research-article

Security, Privacy, and Safety Aspects of Civilian Drones: A Survey

Authors:
Riham Altawy

Concordia Institute for Information Systems Engineering, Concordia University, Montréal, Québec, Canada

Concordia Institute for Information Systems Engineering, Concordia University, Montréal, Québec, Canada
View Profile

,
Amr M. Youssef

Concordia Institute for Information Systems Engineering, Concordia University, Montréal, Québec, Canada

Concordia Institute for Information Systems Engineering, Concordia University, Montréal, Québec, Canada
View Profile

ACM Transactions on Cyber-Physical Systems Volume 1 Issue 2Article No.: 7pp 1–25https://doi.org/10.1145/3001836

Published:09 November 2016Publication History

ACM Transactions on Cyber-Physical Systems

Abstract

The market for civilian unmanned aerial vehicles, also known as drones, is expanding rapidly as new applications are emerging to incorporate the use of civilian drones in our daily lives. On one hand, the convenience of offering certain services via drones is attractive. On the other hand, the mere operation of these airborne machines, which rely heavily on their cyber capabilities, poses great threats to people and property. Also, while the Federal Aviation Administration NextGen project aims to integrate civilian drones into the national airspace, the regulation is still a work-in-progress and does not cope with their threats. This article surveys the main security, privacy, and safety aspects associated with the use of civilian drones in the national airspace. In particular, we identify both the physical and cyber threats of such systems and discuss the security properties required by their critical operation environment. We also identify the research challenges and possible future directions in the fields of civilian drone security, safety, and privacy. Based on our investigation, we forecast that security will be a central enabling technology for the next generation of civilian unmanned aerial vehicles.

