Safedrone - Cybersecurity Evaluation Procedure for UAS

This is a (RMA) POL master’s thesis subject

Description

Currently, the market in consumer and prosumer drones is dominated by foreign companies. These UAS are ubiquitous, of high quality and therefore a large number of them have been acquired by military, police and firefighting departments worldwide. However, some foreign companies are required to hand over any available intelligence to their government if asked. Like many software companies, they run an update process for the drones which sends telemetry to company servers on foreign territory. It is obvious how this presents a security risk when the drone is used in sensitive operations.

The solution for this has been to ban the use of foreign drones on military grounds and in military operations. We propose to develop a more targeted approach, in which the data traffic of individual types of UAS is tested and evaluated to determine the nature of the transmitted data, and to assess the risk it poses. This study also aims to investigate procedures to mitigate this risk to an acceptable level.

Objectives

This study will involve a state-of-the-art investigation (25%) and laboratory experiments (75%) that include:

• Perform a concise literature review on similar studies by other parties;
• Research the documentation on telemetry transmission standards for a number of commercial drones;
• Research available drone SDKs and the extent to which they can be used to infer data leaks;
• Develop and set up a packet capture experiment to intercept data transmission between the UAS and company servers (man-in-the-middle), both in flight and in the lab;
• Set up an experiment to spoof the drone’s position and possible other telecommunication in order to trigger potential abnormal telemetry requests;
• Analyze the acquired data to identify risks, and propose mitigation strategies;
• Look at possible open-source or custom firmware in order to have more control over telemetry.

Interested?

Contact us