CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University
Center for Education and Research in Information Assurance and Security

Unmanned Aerial Systems Cyberattack Identification, Analysis, and Mitigation

Principal Investigator: Inseok Hwang

As embedded computing becomes increasingly powerful and affordable, there will be increasing automation of tasks that used to be done by humans. One area in which this automation has been particularly prominent is in the advent of unmanned aerial systems (UASs). Military UASs have been used extensively by the US military in Afghanistan and Iraq, and the marked success of those operations has led to widespread interest in expanding the use of UASs both within the military and in commercial and personal applications. The proliferation of this technology has also led to questions about the reliability and security of these systems, however. As human operators become farther removed from the
system and embedded control systems take on larger roles, it is important that those controls systems have been hardened to cyberattacks perpetrated by a malicious party.  This is especially critical given the high potential for loss of life and property that can occur if an attacker is able to cause a vehicle to crash or otherwise impede its operation. Current UASs are largely the extension of systems developed before cybersecurity had become such a pressing issue, and therefore do not adequately incorporate security into their design. For example, many older systems rely on point-to-point encryption of communication channels and physical isolation of control networks to protect vehicles from cyberattacks. This approach has repeatedly been shown to be ineffective multiple times in incidents including malware infections in UAS control system computers at Creech AFB, the ability of unidentified foreign agents to achieve complete command and control capability of the Landsat 7 and Terra AM-1 satellites, and the infiltration of secure control networks in Iranian nuclear facilities by the Stuxnet attack. In order
to adequately secure these systems, they must be considered as a combination of both the continuous dynamics of a physical system and the coupled discrete dynamics associated with an embedded computing system. A system incorporating both of these sets of dynamics is called a cyber-physical system. The security analysis of a cyber-physical system will consider not only common cyberattacks that have long been analyzed in the domain of computer science, but ways in which a successful cyberattack can modify the control system responsible for the underlying continuous dynamics of the physical system. The analysis of such a system is necessarily an interdisciplinary effort requiring knowledge both of computer systems and control systems. This research project focuses on cyber-physical systems corresponding UASs, specifically, and seeks to identify and analyze potential cyberattacks targeting these systems. Of specific interest are undetectable attacks, which are attacks that are sufficiently limited in size that vehicle monitoring systems are unable to identify them as being cyberattacks. These
attacks are particularly dangerous in that when used in combination, they can leverage the complex dynamics of the UAS to either destroy the vehicle or obstruct its mission. We have developed an advanced simulation test bed capable of both hardware and software simulation to identify such attacks through numerical analysis on many different types of UAS. In addition to identifying dangerous attacks such as these, we seek to develop mitigation systems that can adequately protect the vehicle from such attacks.


Students: James Goppert and Andrew Shull

Keywords: Cyber-physical system, Cybersecurity, Unmanned Aerial System