References

Michal Addady. 2015. The number of drones expected to sell during the holiday seasons is caring the government. Retrieved from http://fortune.com/2015/09/29/drones-holiday-sales/.Google Scholar
Riham AlTawy and Amr M. Youssef. 2016. Security tradeoffs in cyber physical systems: A case study survey on implantable medical devices. IEEE Access 4 (2016), 959--979. Google ScholarCross Ref
Shankar Sastry Alvaro A. Cardenas, Saurabh Amin. 2008. Secure control: Towards survivable cyber-physical systems. In Proceedings of the 28th International Conference on Distributed Computing Systems Workshops. 495--500. Google ScholarDigital Library
Amazon. 2015. Amazon revising the airspace model for the safe integration of small Unmanned Aircraft Systems. Retrieved from http://utm.arc.nasa.gov/docs/Amazon_RevisingtheAirspaceModelfortheSafeIntegrationofUAS{6}.pdf.Google Scholar
Plamen Angelov. 2012. Sense and Avoid in UAS: Research and Applications. John Wiley 8 Sons.Google Scholar
Ilker Bekmezci, Ozgur Koray Sahingoz, and Şamil Temel. 2013. Flying ad-hoc networks (FANETs): A survey. Ad Hoc Netw. 11, 3 (2013), 1254--1270. Google ScholarDigital Library
Mihir Bellare and Chanathip Namprempre. 2000. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology-ASIACRYPT, Tatsuaki Okamoto (Ed.), Vol. 1976. Springer, 531--545. Google ScholarDigital Library
Bench.crypto. 2016. Computers used for benchmarking cryptographic systems. Retrieved from https://bench.cr.yp.to/computers.html.Google Scholar
Brett Bethke, Mario Valenti, and Jonathan P. How. 2008. UAV task assignment. IEEE Robot. Autom. Mag. 15, 1 (2008), 39--44. Google ScholarCross Ref
Zachary Birnbaum, Andrey Dolgikh, Victor Skormin, Edward O’Brien, and Dirk Muller. 2014. Unmanned aerial vehicle security using recursive parameter estimation. In Proceedings of the International Conference on Unmanned Aircraft Systems. IEEE, 692--702. Google ScholarCross Ref
Zachary Birnbaum, Andrey Dolgikh, Victor Skormin, Edward O’Brien, Daniel Muller, and Christina Stracquodaine. 2015. Unmanned aerial vehicle security using behavioral profiling. In Proceedings of the International Conference on Unmanned Aircraft Systems. 1310--1319. Google ScholarCross Ref
Ioana Boureanu, Aikaterini Mitrokotsa, and Serge Vaudenay. 2014. Towards secure distance bounding. In Fast Software Encryption (Lecture Notes in Computer Science), Shiho Moriai (Ed.), Vol. 8424. Springer, 55--67. Google ScholarCross Ref
Michael J. Boyle. 2015. The race for drones. Orbis 59, 1 (2015), 76--94. Google ScholarCross Ref
David A. Brown, Geoffrey Cooper, Ian Gilvarry, Anand Rajan, Alan Tatourian, Ramnath Venugopalan, David Wheeler, and Meiyuan Zhao. 2015. Automotive security best practices. Retrieved from www.mcafee.com/ca/resources/white.../wp-automotive-security.pdf.Google Scholar
Guowei Cai, Jorge Dias, and Lakmal Seneviratne. 2014. A survey of small-scale unmanned aerial vehicles: Recent advances and future development trends. Unmanned Syst. 2, 02 (2014), 175--199. Google ScholarCross Ref
Silvia Gil Casals, Philippe Owezarski, and Gilles Descargues. 2013. Generic and autonomous system for airborne networks cyber-threat detection. In Proceedings of the IEEE/AIAA 32nd Digital Avionics Systems Conference. 4A4--1--4A4--14.Google Scholar
Rohan Chabukswar. 2014. Secure Detection in Cyberphysical Control Systems. PhD thesis, Carnegie Mellon University.Google Scholar
Laurent Ciarletta, Loïc Fejoz, Adrien Guenard, and Nicolas Navet. 2016. Development of a safe CPS component: The hybrid parachute, a remote termination add-on improving safety of UAS. In Embedded Real-Time Software and Systems. 2016, 1--10. Retrieved from http://hdl.handle.net/10993/23406.Google Scholar
Roger Clarke. 2014. Understanding the drone epidemic. Comput. Law Secur. Rev. 30, 3 (2014), 230--246. Google ScholarCross Ref
Chris Constantinides and Paul Parkinson. 2008. Security challenges in UAV development. In Proceedings of the IEEE/AIAA Digital Avionics Systems Conference. IEEE, 1.C.1-1--1.C.1-8. Google ScholarCross Ref
