Authors: John T. Hagen; Barry E. Mullins
Addresses: Department of Electrical and Computer Engineering, Air Force Institute of Technology, 2950 Hobson Way, AFIT/ENG, Wright-Patterson AFB, OH 45433-7765, USA ' Department of Electrical and Computer Engineering, Air Force Institute of Technology, 2950 Hobson Way, AFIT/ENG, Wright-Patterson AFB, OH 45433-7765, USA
Abstract: This paper demonstrates command and control protocols for remotely-piloted vehicles can be susceptible to cyber attacks and provides recommendations to mitigate these attacks while minimising impact to resource-constrained platforms. The Player project is an open-source effort providing a control interface specification and software framework for abstracting robot hardware. This research presents five exploits that compromise vulnerabilities in Player's command and control protocol. This work also demonstrates that Internet Protocol Security (IPsec) is capable of mitigating the vulnerabilities discovered in Player's command and control protocol. A cost function is defined to synthesise exploit success, CPU utilisation, and network load into a single scalar metric that can be used to compare the different IPsec protocols. Results show that in a scenario when exploits are likely, IPsec AH+ESP is the preferred defense protocol because of its relatively low CPU and network overhead and ability to defeat the exploits implemented in this research.
Keywords: command and control protocols; embedded security; IPsec; mobile security; network attacks; Player protocol; vulnerability analysis; network security; network vulnerability; remotely-piloted vehicles; cyber attacks; IP security.
International Journal of Security and Networks, 2014 Vol.9 No.3, pp.154 - 166
Received: 17 May 2013
Accepted: 02 Oct 2013
Published online: 09 Nov 2014 *