Cybersecurity researchers at the Johns Hopkins University Information Security Institute (JHUISI) have partnered with Boston-based OnBoard Security – a company that develops products for vehicle communication security – to prevent hacker attacks that could cause drones to engage in hazardous mid-air maneuvers.
Drones rely on Sense and Avoid, or SAA, technology, in which safety-related messages are transmitted between two machines that are airborne in the same area in order to prevent mid-air collisions.
“But,” said Seth Nielson, director of advanced research projects at the Information Security Institute, “in their current form, they are vulnerable to hacking. Hypothetically, a hacker could alter transmissions to confuse another aircraft into believing a collision is imminent, potentially resulting in dangerous evasive maneuvers.”
Without cryptographic protections current drone’s are vulnerable to packet forging, replay, message modification, and Man-in-the-Middle (MITM) attacks. Using OnBoard Security’s cryptographic software library, called Aerolink, the students sought to enhance the way drones share their location using the Automatic Dependent Surveillance – Broadcast (ADS-B) messages. They were successful at implementing a secured type of SAA technology. The company states that this is the first implementation of Aerolink outside of the automotive industry.
“Aerolink is the leading security solution for Vehicle-to-Vehicle communications,” explained Dr. Jonathan Petit, senior director of research at OnBoard Security. “The well-thought-out security schemes designed for connected and autonomous vehicles utilizing high volumes of signed messages in a limited bandwidth environment makes Aerolink ideal for unmanned aircraft. The team at Johns Hopkins is leading the way to safer and more secure UAV operation through message authentication.”
“The impact of having the students work with OnBoard Security was fantastic,” Nielson said. “Capstones are an important part of the master’s program we offer, and they require the students to think critically about real-world problems. Working with an industry partner who can provide technical instruction and, in this case, access to industry-grade software libraries makes that experience significantly more valuable to them in the short- and long-term.”