University of Virginia research protects UAS from cyber-attackers

Technology to protect unmanned aerial systems from cyber-attacks that can hijack an aircraft or steal the data it’s collecting has been successfully demonstrated by the University of Virginia.

The university’s System-Aware Cybersecurity concept and Secure Sentinel technology were tested in collaboration with Georgia Tech Research Institute through a series of live flight cyber-attack scenarios.

“The networks and the perimeters surrounding systems can’t be fully depended upon for security,” said Barry Horowitz, project leader and professor of Systems and Information Engineering at the University of Virginia. “They’re good, but they’re not good enough.”

The challenge was to design a monitoring technology—a sentinel—that’s more secure than the UAV it’s protecting and that’s capable of thwarting whatever the cyber-attacker is attempting to do.

“We came up with the idea that we could monitor data flowing within a system to see if it’s operating logically or consistently,” Horowitz said. “For example, if a turbine’s turning faster, its temperature should be getting warmer. If you see the temperature going up but the speed going down, there’s something illogical. It conceivably could be someone fooling with it.”

Determining the types of cyber-attacks someone might launch against a UAV wasn’t as difficult as Horowitz and his team anticipated.  

“Let’s go on an unmanned vehicle and look at all the crazy things someone might do that would make you very unhappy,” Horowitz said. “It turns out that the list is shorter than the list of all the things someone could do to you that wouldn’t make you unhappy.”

The five-day unmanned aerial vehicle demonstration (UAV) duplicated the most likely threat scenarios in real-world situations, which include ground-based cyber-attacks, insider-initiated attacks and supply chain interdictions.

As Horowitz explained, ground-based cyber-attacks occur when an unauthorized UAV operator attempts to take control of the aircraft. An insider attack is when someone in an organization alters the UAV to bypass security measures. A supply chain attack happens when a manufacturer embeds instructions in its electronics to bypass security or make the UAV perform other than planned.

“Our current cyber-attack approaches tend to be general,” Horowitz noted. “Is bad data coming through the network? It doesn’t say what it’s going to do. It just says it’s there.”

The System-Aware Cybersecurity and Secure Sentinel systems use a different approach.

“We’re not just looking for bad data,” he explained. “We’re looking for data that’s doing something we don’t want it to do. We want to be prepared to notice it and restore back from whatever’s happening.”

Horowitz said the monitoring functions were relatively simple to program. For example, whether or not the UAV’s pilot sent a command is a yes or no answer.

“It took less than 300 lines of software for each of the monitoring things we did, a very small amount of software,” he said.

The system monitor was built from multiple computer boards, multiple operating systems and multiple software renditions—all off-the-shelf technology.

“We put that all in a box and then dynamically change which one is monitoring which function at which time and change that every few seconds,” Horowitz said.

The dynamic shifting of the hardware and software—called configuration hopping—is extremely difficult to defeat. The adversary doesn’t know which piece of hardware or bit of software is monitoring which UAV function at any given moment.

If the monitor detects a cyber-attack, it accesses and restores the UAV’s original flight plan, which is stored in tamper-proof encrypted memory.

“The unique thing about what we’re doing is that these monitors can be put in after the systems are designed and built,” Horowitz noted. “It’s monitoring what they’re doing. They don’t have to be designed concurrently.”

Horowitz said that although the technology demonstration was a successful first step, there’s still much to learn about UAS cyber-security. Staying ahead of emerging cyber-attack threats is one of the greatest challenges.

“Can you keep the cost under control and can you add new functions because the attacks keep changing?” he asked. “This is not a one-time thing. We might be done for this year, but what will they do next year?”

The Secure Sentinel technology was developed through a university-affiliated research center sponsored by the U.S. Department of Defense, Office of the Secretary of Defense. The University of Virginia has licensed the technology to Mission Secure Inc., which commercializes security solutions for the military, intelligence and civil sectors.