Carol Cratty. 2013. FBI uses drones for surveillance in U.S. Retrieved from http://www.cnn.com/2013/06/19/politics/fbi-drones/.Google Scholar
Jordan Crook. 2013. Infamous hacker creates SkyJack to hunt, hack, and control otherdrones. Retrieved from http://techcrunch.com/2013/12/04/infamous-hacker-creates-skyjack-to-hunt-hack-and-control-other-drones/.Google Scholar
Joan Daemen and Vincent Rijmen. 2013. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer Science 8 Business Media.Google Scholar
Sacco de Vries. 2005. UAV and Control Delays. Retrieved from http://oai.dtic.mil/oai/oai?verb=getRecord8metadataPrefix=html8identifier=ADA454251.Google Scholar
Eddy Deligne. 2012. ARDrone corruption. J. Comput. Virol. 8, 1--2 (2012), 15--27. Google ScholarDigital Library
Dorothy E. Denning and Peter F. MacDoran. 1996. Location-based authentication: Grounding cyberspace for better security. Comput. Fraud Secur. 1996, 2 (1996), 12--16. Google ScholarCross Ref
Kurt Dietrich and Johannes Winter. 2009. Implementation aspects of mobile and embedded trusted computing. In Proceedings of Trusted Computing, Liqun Chen, Chris J. Mitchell, and Andrew Martin (Eds.). Springer, 29--44. Google ScholarDigital Library
Donna A. Dulo. 2015. Unmanned aircraft: The rising risk of hostile takeover. IEEE Technol. Soc. Mag. 34, 3 (2015), 17--19. Google ScholarCross Ref
Noam Eshel. 2015. A mini UAV becomes a suicide drone. Retrieved from http://aviationweek.com/paris-air-show-2015/mini-uav-becomes-suicide-drone-0.Google Scholar
FAA.gov. 2015. Next Generation Air Transportation System (NextGen). Retrieved from https://www.faa.gov/nextgen/.Google Scholar
FAA.gov. 2016. FAA special airworthiness certificate. Retrieved from https://www.faa.gov/aircraft/air_cert/airworthiness_certification/sp_awcert/.Google Scholar
Michelle S. Faughnan, Brian J. Hourican, G. Collins MacDonald, Megha Srivastava, J. A. Wright, Yacov Y. Haimes, Eva Andrijcic, Zhenyu Guo, and James C. White. 2013. Risk analysis of unmanned aerial vehicle hijacking and methods of its detection. In Proceedings of the IEEE Systems and Information Engineering Design Symposium. IEEE, 145--150. Google ScholarCross Ref
Stephen George. 2015. FAA Unmanned Aircraft Systems (UAS): cyber security initiatives. (2015). Retrieved from http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2015-02/2015-feb_george-ispab.pdf.Google Scholar
Kim Gittleson. 2014. Data-stealing Snoopy drone unveiled at Black Hat - BBC News. Retrieved from http://www.bbc.com/news/technology-26762198.Google Scholar
Song Han, Miao Xie, Hsiao-Hwa Chen, and Yun Ling. 2014. Intrusion detection in cyber-physical systems: Techniques and challenges. IEEE Syst. J. 8, 4 (2014), 1049--1059.Google Scholar
Klaus Hartmann and Christoph Steup. 2013. The vulnerability of UAVs to cyber attacks-an approach to the risk assessment. In Proceedings of the 5th International Conference on Cyber Conflict. IEEE, 1--23.Google Scholar
Kelly Hodgkins. 2015. Anti-drone shoulder rifle lets police take control of UAVs with radio pulses. (2015). Retrieved from http://www.digitaltrends.com/cool-tech/battle-innovations-anti-drone-gun/.Google Scholar
Graeme Horsman. 2016. Unmanned aerial vehicles: A preliminary analysis of forensic challenges. Dig. Invest. 16 (2016), 1--11. Google ScholarDigital Library
Andrew J. Kerns, Daniel P. Shepard, Jahshan A. Bhatti, and Todd E. Humphreys. 2014. Unmanned aircraft capture and control via GPS spoofing. J. Field Robot. 31, 4 (2014), 617--636. Google ScholarDigital Library
Siddhartha Khaitan and James D. McCalley. 2015. Design techniques and applications of cyberphysical systems: A survey. IEEE Syst. J. 9, 2 (June 2015), 350--365. Google ScholarCross Ref
Dong-Sung Kim, Young Sam Lee, Wook Hyun Kwon, and Hong Seong Park. 2003. Maximum allowable delay bounds of networked control systems. Contr. Eng. Pract. 11, 11 (2003), 1301--1313. Google ScholarCross Ref
David Kovar. 2015. Forensic analysis of sUAS (aka) drones. In Digital Forensics and Incident Response Summit (1st ed.). Retrieved from https://files.sans.org/summit/Digital_Forensics_and_Incident_Response_Summit_2015/PDFs/ForensicAnalysisofsUASakaDronesDavidKovar.pdf.Google Scholar
