R2U2: Monitoring and Diagnosis of Security Threats for
Unmanned Aerial Systems
R2U2: Monitoring and Diagnosis of Security Threats for
Unmanned Aerial Systems
Johann Schumann, Patrick Moosbrugger, and Kristin Yvonne Rozier
2015
These pages contain further details of the experiments described in "
R2U2: Monitoring and Diagnosis of Security Threats for
Unmanned Aerial Systems
"
by Johann Schumann, Patrick Moosbrugger, and Kristin Yvonne Rozier. The BibTeX for this paper is available here.
Abstract:
We present R2U2, a novel framework for runtime monitoring of security
properties and diagnosing of security threats on-board Unmanned Aerial
Systems (UAS). R2U2, implemented in FPGA hardware, is a real-time, REALIZABLE,
RESPONSIVE, UNOBTRUSIVE UNIT for security threat detection. R2U2
is designed to continuously monitor inputs from the GPS and the ground control
station, sensor readings, actuator outputs, and flight software status. By simultaneously
monitoring and performing statistical diagnosis, attack patterns and
post-attack discrepancies in the UAS behavior can be detected. R2U2 uses runtime
observer pairs for linear and metric temporal logics for property monitoring
and Bayesian networks for diagnosis of security threats.We detail the design and
implementation that now enables R2U2 to handle security threats and present results
of simulations of several attack scenarios on the NASA DragonEye UAS
running ArduPilot flight software.
Our data files are compiled using the SamIam and Ace tools, which are free and open source and can be downloaded here. Documentation is packaged in the tool downloads.
Disclaimer: The files distributed on this page contain research prototype code and examples published in the paper above. The files are compatible with SamIam release 3.0 and Ace version 2.0; we make no claims regarding compatibility with any other versions. Please feel free to email me concerning clarifications, bugs, or other corrections.
Requirements for the SITL Simulation
A manual on how to setup the SITL Simulation can be found
here.
Download casestudy data
Explore the Simulations Dataflash Logfiles
You can go through our simulation dataflash logfiles using APM Planner 2.0.
Start APM Planner 2.0, and as shown in the picture,
switch to the "GRAPHS" view, go on "Open Log",
and select the apm_dataflash*.bin file from the casestudy directory.
Now you can select the signals you want to display in the right pane.
Scaling can be changed by doubleclick on the vertical axis.
For example, to see some interesting signals for the GPS Spoofing casestudy,
display the signals as can be seen in the next figure.
- AHR2.Lng (Aircraft's internal AHRS Longitude)
- SIM.Lng (Actual Aircraft's Longitude)
- EKF4.OFN (EKF GPS Position Glitch Offset North)
- EKF4.EFE (EKF GPS Position Glitch Offset East)
Running the simulation scripts
In order to run the SITL Simulation, please refer to the manual
here.
If you intend to run the simulation scripts from our casestudies,
you will need to install the MAVProxy modifications.
Simply overwrite the files in the MAVProxy installation directory with the files
you can download here
Once the SITL simulation is running, you can execute this scripts using the
modified MAVProxy application by issuing the command "script <path_to_script>".
To reproduce our results, you can follow the directions from our flight_plan.ods,
which is located in each casestudy directory.
Interpreting the input traces for the R2U2 Framework (rtr2u2_uart_dump*.bin)
The data trace, that is extracted from the Flightcomputer and sent to our monitoring framework
for online monitoring, is logged in the rtr2u2_uart_dump*.bin file for each casestudy.
The trace consists of a binary stream that is sent packet by packet.
In order to interpret these packets, please have a look at the struct rtR2U2_packet,
defined in the AP_Rtr2u2.h file from the casestudy directory, where they are defined
Kristin Yvonne Rozier
2015-04-27