Aerospace and Electronic Systems - October 2018 - 27

Leccadito et al.

Sybil: Attacker forges a fake identity and in cases where
more than one UAS work together to accomplish a task, an
adversary node can pretend to be a peer node or a member of
a group when it is not. This can in turn degrade the integrity
of data, as well as, security, resource utilization, routing, voting, and resource allocation system functions.
Black Hole/Sinkhole Wireless Attack: Attacker listens to
network and finds the highest quality or shortest path between the GCS and a UAS, then attracts all traffic between
the two entities and corrupts or destroys it.
Hello Flood Wireless Attack: In a group of UASs, an adversary sends a Hello type message to initiate friendly contact
with a neighboring node, the neighboring node acknowledges this as a friendly node and sends messages through the
adversary to the ground station; typically used in large areas
where a mesh type network is utilized.
Wormhole Wireless Attack: Tunneling or retransmitting data
that does not require compromising the network; attacker
gives a node a false pretense that the recipient of a message
is only one hop away, when it is actually multihops away.
Botnets: The term botnet refers to insertion of a compromised computer into a network.

UASs can be small, cheap, and easily equipped with wireless
networking capability, providing a platform to create a wireless
botnet in the skies [14]. Instead of using a fixed computer, attackers can send commands through the non-stationary UAS making it
difficult to track the attacker. A UAS can get directly between the
GCS and the vehicle in the air, creating a new type of intrusion.
Using this method, it is possible to get close enough to attack the
wireless network functionality. UASs can be used to attack a WiFi
network by exploiting vulnerabilities in WiFi, 3G, and the Global
System for Mobile communication [15], acting as an antenna that
cell phones would connect through to make calls. UASs can be
used to survey a wireless network and gather data such as BSSID,
SSID, encryption type, channel, or the media access control addresses of the communicating entities.
In the near future, the Automatic Dependent Surveillance
Broadcast (ADS-B) will be a major cornerstone of aircraft deconfliction in the navigable air space. ADS-B is the next generation of air traffic modernization. It transmits information about
the aircraft's state (i.e. altitude and airspeed) and positional data
to other aircraft and ground stations in the vicinity [16]. Two
types of corruption of the ADS-B message have been identified,
message misuse which is caused by an adversary identifying,
locating, and tracking the entity, and message delay, caused by
jamming. The ADS-B system will introduce another attack surface into the UAS ecosystem. A white article released in 2012
by Eurecom [17] addressed several vulnerabilities of the ADS-B
system which include a lack of message authentication to protect
from unauthorized users, a lack of message signatures to protect
against message tampering, a lack of encryption to protect sensitive data, fend off replay attacks, and assure message integrity,
validity, and freshness.

OCTOBER 2018

FIRMWARE ATTACKS
The autopilot contains control and navigational algorithms that are
executing in software on the main processor along with low level
drivers to communicate with on-board sensors. A firmware attack
may include modifying the source code that is executing on the
autopilot, which can be inserted during development or maintenance of the UAS. During development of the autopilot software
a vulnerability may be inserted intentionally or unintentionally by
either a malicious developer or an inexperienced programmer. It
is also possible for an adversary to mirror a website that is hosting the source code for the autopilot code, and malicious code can
be programmed onto the autopilot by the operator unintentionally.

SENSOR ATTACKS
The sensors on board a UAS include an inertial measurement unit,
absolute and differential pressure sensors, and optical and sonar sensors. Software attacks can occur from insertion of malicious code
into the sensor firmware which can then create, modify, or stop data
from being sent to the main processor. Software attacks also include, fuzzing attacks that induce noise into the sensor. Unexpected,
invalid, completely random noise added to the sensor data flowing
into the processor can cause unexpected problems, aircraft instability, process lock-up, and invalid outputs to next process. Digital update rate attacks can delay the frequency of sensor output, causing
inconsistent processing of sensor information. Software and hardware can be used to create longer sampling periods to increase the
probability of aliasing. They can also be used to change sampling
times of analog-to-digital converters through buffer overflow or
hardware manipulation. DOS is a threat as well, which can prevent
the processor from running at desired update rate. With physical
access to the autopilot, malicious hardware can also be inserted between components directly onto the autopilot and/or sensors can
be replaced with corrupt sensors to disturb the operations of the
autopilot. GPS attacks are the most common types of attacks, since
a typical GPS receiver does not use any type of encryption and can
be spoofed without the knowledge of the UAS. The most common
types of GPS attacks [7] are shown in Table 2.

GROUND CONTROL STATION ATTACKS
The GCS is used by the operator to send commands, navigate,
monitor, and in some cases manually control the UAS. Sometimes
it is the only link to the UAS during a mission. Not only is the wireless communication link a vulnerability, but the GCS itself can be
exploited. Thus, the GCS computer must be independently secured
before it is connected to the UAS. The GCS can be a desktop or
laptop computer with a keyboard, and consequently a key-logging
virus can be inserted that results in the loss of sensitive data or
compromising the UAS [18]. An attack may not necessarily occur
between the UAS and GCS directly, but indirectly through a separate network that the GCS connects to that ultimately acquires the
UAS communication link.
As smart device technology increases, the robustness and usability also increase. Desktop computers in the field are becom-

IEEE A&E SYSTEMS MAGAZINE

Aerospace and Electronic Systems - October 2018

Table of Contents for the Digital Edition of Aerospace and Electronic Systems - October 2018