Tomáš Krajník, Vojtěch Vonásek, Daniel Fišer, and Jan Faigl. 2011. AR-drone as a platform for robotic research and education. In Research and Education in Robotics-EUROBOT. Springer, 172--186. Google ScholarCross Ref
Legal Information Institute. 2016. Fourth Amendment. Retrieved from https://www.law.cornell.edu/wex/fourth_amendment.Google Scholar
Leszek T. Lilien, Lotfi Ben Othmane, Pelin Angin, Andrew DeCarlo, Raed M. Salih, and Bharat Bhargava. 2014. A simulation study of ad hoc networking of UAVs with opportunistic resource utilization networks. J. Netw. Comput. Appl. 38 (2014), 3--15. Google ScholarDigital Library
Sharon Lozano. 2016. First steps toward drone traffic management. Retrieved from http://www.nasa.gov/feature/ames/first-steps-toward-drone-traffic-management.Google Scholar
Katrina Mansfield, Timothy Eveleigh, Thomas H. Holzer, and Shahryar Sarkani. 2013. Unmanned aerial vehicle smart device ground control station cyber security threat model. In Proceedings of the IEEE International Conference on Technologies for Homeland Security. IEEE, 722--728. Google ScholarCross Ref
Douglas M. Marshall, Richard K. Barnhart, Eric Shappee, and Michael Thomas Most. 2015. Introduction to Unmanned Aircraft Systems. CRC Press.Google Scholar
Donald McCallie, Jonathan Butts, and Robert Mills. 2011. Security analysis of the ADS-B implementation in the next generation air transportation system. Int. J. Crit. Infrastruct. Protect. 4, 2 (2011), 78--87. Google ScholarCross Ref
Nils Melzer. 2013. Human Rights Implications of the Usage of Drones and Unmanned Robots in Warfare. European Parliament’s Subcommittee on Human Rights.Google Scholar
Alfred J. Menezes, Scott A. Vanstone, and Paul C. Van Oorschot. 1996. Handbook of Applied Cryptography (1st ed.). CRC Press, Inc., Boca Raton, FL. Google ScholarDigital Library
Robert Mitchell and Ray Chen. 2014. Adaptive intrusion detection of malicious unmanned air vehicles using behavior rule specifications. IEEE Trans. Syst. Man Cybernet.: Syst. 44, 5 (2014), 593--604. Google ScholarCross Ref
Yilin Mo and Bruno Sinopoli. 2010. False data injection attacks in control systems. In Proceedings of the 1st Workshop on Secure Control Systems.Google Scholar
Fihri Mohammed, Ahmed Idries, Nader Mohamed, Jameela Al-Jaroodi, and Imad Jawhar. 2014. UAVs for smart cities: Opportunities and challenges. In Proceedings of the International Conference on Unmanned Aircraft Systems. IEEE, 267--273. Google ScholarCross Ref
Dieter Moormann. 2015. DHL parcelcopter research flight campaign 2014 for emergency delivery of medication. In Proceedings of the ICAO RPAS Symposium.Google Scholar
NASA. 2013. NASA - Helios. Retrieved from http://www.nasa.gov/centers/dryden/news/ResearchUpdate/Helios/.Google Scholar
BBC News. 2014. Pentagon to use drones to create remote wi-fi hotspots. Retrieved from http://www.bbc.com/news/technology-27019389.Google Scholar
NoFlyZone. 2016. NoFlyZone.org. Retrieved from https://www.noflyzone.org/about.Google Scholar
Pierluigi Paganini. 2015a. A hacker developed Maldrone, the first malware for drones. Retrieved from http://securityaffairs.co/wordpress/32767/hacking/maldrone-malware-for-drones.html.Google Scholar
Pierluigi Paganini. 2015b. ZigBee-sniffing drone used to map online Internet of Things. Retrieved from http://securityaffairs.co/wordpress/39143/security/drone-internet-of-things.html.Google Scholar
Albert Rango, Andrea Laliberte, Caiti Steele, Jeffrey E. Herrick, Brandon Bestelmeyer, Thomas Schmugge, Abigail Roanhorse, and Vince Jenkins. 2006. Using unmanned aerial vehicles for rangelands: Current applications and future potentials. Environ. Pract. 8, 03 (2006), 159--168. Google ScholarCross Ref
Theodore Reed, Joseph Geis, and Sven Dietrich. 2011. SkyNET: A 3G-enabled mobile attack drone and stealth botmaster. In Proceedings of the 5th USENIX Conference on Offensive Technologies. 28--36. Google ScholarDigital Library
J. E. Reich. 2015. Guards are battling contraband-smuggling drones at US prisons. Retrieved from http://www.techtimes.com/articles/104020/20151106/drones-prisons-guards.htm.Google Scholar
