Michael Ogata Computer Scientist
Transcript of Michael Ogata Computer Scientist
DISCLAIMER
Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.
* Please note, unless mentioned in reference to a NIST Publication, all information and data presented is preliminary/in-progress and subject to change
#PSCR20213
DISCLAIMER
Guest speakers, Teague Forren (TAK Product Center), Randall Nichols (Kansas State University), and Raymond Sheh (NIST) produced and presented slides 17-31, 33-41, and 43-51 for publication in the National Institute of Standards and Technology’s PSCR 2021 The Digital Experience. The contents of their presentations do not necessarily reflect the views or policies of the National Institute of Standards and Technology or the U.S. Government.
Posted with Permission.
#PSCR20214
OVERHEAD! CYBERSECURITY AND PUBLIC SAFETY UAS
Michael Ogata Computer Scientist
National Institute of Standards and Technology
Applied Cybersecurity Division
5
BACKGROUND
UAS TECHNOLOGIES AND VULNERABILITIES
TEAM AWARENESS KIT
UAS AND PUBLIC SAFETY
ROUNDTABLE DISCUSSION
6
WHAT IS AN UNMANNED AIRCRAFT SYSTEM (UAS)?
8
unmanned aircraft system (UAS): a small unmanned aircraft and its associated elements (including communication links and the components that control the small unmanned aircraft) that are required for the safe and efficient operation of the small unmanned
aircraft in the national airspace system
WHAT’S IN A DRONE?
14
Artificial Intelligence
Flight ControlReturn to home, object avoidance, autonomy
Command and Control
Receivers, base stations, pilot-as-a-service
GPS, triangulation, LiDAR
Location and Positioning
Embedded Systems
Device firmware & operating systems
Data channels
LTE, Wi-Fi, Bluetooth
15
PANEL MEMBERS
Randall NicholsProfessor of Practice UAS– Cybersecurity
Kansas State University Polytechnic
Raymond ShehResearch Professor
Georgetown University
Teague ForrenCybersecurity Lead
TAK Product Center
PSCR STAKEHOLDERS ANNUAL MEETING
CYBER THREATS TO LEO-FR ISR MISSIONS
Randall K. Nichols, DTM
NIST PSCR UAS 3.0 Technical Lead –
Cyber Challenge
Professor of Practice
Director, Unmanned Aircraft Systems
Cybersecurity Certificate Program
Kansas State University Polytechnic Campus &
Professor Emeritus & Chair - Cybersecurity, Utica College
5/28/2021 Stakeholders Meeting Rev 6A Blue 17
5/28/2021 Stakeholders Meeting Rev 6A Blue 19
AGENDA
• Two Major Cyber Threats to LEO-FR ISR Missions
• Ryan – Nichols Qualitative Risk Equations
• UAS Threat Targeting Dimensions
• Cyber Threats to LEO Drone Operations
• LEO -FR Drone Cyber Vulnerabilities
• LEO -FR Mission Cyber Impact
• UAS Cyber Threat Countermeasures
• LEO-FR Tactical & Strategic Benefits of Robust UAS Cybersecurity
5/28/2021 Stakeholders Meeting Rev 6A Blue 20
CYBER THREATS - LEO-FR ISR MISSIONS
LEO’s – FR’S using DRONES for ISR & tactical response missions face two cyber-related / INFOSEC challenges critical to their UAS Communications & Navigation systems:
• [Protect their own- Enforce Cyber Hygiene] Provide Robust End-to End Security of LEO / FR drone controls, communications, frequencies, data/video transmissions, payloads, & SCADA systems operating in public domain.
• [Mitigate Unlawful Interference] Provide effective countermeasures against cyber-SPOOFING GPS or denial operations against their UAS navigation systems
Qualitative Risk Equations
We need a Qualitative INFOSEC RISK Metric →Ryan-Nichols Equations
RISK = {Threats x Vulnerabilities x Impact / Countermeasures }
RISK ~ f (Threats / Countermeasures) at time state =0
Where: Vulnerabilities & Impact are constants & drop out w.r.t. time
THREAT: The RISK of success of terrorist or criminal attacks on LEO – FR Air Defense Systems (ADS) via UASs / sUASis higher ~ improving commercial capabilities & accessibility
5/28/2021 Stakeholders Meeting Rev 6A Blue 21
UAS/Drone Threat Targeting Area Dimensions
5/28/2021 Stakeholders Meeting Rev 6A Blue 22
DIMENSION FUNCTION ACTION
Latitude
Longitude
Elevation
Friendly Force Location
Enemy Force Location
Direction of Weapons
Maneuver of Forces
Time Speed of Maneuver
Timing of Weapon Release
Timeliness of Attack
Enemy Vulnerability
Frequency Bandwidth Required
Frequency of Transmissions
Rate of Information Flow
Interference
Vulnerability to Jamming
Vulnerability to Intercept
Cyber Threats to LEO-FR Drone Operations
• Attacks on Flight Controller & Ground Control Station via Data link & acquired by sensors – internal system communication (SCADA)
• Spoofing GPS / jammed (unencrypted & unauthenticated) signals
• ADS-B [unencrypted & unauthenticated position & velocity]
• Manipulating captured footage coupled with GPS spoofing attack to take complete control of AV or human operated drone!
