Systematical Methods to Counter Drones in Controlled Manners Wenxin Chen, Garrett Johnson, Yingfei Dong Dept. of Electrical Engineering University of Hawaii 1
System Models u Physical system y Controller Cyber-Physical System (CPS) model Measurement and reporting (y) State Estimation, Control decisions, and control commands (u) Drone System Model Outer Control loop (same as CPS) Drone device Drone controller Wireless communication channel Inner control loop sensors actuators Inner control loop: sensor readings state estimation On board, Not via the command channel fusion autopilot 2
Typical Attacks on CPS Control Loop Compromise the physical device (Attack 1) Compromise the sensing channel (Attack 2) Denial of the sensing channel (Attack 3) Compromise the controller (Attack 4) Compromise the control channel (Attack 5) Denial of the command control channel (Attack 6) Attack 1 Attack 2 Physical system Attack 6 X Controller X Attack 3 Attack 5 Attack 4 3
Attack on the inner control loop Attack 7: physical attacks on sensors Based on our understanding of fusion, autopilot, and actuators Attack 6 Attack 7 X Local control loop sensors State estimation Attack 1 Attack 2 actuators autopilot Attack 5 Controller X Attack 3 Attack 4 4
Unique Challenges in Counter Drone Approaches Existing Attacks mostly on the Outer Loop Denial of sensing and control channels (A3, A6) works to certain degree Jamming is easy but do not have precise control of the device E.g., RF jamming may cause a drone to land We do not want a drone landing with bio-weapon onboard Compromise the device, controller, and communication channels (A1, A4, A2/A5) are not easy We focus on the inner loop based on our understanding of the internal control Goal: How to deceive the device in a controlled manner? E.g., turn into certain direction, or stay away from its target as far as possible Subset of A1 5
Two-step Attack on the inner loop Step 1: Compromise sensor readings Blind attacks: RF, Acoustic attacks, Magnetic attacks Precise control: GPS spoofing, (Acoustics attacks) Step 2: Compromise state estimation Our focus: Intelligent attacks with given control Assume we can compromise sensor readings, how to build fake sensor readings to fool the state estimation So navigation control makes decisions as we wish, e.g., turn left 90 degrees 6
Sensor measurement used in Navigation Control Group 1: position and velocity Accelerator: we have experimental results (in Step 1) Gyroscope: we have experimental results (in Step 1) GPS: we are working on this now (in Step 2) Barometer: we have theoretical results (in Step 2) Group 2: heading, roll/yaw/pitch Magnetometer: we have theoretical results (in Step 2) Group 3: Airspeed: we have theoretical results Other sensors: e.g., optical flow, lidar 7
Attack Goals The ideal goal is to control the flight path By deceiving sensors to make navigation control following a specific flight path Due to the complexity of the navigation control and associated parameters, this is extremely difficult Feasible Attack Goals State Estimations Position, Altitude, and Velocity (Practical Attacks) Manipulate GPS readings E.g., reach a target position Heading (Theoretical Attack) Magnetic states Turning away from the intended target Airspeed (Theoretical Attack) Manipulate airspeed sensor Deceive failsafe features: (wind speed drone speed) 8
Our idea: Attacking state estimation algorithms We look into the real implementation of ArduPilot One of the most popular open-source flight control system False Data Injection (FDI) Attack on Extend Kalman Filter (EKF) [ICUAS2017, IEEE CNS 2018] regarding magnetometer to fail the navigation system EKF-based state estimation is commonly used for state prediction and sensor fusion Attack Altitude Estimation: KF-based Estimation [IEEE INFOCOM Workshop 2018] 10
(Linear) KF-based state estimation in Two steps Predict state State transition matrix Predict covariance matrix Innovation Noise covariance matrix Kalman filter gain State update Covariance matrix update Measurement from sensor Measurement matrix 11
Attacking Magnetic State Estimations Main idea We carefully inject a series modified magnetometer data in each time step difference between the injected and actual values (injected error) is small enough not to be detected The sequence of (small) injected errors will accumulatively mislead the magnetic state estimation Compromised estimation could be far away from the actual value after a few time step We introduce two attack schemes Maximum FDI attack Generic FDI attack 13
Result 1: Change Magnetic State Estimation without being detected Before attack After attack linearity Three magnetic state estimations increase linearly under the attack.
Result 2: Roll, Pitch, Yaw Before attack After attack Estimations and True values are distinct after attack. the red line represents the true values; the blue line is the estimations.
Result 3: Attack Results in Realistic Scenario 1 Stability: Variances of roll, pitch and yaw Amplification: ~100 times Amplification: ~140 times Amplification: ~50 times Variances amplify significantly Stability weakens
Result 4: Attack Results in Realistic Scenario 2 Battery usage: total rotation angles in terms of roll, pitch and yaw 17
Attack Altitude Estimation: KFbased Estimation [IEEE INFOCOM Workshop 2018] ~2.8 X 10 5 meters 18
Acoustic Attacks on MEMS sensors Our work on Parrot Bebop 2 IMUs 19
Thanks! Other current Project Reverse engineering Drone Traffic Identify drones based on its traffic (Hualiang Li, ROCT cadets, and other EE students) Using Google TenserFlow ML for image processing Monitoring coral reefs (Thanks to Josh Levy) Identify Hale Koa trees Hawaiian flowers HECO Power Drop Connectors We skip many details here. We can discuss offline. 21