Michael Robinson, Kevin Jones, and Helge Janicke. 2015. Cyber warfare: Issues and challenges. Comput. Secur. 49 (2015), 70--94. Google ScholarDigital Library
Lea Rosen. 2013. Drones and the digital panopticon. XRDS 19, 3 (March 2013), 10--10. Google ScholarDigital Library
Krishna Sampigethaya, Radha Poovendran, Sudhakar Shetty, Terry Davis, and Chuck Royalty. 2011. Future e-enabled aircraft communications and security: The next 20 years and beyond. Proc. IEEE 99, 11 (Nov 2011), 2040--2055. Google ScholarCross Ref
Daniel P. Shepard, Jahshan A. Bhatti, Todd E. Humphreys, and Aaron A. Fansler. 2012. Evaluation of smart grid and civilian UAV vulnerability to GPS spoofing attacks. In Proceedings of the Institute of Navigation GNSS Meeting, Vol. 3.Google Scholar
Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, Yongdae Kim, and others. 2015. Rocking drones with intentional sound noise on gyroscopic sensors. In Proceedings of the 24th USENIX Conference on Security Symposium. USENIX Association, 881--896. Google ScholarDigital Library
Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. Des. Test Comput. 27, 1 (Jan 2010), 10--25. Google ScholarDigital Library
T. U. Delft. 2014. TU Delft’s ambulance drone drastically increases chances of survival of cardiac arrest patients. Retrieved from http://www.tudelft.nl/en/current/latest-news/article/detail/ambulance-drone-tu-delft-vergroot-overlevingskans-bij-hartstilstand-drastisch/.Google Scholar
Tavish Vaidya and Micah Sherr. 2015. Mind your (R,Φ)s: Location-based privacy controls for consumer drones. In Security Protocols XXIII(LNCS), Bruce Christianson, Petr Švenda, Vashek Matyáš, James Malcolm, Frank Stajano, and Jonathan Anderson (Eds.), Vol. 9379. Springer, 80--90. Google ScholarDigital Library
Nick Valencia and Michael Martinez. 2015. Drone carrying drugs crashes south of U.S. border. (2015). Retrieved from http://www.cnn.com/2015/01/22/world/drug-drone-crashes-us-mexico-border/.Google Scholar
Peter VAN Blyenburgh. 2003. Furthering the Introduction of UAVs/ROA Into Civil Managed Airspace. Technical Report. DTIC Document.Google Scholar
John Villasenor. 2014. Drones and the future of domestic aviation {Point of view}. Proc. IEEE 102, 3 (2014), 235--238. Google ScholarCross Ref
Matthew Waller, Zachary Williams, Jason E. Lueg, and Stephen A. LeMay. 2008. Supply chain security: An overview and research agenda. Int. J. Logist. Manag. 19, 2 (2008), 254--281. Google ScholarCross Ref
Hengqing Wen, Peter Yih-Ru Huang, John Dyer, Andy Archinal, and John Fagan. 2005. Countermeasures for GPS signal spoofing. In Proceedings of the Institute of Navigation GNSS Meeting. 13--16.Google Scholar
Kyle Wesson and Todd Humphreys. 2013. Hacking drones. Sci. Am. 309, 5 (2013), 54--59. Google ScholarCross Ref
Martyn Williams. 2015. NEC’s surveillance system will detect, track drones. (2015). Retrieved from http://www.pcworld.com/article/2990525/necs-surveillance-system-will-detect-track-drones.html.Google Scholar
Marko Wolf. 2009. Security Engineering for Vehicular IT Systems. Vieweg+Teubner Research. Google ScholarDigital Library
Jongho Won, Seung-Hyun Seo, and Elisa Bertino. 2015. A secure communication protocol for drones and smart objects. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. ACM, 249--260. Google ScholarDigital Library
Allen D. Wu, Eric N. Johnson, Michael Kaess, Frank Dellaert, and Girish Chowdhary. 2013. Autonomous flight in GPS-denied environments using monocular vision and inertial sensors. J. Aerospace Inform. Syst. 10, 4 (2013), 172--186. Google ScholarCross Ref
Qiang Xu, Rong Zheng, Walid Saad, and Zhu Han. 2016. Device fingerprinting in wireless networks: Challenges and opportunities. IEEE Commun. Surv. Tutor. 18, 1 (2016), 94--104. Google ScholarCross Ref
Xiaohua Zhai, Jian’an Liu, Zhengzai Qian, and Gongcai Xin. 2010. Research on UAV degrade control system under sensor fault state. In Proceedings of the 2nd WRI Global Congress on Intelligent Systems, Vol. 2. IEEE, 20--23. Google ScholarDigital Library

