A Secure Communication Framework for Large-scale Unmanned Aircraft Systems J. Bian, R. Seker*, and M. Xie *presenter:
[email protected] Embry-Riddle Aeronautical University
1
Agenda Problem Statement Challenges Overview and Methodology Conclusions
2
Problem Statement Unmanned Aircraft (UA) Systems (UAS) have increasing application areas Promising candidate for being an integral part of various infrastructures UAS technology is still relatively expensive Need to prepare for “cheaper” solutions Deployment of multiple (many) UAs in adverse environments Some UAs may be lost 3
Challenges Reliable storage of gathered information and fault tolerance Data need to be recoverable even if a number of UAs fail Data need to be stored for the duration of the mission
Security is a concern Secrecy of gathered and stored information need to be persevered Communication between UAs need to be secured Authentication etc
4
UAS Collaboration Wireless Network
5
Motivation UAS have already been in use for surveillance and military applications Using UAS in adverse environments brings along risk of losing the UAS The mission duration for UAS seems to be increasing E.g. solar-powered UAs with battery reserves Individual UA is vulnerable to hardware and software faults as well as other threats 6
Motivation There has been great advancements in the area of Wireless Sensor Networks (WSN) Nodes in such a network not only do sensing but also do routing when needed Notions of WSNs can be borrowed and applied to UAS to form UAS-CWN
7
Satellite (optional)
UAS-CWN
Remote base station Drones swarm for surveillance missions in a hostile environment
UAS-CWN Assumptions The base station is safe and secure Satellite communication with the UAs not feasible Power and data storage capacity are assumed to be sufficient for the duration of the mission Modifications to internal settings of sensing equipment and to information processing components cannot go undetected
9
UAS-CWN Threat Model
Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege (STRIDE) method
10
Information Dispersal Algorithm (IDA) Files in JigDFS are split into n segments and delivered to n nearby nodes; while recovering, only k (k < n) segments are needed to reconstruct the file IDA was developed to provide safe and reliable transmission of information in distributed systems There are a lot different types of IDA codes; we chose to use Cauchy Reed-Solomon 11
Advantages of IDA No back-channel is required if errors are detected and it has high error correction rate Lower probability of a remaining error in the decoded data It is more storage efficient compared to simple replication schema It minimizes each node’s knowledge about the entire file 12
Related Works
IDA
13
Role-based Hashed-key Chain Algorithm RBHK chain algorithm was proposed to develop a Role-based Secure Group Communication (RBSGC) framework, which aims to implement the BellLaPadula security model. “write up” and “read down”
High clearance user gets key x, and his/her immediate child will be given h(x), where h() is a one-way hash function. read down: a file encrypted with x is hidden from lower level users. write up: a file encrypted with h(x) can be read by higher clearance user.
In UAS-CWN, we use the one-way property to “secretly” link file segments to their original files and separate the key from the data. 14
Active Status Polling (ASP) It is possible that an attacker can isolate one or more UAs The UAs poll one another Polling request and responses do not use IDA in order to increase transmission speed ASP communications are digitally signed If a UA doesn’t respond to a request, the polling UA will issue a warning which will be recorded for the operator to examine later 15
Simulations We evaluated UAS-CWN in terms of data recovery rate The interactions between UAs in the UASCWN are highly dynamic The underlying mesh networking topology is highly mobile and difficult to define We use Erdos-Renyi random graph model to simulate possible communication channels 16
Erdos-Renyi Model •
Erdos-Renyi model with 100 nodes
17
Simulations Each UA, at any time t, can pick n nodes to transmit information n-slices of the information (per IDA) Failure rate of communication between two UAs is fc The data slices received by “child” nodes, will further propagate those slides per the set parameter security level (sl) sl can be 1, 2, 3, … Data recovery rate is the number of recovered data sets over total number of data sets disseminated e is data emission rate 18
Simulations: UAs failure rate k/n=3/5; sl=2; fc=0.1; t=100; e=0.05
19 1 9
Simulations: security level n=500, k/n=3/5; sl=2; fc=0.1; t=100; e=0.05
20 2 0
Simulations: Different IDAs n=500, sl=1; fc=0.1; t=100; e=0.05
21 2 1
Conclusion UAS domain can serve as a test bed to examine certain technologies before they are applied to aviation When security level is set to 3, we can tolerate losing a large number of UAs (30%) and still reliably recover the stored information (over 95%) Promising: the 3/5 IDA scheme (sl=1) has 67% storage overhead, while the mirroring has 100% overhead The 3/5 IDA scheme still outperforms the mirroring scheme when the UA failure rate is below 0.14 The design is consistent across different network sizes (=number of UAs) 22
