The proliferation of Unmanned Aerial Vehicles (UAVs) is expected to experience a substantial rise in the next years, driven by their ever-increasing application across various domains. However, ensuring secure communication between UAVs and their ground stations is crucial to prevent the unauthorized disclosure of sensitive information that could jeopardize the mission's integrity when exploited by malicious actors. Despite this importance, several UAV systems currently operate based on open-source command and control technologies, which have overlooked several security considerations while focusing on availability and safety. To address this concern, this study conducts a comprehensive security assessment of UAV-based systems starting with a systematic literature review whose main purpose is building a comprehensive catalog of threats associated with this technology. Particular attention has been paid to the MAVlink protocol, an open-source protocol commonly utilized for telemetry and command and control for multiple UAVs. Therefore, drawing upon the built catalog, a threat modeling and penetration testing technique has been employed to examine the MAVlink implementation on a real UAV. A threat model developed for a specific case study is also presented, leading to the discovery of four new vulnerabilities, some of which were successfully exploited through attacks. By shedding light on these vulnerabilities, this work seeks to encourage further investigation and research to develop robust security mechanisms for UAV communication systems. It is imperative to address these vulnerabilities proactively to enhance the overall security posture and safeguard against potential threats in the UAV ecosystem.

A systematic approach for threat and vulnerability analysis of unmanned aerial vehicles / Ficco, M.; Granata, D.; Palmieri, F.; Rak, M.. - In: INTERNET OF THINGS. - ISSN 2542-6605. - 26:(2024). [10.1016/j.iot.2024.101180]

A systematic approach for threat and vulnerability analysis of unmanned aerial vehicles

Granata D.;Rak M.
2024

Abstract

The proliferation of Unmanned Aerial Vehicles (UAVs) is expected to experience a substantial rise in the next years, driven by their ever-increasing application across various domains. However, ensuring secure communication between UAVs and their ground stations is crucial to prevent the unauthorized disclosure of sensitive information that could jeopardize the mission's integrity when exploited by malicious actors. Despite this importance, several UAV systems currently operate based on open-source command and control technologies, which have overlooked several security considerations while focusing on availability and safety. To address this concern, this study conducts a comprehensive security assessment of UAV-based systems starting with a systematic literature review whose main purpose is building a comprehensive catalog of threats associated with this technology. Particular attention has been paid to the MAVlink protocol, an open-source protocol commonly utilized for telemetry and command and control for multiple UAVs. Therefore, drawing upon the built catalog, a threat modeling and penetration testing technique has been employed to examine the MAVlink implementation on a real UAV. A threat model developed for a specific case study is also presented, leading to the discovery of four new vulnerabilities, some of which were successfully exploited through attacks. By shedding light on these vulnerabilities, this work seeks to encourage further investigation and research to develop robust security mechanisms for UAV communication systems. It is imperative to address these vulnerabilities proactively to enhance the overall security posture and safeguard against potential threats in the UAV ecosystem.
2024
A systematic approach for threat and vulnerability analysis of unmanned aerial vehicles / Ficco, M.; Granata, D.; Palmieri, F.; Rak, M.. - In: INTERNET OF THINGS. - ISSN 2542-6605. - 26:(2024). [10.1016/j.iot.2024.101180]
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S2542660524001215-main.pdf

non disponibili

Licenza: Non specificato
Dimensione 983.77 kB
Formato Adobe PDF
983.77 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/986077
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact