MAVR: Code Reuse Stealthy Attacks and Mitigation on Unmanned Aerial Vehicles

Abstract: As embedded systems have increased in performance and reliability, their applications have expanded into new domains such as automated drone-based delivery mechanisms. Security of these drones, also referred to as unmanned aerial vehicles (UAVs), is crucial due to their use in many different domains. In this paper, we present a stealthy attack strategy that allows the attacker to change sensor values and modify the UAV navigation path. As the attack is stealthy, the system will continue to execute normally and… Show more

“…An adversary may also be able to change any data from the SRAM memory. For example, Habibi et al [15] proposed an attack that modifies the registers of an Unmaned Aerial Vehicle (UAV) gyroscope to control its flight.…”

“…Memory corruption vulnerabilities have been widely explored as a strategy to hijack the execution control flow for a huge variety of systems, including embedded and mobile devices [6,12,15]. In the past, once the adversary gained control of the execution, the immediate next step was to directly jump into its own malicious payload, which was already injected in the exploit [8].…”

“…This avoids the flash memory (where the executable code resides) being written from anywhere else except from the bootloader section, which also resides in the flash memory. Thus, the only means to exploit AVR devices is by reusing existing software from the flash memory [12,15].…”

“…Countermeasures against code reuse attacks have been widely explored recently [4,6,7,9,10,12,15,18,22]. Current defenses can be classified as follows:…”

“…In these cases, the adversarial model and the defense capabilities are radically different from those applicable to AVR. Current approaches aiming at hindering code reuse attacks in Harvard-based architectures rely on adding additional hardware [15] or modifying the existing one [13]. Such countermeasures introduce additional costs to these devices that cannot be overlooked.…”

AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices

“…An adversary may also be able to change any data from the SRAM memory. For example, Habibi et al [15] proposed an attack that modifies the registers of an Unmaned Aerial Vehicle (UAV) gyroscope to control its flight.…”

“…Memory corruption vulnerabilities have been widely explored as a strategy to hijack the execution control flow for a huge variety of systems, including embedded and mobile devices [6,12,15]. In the past, once the adversary gained control of the execution, the immediate next step was to directly jump into its own malicious payload, which was already injected in the exploit [8].…”

“…This avoids the flash memory (where the executable code resides) being written from anywhere else except from the bootloader section, which also resides in the flash memory. Thus, the only means to exploit AVR devices is by reusing existing software from the flash memory [12,15].…”

“…Countermeasures against code reuse attacks have been widely explored recently [4,6,7,9,10,12,15,18,22]. Current defenses can be classified as follows:…”

“…In these cases, the adversarial model and the defense capabilities are radically different from those applicable to AVR. Current approaches aiming at hindering code reuse attacks in Harvard-based architectures rely on adding additional hardware [15] or modifying the existing one [13]. Such countermeasures introduce additional costs to these devices that cannot be overlooked.…”

AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices

Drone Authentication Using ID-Based Signcryption in LoRaWAN Network

A SEIS Model for Propagation of Random Jamming Attacks in Wireless Sensor Networks