Drone technology is difficult, to begin with. It requires a deep understanding of aerial dynamics, mechanics, manufacturing processes and electronics just to start off Now, if you want to reinforce the system with better automation capabilities, you need to have a great command over the communication protocols and software that is running on these systems. Congratulations, you now have the basic capabilities to compete with the thousands of drone companies around the globe.
But how do you stand out? Drone systems, though mechanically dynamic, are isolated in terms of their data transmission capabilities. Real-time data transmission happens only between the ground unit and the drone itself. UrbanMatrix Technologies (UMT) has been working hard over the past years to solve the real-time data communication problems that make drone operations seamless and the technology a painless venture for industries to adopt in their workflows.
One of the multiple uplinks that UMT has been working on is 4G. Discussion of the limitless capabilities of this system is beyond the talk of this article. You can find details of that over here. The current article focuses on the problem daughtered by technical advancements made in this direction, and how UrbanMatrix, from the beginning, had identified and has been working with QNu Labs, industry leaders in Quantum-Safe Cryptography, towards developing a completely secure data transmission framework for drones. We talk of it as a framework because it is independent of the communication channels involved, i.e., complete system security is ensured no matter what mode of communication is used
Let's try to develop an understanding of how communication complexity creeps into an aerial system as the number of components increases.
To begin with, you have a drone and a ground unit to control it with. There’s a simple 2-way communication happening in this configuration. Now let’s bring the cloud into the picture. The number of channels gets increased by two, I.e., the links between the GCS and the Cloud, and the drone and the Cloud. But simply bringing in the Cloud is not enough. If you really want to empower the organizations, you need to provide them with a Central Control Station to access and control their drones. For our 4G drones, we have developed a web-based console which we call the UMT Console.
Now, the communication complexity does not scale linearly with the addition of each channel. Also, each channel has its own protocol depending on the availability of computation power, network strength and tolerance of latency for that particular channel. For example, the drone and the GCS communicate via a high-speed radio link, whereas Cloud communications happen at 4G speeds with the help of HTTPS, WebSocket, and MQTT protocols to name a few. The major difference between the two is the optimization in terms of data packet sizes and their frequency of transmission. The former is much more stable in the range operations, but as a result, suffers from a low data rate. Whereas 4Gcommunication provides the ability to send much larger payloads but is unstable at higher altitudes.
Since drones are remotely controlled, they can be hijacked by bad actors. The USA Department of Homeland Security (DHS) stated, “Given their rapid technology advancement and proliferation, the public safety and homeland security communities must address the fact that drones can be used nefariously or maliciously to hurt people, disrupt activities, and damage infrastructure. ”Major cyber domain threats caused by drone activity are:
GPS spoofing. A way to take control of a drone. Attackers feed drones with false GPS coordinates and take full control of the platform. Security researchers have demonstrated how a hijacked drone can be used to hijack other drones, ending in a drone swarm under the control of cybercriminals. it is easy to realize that in such a case, the threat potential increases drastically and can be compared to the way botnets perform DDoS attacks, taking over a significant number of systems and Internet of Things (IoT) devices.
Downlink intercept. Allows a criminal to access all transmitted data between the drone and the controller. Since the majority of commercial drones systems interact with their base using unencrypted communication channels, they can become vulnerable to exploitation by a cyber-criminal who can intercept, modify and have access to sensitive data drone exchanges with the base such as pictures, videos, and flight paths.
Data exploitation. Critical infrastructure is protected in terms of digital and physical security. The use of drones can overcome physical security limitations and cybersecurity protections, as a mini-computer mounted on a small drone can approach sensitive areas undetected and carry out nefarious operations - mimic a Wi-Fi network to steal data, hijack Bluetooth peripherals, perform keylogging operations to steal sensitive passwords, and compromise access points, unsecured networks, and devices.
Drone Hijacking. An insecure drone system is prone to man-in-the-middle attacks. In this case, the attacker can take control over the UAV while injecting data into the GCS’s data stream which leads to the GCS operators in believing that they are still in control.
RSA Keys is one of the most popular private key generation algorithms. It is used for authentication and verifying the authenticity of data. The RSA public key algorithm is based on the difficulty of the factorization problem.
As we can see, the readily available encryption algorithms are quite efficient at providing a viable interface to solve security problems when set up against the current anti-encryption systems. But the threat lies not in the algorithms, but in what they take as inputs.
Encryption algorithms require certain numbers that act as seeds to generate cryptographic artefacts like master keys, salts, tokens and nonce. The ‘quality of randomness of these seeds is an important metric that decides how secure the cryptographic operation is.
