Security Analysis of FHSS-type Drone Controller

Unmanned Aerial Vehicles UAVs, or drones, have attracted a considerable amount of attentions due to their utility to civilian as well as military applications. However, the security issues involved in UAV technology have not been extensively discussed in the literature. As a first step toward analyzing these security issuxes, we investigate security in drone controllers, especially controllers that adopt Frequency Hopping Spread Spectrum FHSS. In order to affect an FHSS-type controller, an attacker first has to access its physical layer. This is difficult because of the pseudorandomness of the hopping sequence and the rapidly changing channels. However, these difficulties can be relaxed when the attacker acquires the hopping sequence and when the hopping speed of the target system is not significant. In this paper, we propose a general scheme to extract the hopping sequence of FHSS-type controllers using a software-defined radio SDR. We also propose a method to address the issue of the limited bandwidth of the SDR. We implemented our scheme on a Universal Software Radio Peripheral USRP, successfully extracted the hopping sequence of the target system, and exposed the baseband signal.

[1]  H. Urkowitz Energy detection of unknown deterministic signals , 1967 .

[2]  M. Goldbaum,et al.  Detection of blood vessels in retinal images using two-dimensional matched filters. , 1989, IEEE transactions on medical imaging.

[3]  W. Gardner Exploitation of spectral redundancy in cyclostationary signals , 1991, IEEE Signal Processing Magazine.

[4]  Michel Defrise,et al.  Symmetric Phase-Only Matched Filtering of Fourier-Mellin Transforms for Image Registration and Recognition , 1994, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  Mika Ståhlberg Radio Jamming Attacks Against Two Popular Mobile Networks , 2000 .

[6]  Min Song,et al.  Frequency hopping pattern detection in wireless ad hoc networks , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[7]  Min Song,et al.  Frequency Hopping Pattern Recognition Algorithms for Wireless Sensor Networks , 2005, ISCA PDCS.

[8]  H. Tang,et al.  Some physical layer issues of wide-band cognitive radio systems , 2005, First IEEE International Symposium on New Frontiers in Dynamic Spectrum Access Networks, 2005. DySPAN 2005..

[9]  T. Yucek,et al.  Spectrum Characterization for Opportunistic Cognitive Radio Systems , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[10]  T. Humphreys,et al.  Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer , 2008 .

[11]  Srinivasan Seshan,et al.  Enabling MAC Protocol Implementations on Software-Defined Radios , 2009, NSDI.

[12]  Hüseyin Arslan,et al.  A survey of spectrum sensing algorithms for cognitive radio applications , 2009, IEEE Communications Surveys & Tutorials.

[13]  Mike Ryan,et al.  Bluetooth: With Low Energy Comes Low Security , 2013, WOOT.

[14]  Nicolas Rossignol,et al.  Practices of Incident Reporting in a Nuclear Research Center: A Question of Solidarity , 2015 .