Implementing Secure Command and Control in Unmanned Systems

Unmanned vehicles are at the forefront of an evolution, especially with the proliferation of the Internet of Things. After decades of serving mission-critical applications in government and defense, the command and control (C2) capabilities of advanced wireless data communications have begun to migrate into the public safety, research, and commercial markets. The robust and secure infrastructure necessary for the eventual proliferation of unmanned vehicles is slowly being realized. Today, however, industries such as public safety, agriculture and oil and gas are being eyed as key markets that can benefit from the use of Remotely Piloted Aircraft (RPA). For several applications, such as wildfire monitoring and border protection, RPAs can even be used to protect people and save lives.

In July 2013, it was announced that the Federal Aviation Administration (FAA) had issued restricted category type certificates that could lead to the first UAS for commercial use1. According to the announcement, a major energy company in Alaska will be using UAS to support emergency response crews with oil spill monitoring and wildlife surveillance. The UAS utilized by the energy company will operate under the Arctic Implementation Plan released in November 20122, which is perhaps one of the most significant milestones for unmanned systems to date. Under the Arctic Implementation Plan, small UAS are permitted to operate for commercial use in designated “permanent operational areas and corridor routes.” By expanding into Arctic airspace, the plan aims to benefit communities located in the designated operational areas with new opportunities in scientific research, Search and Rescue (SAR), environmental analysis, fisheries and more. The areas proposed in the plan that would comply with this expansion include, the Southern Arctic Area, Bering Strait Area, and Northern Arctic Area.

As the FAA continues to work and eventually opens up the national airspace to RPAs, the skies will naturally become more crowded. In 2011 alone, the U.S. National Airspace saw more than 100,000 aviation operations per day. With the introduction of UAVs this number will certainly increase and be proven safe. Safety is a top priority of the FAA for the operation of UAVs3, particularly as it relates to secure and reliable command and control (C2) links and sense and avoid tactics. Therefore, the communications link in which the unmanned system operates plays an essential role in meeting security requirements, and with a reliable and secure CNPC link, a RPA can be trusted to operate effectively. Additionally, unmanned systems with unsecure and unproven C2 links are vulnerable to failure and even hijacking.

It is important to note that despite the enticing future of RPA being used in existing and new industries and applications, widespread commercial deployment is still a ways off. The FAA is still working to develop standards to open the national airspace. The Radio Technical Commission for Aeronautics (RTCA) Special Committee 228 for example, has been tasked with evaluating and developing the minimum operational requirements for use of the allocated safety critical spectrum, particularly as related to the Control and Non-Payload Communications (CNPC).

There are a number of secure wireless data communications solutions available that enable reliable C2 links and that have been trusted by the government and defense industry for years. Additionally, there are solution providers that offer multiple frequencies for C2 links enabling unmanned systems manufacturers with a portfolio of options to deploy. While frequency options are important considerations, a C2 link is only as strong as the security capabilities it offers. With appropriate security measures and encryption capabilities in place, C2 links can be better protected to thwart malicious attacks on unmanned systems. Here are key considerations for secure C2 links that need to be integrated as part of the overall unmanned system.

Authentication, Authorization and Accounting

One option that some unmanned systems operators have employed is the use of proprietary wireless data communication systems and devices (especially when they offer many “knobs” and configuration options to create private, user defined networks). These proprietary solutions can offer a higher degree of security in some scenarios, but as the FAA and the RTCA special committee continue to work, they will be defining new requirements for an open, nonproprietary solution.

This exemplifies a key security approach. The verification of identity, or Authentication, is based on the presentation of unique credentials to that system. The unique serial number of a wireless device for example (that hopefully can neither be “spoofed” nor counterfeited) may be such a unique credential, though some view the use of serial numbers as less than foolproof.

Advanced Data Encryption and FIPS

The Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards and Technology (NIST), as set forth by the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987. FIPS are a set of U.S. government computer security standards that define aspects of information security management, including document processing, encryption algorithms and other various IT standards.

Advanced Encryption Standard

In November 2001, FIPS Publication 1974 announced the Advanced Encryption Standard (AES), a cryptographic algorithm that could be used to protect electronic data. AES is the industry standard for data encryption and was developed by two Belgian cryptographers – Joan Daemen and Vincent Rijmen – and adopted by NIST due to the need for a newer and more secure data encryption algorithm. Today, AES is a Federal Government and commercial standard, trusted even by the NSA to protect sensitive information and maintain data privacy.

AES encrypted devices offer a variety of key strength options, including 128, 256 and others. NIST has also defined 5 modes of operation for AES:

• Cipher Block Chaining,
• Electronic Code Book,
• Cipher Feedback,
• Output Feedback
• Counter Mode.

It is argued that counter mode is the most secure of the five because it uses a sequence of blocks to encrypt the data and is never repeated.

FIPS Publication 140-2

NIST issued the 140 series of FIPS Publications to identify the key requirements for cryptography modules. FIPS 140-2 validation consists of four clear levels of security, with Level 1 being the lowest and each Level thereafter building upon the next with additional security and/or trusted requirements, all the way up to Level 4. For example, Level 2 adds requirements for checking physical evidence of tampering, as well as role-based user authentication. Level 3 requires physical tampering resistance (further physical qualities making the module itself more protected against attackers attempting to gain access to sensitive information within the module itself) and a stricter identity-based authentication. Level 4 adds even more physical security measures and requires an even greater robustness to the platform, in order to hold up against environmental attacks.

Unmanned systems manufacturers should ensure that their need for wireless links is satisfied by reputable wireless technology providers with a proven track record. These technology solutions should incorporate even the basic levels of the FIPS and AES standards. A safe and dependable C2 capability should be able to thwart hijacking attempts, prevent unauthorized access, and protect all critical data. These standards are tried and true and by incorporating these techniques into the C2 communications link for RPAs, we can ensure the reliability necessary for introducing these platforms into the national airspace.

Final Considerations

Secure wireless data communication devices that leverage data encryption capabilities, adhering to FIPS and AES standards, are already heavily relied on for mission-critical government and defense applications. There are many security and encryption standards that support the reliable transmission of wireless communications. Furthermore, some other wireless technologies that are proven to be reliable and secure in nature can further add to the overall data security scheme. For example, frequency-hopping techniques can leverage coordinated, rapid changes in radio frequencies that literally “hop” in the radio spectrum, thus evading detection and the potential of interference. Furthermore, some wireless products can deliver multiple user-defined cryptography keys (as many as 32 user-defined keys in some cases), providing a more robust link security by allowing the automatic and frequent changing of cryptographic keys.

With a secure C2 link in place, unmanned vehicles are far less likely to suffer from technical errors. This is a very important consideration because not only will there be more unmanned vehicles operating in more industrial and commercial sectors, but many will require and transport critical information where link failure to operate is not an option. As the unmanned systems industry continues to reach important milestones, the widespread growth of unmanned systems into industrial and commercial spaces will continue to grow and develop. With this in mind, there needs to be a level of assurance that the unmanned systems that will eventually become integral in our global lives are operating safely. The wireless C2 link is one of the key aspects.

This article was written by Phil Linker, Senior Product Manager, FreeWave Technologies, Inc. (Boulder, CO). For more information, Click Here .

References

1. One Giant Leap for Unmanned-kind
2. UAS Arctic Plan
3. UAS Fact Sheet
4. Announcing the ADVANCED ENCRYPTION STANDARD (AES)