UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University...
-
Upload
thomas-may -
Category
Documents
-
view
216 -
download
0
Transcript of UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University...
![Page 1: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/1.jpg)
UAV Integration: Privacy and Security Hurdles
Todd Humphreys | Aerospace EngineeringThe University of Texas at Austin
Royal Institute of Navigation UAV Conference | February 12, 2013
![Page 2: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/2.jpg)
• University of Texas Radionavigation Lab graduate students Jahshan Bhatti, Kyle Wesson, Ken Pesyna, Zak Kassas, Daniel Shepard, and Andrew Kerns
Acknowledgements
![Page 3: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/3.jpg)
• February 2012: President Obama signs an Act mandating that the FAA draw up a plan by 2015 to integrate unmanned aerial vehicles into the national airspace.
• Key early milestone: By August, 2012, FAA must select 6 test sites in U.S. where integration exercises can begin.
• Still waiting …
2012 FAA Modernization Act
![Page 4: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/4.jpg)
• Privacy: Low cost, ease of use eliminate practical privacy protections
• Security: (1) Secure navigation, (2) secure command and control, (3) secure sense and avoid, and (4) secure telemetry (e.g., video feed)
Hurdles to Integration
![Page 5: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/5.jpg)
• U.S. Supreme Court Precedent is fairly clear: No expectation of privacy in open fields (e.g. in backyards) that are naked-eye-visible from public airways (e.g., Florida v. Riley)
• Surveillance of U.S. citizens from manned domestic aircraft is routine
• But the news is abuzz with drones; citizens nervous; Virginia has passed a broad law against drones; Texas legislators trying
• Why? What is new here?
Privacy (1/2)
![Page 6: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/6.jpg)
• Why? Because UAVs could change the balance• Could eliminate a practical privacy protection: high
cost and inconvenience of manned surveillance aircraft
• Growing realization that citizens do, in fact, have an expectation of privacy even when in public places: an expectation to not be continuously monitored
• Decision and concurring opinions in U.S. v. Jones suggests that SCOTUS sympathetic to this expectation
Privacy (2/2)
![Page 7: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/7.jpg)
• No blanket injunction against imagery of private citizens on private land (bad for hobbyists and researchers)
• Apply Peeping Tom/ Improper Photography laws • “Cone of transparency” for non-hobbyist UAVs:
data on owner and purpose of UAVs above you should be readily accessible
• If problem worsens, perhaps a Texas solution: authorize property owners to shoot at unidentified UAVs over their property
Privacy Recommendations
![Page 8: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/8.jpg)
• Privacy: Low cost, ease of use eliminate practical privacy protections
• Security: (1) Secure navigation, (2) secure command and control, (3) secure sense and avoid, and (4) secure telemetry (e.g., video feed)
Hurdles to Integration
![Page 9: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/9.jpg)
GPS Jammers
![Page 10: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/10.jpg)
GPS Spoofer
![Page 11: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/11.jpg)
University of Texas Spoofing Testbed
![Page 12: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/12.jpg)
![Page 13: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/13.jpg)
Internet or LAN
Receive Antenna External Reference Clock
Control Computer
GPS Spoofer
UAV coordinates from tracking system
Transmit Antenna
Spoofed Signals as a “Virtual Tractor Beam”
Target UAV
Commandeering a UAV via GPS Spoofing
![Page 14: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/14.jpg)
UAV Video
![Page 15: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/15.jpg)
• RAIM was helpful for spoofing: we couldn’t spoof all signals seen by UAV due to our reference antenna placement, but the Hornet Mini’s uBlox receiver rejected observables from authentic signals, presumably via RAIM.
• 5-8 dB power advantage is required for clean capture: A matched-power takeover leads to large (50-100 m) multipath-type errors as the authentic and counterfeit signals interact.
• The UAV’s heavy reliance on altimeter for vertical position was easily overcome by a large vertical GPS velocity.
Observations (1/2)
![Page 16: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/16.jpg)
• GPS capture breaks flight controller’s feedback loop; now spoofer must play the role formerly assumed by GPS. Implication: Fine control of UAV requires accurate radar or LIDAR UAV tracking system.
• Seamless capture (no code or carrier phase unlock) requires target position knowledge to within ~50 m and velocity knowledge better than ~2 m/s. This is quite challenging for small UAV targets at long stand-off ranges (e.g., several km).
• Compensating for all system and geometric delays to achieve meter-level alignment is challenging but quite possible.
Observations (2/2)
![Page 17: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/17.jpg)
• Require navigation systems for UAVs above 18 lbs to be certified “spoof-resistant”
• Require navigation and timing systems in critical infrastructure to be certified “spoof-resistant”
• “Spoof resistant” defined by ability to withstand or detect civil GPS spoofing in a battery of tests performed in a spoofing testbed (e.g., TEXBAT)
RecommendationsFrom testimony to House Committee on Homeland Security, July 19, 2012
![Page 18: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/18.jpg)
• Privacy: Low cost, ease of use eliminate practical privacy protections
• Security: (1) Secure navigation, (2) secure
command and control, (3) secure sense and avoid, and (4) secure telemetry (e.g., video feed)
Hurdles to Integration
![Page 19: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/19.jpg)
• Many in the aviation community believe that the only sense and avoid (SAA) technology that is broadly applicable to all UAV will be based on Automatic Dependent Surveillance-Broadcast (ADS-B)
• ADS-B: Each aircraft periodically (e.g., 1 Hz) broadcasts an identifier, a position, and velocity
Secure Sense and Avoid
Problem: FAA introduced no provision for authentication in ADS-B broadcast
![Page 20: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/20.jpg)
ADS-B False Injection Attack
Magazu, Mills, Butts, Robinson, “Exploiting the ADS-B System via False Target Injection,” JAAP, fall 2012
![Page 21: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/21.jpg)
ADS-B False Injection Attack
Magazu, Mills, Butts, Robinson, “Exploiting the ADS-B System via False Target Injection,” JAAP, fall 2012
![Page 22: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/22.jpg)
Altering Live ADS-B Data
Magazu, Mills, Butts, Robinson, “Exploiting the ADS-B System via False Target Injection,” JAAP, fall 2012
The ability to read live ADS-B broadcasts and generate slightly altered versionsof these should be of significant concern to the FAA: How will ground radarpick out the right aircraft from within a “cloud” of nearby phantom aircraft?
![Page 23: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/23.jpg)
Root ProblemFAA’s organization and culture has historically targeted safety and efficiency, not security: 96-page NextGen Implementation Plan (2011) references safety over 100 times, efficiency at least 50 times, security less than 5 times.
![Page 24: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/24.jpg)
Recommendations• Strongly consider re-designing ADS-B• Broadcasts still in the clear• Each broadcast signed using a public/private-key
framework • Revised broadcast would need to be significantly
lengthened to ensure digital signature strength• Update key database before flight• Use Iridium satellite constellation for en-route key
management (e.g., key revocation)
A re-design would set NextGen back years.
![Page 25: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/25.jpg)
• Privacy: Legislate privacy protections that are acceptable to the public without stifling nascent commercial UAV industry
• Security: (1) Develop secure/robust navigation technology, (2) require encrypted command and control links (with master keys for law enforcement), (3) find a secure and broadly applicable sense and avoid technology (e.g., re-design ADS-B), and (4) encrypt telemetry (e.g., video feed)
UAV Integration: Summary of Challenges
![Page 26: UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.](https://reader036.fdocuments.in/reader036/viewer/2022081516/56649d935503460f94a7ac98/html5/thumbnails/26.jpg)
radionavlab.ae.utexas.edu