By 2012 the U.S. military had increased its investment in research and production of unmanned aerial vehicles (UAVs) from $2.3 billion in 2008 to $4.2 billion [1]. Currently UAVs are used for a wide range of missions such as border surveillance, reconnaissance, transportation and armed attacks. UAVs are presumed to provide their services at any time, be reliable, automated and autonomous. Based on these presumptions, governmental and military leaders expect UAVs to improve national security through surveillance or combat missions. To fulfill their missions, UAVs need to collect and process data. Therefore, UAVs may store a wide range of information from troop movements to environmental data and strategic operations. The amount and kind of information enclosed make UAVs an extremely interesting target for espionage and endangers UAVs of theft, manipulation and attacks. Events such as the loss of an RQ-170 Sentinel to Iranian military forces on 4th December 2011 [2] or the “keylogging” virus that infected an U.S. UAV fleet at Creech Air Force Base in Nevada in September 2011 [3] show that the efforts of the past to identify risks and harden UAVs are insufficient. Due to the increasing governmental and military reliance on UAVs to protect national security, the necessity of a methodical and reliable analysis of the technical vulnerabilities becomes apparent. We investigated recent attacks and developed a scheme for the risk assessment of UAVs based on the provided services and communication infrastructures. We provide a first approach to an UAV specific risk assessment and take into account the factors exposure, communication systems, storage media, sensor systems and fault handling mechanisms. We used this approach to assess the risk of some currently used UAVs: The “MQ-9 Reaper” and the “AR Drone”. A risk analysis of the “RQ-170 Sentinel” is discussed.
[1]
Carl Young.
Metrics and Methods for Security Risk Management
,
2010
.
[2]
Nicolas Petit,et al.
The Navigation and Control technology inside the AR.Drone micro UAV
,
2011
.
[3]
James Llinas,et al.
An introduction to multisensor data fusion
,
1997,
Proc. IEEE.
[4]
T. Humphreys.
STATEMENT ON THE VULNERABILITY OF CIVIL UNMANNED AERIAL VEHICLES AND OTHER SYSTEMS TO CIVIL GPS
,
2012
.
[5]
P Hiselius,et al.
The New Generation
,
2019,
The Women's Liberation Movement in Russia.
[6]
Erdal Torun.
UAV Requirements and Design Consideration
,
2000
.
[7]
Ralph Buehler,et al.
A New Generation
,
2011
.
[8]
Kimon P. Valavanis,et al.
Advances in Unmanned Aerial Vehicles
,
2007
.
[9]
Matt Bishop.
Introduction to Computer Security
,
2004
.
[10]
Jan Faigl,et al.
AR-Drone as a Platform for Robotic Research and Education
,
2011,
Eurobot Conference.
[11]
Laurence R. Newcome.
Unmanned Aviation: A Brief History of Unmanned Aerial Vehicles
,
2004
.
[12]
P. W. Singer,et al.
Wired for War: The Robotics Revolution and Conflict in the 21st Century
,
2009
.
[13]
Andrew Jaquith.
Security Metrics: Replacing Fear, Uncertainty, and Doubt
,
2007
.
[14]
Brian Randell,et al.
Fundamental Concepts of Dependability
,
2000
.
[15]
Douglas J. Landoll,et al.
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
,
2005
.
[16]
E. Kinkead,et al.
UNITED STATES AIR FORCE
,
1995
.
[17]
John R. Vacca.
Computer and Information Security Handbook
,
2009
.