Title: Network vulnerability analysis of the Player command and control protocol

Authors: John T. Hagen; Barry E. Mullins

Addresses: Department of Electrical and Computer Engineering, Air Force Institute of Technology, 2950 Hobson Way, AFIT/ENG, Wright-Patterson AFB, OH 45433-7765, USA ' Department of Electrical and Computer Engineering, Air Force Institute of Technology, 2950 Hobson Way, AFIT/ENG, Wright-Patterson AFB, OH 45433-7765, USA

Abstract: This paper demonstrates command and control protocols for remotely-piloted vehicles can be susceptible to cyber attacks and provides recommendations to mitigate these attacks while minimising impact to resource-constrained platforms. The Player project is an open-source effort providing a control interface specification and software framework for abstracting robot hardware. This research presents five exploits that compromise vulnerabilities in Player's command and control protocol. This work also demonstrates that Internet Protocol Security (IPsec) is capable of mitigating the vulnerabilities discovered in Player's command and control protocol. A cost function is defined to synthesise exploit success, CPU utilisation, and network load into a single scalar metric that can be used to compare the different IPsec protocols. Results show that in a scenario when exploits are likely, IPsec AH+ESP is the preferred defense protocol because of its relatively low CPU and network overhead and ability to defeat the exploits implemented in this research.

Keywords: command and control protocols; embedded security; IPsec; mobile security; network attacks; Player protocol; vulnerability analysis; network security; network vulnerability; remotely-piloted vehicles; cyber attacks; IP security.

DOI: 10.1504/IJSN.2014.065708

International Journal of Security and Networks, 2014 Vol.9 No.3, pp.154 - 166

Received: 17 May 2013
Accepted: 02 Oct 2013

Published online: 09 Nov 2014 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article