section{Introduction}The ac{uavs} or drones as they are commonly known, are becoming more popular day by day. This is due to their potential applications.

In their earlier stages, drones were primarily used in military operations such as surveillance, intelligence, reconnaissance and for carrying out attacks. However this scenario has changed. With the advancement in the electronics and communication technologies and the reliable and efficient software, the cost of operating a drone has drastically come down, making it affordable for a range of applications. Some of the industries that benefit from the usage of drones include infrastructure, remote sensing, etccite{cfa}.par The drone industry has been growing steadily and expected to grow further. ‘BI intelligence’, the research service of ‘Business Insider’ expects the drone sales to surpass $12 billion by 2021footnote{http://www.

businessinsider.de/drone-industry-analysis-market-trends-growth-forecasts-2017-7?r=US&IR=T}. ‘Interact Analysis’ predicts a drone industry growth with revenues reaching $15 billion by 2022. In “Drones reporting for work”, Goldman Sachs Research forecasts a market opportunity of $100 billion for drones between 2016 and 2020 footnote{http://www.goldmansachs.

com/our-thinking/technology-driving-innovation/drones/}. In the report “Clarity from above”, ac{pwc} estimates the market value of drone powered solutions to be $127 billioncite{cfa} by 2020. Of the three major sectors of drones namely military drones, commercial drones and consumer drones, military drones account for majority of the market share followed by commercial drones. Figure 3 depicts the total available market value of drones across various industriesfootnote{https://www.bangkokpost.com/archive/pwc-drone-usage-to-rise-among-industries-globally/1170429} .egin{figure}h!includegraphicsscale=0.

55{graphics/cfa.jpg} centering caption{DRONE SERVICES MARKET: $127 BILLION BY 2020} centering label{fig:FULFILLMENTCENTERS} end{figure}par In order for drones to replace commercial services, it is necessary that drone based solutions are reliable, secure and efficient. Since drone communication is wireless, it is certain that drones are susceptible to attacks. The fact that the drones can be operated autonomously away from the line of sight also favors such attacks. Many attacks have been carried out on drones in the past. These were primarily focused on military drones. One such example is the hacking of US drones by Iraq insurgents to capture live video feeds from the dronefootnote{http://news.

bbc.co.uk/2/hi/middle\_east/8419147.stm}.

Commercial and consumer drones are more vulnerable to attacks than the military drones due to the choice of communication links. While military drones use highly secured satellite communication, such technology is expensive to be used in commercial and consumer drones. Most of the commercial drones use ac{rc} or ac{WiFi} communication for line of sight control and to interact with a ac{gcs}. It is necessary to analyze the security of these communication channels, before the drones using them could be commercialized.par There are two security aspects with respect to drones. Firstly, security refers to threats that drones possess to the IT security. e.

g. cyber crimes using drone as a tool. The second aspect refers to the security attacks that could be carried on the drone itself, thereby stopping, hijacking or re-programming the drones. Since the drone industry is still in its early stages of development, the attacks that could be carried on a drone are not yet completely known. Commercial usage of drones demands effective communication between ac{gcs} and the drones, between infrastructure and the drones and between the drones themselves. This also increases the attack-surface of a drone.

Hence, it is imperative to be able to determine the types of attacks that could be carried out on a drone and to determine the motivation behind such attacks.subsection{Problem statement}par Drones have been attacked in the past, present and will continue to be attacked in the future as well. The following are some of the possible motives behind such attacks.egin{enumerate}item An attacker might be interested in the products that are carried by drones or the sensitive data stored by them.item Drug cartels have been found, spoofing and hacking the US-Mexico border-control drones to divert the surveillance.cite{criminaldrones}item Drug cartels themselves use the drones for smuggling, intelligence and surveillance. One such incident is a drone carrying 6 pounds of methamphetamine near San Ysidro bordercite{criminaldrones}.

When drone laws are made stricter, it would make become impossible for the drug dealers to legally own a drone. This would encourage them to hijack and steal the drones, to be used for illegal activities.item Drones could be hijacked by terrorists to be used as ‘suicide drones’.item Hackers could be hired to attack the commercial drones of a business competitor, in order to bring down the people’s trust on the organization.end{enumerate}par On the other hand, the drone manufacturers and drone-based solution providers have a need to make their products more user-friendly and easy to use, while also keeping their price to a minimum.

This includes easy maneuvering through intelligent autopilot systems, easy communication with the drone, ability to connect to the drone using a variety of devices such as smart-phones and desktop applications, etc. However, there is a trade-off between the above mentioned user-friendliness and the security associated with a drone. The more user-friendly the drones are, the least secure they are. This is due to the compromises made in the choice of security protocols and encryption standards in order to achieve a user friendly product.

