A common theme between drones and other Internet of Things (IoT) enabled services is that they will all leverage and rely on commercial wireless broadband solutions for either command and control (C2) or real time sensor data management and transfer. These next generation networks will have to support a highly diverse range of new applications, user requirements, and connected devices, sensors, robotics, mission critical wireless communication, and automated manned and unmanned vehicle systems.
The only way all this can become a reality is by continuing to evolve existing wireless technologies, cellular and non cellular and also work on new licensed or unlicensed radio access technologies. These next generation networks will be heterogeneous networks using a myriad of wireless technologies such as cellular, millimeter wave, wifi etc.
Even though these technologies will evolve to support the throughput and latency requirements for safe drone operations, one of the key challenges we will face is agile, reliable, safe and secure support for different use cases and user requirements. We as the industry need to consider all key technical areas and explore ways of integrating “security by design” principles into commercial drone ecosystem development.
As drones and other IoT applications in general become more widespread, we will need new service delivery models that involve new actors in the ecosystem. Virtualization and cloud infrastructures will be leveraged to provide flexibility, scalability and the ability to deliver richer services quickly. Data access wireless networks will need to provide users and other third parties access via APIs to for granular control and security of the services. This paradigm shift will enable innovative capabilities but also create complex security challenges.
For the drone operations, the focus will involve the 3 Pillars of commercial drone applications ie; Mission Management, Traffic Management and Data Management like we discussed in last month’s article.
If we peel the layers further, we can group the security focus across all three pillars into the following sections that warrant review and collaborative solutions from us as the industry.
- Key management
- Denial of service (DoS) protection
- Identity management
Communication for the majority on commercial drones as well as other IoT devices is constrained today to using short-range communication protocols such as 802.11 WiFi. Majority of the commercially available drone utilize a 2.4 GHz ISM band command and control link.
A typical implementation is a includes wireless end points or sensors that communicate between themselves using point to point or mesh networking capabilities. This communication can take place directly using solutions such as ANRA Technologies MP-X1 V2V solution or proxied through a variety of external service gateways like DroneOSS™ platform.
Typically, the nodes that participate in this architecture are provisioned with cryptographic material that supports confidential, authenticated and integrity protected communications amongst themselves and to/through the gateway(s). The underlying cryptographic material and services required depends on the protocols that are being used (both communication and messaging) and the security objectives of each. In addition to keys required for communication protocols, messaging protocols (e.g,. MQTT, CoAP, DDS) also levy cryptographic algorithms and key material. Although some messaging protocols only support username/password, many provide options for using symmetric keys, key pairs, and certificates to secure communication between devices.
Majority of the solutions implemented today leverage symmetric keys but going forward using asymmetric keys should also be considered. We also need to consider alternative trust models that enable flexibility in establishing trust models across heterogeneous devices, access technologies, network domains and communication modes.
With the introduction of next generation broadband technologies and their evolution to 5G, IoT drone solution developers will be able to redesign their products with broad, direct access to the cloud and new capabilities for peer to peer communications. This requires flexible key management capabilities that support variety of use cases.
Denial of Service (DoS) protection
Mission critical services like drones, vehicular networks or industrial systems in particular require highly available, low-latency, and highly reliable communication systems. Additionally, in the new connected world, the influx of low cost drones and other IoT solutions has and will introduce a large number of devices that are low cost and less sophisticated than wireless connected devices such as smartphones. As more devices are connected to the wireless broadband networks, the networks will be exposed to denial of service (DoS) targeting the limited resources of specific services, much like botnet-driven distributed denial of service attacks in the Internet. Drones operations need to account for this possibility and plan for mitigation of such attacks by having redundant interfaces as well as extensive fail-safes integrated in the solution.
There is a lot of talk about Identification systems for drones however this needs to be more than just identifying the drones. The established identity can be the basis to accomplish further security goals, such as policy-based access control decisions to resources within that system or recording of actions mapped to their actors to establish a auditable transaction history (e.g., through blockchain-based transaction integrity preservation).
There is a wide range of identities involved in a typical commercial drone ecosystem and it not about the identification of the drone by itself. These identifications needs exist at every layer of the stack, in every segment of the architecture. For example, drones might need to be identified as hardware trust anchors but then you have IP endpoints, cloud service instances, network services, virtualized network function instances, subscribers, and administrators and many more.
All of those identities need to be defined, provisioned, maintained, validated, revoked, etc., so we require a robust Identity Management solution that captures the entire life cycle of this management task.
So where does this leave us
Yes, security in the Drones, IoT domain is a complex multifaceted problem but we just need to decompose it and look at security by design principals and the ecosystem will evolve gradually. Some segments will get higher level of scrutiny and hence security such as commercial radio access technologies such as cellular due to the standardization bodies like 3GPP. However, each segment of the overall solution has its own unique challenges that need to be looked at in detail.
Last year, I had the privilege of co-chairing FCC Technical Advisory Council (TAC), sub working group focused on security for 5G/IoT and drones was one of the areas we looked at among other things. We as a group also released a whitepaper with detailed recommendations for FCC and industry in general. I firmly believe that as the Industry we can stay ahead of the power curve however but we have a long road ahead of us.
About the author
Amit Ganjoo is a licensed private pilot, part 107 remote pilot, experimental aircraft builder and the CEO and Founder of ANRA Technologies, a company focused on creating unique cloud based command and control and operational architectures for UAVs. He has extensive experience in commercial and federal spaces having held positions like Principal Architect at Ericsson to working with Department of Defense in the field of communications and cyber security.