The Drone industry is rapidly developing and impacting our daily lives in numerous and innovative ways. It has the ability to change our lives in for the better in ways which are hard to comprehend. However, with this innovation comes the potential negative impact of security breaches and exploitation from external rogue sources. swIDch’s patented technology enhances drone security solutions to keep the device and product in secured modes at the same time, with simple use cases for many different purposes.
As it stands, there are the 3 main challenges that the drone industry and/or drone market is facing today
- • hijacking issues
- • identification issues
- • compliance issues
Secured drone data, when hacked or hijacked by various threats, not only pose economic problems but also create serious issues surrounding the safety of individuals and national defense. Drone attacks such as the 2019 attack on KSA’s biggest petrochemical facility complex, run by ARAMCO, the Saudi Oil Company, by YEMEN’s rebel forces or the unidentified Drone incident at Gatwick Airport, London in 2018 which resulted in the cancellation over 1,000 flights and a 36-hour stand-off serve as a stark reminder of the potential negative impact of drone misuse. These cases are close to our daily lives and are not only bound to national regulation, but to the need to enhance the security and control systems of Drone solutions to prevent these potential threats.
Drone communications with remote controllers are often encrypted. However, the encrypted codes are often the same (i.e. static), which makes it a preferred and easy target for hijacking. For drones, having a lightweight solution both on a physical and digital level is essential. This relates directly to the power consumption and its battery life. In military drones, extra hardware, CMVP (Cryptographic Module Validation Program) is installed in drones to validate the security level in communications. You can imagine why this is necessary for the military. Commercial drones on the other hand are usually relatively light and small, meaning extra hardware installation is a big burden. Therefore, small commercial drones often rely on the existing encrypted communication methods which are relatively easy to hijack.
When drones are mis-used, safety is always the biggest concern. Drones are small, fast, and relatively difficult to detect in comparison to a flying jet. Crucially, when multiple aircrafts, both manned and unmanned, are flying, each device needs to identify and communicate to each other to guarantee safety and mission success. This is precisely the reason why there is need for an identification system for drones and its operators. The economic cost of an unidentified drone near an airport is 500,000 euros for every 30 mins an airport is stopped from operating.
Regulation: Compliance issues
Aviation authorities such as the Federal Aviation Administration (FAA) in the U.S have started to introduce a number of new regulations as more people own drones, and to give guidance on how to operate drones in a safe and useful manner.One of the key regulations to take effect very soon is Remote ID. This is a new regulation introduced by the FAA and it is the “ability of a drone in flight to provide identification and location information that can be received by other parties”, such as law enforcement. To comply with this upcoming regulation, drone manufacturers are having to implement a solution to embed identification capabilities on the drone in accordance with the standards given by the FAA. The drone pilots/operators must also register themselves with the FAA before they can legally fly the drones
swIDch upgrades and enhances your Drone solutions by preventing the use of static information and providing single-channelled dynamic codes to eliminate external threats. OTAC technology, which can be applied to both the software and hardware, maintains and enhances the robust security environment level required for Drone manufacturers and system operators.
OTAC Pilot Access Management
OTAC allows the registered, licensed pilots to securely access their drone remote system with the highest level of security together with convenience. The pilot uses swIDch’s mobile app to authenticate themselves, and to generate OTAC which is used to securely access the drone control system.
Once the pilot securely accesses the control system via OTAC Pilot ID, the pilot can have full confidence in the security level of the command communication with the drone. Thanks to swIDch command, every single command generated from the remote controller will be in a ‘one-time, dynamic’ form. This means that every single command is unique, and even if a hacker obtains the command information, the command will be different next time round, preventing multiple forms of attack, including replay attacks, eliminating any risk of drone hijacking.
IFF (Identification of Friendly or Foe)
IFF (Identification of Friendly or Foe) is an identification system to identify friendlies and enemies by the main operational group. SSenStone/swIDch combines the unique information from the Pilot OTAC and OTAC command as a chained protocol to generate a unique IFF code. This is used to identify and verify the flying objects in the airspace.
The information can be both public and secured, meaning that in commercial use cases, it can be used to identify if the flying drone is a legitimate and registered drone and pilot, together with the permission rights within the airspace. This can then evaluate and share the ‘friendliness’ of the drone. For military use, the information can be secured in order to identify and distinguish the friendly and enemy drones.
The uniqueness here is that this is a chained protocol. This means that if either the Pilot OTAC or OTAC Command is compromised in anyway by the hacker, the system immediately re-evaluates the friendliness of the drone, which will then register as an unfriendly/invalid drone, whereby the operational group can take relevant action to take it down.
OTAC CMVP key management
OTAC can also be used to secure and authenticate encryption CMVP communication modules. Whilst multiple or all drones use the same master key for encrypted communication, one leakage means that all the keys must be changed manually. In this process a randomly generated new key must be downloaded from the central server through ‘Over-The-Air’ and it also has to be able to verify and authenticate the encryption module hardware installed on the drone. Upon doing so, OTAC is generated locally from the hardware encryption modules which is verified and authenticated from the central server, allowing for the generation, and downloading of the new random secure master key to the operating drones, Over-The-Air. This ensures there is no potential risk from leakages and/or hijacking of command keys used for drone communications. Moreover, the encryption CMVP module installed drones can be utilized with OTAC Command to provide much higher security level through Over-The-Air functions.
FDR (Flight Data Recorder) is a black box for drones; it monitors and tracks any events during the drone flight and missions. The tracking device has a very weak specification on forgery and alteration of data which further leads to use in wrong deeds. OTAC FDR is operated at the monitoring and tracking level on the system and generates dynamic codes to hide the sensitive data, thus enhancing the information security environment. Also, due to the nature of OTAC, the related data’s integrity is constantly evaluated to show if any data within the FDR is forged or altered in any way. The tracking data also allows the drone to be located in the event of a crash, helping operators and insurance companies by reducing loss risk and saving costs.
that provides all of the following features tested and substantiated
by the University of Surrey technical report
Sufficient to IDENTIFY user
that does NOT duplicate
in off-the-network environment