Security – The #1 Concern Behind Amazon Prime Air

By , December 3, 2013 10:28 pm

prime-air_high-resolution02-660x340

I read, with great interest, all the media reports and commentaries regarding Amazon’s ambitious plan to deliver packages with unmanned aviation vehicles (UAV). In the early days of my career, I was exposed to some of the core UAV technologies such as IMU (inertial measurement unit), autonomous guidance and navigation,  as well as collision avoidance. I have also the experience of building my own UAV with Sun SPOT – an embedded wireless sensor network (WSN) platform developed by Sun Microsystems five years ago – as the central control unit and FreeWave TDMA modem as the datalink. With all the advancements in WSN, IOT and UAV, I tend to believe that the technology to fly the package to the customer’s back yard has already been there, or needs only very little ruggedization and refinement.

In my point of view, the biggest challenge behind Amazon Prime Air is to ensure the security of the UAV itself, which can be further categorized as anti-hijacking and collision avoidance.

Hijacking a UAV might sound impossible at a first glance, but was done at least once. On December 4 2011, an American Lockheed Martin RQ-170 UAV, operated by the Central Intelligence Agency, was hijacked and brought down by an Iranian cyber warfare unit. I am not an expert on hijacking UAV’s but I can can think of at least the following approaches:

  • Datalink Repression – It is almost certain that the UAV has been designed with the ability to accept and execute navigation and control commands on the fly. In this case, commercial carrier networks (such as AT&T, T-Mobile) seem to be the most convenient (and economically feasible) way to provide the datalink between Amazon and the UAV. In other words, the network being used to transmit guidance, navigation and control (GNC) commands for the UAV’s might be the very same network on which people surf the Internet, which is vulnerable to hacker sniffing and attacks. For example, radio repression technologies might be used to cut off the connection between the UAV and the command center, which can pave the road for further malicious attacks.
  • GNC Injection – Assuming that a malicious group had access to some UAV’s (with brute force such as gun shots), it might not be long for them to reverse engineer the UAV to unveil the underlying GNC protocol. All in a sudden, the whole Amazon fleet is under the control of one (or even more then one) malicious group lurking somewhere waiting for a perfect timing to change the course of the UAV’s via GNC injection. Can’t believe this? UAV’s are computers too, and are vulnerable to virus and human attacks. Remember, NSA infected 50,000 computer networks with malicious software, and so can other malicious groups.
  • Location Spoofing – The Amazon UAV’s might be using GPS as the primary positioning technique, and each UAV might have a built-in GPS coordinate as its home address. In this case, GPS spoofing might be employed to make the UAV believed that it has arrived at the desired location, and landed in the hands of a malicious group. Therefore, additional technologies such as IMU or WSN should be employed to improve the credibility of the sensed / calculated position of the UAV’s.

Collision might not be a problem if Amazon was the only business to obtain a license to operate UAV’s for civilian applications. This is very unlikely because FedEx had already expressed similar interests, and there are already a wide range of UAV applications waiting for the approval of FAA. When the number of UAV’s increases, the possibility of UAV collision also increases.

For commercial airlines, they fly on pre-designated air ways with pre-determined schedules. There is a global effort trying to keep track of all the airplanes, and prevent them from crashing into each other. On June 30, 1956 two airplanes collided over Grand Canyon with over 100 fatalities. A Wikipedia page on mid-air collision lists 48 civilian mid-air collisions during 1922~2012, with a total number of 2884 fatalities.

For civilian UAV’s, the air way network will be a lot more complicated as compared to the commercial airline network. Each and every home address now becomes a potential “airport”, and each UAV flight has a unique destination which can’t be planned months ahead. New routing algorithms, as well as collision avoidance protocols, will be needed to facilitate these UAV flights.

Leave a Reply

Panorama Theme by Themocracy