• Detect / Legally capture / disable / kill “Dark” drones or homemade No Limit Drones (NLD) variants [Prosecute felonious use]
5/28/2021 Stakeholders Meeting Rev 6A Blue 23
Cyber Threats to LEO-FR Drone Operations
• Injecting falsified sensor data - effects radar, IR, & EO sensors
• Audio energy at resonance frequencies can alter MEMS outputs to rotors & crash drone
• Attacks on Data Link – violate CIA of communication between UAV and GCS on the data link.
• GCS spoofing / jamming – inject false wireless control commands using the datalink by MIM attack. Result: loss link state
• Malicious Hardware / Software - Trojans
5/28/2021 Stakeholders Meeting Rev 6A Blue 24
LEO-FR Drone Cyber Vulnerabilities
• Three critical UAV subsystems: • Command Datalink system (links GCS for guidance,
telemetry, sensor information)
• UAV Optical / COMINT payload system/ payload links
• Flight Control & Navigation system
• Disruption of any of above = Mission Failure
5/28/2021 Stakeholders Meeting Rev 6A Blue 25
LEO-FR Mission Cyber Impact
• Complete Failure of ISR Mission
• Loss of Drone to Enemy at ground location away from LEO – FR Control station
• Disruption of services
• False Surveillance Data transmitted to LEO – FR Operations
• Drone reporting unlawful activities at wrong location resulting in LEO-FR being sent on wild goose chase.
• Enemy control of waypoints or payload integrity
• Harm to population seeking assistance
5/28/2021 Stakeholders Meeting Rev 6A Blue 26
UAS Cyber Threat Countermeasures
• Message Authentication Code schemes (MAC) to verify authenticity of drone signals
• Secure distance bounding protocols used to determine proximity of source received signals & compare it to last known location of UAV
• Geofencing- virtual, location-based barriers that prevent sensitive areas intrusion
• Remote ID – built into software, broadcasts real time
• ASPN w/wo GPS and encrypted capability to detect spoofing / jamming
• LAANC – chip embedded / PINS /ANS
5/28/2021 Stakeholders Meeting Rev 6A Blue 27
Past & Present Solutions(INFOSEC / SCADA / Communications)
Past Countermeasures
• Patch control / Legacy measures
• Host-based / Network Based systems
• APT defenses
• Zero Trust systems
Sophisticated Countermeasures
• Cryptographic authentication - receiver & transmitter use mutual authentication processes avoiding interferences of external sources.
• ASIC & Hardware defenses
• Identify Friend or Foe (IFF)
• Feed Forward / Real-time countermeasures
• DOE National SCADA Test Bed recommendations
5/28/2021 Stakeholders Meeting Rev 6A Blue 28
Past & Present Solutions (GPS Spoofing)
Past Countermeasures
• Amplitude discrimination
• Time-of-Arrival discrimination
More Sophisticated Countermeasures
• Cryptographic authentication - receiver & transmitter use mutual authentication processes avoiding interferences of external sources. Embedded ASICS with MFA
• Angle-of-Arrival discrimination
• Polarization discrimination
• Consistency of Navigation inertial measurement unit (IMU) cross-check
• Terrain-based location determination w/ CAS & w/o GPS or compass
5/28/2021 Stakeholders Meeting Rev 6A Blue 29
LEO-FR Tactical Benefits of Robust UAS Cybersecurity
• Encrypting discovered data (i.e., imaging), transmitted out‐of‐band relative to the control transmission
• Detecting / countering Dark Drones that do not require RF communications or use GPS way points rather than ground control or transmit on nonstandard frequencies or use homemade noncommercial software
• Monitor control channel frequencies for Spoofing, replay or jamming to impair or disable control of the drone
• LEO to effectively administer Hacking /Jamming / Spoofing /Certification Laws:18 USC S32 /1362 /1367 (a); 47 USC S301 /302(b) /333; USC 2511 /1030 (a-c)
• LEO resources deployed / swarmed to correct locationsin volatile or combat conditions
5/28/2021 Stakeholders Meeting Rev 6A Blue 30
LEO-FR Strategic Benefits of Robust UAS Cybersecurity
•Robust Security of drone control & data transmission systems.•Secured legacy communication channels that are public•Demonstrated resiliency •Expected performance maintained even if attempt is detected to disable UAV communications. •Safeguarding information in transit (COMSEC/ INFOSEC)•Verifiable / Measurable Threats & Vulnerabilities•Public Safety Awareness – converting the clueless, careless, arresting the criminals – saving lives & property
•Innovation in design and manufacture H/S
5/28/2021 Stakeholders Meeting Rev 6A Blue 31
Cyber Security
for UAS in Public SafetyWhy Should you care? What are the risks? What Can you do?
Raymond Sheh
Research Professor
Georgetown University
About me …
• Research Professor @ Georgetown University
• Guest Researcher @ NIST
• Adjunct Faculty @ Curtin University
Trusted Autonomous Systems:
• Performance Standards
• Explainable Artificial Intelligence
• Cyber Security 34
What are the risks?
• On the robot/drone.
• On the comms link.
• On the operator station.
• Elsewhere in the infrastructure.
• In the people, policies, and community.
38
What can you do?
• Defense in depth.
• Intrusion detection.
• Secure supply chain.
• Watch your software!
• Make sure your people are well informed.
• Make sure your policies are realistic and sensible.
39
geralt, pixabay.com
Summary
• There is no such thing as perfect security, only
varying levels of insecurity.
• The adversary only needs to get lucky once.
• Use limited resources wisely.
40
Cyber Security
for UAS in Public SafetyWhy Should you care? What are the risks? What Can you do?
Raymond Sheh
Research Professor
Georgetown University
UNCLASSIFIED43
Civilian Team Awareness Kit (TAK)
PSCR STAKEHOLDERS ANNUAL MEETING
04/05/2021
Teague Forren
Cyber Security Lead
TAK Product Center
Overview, UAS tool, and TAK Security
UNCLASSIFIED
Description
Civilian Team Awareness Kit (CivTAK)
• Geospatial Situational Awareness
• Operational Planning
• Data Sharing/Communication
• Elevation Data Visualization
Industries with TAK
• Military, Law Enforcement, Emergency First Response, Commercial, Recreational
• Software Products for Android, IPhone, Windows, and Virtual Reality.
TAK.gov
44
UNCLASSIFIED
DescriptionCore Strengths
• Moving map solution on Commercial-Off-The-Shelf hardware
• Network/Radio Agnostic
• Wide availability (Google Playstore/TAK.gov)
• Third-party Plugin Capability
Plugin Ecosystem
• Internal and Third-party Plugins
• Expands TAK functionality without bloating core application
• Benefits Overall TAK Community
45
UNCLASSIFIED
UAS Tool PluginPlugin Functionality
• Enhanced Situational Awareness
• Telemetry Data
• Full Motion Video
• Command & Control
Supported UAS Platforms
• AeroVironment – Puma, Raven, Wasp
• DJI – Mavic, Inspire, Phantom
• FLIR – Black Hornet, R80D
• Lockheed - Indago
TAK.gov
PAR Gov, TAK.gov
46
UNCLASSIFIED
TAK SecurityData at Rest• 'Inactive' data stored on a device
• SQLCipher AES 256
• Utilizes OS application sandboxing (ATAK on Android)
Data in Transit• 'Active' data moving across a
network
• OpenSSL AES 256
• Benefits from network security (radio encryption, VPN, etc)
UAS Tool specifically implements SSL encryption for Full Motion Video
PAR Gov, TAK.gov 48
UNCLASSIFIED
TAK SecuritySoftware Security• DevSecOps CI/CD Pipeline software Engineering
• Micro Focus Fortify Static Code Analysis• Automatic scan upon software version build
• Regular Red Team Cyber Security Assessments• Bug Bounty Programs
• Offensive Security Researcher Tests
• Program Protection Review• Cyber Threat Landscape
• TAK Best Practices Guide• TAK Deployment Recommendations
49
UNCLASSIFIED
Civilian Use Case
Corona, CA Fire Department
• Large Scale wildfire response and rescue
• Samsung Galaxy S10 & S4 Tablets
• DJI Mavic UAS for enhanced SA
CoE Aerial Firefighting• Real-time Data Sharing
• UAS & Aircraft Live Video Feed
• Aerial Point Dropping
• Grizzly Creek Fire, Dec 2020
Corona FD, insights.samsung.com
www.thedenverchannel.com50
PSCR FUTURE UAS CYBERSECURITY RESEARCH
53
UAS1
F L I G H T & P A Y L O A D
2018
F L I G H T E N D U R A N C E
UAS2
2020
N A V I G A T E & D E T E C TG P S - D E N I E D C O M M S
&
C Y B E R S E C U R I T Y
UAS3
2021
UAS PRIZE CHALLENGES
IMAGE CITATIONS
• Drone by Blaise Sewell from the Noun Projecthttps://thenounproject.com/term/drone/32876/
• Blimp by Travis Avery from the Noun Projecthttps://thenounproject.com/term/blimp/2444517/
55