For example, the Parrot AR Drone 2.0 uses open Wi-Fi, without using any authentication mechanism so that it is easier for the users to connect to the drone. This makes the drone an easy target for attacks. The choice of communication medium for most of the commercial and consumer drones is Wi-Fi. This is due to the fact that Wi-Fi is supported in a variety of smart devices, thus enabling the control of drones through such devices without the requirement of any additional hardware. For the same reason, Bluetooth communication is used in some mini drones.

par Just like any other information system, attacks on drones have been proven possible by experimental as well as actual attacks that were carried out on the drones. In addition to the attacks that are specific to drones, other attacks that apply to any Wi-Fi or Bluetooth connected systems can also be applied to drones. However, the types of attacks that are possible on a drone are not yet completely known. Many of the proven attacks are part of research activities that have been done to expose the vulnerabilities in a drone in order to raise awareness among the manufacturerscite{nils}cite{kim2012cyber}. While they are extremely useful with their findings, they do not expose all possible attacks in a drone. The reason is that these findings are primarily based on previously known vulnerabilities that existed on other systems that used the same communication links and protocols, and are not carried out in a real time scenario where a network of commercial drones communicate continuously with each other or with a ground station.

par Any attack on a commercial drone during its service will prove costly to the organization both in terms of money and reputation. A drone that loses control mid-flight due to such attacks can cause serious injuries to people and property and a drone with its mission compromised cannot be relied upon for its service. Hence, it is necessary to detect and remove as many vulnerabilities in a drone as possible before it is commercially used. In order to determine the critical vulnerabilities in a drone more efficiently, it is necessary to understand the motives of an attacker in a real time scenario. This would enable us to understand the weak links in the system which were previously unknown and attack scenarios previously never thought of to be possible. subsection{Solution approach}Security of a system should be treated as a process rather than a state. The efficiency of this process directly depends on the input that has been fed to it. In the scenario of drones, the process of building a secure drone can be more efficient if the input contains as much information about the vulnerabilities as possible.

In order to collect this information, we propose a honeypot based solution. A honeypot that can emulate a drone will help us collect valuable data about the attacks which would be very useful in further research. In a production environment, in addition to providing valuable information regarding an attack, the honeypot also helps deflect the attacker from the actual drone. In an area of high drone activity, deployment of such a honeypot will help identify the attackers. For example, these honeypots will provide great advantage in areas such as the fulfillment center proposed by Amazon for its drone based deliveriescite{fulfillmentcenter}.

Fulfillment centers, as shown in Figure 2, are temporary storage facilities that are designed for landing and take-off of ac{uavs}.egin{figure}h!includegraphicsscale=2{graphics/fulfillmentcenter.jpg} centering caption{Multi-level fulfillment center for unmanned aerial vehiclescite{fulfillmentcenter}} centering label{fig:FULFILLMENTCENTERS} end{figure}par In cyber security, honeypots play an important role and prove valuable in detecting the attack types and patterns. Whenever a system or network is vulnerable, the attackers are faster in exploiting the vulnerabilities before the vendors could develop the solutions against these vulnerabilities.

The usage of honeypots have enabled the security teams to detect the zero-day attacks and gather information about the attackscite{hps}. This information is used to develop suitable security solutions against the vulnerabilities.par In this thesis, we study, in detail, the different attacks possible on drones and the related protocols. With this knowledge, we analyze the suitability of honeypots in drone security. Further, we propose an implementation of honeypot for drones. Finally we implement our proposal and evaluate its efficiency.

In order to achieve this, the following research goal and the research questions that help achieving the goal have been identified.linebreakpar extbf{Research Goal}:Analyze the attack surface of the drones and design a suitable honeypot architecture for a drone environment and implement the architecture to realize the usefulness of honeypots in a drone environment.par In order to achieve the above mentioned goal, the following research questions have been identified.egin{itemize}item extbf{Research question – 1}: What are the different attacks that can be possible on a drone?par A thorough study of different attacks and their mechanisms can answer this question.

Further analysis of open ports used by different drone software can help expose the vulnerabilities that are specific to these drones.item extbf{Research question – 2}: Which of the attacks found from research question – 1 can be detected or mitigated through a honeypot?par The study of different protocols and communication standards used by these attacks along with research on existing honeypot solutions can answer this research question. item extbf{Research question – 3}: How suitable are traditional honeypots for a drone and how does a drone-specific honeypot vary from a traditional honeypot?par A detailed comparison of the abilities of the traditional honeypots and the requirements of a drone specific honeypot will answer this question.item extbf{Research question – 4}: How can a drone honeypot be realized in terms of technology and architecture?par By analyzing and categorizing different communication channels and protocols used by different drones, we can determine an ideal technological and architectural solution for drone honeypots.end{itemize}par In addition to finding the answers to the above questions, this thesis also intends to shed some light on the future work that can be carried out using the contributions from this research or as an extension of this research.subsection{Thesis outline}par This document is structured as follows.

Chapter-2 gives an overview of the background of technologies and concepts like drones, honeypots and the different protocols used by drones. Chapter-3 discusses related work carried out in the field of drone security. This would include different types of attacks carried out on drones and the vulnerabilities that were exploited by these attacks. Additionally a brief introduction of existing honeypot solutions that are closely related to our work is provided. In chapter-4, the concept of honeypot for drones is introduced and the architecture behind the concept is explained.

In chapter-5, the proposed concept from honeypot from chapter-4 is implemented. Chapter-6 evaluates the prototype implementation. Chapter-7 concludes the thesis with some insight into future work.

x

Hi!
I'm Erica!

Would you like to get a custom essay? How about receiving a customized one?

Check it out