Kryptografisk sikring av autonome og ubemannede enheter - eksisterende forskning

An increasing number of missions are assigned to autonomous and unmanned devices. Such devices can carry out dangerous tasks in both military and civilian sector without jeopardising human lives. However, it raises new challenges for information security. The purpose of this report is to look closer into how we can secure autonomous and unmanned devices. There are a number of security concerns to take into account. Our starting point is found in the following goals: • Secure communications to and from the device so that unauthorised parties are unable to listen to sensitive information (confidentiality). • Ensure that changes injected in the communication will be detected (integrity). • Guarantee that the sender is the one it claims to be. The recipient should only accept the message if the sender can be verified (authenticity). • Ensure that all information stored on the device remains secure if the device is lost. • Securely process data on the device – e.g. map and sensor data. We survey a selection of the available literature on how to secure autonomous and unmanned devices. We have in particular searched for general descriptions, definitions and solutions. The results are therefore applicable to common challenges for all autonomous devices. The body of published research on this exact field is small, and so the search was expanded to include mobile ad-hoc networks, mobile sensor networks and the internet of things (IoT). The literature is sorted into three main groups: • Security models: How other scientists have reasoned about players in a system, security requirements and trust assumptions. • Cryptographic algorithms for lightweight applications: Which algorithms are best suited when used on devices with restrictions on bandwidth, power, storage or processing power. • Practical experiments: Some attempts to secure small devices have been documented in academic research and showcase interesting considerations and results. Our main conclusion is that the field of research is immature and lacks the necessary theoretical foundation. We do however find that there is related cryptographic work which can be built upon. The practical experiments are by themselves a good starting point for further work.