Search for: All records

There is an increasing need to fly unmanned aerial vehicles (UAVs) to enable a wide variety of beneficial applications such as emergency/disaster response, observation and study of weather phenomena including severe storms. However, UAVs are subject to cybersecurity threats stemming from increasing reliance on computer and communication technologies. There is a need to foster a robust workforce with integrated UAV and cybersecurity competencies. In addition to technique challenges, current UAV cybersecurity education also faces two significant non-technical challenges: first, there are federal or state rules and regulations on UAV flights; second, the number of designated UAV test sites is limited. A three years NSF SaTC funded project in 2020 will specifically address these challenges. We propose to develop a laboratory platform for UAV cybersecurity education. To be specific, our platform integrates software simulation with hardware-in-the-loop (HIL) simulation to simulate different UAV scenarios, on the top of which cybersecurity components are developed for hands-on practicing. We use a firmware for UAV system development, Pixhawk with related open-source software packages, as the basic simulation framework. On the top of the simulation environment, a series of hands-on exercise modules will be developed to cover UAV cybersecurity issues. Motivated by different types of cybersecurity threats to UAVs, we will adopt the scenario based design and set up several categories of exercise modules including common threats in UAV and additional modules for newly identified threats with corresponding actors, goals, actions, and events. In such a manner offense and defense tasks can be further developed. The proposed platform has the potential to be adopted by universities with limited resources to UAV cybersecurity. It will help educate future workforce with integrated UAV and cybersecurity competencies, towards secure and trustworthy cyberspace around UAVs. 

When people connect to the Internet with their mobile devices, they do not often think about the security of their data; however, the prevalence of rogue access points has taken advantage of a false sense of safety in unsuspecting victims. This paper analyzes the methods an attacker would use to create rogue WiFi access points using software-defined radio (SDR). To construct a rogue access point, a few essential layers of WiFi need simulation: the physical layer, link layer, network layer, and transport layer. Radio waves carrying WiFi packets, transmitted between two Universal Software Radio Peripherals (USRPs), emulate the physical layer. The link layer consists of the connection between those same USRPs communicating directly to each other, and the network layer expands on this communication by using the network tunneling/network tapping (TUN/TAP) interfaces to tunnel IP packets between the host and the access point. Finally, the establishment of the transport layer constitutes transceiving the packets that pass through the USRPs. In the end, we found that creating a rogue access point and capturing the stream of data from a fabricated "victim" on the Internet was effective and cheap with SDRs as inexpensive as $20 USD. Our work aims to expose how a cybercriminal could carry out an attack like this in order to prevent and defend against them in the future.