Index Terms

Security, Privacy, and Safety Aspects of Civilian Drones: A Survey
1. General and reference
  1. Document types
    1. Surveys and overviews
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Systems security

Recommendations

Drones and Privacy

Drones, also referred to as UAV's Unmanned Aerial Vehicle, are an aircraft without a human pilot. Drones have been used by various military organisations for over a decade, but in recent years drones a have been emerging more and more in commercial and ...
Read More
A survey on security and privacy issues of UAVs
Abstract
In the 21st century, the industry of drones, also known as Unmanned Aerial Vehicles (UAVs), has witnessed a rapid increase with its large number of airspace users. The tremendous benefits of this technology in civilian applications ...
Read More
Automatic Control for Aerobatic Maneuvering of Agile Fixed-Wing UAVs

The use of unmanned aerial vehicles (UAVs) has become ubiquitous in a broadening range of applications, including many civilian uses. UAVs are typically categorized into two categories: conventional fixed-wing aircraft, which are associated with ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Cyber-Physical Systems Volume 1, Issue 2
April 2017
214 pages
ISSN:2378-962X
EISSN:2378-9638
DOI:10.1145/3015781
Editor:
Tei-Wei Kuo
National Taiwan University, and Academia Sinica, Taiwan
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 9 November 2016
- Accepted: 1 September 2016
- Revised: 1 August 2016
- Received: 1 February 2016
Published in tcps Volume 1, Issue 2

Permissions
Request permissions about this article.
Request Permissions
Author Tags
Unmanned aerial vehicles
civilain drones
cyber-physical systems
parcelcopters
privacy
safety
security
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 301
  Total Citations
  View Citations
- 5,278
  Total Downloads
- Downloads (Last 12 months)604
- Downloads (Last 6 weeks)85
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Security, Privacy, and Safety Aspects of Civilian Drones: A Survey

ACM Transactions on Cyber-Physical Systems

Abstract

References

Cited By

Index Terms

Recommendations

Drones and Privacy

A survey on security and privacy issues of UAVs

Automatic Control for Aerobatic Maneuvering of Agile Fixed-Wing UAVs

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Security, Privacy, and Safety Aspects of Civilian Drones: A Survey

ACM Transactions on Cyber-Physical Systems

Abstract

References

Cited By

Index Terms

Recommendations

Drones and Privacy

A survey on security and privacy issues of UAVs

Automatic Control for Aerobatic Maneuvering of Agile Fixed-Wing UAVs

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media