Hacked in mid-flight: detecting attacks on UAVs
A UAV (or drone) in flight can fall victim to different types of attacks. At Télécom SudParis, Alexandre Vervisch-Picois is working on a method for detecting attacks that spoof drones concerning their position. This research could be used for both military and civilian applications.
He set out to deliver your package one morning, but it never arrived. Don’t worry, nothing has happened to your mailman. This is a story about an autonomous drone. These small flying vehicles are capable of following a flight path without a pilot, and are now ahead of the competition in the race for the fastest delivery.
While drone deliveries are technically possible, for now they remain the stuff of science fiction in France. This is due to both legal reasons and certain vulnerabilities in these systems. At Télécom SudParis, Alexandre Vervisch-Picois, a researcher specialized in global navigation satellite systems (GNSS), and his team are working with Thales to detect what is referred to as “spoofing” attacks. In order to prevent these attacks, researchers are studying how they work, with the goal of establishing protocol to help detect them.
How do you spoof a drone?
In order to move around independently, a drone must know its position and the direction in which it is moving. It therefore receives continuous signals from a satellite constellation which enables it to calculate the coordinates of its position. These can then be used to follow a predefined flight path by moving through a succession of waypoints until it reaches its destination. However, the drone’s heavy reliance on satellite geolocation to find its way makes it vulnerable to cyber attacks. “If we can succeed in getting the drone to believe it is somewhere other than its actual position, then we can indirectly control its flight path,” Alexandre Vervisch-Picois explains. This flaw is all the more critical given that the drones’ GPS receivers can be easily deceived by false signals transmitted at the same frequency as those of the satellites.
This is what the researchers call a spoofing attack. This type of cyber attack is not new. It was used in 2011 by the Iranian army to capture an American stealth drone that flew over its border. The technique involves transmitting a sufficiently powerful false radio frequency to replace the satellite signal picked up by the drone. This spoofing technique doesn’t cancel the drone’s geolocation capacities as a scrambler would. Instead, it forces the GPS receiver to calculate an incorrect position, causing it to deviate from its flight path. “For example, an attacker who succeeds in identifying the next waypoint can then determine a wrong position to be sent in order to lead the drone right to a location where it can be captured,” the researcher explains.
Resetting the clocks
Several techniques can be used to identify these attacks, but they often require additional costs, both in terms of hardware and energy.Through the DIGUE project (French acronym for GNSS Interference Detection for Autonomous UAV)[1] conducted with Thales Six, Alexandre Vervisch-Picois and his team have developed a method for detecting spoofing attempts. “Our approach uses the GPS receivers present in the drones, which makes this solution less expensive,” says the researcher. This is referred to as the “clock bias” method. Time is a key parameter in satellite position calculations. The satellites have their time base and so does the GPS receiver. Therefore, once the GPS receiver has calculated its position, it measures the “bias”, which is the difference between these two time bases. However, when a spoofing attack occurs, the researchers observed variations in this calculation in the form of a jump. The underlying reason for this jump is that the spoofer has its own time base, which is different from that of the satellites. “In practice, it is impossible for the spoofer to use the same clock as a satellite. All it can do is move closer to the time base, but we always notice a jump,” Alexandre Vervisch-Picois explains. To put it simply, satellites and spoofer are not set to the same time.
One advantage of this method is that it does not require any additional components or computing power to retrieve the data, since they are already present in the drone. It also does not require expensive signal processing analyses in order to study the information received by the drone–which is another defense method used to determine whether or not a signal originated from a satellite.
But couldn’t the attacker work around this problem by synchronizing with the satellites’ time setting? “It is very rare but still possible in the case of a very sophisticated spoofer. This is a classic example of measures and countermeasures, exemplified in interactions between a sword and a shield. In response to an attack, we set up defense systems and the threats become more sophisticated to bypass them,” the researcher explains. This is one reason why research in this area has so much to offer.
After obtaining successful results in the laboratory, the researchers are now planning to develop an algorithm based on time bias monitoring. This could be implemented on a flying drone for a test with real conditions.
What happens after an attack is detected?
Once the attack has been detected, the researchers try to locate the source of the false signal in order to find the attacker. To do so, they propose using a fleet of connected drones. The idea is to program movements within the fleet in order to determine the angle of arrival for the false signal. One of the drones would then send a message to the relevant authorities in order to stop the spoofer. This method is still in its infancy and is expected to be further developed with Thales in a military context with battlefield situations in which the spoofer must be eliminated. But in the context of a parcel delivery, what could be used to defend a single drone? “There could be a protocol involving rising to a higher altitude to move out of the spoofer’s range, which can reach up to several kilometers. But it would certainly not be as easy to escape its influence,” the researcher says. Another alternative could be to use signal processing methods, but these solutions would increase the costs associated with the device. “If too much of the drone’s energy is required for its protection, we need to ask whether this mode of transport is helpful and perhaps consider other more conventional methods, which are less burdensome to implement,” says Alexandre Vervisch-Picois.
[1] Victor Truong’s thesis research
Anaïs Culot