Manipulating Drone Dynamic State Estimation to Compromise Navigation

To address fast-increasing security incidents of drones, in this paper, we investigate fundamental solutions to defend against unsophisticated commercial drones. We have examined several common flight control and navigation algorithms and identified weaknesses in the prevalent EKF-based dynamic state estimation schemes. Exploiting the unique circumstances and characteristics of these drone algorithms, we have developed a theoretical framework of False Data Injection (FDI) specific to drone dynamic state estimation, different from existing FDI attacks on static state estimation. We have further defined two FDI attacks that allow compromised magnetometer “measurements” to pass the drone anomaly detection for misleading a drone’s dynamic state estimation, such that its navigation and flight control are misguided. We have evaluated two practical scenarios to show the effectiveness of the proposed attacks with simulations on the popular ArduPilot flight control system. Our evaluation shows that the proposed attacks on these common algorithms can seriously affect drone navigation, stability, and power consumption. We believe this work is the first FDI attack against common drone dynamic state estimation schemes, which opens a new area of research. We are currently expanding our investigation on exploiting other related issues in this direction.

[1]  Toni Karvonen,et al.  Stability of linear and non-linear Kalman filters , 2014 .

[2]  Klara Nahrstedt,et al.  Detecting False Data Injection Attacks on DC State Estimation , 2010 .

[3]  A. P. A. D. Silva,et al.  State forecasting in electric power systems , 1983 .

[4]  Andrew Morris Shull,et al.  Analysis of cyberattacks on unmanned aerial systems , 2013 .

[5]  Yongdae Kim,et al.  Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors , 2015, USENIX Security Symposium.

[6]  Eddy Deligne ARDrone corruption , 2011, Journal in Computer Virology.

[7]  Karl Henrik Johansson,et al.  On Security Indices for State Estimators in Power Networks , 2010 .

[8]  G.T. Flowers,et al.  On the Degradation of MEMS Gyroscope Performance in the Presence of High Power Acoustic Noise , 2007, 2007 IEEE International Symposium on Industrial Electronics.

[9]  Geoffrey H. Goldman,et al.  Acoustic Detection and Tracking of a Class I UAS with a Small Tetrahedral Microphone Array , 2014 .

[10]  Wei Yu,et al.  On false data injection attacks against Kalman filtering in power system dynamic state estimation , 2016, Secur. Commun. Networks.

[11]  Oliver J. Woodman,et al.  An introduction to inertial navigation , 2007 .

[12]  H. Vincent Poor,et al.  Strategic Protection Against Data Injection Attacks on Power Grids , 2011, IEEE Transactions on Smart Grid.

[13]  Ruggero Carli,et al.  A distributed method for state estimation and false data detection in power networks , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[14]  Kenneth Gade,et al.  The Seven Ways to Find Heading , 2016 .

[15]  George T. Flowers,et al.  Influence of Acoustic Noise on the Dynamic Performance of MEMS Gyroscopes , 2007 .

[16]  Fernando Trujano,et al.  Security Analysis of DJI Phantom 3 Standard , 2016 .

[17]  Dawu Gu,et al.  A Framework for the Analysis and Evaluation of Algebraic Fault Attacks on Lightweight Block Ciphers , 2016, IEEE Transactions on Information Forensics and Security.

[18]  Greg Welch,et al.  Welch & Bishop , An Introduction to the Kalman Filter 2 1 The Discrete Kalman Filter In 1960 , 1994 .

[19]  J. K. Mandal,et al.  Incorporating nonlinearities of measurement function in power system dynamic state estimation , 1995 .

[20]  P. Groves Principles of GNSS, Inertial, and Multisensor Integrated Navigation Systems, Second Edition , 2013 .

[21]  Ruixin Niu,et al.  System state estimation in the presence of false information injection , 2012, 2012 IEEE Statistical Signal Processing Workshop (SSP).

[22]  Wenyuan Xu,et al.  WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[23]  Bruno Sinopoli,et al.  False Data Injection Attacks in Electricity Markets , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[24]  George T. Flowers,et al.  A Characterization of the Performance of a MEMS Gyroscope in Acoustically Harsh Environments , 2011, IEEE Transactions on Industrial Electronics.

[25]  I. Kamwa,et al.  Dynamic State Estimation in Power System by Applying the Extended Kalman Filter With Unknown Inputs to Phasor Measurements , 2011, IEEE Transactions on Power Systems.

[26]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[27]  Gustavo Valverde,et al.  Unscented kalman filter for power system dynamic state estimation , 2011 .

[28]  Ying Jun Zhang,et al.  Defending mechanisms against false-data injection attacks in the power system state estimation , 2011, 2011 IEEE GLOBECOM Workshops (GC Wkshps).

[29]  Jun Hasegawa,et al.  Dynamic state estimation including anomaly detection and identification for power systems , 1982 .

[30]  Inseok Hwang,et al.  Cyber Attack Vulnerabilities Analysis for Unmanned Aerial Vehicles , 2012, Infotech@Aerospace.