Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
A survey of cyber security threats and solutions for UAV communications and flying ad-hoc networks
Tsao K., Girdler T., Vassilakis V. Ad Hoc Networks133 2022.Type:Article
Date Reviewed: Feb 8 2024

FANET was coined for flying ad hoc networks, for example, unmanned aerial vehicles (UAVs). This survey paper is an in-depth discussion of the cybersecurity concerns and shortcomings unique to UAVs, as compared to more established mobile ad hoc networks (MANETs). In particular, the paper provides many detailed examples focusing on: “(i) security and privacy threats ..., (ii) security threats in FANETs related to the first four layers of the Open Systems Interconnection (OSI) model, and (iii) security solutions available to address [these unique UAV] threats.” As FANET is a “decentralized flexible network environment [across] both heterogeneous and homogeneous UAVs,” solutions and standards are still evolving.

UAVs and drones are widely used--800 thousand are registered with the Federal Aviation Administration (FAA). While 60 percent are for recreational use, the others are used commercially for search and rescue (SAR), remote monitoring, and other time-critical activities. This long survey is very detailed, with colorful pictorial examples of some of the unique FANET challenges. Threat vectors consist of six connection types and six node types. The authors classify and compare 13 security threads, and discuss how these change over Internet of Drones (IoD), 5G mobile networks, radio waves, wireless local area networks (WLANs), wireless sensor networks (WSNs), and others.

Next, 12 security threads and 31 security solutions with the OSI network layers lead to seven particular routing protocol types with 22 related security solutions. Finally, the authors classify 23 specific security threads based on seven security requirements, and then compare these to 40 proposed security solutions. This extensive discussion also compares six existing standards and their limitations.

The IoD is a network architecture that provides navigation services to drones within controlled air spaces. The paper shows both node-to-node and end-to-end services and applications. In addition, the typical components of an unmanned aircraft system (UAS) include a ground controlling device, a UAV flying component, and various data links. Communication is a critical issue for fast-moving multi-UAV systems. The architectures vary between single ground systems, to satellite communication extensions, to multi-ground systems (handing off control) and even node-to-node (UAV to UAV) communication. These cooperating UAVs have unique security concerns compared to MANETs (basically swarms of communicating mobile devices).

Aside from the variations in deployment configurations, a major portion of the paper deals with FANET security threats. The STRIDE threat model from Microsoft forms a good overview and is valuable for other security issues. STRIDE stands for spoofing identity (authentication), tampering with data (integrity), repudiation (not-repudiation), information disclosure (confidentiality), denial of service (availability), and elevation of privilege (authorization). The survey uses STRIDE as a way to fill in the gaps from other surveys. The threat vectors are then analyzed, such as eavesdropping, replay, impersonating, and jamming.

The paper shines in its examples with nice diagrams. For example, a replay attack is shown where a malicious user listens to an unencrypted data message from a ground system to a UAV. They then replay that message and get the UAV to a different location. This is repeated with man-in-the-middle (MITM), denial-of-service (DoS), backdoor, flooding, and other typical security issues.

The paper discusses these scenarios across the data link layer, network layer, routing protocols, and transport layer. A long section discusses various solutions to these challenges (such as better encryption), followed by how the UAV industry could “implement a clear set of standards across the board.”

This detailed survey is not only valuable to the UAV community, but also to others who deal with similar mobile communication threats.

Reviewer:  Scott Moody Review #: CR147704
Bookmark and Share
  Featured Reviewer  
Security and Protection (C.2.0 ... )
Security (K.6.m ... )
Security, Integrity, And Protection (H.2.0 ... )
Security, Integrity, And Protection (H.2.7 ... )
Security and Protection (D.4.6 )
Security and Protection (K.6.5 )
Would you recommend this review?
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy