Toward a Secure Drone System: Flying With Real-Time Homomorphic Authenticated Encryption

Controlling or accessing remotely has become a prevalent form of operating numerous types of platforms and infrastructure. An exploding number of vehicles such as drones or cars, in particular, are being controlled wirelessly or connected through networks. This has brought unanimous concern that today’s networked vehicle systems are vulnerable to attacks and the results could be fatal. Unfortunately, in contrast to active investigation on the security of the vehicles themselves, sensors, or communication channels, existing approaches for these real-time, safety-critical systems do not take controllers into enough consideration. In order to protect the controller that performs the arithmetic operations using sensor measurements and generates command signals, we adopt homomorphic cryptography for the controller. It removes risks associated with the management of the secret key inside the controller, by eliminating the need to encrypt and decrypt the data for the mathematical operation within the controller. Specifically, we propose an efficient linearly homomorphic authenticated encryption (LinHAE) scheme for the ground control center of a multi-rotor drone, in a manner that enables real-time operation for safe autonomous flight. To facilitate the linear scheme, we design the ground controller targeted to allow state update using additions and multiplications by a system-specific constant. The proposed LinHAE guarantees the security against eavesdropping and forgery attacks, unlike homomorphic encryption alone that does not provide means to check whether the received signal at the drone side is authentic or compromised. We introduce a LinHAE with security and computational tractability, and describe how it can fit into the standard architecture for drone systems and how the specific controller is implemented. Building on these ingredients, we report the first successful operation of a multi-rotor flying robot that autonomously flies under the ground controller with real-time homomorphic authenticated encryption.

[1]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[2]  Zdobysław Goraj,et al.  Security analysis of uav radio communication system , 2009 .

[3]  Dan Boneh,et al.  Homomorphic Signatures for Polynomial Functions , 2011, EUROCRYPT.

[4]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[5]  George Loukas,et al.  Cyber-Physical Attacks: A Growing Invisible Threat , 2015 .

[6]  Tyler Ryan,et al.  Probabilistic Correspondence in Video Sequences for Efficient State Estimation and Autonomous Flight , 2016, IEEE Transactions on Robotics.

[7]  Takahiro Fujita,et al.  Cyber-security enhancement of networked control systems using homomorphic encryption , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[8]  Francesco Bullo,et al.  Control-Theoretic Methods for Cyberphysical Security: Geometric Principles for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[9]  Gregory W. Wornell,et al.  Efficient homomorphic encryption on integer vectors and its applications , 2014, 2014 Information Theory and Applications Workshop (ITA).

[10]  Kim Hartmann,et al.  The vulnerability of UAVs to cyber attacks - An approach to the risk assessment , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[11]  Vijay Kumar,et al.  Visual inertial odometry for quadrotors on SE(3) , 2016, 2016 IEEE International Conference on Robotics and Automation (ICRA).

[12]  Iman Shames,et al.  Secure and private control using semi-homomorphic encryption , 2017 .

[13]  Vijay Kumar,et al.  Swarm Distribution and Deployment for Cooperative Surveillance by Micro-Aerial Vehicles , 2016, J. Intell. Robotic Syst..

[14]  Hao Wu,et al.  Controlling UAVs with Sensor Input Spoofing Attacks , 2016, WOOT.

[15]  Ping Zhang,et al.  Detection of covert attacks and zero dynamics attacks in cyber-physical systems , 2016, 2016 American Control Conference (ACC).

[16]  Hyungbo Shim,et al.  When adversary encounters uncertain cyber-physical systems: Robust zero-dynamics attack with disclosure resources , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[17]  Yongdae Kim,et al.  Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors , 2015, USENIX Security Symposium.

[18]  Dario Fiore,et al.  Practical Homomorphic MACs for Arithmetic Circuits , 2013, IACR Cryptol. ePrint Arch..

[19]  H. Jin Kim,et al.  Vision-Guided Aerial Manipulation Using a Multirotor With a Robotic Arm , 2016, IEEE/ASME Transactions on Mechatronics.

[20]  Raylin Tso,et al.  A commutative encryption scheme based on ElGamal encryption , 2012, 2012 International Conference on Information Security and Intelligent Control.

[21]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[22]  André Weimerskirch,et al.  Truck Hacking: An Experimental Analysis of the SAE J1939 Standard , 2016, WOOT.

[23]  Vijay Varadharajan,et al.  Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage , 2013, IEEE Transactions on Information Forensics and Security.

[24]  Karl Henrik Johansson,et al.  A secure control framework for resource-limited adversaries , 2012, Autom..

[25]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[26]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[27]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[28]  Paulo Tabuada,et al.  Privacy-aware quadratic optimization using partially homomorphic encryption , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[29]  Roy S. Smith,et al.  A Decoupled Feedback Structure for Covertly Appropriating Networked Control Systems , 2011 .

[30]  Flavio Fontana,et al.  Autonomous, Vision‐based Flight and Live Dense 3D Mapping with a Quadrotor Micro Aerial Vehicle , 2016, J. Field Robotics.

[31]  Todd E. Humphreys,et al.  Unmanned Aircraft Capture and Control Via GPS Spoofing , 2014, J. Field Robotics.

[32]  Karl Henrik Johansson,et al.  Secure Control Systems: A Quantitative Risk Management Approach , 2015, IEEE Control Systems.

[33]  Anass Rabii "Cyber-Physical Security Protecting Critical Infrastructure at the State and Local Level" by Robert M. Clark & Simon Hakim , 2017 .

[34]  Raffaello D'Andrea,et al.  Stability and control of a quadrocopter despite the complete loss of one, two, or three propellers , 2014, 2014 IEEE International Conference on Robotics and Automation (ICRA).

[35]  Ping Zhang,et al.  Detection of replay attacks in cyber-physical systems , 2016, 2016 American Control Conference (ACC).

[36]  Karl Henrik Johansson,et al.  Cyberphysical Security in Networked Control Systems: An Introduction to the Issue , 2015 .

[37]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[38]  Matt Bishop,et al.  The Art and Science of Computer Security , 2002 .

[39]  Aaram Yun,et al.  Homomorphic Authenticated Encryption Secure Against Chosen-Ciphertext Attack , 2014, IACR Cryptol. ePrint Arch..

[40]  Rosario Gennaro,et al.  Fully Homomorphic Message Authenticators , 2013, IACR Cryptol. ePrint Arch..

[41]  Hyungbo Shim,et al.  Encrypting Controller using Fully Homomorphic Encryption for Security of Cyber-Physical Systems* , 2016 .

[42]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[43]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.