A Stealthy GPS Spoofing Strategy for Manipulating the Trajectory of an Unmanned Aerial Vehicle*

6th IFAC Workshop on Distributed Estimation and Control in 6th 6th IFAC IFAC Workshop Workshop on Distributed Distributed Estimation Estimation and and Control Control in in Networked Systemson 6th IFAC Workshop on Distributed Estimation and Control in Networked Systems Available online at www.sciencedirect.com Networked Systems September 8-9, 2016. Tokyo, Japan Networked Systems September 8-9, 2016. Tokyo, Japan September September 8-9, 8-9, 2016. 2016. Tokyo, Tokyo, Japan Japan

ScienceDirect

IFAC-PapersOnLine 49-22 (2016) 291–296

A Stealthy GPS Spoofing Strategy for Manipulating A Stealthy GPS Spoofing Strategy for A Stealthy GPS Spoofing Strategy for Manipulating  A the Stealthy GPS Spoofing Strategy Aerial for Manipulating Manipulating Trajectory of an Unmanned Vehicle the Trajectory of an Unmanned Aerial Vehicle the Trajectory of an Unmanned Aerial Vehicle the Trajectory of an Unmanned Aerial Vehicle 

Jie Su, Jianping He, Peng Cheng and Jiming Chen Jie Su, Jianping He, Peng Cheng and Jiming Chen Jie Jie Su, Su, Jianping Jianping He, He, Peng Peng Cheng Cheng and and Jiming Jiming Chen Chen State Key Laboratory of Industrial Control Technology, State KeyZhejiang Laboratory of Industrial Control Technology, State Laboratory of Control Technology, University, Hangzhou, China State Key KeyZhejiang Laboratory of Industrial Industrial Control Technology, University, Hangzhou, China Zhejiang University, Hangzhou, China (e-mail: [email protected], [email protected], Zhejiang University, Hangzhou, China (e-mail: [email protected], [email protected], (e-mail: [email protected], [email protected], [email protected], [email protected]). (e-mail: [email protected], [email protected], [email protected], [email protected]). [email protected], [email protected]). [email protected], [email protected]). Abstract: GPS is of great importance for autopilot of an Unmanned Aerial Vehilce (UAV). Recently, Abstract: GPS is of great importance for autopilot of anresearch Unmanned Aerial Vehilce Recently, Abstract: GPS is importance for of Unmanned Aerial Vehilce (UAV). Recently, GPS spoofing attack on UAV has attracted widespread interests due to the(UAV). vulnerability of Abstract: GPSattack is of of great great importance for autopilot autopilot of an anresearch Unmanned Aerialdue Vehilce (UAV). Recently, GPS spoofing on UAV has attracted widespread interests to the vulnerability of GPS spoofing attack on UAV has attracted widespread research interests due to the vulnerability of civilian GPS signal. This paper specifies a scenario in which the GPS spoofing attacker intends to drive GPS spoofing attack on UAV has attracted widespread research interests due to the vulnerability of civilian signal. This scenario in the intends to civilian GPS signal. with This apaper paper specifies scenario in which whichdestination the GPS GPS spoofing spoofing attacker intends to drive drive the UAVGPS equipped faultspecifies detectoraaa to any arbitrary without attacker triggering the detector. civilian GPS signal. This paper specifies scenario in which the GPS spoofing attacker intends to drive the UAV equipped with a fault detector to any arbitrary destination without triggering the detector. the UAV equipped with a fault detector to any arbitrary destination without triggering the detector. We UAV formulate the problem as a detector constrained optimization problem, and provide an effective solution the equipped with a fault to any arbitrary destination without triggering the detector. We formulate problem aa constrained problem, and provide an effective solution We formulate the problem as optimization problem, and an solution to compute thethe falsified GPSas measurement ofoptimization each time instant. In addition, we analyze and compute We formulate the problem asmeasurement a constrained constrainedof optimization problem, and provide provide an effective effective solution to compute the falsified GPS each time instant. In addition, we analyze and compute to compute the falsified GPS measurement of each time instant. In addition, we analyze and compute the largest attainable location set of the UAV under GPS spoofing attack, which quantifies the capability to compute the falsified GPS measurement of each time instant. In addition, we analyze and compute the largest attainable location the which quantifies the the largest attainable location set ofconstraint the UAV UAV under under GPS spoofing attack, which quantifies under the capability capability of GPS Spoofing attack underset theof of the GPS fault spoofing detector. attack, Numerical simulations various the largest attainable location set of the UAV under GPS spoofing attack, which quantifies the capability of GPS Spoofing attack under the constraint of the fault detector. Numerical simulations under various of GPS Spoofing attack under the constraint of the fault detector. Numerical simulations under various parameter settingsattack are conducted toconstraint verify theofresults. of GPS Spoofing under the the fault detector. Numerical simulations under various parameter settings are conducted to verify the results. parameter settings are to the parameter settings are conducted conducted to verify verify the results. results.Control) Hosting by Elsevier Ltd. All rights reserved. © 2016, IFAC (International Federation of Automatic Keywords: UAV, GPS spoofing, fault detector, constrained optimization. Keywords: UAV, GPS spoofing, fault detector, constrained optimization. Keywords: Keywords: UAV, UAV, GPS GPS spoofing, spoofing, fault fault detector, detector, constrained constrained optimization. optimization. 