Computer systems are inherently deterministic; therefore, they require a quantity known as entropy to generate random numbers. To generate entropy, operating systems use a variety of sources like noise from sensors, keyboard key-stroke timings and mouse movements to name a few. The higher the entropy, the less predictable is the randomness of the numbers generated.
Drone computing systems, being headless systems, have difficulty creating a big enough entropy pool for generating good-quality keys. These are simple devices which lack moving parts and human interface hardware to gather entropy from. Even if present, these do not stay booted on for long to ensure sufficient entropy collection for good-quality key generation.
UrbanMatrix has expertise in designing and manufacturing industrial drone systems along with world-class proprietary software infrastructure. It allows enterprises to not only control and manage drones but also effortlessly draw functional insights using integrated aerial data processing tools.
QOSMOS EaaS solution is a service designed to provide high-quality entropy source to devices, cloud and systems. The sources of entropy are based on quantum sources that provide the highest randomness possible which is unbiased.
UrbanMatrix infrastructure constitutes of Drone Ground Station and Drones (On-Field). Drones (On Field) need to send good-quality video to Ground Station over a secure channel. To secure the communication between Drone Ground Station and Drones (On-Field), Quantum Enabled keys are generated and used to establish a secure session between Drone Ground Station and Drones (On-Field). Once a secure session is established, the data (Files/Videos) are transmitted from Drones(On-Field) to the nearest Drone Ground station.
UrbanMatrix’s solution network has the following components
Drone. Running the Matrix-OS with capabilities of sending real-time telemetry data and live video footage over the 4G network to the cloud. Matrix-OS is capable of tackling much heavier computing needs that RTOS-based flight controllers are not able to handle.
Ground Station. Providing an interface for the pilots to plan complex missions and interact with Matrix-OS. It works in tandem with Matrix-OS and the cloud to handle pilot authentication before each flight.
Management Server. Centralized server to handle drone and pilot authentication. It handles the inflow of large amounts of telemetry data, and drone health monitoring while maintaining user data security using state-of-the-art cryptography technologies.
State-of-the-art live stream Server. A dedicated server to handle the inflow/outflow of live video streams in secure channels. The entire pipeline is highly optimized to provide stable aerial video at sub-second latencies.
UMT Console. Built for the organizations. It provides a front end to view the live video stream and the real-time telemetry. Organizations can manage drone access permissions for pilots.
Mitigate Potential Attacks
a) Message reply
c) DNS Poisoning
Quantum-Safe. Qosmos remote quantum random numbers as seeds for the systems for the protection of data at rest and in transit. The Laws of quantum physics assure 100% randomness and cannot be predictable
Integration. Qosmos is integrated into client architecture without any disruption and works as an additional layer providing the required security
NIST Reference Architecture. Qosmos uses NIST architecture to establish a standard way of accepting keys
Randomness. Entropy is of the highest level as it is generated from a quantum source. 100% true randomness is promised by the laws of quantum physics. The unpredictability of keys promises the highest level of cryptographic keys where 1600-2000KB of entropy will be requested from the QNu server for each key generation.
Speed. Assures high throughput required for digital devices such as IoT, embedded systems, cloud, 5G and other applications. Keys will be re-generated every two months.
Lack of Patterns. Being a step ahead in cybersecurity threats is the need of the hour. Qosmos provides a steady supply of new information, free of patterns that hackers cannot predict and exploit.
Private companies. Drones find their use in the private sector mainly for inspections and surveys. 4G communication enables access to live footage from all around the globe. Such operations require high data security to avoid theft or manipulation of data by competitors. As the central control station can be used to control the drone remotely to a certain extent, the security of this channel is necessary to prevent interference from external parties, which could lead to drone crashes or misuse around sensitive or dangerous locations.
Government clients. Governments often use drones for land, road, railway and agricultural surveys, and damage estimation after natural disasters and are currently experimenting with relief provision to areas affected by floods and hurricanes and other inhospitable locations. Once again, the fidelity of data is of utmost importance during surveys and in the case of relief provision, hijacked drones could be detrimental to hundreds of civilians. Government operations in the future could see drones being employed out of the pilot’s visual range (BVLOS) and in such situations, stable and secure communication with the central control station through 4G is necessary for consistent data logging and remote control if needed.
Defense. Drones are employed in defense for border security, asset tracking and general surveillance. Interference in the drone feed could easily lead to miscommunication and falsified data. Hijacking a drone in a sensitive area would render monitoring agencies blind while coordinating operations in that location. Further, unauthorized access to drones in secure regions could easily leak sensitive information or expose weaknesses in security. With such high stakes, encryption of these channels is of the essence, as 4G communication could allow a wider sharing of resources and coordination between forces.
Drone technology is difficult to begin with. It requires a deep understanding of aerial dynamics, mechanics, manufacturing processes and electronics just to.......