Johns Hopkins grad students work to prevent hacking attacks on drones
Three graduate students at the Johns Hopkins University Information Security Institute have teamed up with a Massachusetts-based company to devise a way to halt hacker attacks that could cause unmanned aerial vehicles—commonly called drones—to engage in hazardous mid-air maneuvers.
This joint effort by cybersecurity students and OnBoard Security is particularly important because an increasing number of drones are being used by police, firefighters, hobbyists, and others. The flying machines are prized for their ability to collect and transmit images from the skies high above dangerous or difficult-to-access locations. In addition, some retailers and restaurant operators are testing the use of drones to deliver merchandise and meals to customers in traffic-clogged or remote areas. Disrupting the safe operation of drones could undermine these efforts.
To protect against such cyber-attacks, three Johns Hopkins students who were enrolled in the university’s Master of Science in Security Informatics degree program worked together on a required capstone project that focused on enhancing the airborne safety of a drones.
The graduate students—Ritvik Sachdev, Puru Kulkarni, and Praveen Malhan—learned that drones rely on Sense and Avoid, or SAA, technology, in which safety-related messages are transmitted between two machines that are airborne in the same vicinity.
Seth Nielson, director of advanced research projects at the Information Security Institute and the students’ capstone mentor, said SAA systems are used to prevent mid-air collisions.
“But,” he added, “in their current form, they are vulnerable to hacking. Hypothetically, a hacker could alter transmissions to confuse another aircraft into believing a collision is imminent, potentially resulting in dangerous evasive maneuvers.”
To keep this from happening, the graduate students needed to make the exchange of drone location information far more secure. They obtained crucial help from OnBoard Security, a corporation that focuses mainly on protecting the exchange of data in automobiles and other connected devices. For the drone security project, the OnBoard Security staff granted the students access to the firm’s cryptographic software library called Aerolink. A company official said this was the first implementation of Aerolink outside of the automotive industry.