1. INTRODUCTION 1.2 Related Work and Motivation 1. INTRODUCTION INTRODUCTION 1.2 1. 1.2 Related Related Work Work and and Motivation Motivation 1. INTRODUCTION 1.2 Related Work and Motivation 1.1 Background The U.S. surveillance RQ-170 UAV incident, happened in De1.1 Background Background The U.S. surveillance RQ-170 in De1.1 The U.S. surveillance RQ-170 UAV incident, happened in 1.1 Background cember (Wiki (2011)), hasUAV greatincident, influencehappened on the research The U.S.2011 surveillance RQ-170 UAV incident, happened in DeDecember 2011 (Wiki (2011)), has great influence on the research cember (Wiki the research Nowadays, with the booming of autonomous UAVs in outdoor of UAV2011 capture and(2011)), controlhas viagreat GPSinfluence spoofingon attack, as one cember 2011 (Wiki (2011)), has great influence on the research Nowadays, with theasbooming booming of autonomous autonomous UAVs in in outdoor capture control GPS attack, as Nowadays, of UAVs of UAV UAV engineer capture and and control via GPS spoofing spoofing attack,spoofing as one one applications,with suchthe aerial photograph, transportation, search of Iranian claimed in via an interview that GPS Nowadays, with theasbooming of autonomous UAVs in outdoor outdoor of UAV capture and control via GPS spoofing attack, as one applications, such aerial photograph, transportation, search Iranian engineer claimed in an interview that GPS spoofing applications, such as aerial photograph, transportation, search Iranian engineer claimed in an interview that GPS spoofing and rescue and so on, they have been greatly concerned by reattack has been used duringinthe operation tothat capture and force applications, such as aerial photograph, transportation, search Iranian engineer claimed an interview GPS spoofing and rescueand andengineers so on, on, they have and beenSelvaraj greatly (2015)). concerned by rere- attack has used during the operation capture and force and rescue and so have been greatly concerned by attack has been used during the to capture and force searchers (Chmaj Accordthebeen victim UAV. To validate such a to claim, a field and rescueand andengineers so on, they they have and beenSelvaraj greatly (2015)). concerned by re- landing attack has been used during the operation operation to capture andtesting force searchers (Chmaj Accordlanding the victim UAV. To validate such a claim, a field testing searchers and engineers (Chmaj and Selvaraj (2015)). Accordlanding the victim UAV. To validate such a claim, a field testing ing to an and UAVengineers market forecast conducted by(2015)). the TealAccordGroup, of UAV capture and force landing via GPS spoofing attack searchers (Chmaj and Selvaraj landing the victim UAV. To validate such a claim, a field testing ing to an UAV market forecast conducted by the Teal Group, capture and force landing via GPS attack ing an forecast the Group, of UAV UAV capture andthe force landing of viauniversity GPS spoofing spoofing attack the to worldwide UAV expenditures over theby next decade will of was carried out by researchers of Texas at ing to an UAV UAV market market forecast conducted conducted the Teal Teal Group, UAV capture and force landing via GPS spoofing attack the worldwide UAV expenditures over thebynext next decade will of was carried out by the researchers of university of Texas at the worldwide UAV expenditures over the decade will was carried out by the researchers of university of Texas at increase annually from the current 5.2 billion dollars to 11.6 Austin (Shepard et al. (2012)), which demonstrated a shortthe worldwide UAV expenditures over the next decade will was carried out by the researchers of university of Texas at increase annually from theamount currentin5.2 5.2 billion dollars toreach 11.6 Austin (Shepard et al. (2012)), which demonstrated aa further shortincrease annually from the current billion dollars to 11.6 Austin (Shepard et al. (2012)), which demonstrated shortbillion dollars and the total the next decade will term control of the UAV. Kerns et al. (2014) illustrated a increase annually from the current 5.2 billion dollars to 11.6 Austin (Shepard et al. (2012)), which demonstrated a shortbillion dollars and and the totaldollars. amount(Cai in the theetnext next decade will will reach term control the UAV. Kerns et al.control (2014) illustrated further billion dollars total amount in decade term control of the UAV. et (2014) illustrated further to an incredible 89the billion al. (2014)). on howof realize long-term the