Executive Summary : | In recent years, drones, in particular unmanned air vehicles (UAVs) are getting popularity in both civil and military arena. Rapid growth in the development of microelectromechanical systems (MEMS) has helped to integrate miniature and low-cost sensors for control and commands for drone stabilization. In parallel, drones have rapidly become a threat to businesses and law enforcement. Not only are they used to carry out physical attacks, but criminals are also using drones to infiltrate cybersecurity. These issues will be more pressing with their increasing population and can bring severe insecurities and threats, which unless mitigated, shall render in catastrophic consequences. In 2020, Director General of Civil Aviation (DGCA) has issued the Civil Aviation Requirements (CAR) that regulates the use of drones in the Indian airspace and to obtain Unique Identification Number (UIN) for every such device. Due to the restrictions in size, weight and communication time, it has become more challenging to incorporate cryptographic solutions in these resource constrained devices. Hence, it is also very important to build inherent solutions at the device level and back it up with software mechanisms to attain a comprehensive and end-to-end security solution. Now, in UAV systems, user authentication is mainly replaced by platform authentication. In this context, three major issues that can be raised are: 1. Lightweight unique identification mechanism of the UAV platforms and key management of thousands of such platforms in case deployed in large scale. 2. As UAVs are deployed in an insecure communication networks, the adversarial space grows rapidly. The authentic trusted platform modules (TPMs) might be stolen as costly protection mechanism might not be deployed in such low-embedded devices. Hence it can be replaced in adversarial UAVs to fool the ground control station (GCS) and impersonate as a legitimate device. 3. Privacy preserving authentication protocol between the GCS and network of the drones to ensure the anonymity of the UAV platform. Physically Unclonable Functions (PUFs) have been considered to be a promising hardware security primitive for lightweight cryptographic applications. Many concerns about the trustworthiness of the electronic components being used, or issues about the high overhead of security protocols, can be simplified using this hardware “Root-of-Trust”. Silicon PUFs exploit variation in manufacturing across different dies, wafers, and processes to generate (ideally) unique challenge–response mapping for each Integrated Circuit (IC) instance. Hence, in this project we aim to introduce PUFs, an unconventional lightweight hardware security primitive to generate a hardware fingerprint of the drones and design an anonymous authentication and secure message exchange protocol between the GCS and the UAV platform. |