The System-Aware Secure Sentinel against drone hacking

The System-Aware Secure Sentinel system is the solution able to prevent cyber attacks against drones by detecting “illogical behaviors” of the vehicle.

The US Defense has sponsored the development of the System-Aware Secure Sentinel, a system to shield unmanned aerial vehicles from cyber-attacks. The system developed with funds from the US Department of Defense, the project involved research teams at the Georgia Institute of Technology and the University of Virginia.

Drones are widely used in both military and private industry, but threat actors are increasing the number of cyber attacks against these versatile vehicles.  As military and commercial drone use continues to grow in a significant way, protecting them against cyber attacks will become a priority.

For this reason, the US Government is investing to improve the resilience through research and development of new solutions.

The System-Aware Secure Sentinel is a new system designed to detect “illogical behavior” compared to normal operating patterns of the aircraft.

“Detections can serve to initiate automated recovery actions and alert operators of the attack,” explained Barry Horowitz, a systems and information engineer at the University of Virginia in Charlottesville.

The system is crucial to prevent cyber attack against US drones that could cause damages or hijacking of the vehicles, as happened in 2011 when a US spy drone RQ-170 Sentinel drone was brought down by Iranians cyber units while it was flying in the country.

The Iranian Government claimed to have hit the drone with a “spoofing” attack that allowed to force the UAV landing in the territories controlled by Iranian militia.

“The principle behind the GPS spoofing attack is that sending to control system of the drone fake geographic coordinates it is possible to deceive the on board system hijacking the vehicle in a different place for which it is commanded.

A similar attack is possible due the leak of use of encrypted GPS signal, a common occurrence for civilian aviation, according to Noel Sharkey, co-founder of the International Committee for Robot Arms Control.

“It’s easy to spoof an unencrypted drone. Anybody technically skilled could do this – it would cost them some £700 for the equipment and that’s it,” Last year he declared to the BBC News.

A UAV could be directed somewhere using its GPS, a spoofer can make drone think it’s somewhere else and make it crash into a specific target, contrary to what we can think it wouldn’t be too hard for a very skilled attacker to manipulate an unencrypted signal sent to a drone and spoof them.” I wrote in a past blog post.

The test session stressed the capabilities of the System-Aware Secure Sentinel on four different areas:

• GPS data;
• location data;
• information about imagery;
• on-board surveillance and control of payloads and took place over five days;

and as explained by the researchers the test results are exciting, the system was able to detect cyber-attacks in evry circumstance.

“The inflight testing gauged the effectiveness of the countermeasure technology in hardening the unmanned system’s cyber agility and resiliency under attack conditions,” the researchers said.

The University of Virginia recently licensed the technology to software firm Mission Secure Inc., which is currently working to commercialize the solution.

Pierluigi Paganini

(Security Affairs –  drone hacking, System-Aware Secure Sentinel)