to confound path prediction and targeting. We describe an implementation of these flight paths as game levels in a VR environment. We then allow players to shoot at the drones and evaluate the difference between flocking and swarming behavior on drone survivability.more » « less
-
As many mobile devices use Global Navigation Satellite Systems (GNSSs) to determine their locations for control, compromising such systems can result in serious consequences, as shown by existing GPS spoofing attacks. However, most such spoofing attacks focus on the effect of a single spoofer attacking a single receiver. In this paper, we investigate the impacts of a single spoofer on multiple receivers, motivated by research on attacking drone swarms. Our analysis independently shows that, using a single spoofer, multiple receivers at different locations in a spoofing area will see the same location reading. We consider the base case of spoofing four satellites and also the generic case when more satellites are involved in the spoofing attack. More importantly, we conduct real-world experiments to validate our analysis and demonstrate the potential threats to many practical applications. We use off-the-shelf SDR cards for spoofing and consumer GPS receivers for obtaining spoofed location readings. While this method can enable various attacks on mobile devices depending on GPS, it is also applicable to all existing GNSSs, because they use similar principles to determine locations.more » « less
-
This paper investigates the pursuit-evasion problem of a defensive gun turret and one or more attacking drones. The turret must "visit" each attacking drone once, as quickly as possible, to defeat the threat. This constitutes a Shortest Hamiltonian Path (SHP) through the drones. The investigation considers situations with increasing fidelity, starting with a 2D kinematic model and progressing to a 3D dynamic model. In 2D we determine the region from which one or more drones can always reach a turret, or the region close enough to it where they can evade the turret. This provides optimal starting angles for n drones around a turret and the maximum starting radius for one and two drones.We show that safety regions also exist in 3D and provide a controller so that a drone in this region can evade the pan-tilt turret. Through simulations we explore the maximum range n drones can start and still have at least one reach the turret, and analyze the effect of turret behavior and the drones’ number, starting configuration, and behaviors.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/ICUAS.2019.8798162
