Cybersecurity and cryptographic methods in unmanned systems - a study of the current state in unmanned aerial vehicles and similar systems

In this report, we present common attack methods against unmanned systems and the cryptographic solutions that are commonly implemented to address these issues. We also detail many concrete studies of unmanned aerial vehicles (drones) and their cryptographic solutions and general cyber security.

Our goals with this work are twofold. Our first and main goal is to get a representative picture of the current state of cryptography and information security in available unmanned systems. We do so by investigating known methods of attack against unmanned systems, as well as studying the vulnerabilities and security mechanisms of specific devices. This overall picture of vulnerabilities and cryptographic solutions is crucial to build an understanding of the practical security of modern unmanned aerial vehicles. Through this understanding of the state of practical security we can get an improved understanding of how to handle the operational risk inherent in using unmanned systems, which will be crucial to inform how these systems should be integrated into operations for civilian, commercial, industrial, or military use.

Our second goal is to help bridge the gap between the field of unmanned systems and the field of cryptography. The report highlights many of the practical challenges in security that unmanned systems face today, with the explicit goal of making these challenges more visible to the security community. Similarly, the report highlights which cryptographic mechanisms already exist and are well-understood, and connect them to the vulnerabilities they address, with the goal of increasing awareness of these risks and tools to people well versed in autonomy and unmanned systems. As a result, we hope the two fields can come together to find practical solutions and expose core issues that neither field would naturally discover in an isolated setting.

We start our report by defining the terminology with which we discuss cyber security and unmanned systems in the report. In doing so, we define our assets and adversaries, and which security goals we want to achieve for unmanned systems.

Then, we present common ways to attack the information security of unmanned systems. We divide the attacks based on their domain: hardware, side channels and fault injection, software, and communication. We also make mention of several attacks that utilize multiple domains, as well as other attacks that fall outside of these categories and our scope.

Next, we present cryptographic mechanisms that we have found to be typically implemented on common commercial unmanned aerial vehicles, and how they relate to the vulnerabilities discussed in the report.

Finally, we discuss a series of devices that have been examined by security researchers and enthusiasts, and the relevant work done to understand the security of these devices and how it can be improved.