Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Vulnerability Case Analysis of Wireless Moving Vehicle

무선이동체의 취약점 사례 분석

  • Oh, Sangyun (Division of Infocom Communication, Baekseok University) ;
  • Hong, Jinkeun (Division of Infocom Communication, Baekseok University)
  • 오상윤 (백석대학교 정보통신학부) ;
  • 홍진근 (백석대학교 정보통신학부)
  • Received : 2018.06.15
  • Accepted : 2018.08.20
  • Published : 2018.08.28
Download PDF
⟨ Previous Next ⟩

Abstract

As the industry related to drones has been activated, the public interest in drones has increased explosively, and many cases of drone-using are increasing. In the case of military drones, the security problem is the level of defense of the aircraft or cruise missiles, but commercial small and low cost drones are often released and utilized without security count-measure. This makes it possible for an attacker to easily gain access to the root of the drones, access internal files, or send fake packets. However, this droning problem can lead to another dangerous attack. In this regard, this paper has identified the vulnerabilities inherent in the commercial drones by analyzing the attack cases in the communication process of the specific drones. In this paper, we analyze and test the vulnerability in terms of scanning attack, meson attack, authentication revocation attack, packet stop command attack, packet retransmission attack, signal manipulation and de-compile attack. This study is useful for the analysis of drones attack and vulnerability.

최근 드론 관련 산업이 활성화되면서 드론에 대한 대중들의 관심이 폭발적으로 증가하였고, 드론을 활용하는 사례가 많이 늘어나고 있다. 군사용 드론의 경우 보안문제는 항공기나 순항미사일의 방어시스템 수준으로 보안이 철저하지만 상용 소형 저가형 드론들은 여전히 보안이 취약하거나 보안을 고려하지 않은 상태에서 출시되고 활용되는 경우가 많다. 이로 인하여 공격자가 쉽게 드론의 루트 권한을 얻고 내부 파일에 접근하거나 fake 패킷을 보내는 등의 드론 탈취 공격이 가능하다. 그런데 이 드론의 탈취 문제는 또 다른 위험한 공격으로 이어질 수 있다. 이런 측면에서 본 논문에서는 특정 드론의 통신과정에서 공격 사례를 중심으로 분석함으로써 상용 드론에 내재된 취약점을 확인하였다. 본 논문에서는 취약점을 스캐닝 공격, 중간자 공격, 인증 철회공격, 패킷 중지 명령 공격, 패킷 재전송 공격, 신호 조작 및 디 컴파일 공격 관점에서 접근하여 분석하고 실험하였다. 본 연구는 드론 공격과 취약점을 분석하는데 참고할 수 있는 유용한 연구로 사료된다.

Keywords

References

  1. http://jammers4u.com/drones-jammer
  2. https://www.usnews.com/news/national-news/articles/2017-11-10/homeland-security-warns-of-weaponized-drones-as-terror-threat
  3. http://www.thedrive.com/the-war-zone/17527/russia-is-trying-to-link-the-drone-swarm-attack-in-syria-to-a-us-p-8-patrol-plane
  4. https://warontherocks.com/2017/01/the-drone-threat-to-israeli-national-security/
  5. J. S. Pleban, R. Band & R. Creutzburg. (2014). Hacking and securing the AR.Drone 2.0 quadcopter: investigations for improving the security of a toy, SPIE 9030, Mobile Devices and Multimedia: Enabling Technologies, Algorithms, and Applications 2014, DOI: 10.1117/12.2044868
  6. S. H. Na, J. C. Han & B. J. Ahn. (2014), A Study on the Defence for Deauthentication Attacks in Wi-Fi Network, Korea Communication Society Conference, 631-632.
  7. https://github.com/markszabo/drone-hacking/blob/master/README.md
  8. V. Dey, V. Pudi, A. Chattopadhyay, Y. Elovici. (2018). securing vulnerabilities of unmanned aerial vehicles and countermeasures: an experimental study, 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID), 398-403. DOI: 10.1109/VLSID.2018.97
  9. J. H. Cheon, K. Han, S. M. Hong, H. J. Kim, J. S. Kim, S. S. Kim, H. S. Seo, H. B. Shim & Y. S. Song. (2018). Toward a Secure Drone System: Flying With Real-Time Homomorphic Authenticated Encryption, IEEE Access 6, 24325-24339. DOI: 10.1109/ACCESS.2018.2819189
  10. A. Sehrawat, T A. Choudhury & G. Raj. (2017). Surveillance drone for disaster management and military security, International Conference on Computing, Communication and Automation (ICCCA) 2017,470-475. DOI: 10.1109/CCAA.2017.8229846
  11. P. Blank, S. Kirrane & S. Spiekermann. (2018). Privacy aware restricted areas for unmanned aerial systems, Journal of IEEE Security & Privacy: 16(2), 70-79. DOI: 10.1109/MSP.2018.1870868
  12. E. Vattapparamban, I. Guvenc, A. I. Yurekli, K. Akkaya, S. Uluagac. (2016). Drones for smart cities: Issues in cybersecurity, privacy, and public safety, IWCMC2016;216-221. DOI: 10.1109/IWCMC.2016.7577060
  13. P. Perazzo, K. Ariyapala, Z. Conti, G. Dini. (2015). The verifier bee: A path planner for drone based secure location verification, IEEE 16th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM),1-9. DOI: 10.1109/WoWMoM.2015.7158150
  14. S. G. Manyam, D. W. Casbeer, S. Manickam. (2017). Optimizing multiple UAV cooperative ground attack missions, International conference on Unmanned Aircraft Systems (ICUAS), 1572-1578. DOI: 10.1109/ICUAS.2017.7991396
  15. P. T. Jardine, S. Givigi, A. Noureldin. (2015). Incorporating feedback predications for optimized UAV attack mission planning, 23rd Mediterranean Conference on Control and Automation (MED);740-746. DOI: 10.1109/MED.2015.7158834
  16. S. H. Rubin, W. K. Grefe, T. B. Tebibel, S. C. Chen, M. L. Shyu, K. S. Simonsen. (2017). Cyber Secure UAV Communications using heuristically inferred stochastic grammars and hard real time adaptive waveform synthesis and evolution, IEEE Computer society 2017, 9-15, DOI: http://doi.ieeecomputersociety.org/10.1109/IRI.2017.56
  17. Y. Su. Jung & Y. H. Yon. (2018). User Privacy protection model though enhancing the administrator role in the cloud environment, Journal of Convergence for Information Technology: 8(3), 79-84. DOI: https://doi.org/10.22156/CS4SMB.2018.8.3.079
  18. H. J. Mun, (2018). Biometric Information and OTP based on authentiction mechanism using blockchain, Journal of convergence for Information Technology: 8(3), 85-90, DOI: https://doi.org/10.22156/CS4SMB.2018.8.3.085
  19. C. J. Chae, S. K. Han, H. J. Cho, (2016). Security vulnerability and countermeasures in smart farm, Journal of Digital Convergence: 14(11), 313-318, DOI: http://dx.doi.org/10.14400/JDC.2016.14.11.313
  20. D. H. Choi, J. O. Park, (2015), Security tendency analysis techniques through machine learning algorithm applications in big data environments, Journal of Digital Convergence: 13(9), 269-276, DOI: http://dx.doi.org/10.14400/JDC.2015.13.9.269