UAV aaavia GPS billion dollars and totaldollars. amount(Cai in theet next decade will reach reach study term control ofto the UAV.aa Kerns Kerns et al. al.control (2014)of illustrated further to an incredible incredible 89the billion al. (2014)). (2014)). study on how to realize long-term of the UAV via GPS to an 89 billion dollars. (Cai et al. study on how to realize a long-term control of the UAV via GPS spoofing attack, which is realized by a proportional-differential to an incredible 89 billion dollars. (Cai et al. (2014)). study on how to realize a long-term control of the UAV via GPS High reliability and robustness are important requirements of spoofing attack, which is realized by a proportional-differential spoofing attack, which is realized by a proportional-differential spoofer controller. This work also showed an overt and covert High reliability and robustness are important requirements of spoofing attack, which is realized by a proportional-differential High reliability and robustness are important requirements of safety-critical systems, especially the autopilotrequirements function of the controller. work also showed an overt there and covert High reliabilitysystems, and robustness arethe important of spoofer spoofer controller. This work also an and UAV capture case This through simulations. However, is no safety-critical especially autopilot function of the the spoofer controller. This work also showed showed an overt overt there and covert covert safety-critical function of UAV which issystems, usually especially aided by the theautopilot GPS sensor. However, UAV capture case through simulations. However, is no safety-critical systems, especially the autopilot function of the UAV capture case through simulations. However, there is exploration about how to proceed a covert post-capture control UAV which is usually aided by the GPS sensor. However, capture casehow through simulations. However, therecontrol is no no UAV which is usually the GPS However, the civilian GPS signal aided itself by is easy to besensor. attacked due to UAV exploration about to proceed a covert post-capture UAV which is usually aided by the GPS sensor. However, exploration about how to proceed a covert post-capture control of the victimabout UAVhow without triggering the detection algorithm. the civilian GPS GPS signaltheitself itself istransportation easy to to be be attacked attacked due to to exploration to proceed a covert post-capture control the civilian signal easy due its publicity. In 2003, U.S.is infrastructures of the victim UAV without triggering the detection algorithm. the civilian GPS signal itself is easy to be attacked due to of the victim UAV without triggering the detection algorithm. its publicity. for In 2003, 2003, the U.S. U.S. transportation infrastructures victim UAV without its publicity. In the transportation infrastructures vulnerability civil GPS disruption was assessed in Carroll of In the Kwon et al. (2013), the triggering necessary the anddetection sufficientalgorithm. conditions its publicity. for In 2003, the U.S. transportation infrastructures vulnerability civil GPS disruption was assessed in Carroll In Kwon et al. (2013), the necessary and sufficient vulnerability for civil GPS disruption was assessed in Carroll In Kwon et al. (2013), the necessary and sufficient conditions (2003). However, suchGPS an attack needs was a GPS signal simulator, under which the(2013), attacker could perform three kindsconditions of attack vulnerability for civil disruption assessed in Carroll In Kwon et al. the necessary and sufficient conditions (2003). However, such an anand attack needs aa at GPS signal simulator, under which the attacker could perform three kinds attack (2003). However, such attack needs GPS signal simulator, under which the attacker could perform three kinds of attack which was cumbersome expensive that time. In 2008, (actuators compromised, sensorsperform compromised, andof of (2003). However, such an attack needs a GPS signal simulator, under which the attacker could three kinds ofboth attack which was cumbersome and expensive at that time. In 2008, (actuators compromised, sensors compromised, and both of which was cumbersome and expensive at that time. In 2008, (actuators compromised, sensors compromised, and both of the software defined radio (SDR) technology was applied to them compromised) without being detected were derived. In which was cumbersome and expensive at that time. In 2008, (actuators compromised, sensors compromised, and both of the software software defined radio (SDR) technology was applied to them compromised) without being detected were derived. In the defined radio (SDR) technology was applied to them compromised) without being detected were derived. In implementation ofradio a portable and less expensive civilian Liu et al. (2012) and Kwon et al. (2014), the worst stealthy the software defined (SDR) technology was applied to them compromised) without being detectedthe were derived. In the implementation of aa portable portable and less less expensive civilian Liu et al. (2012) and Kwon et al. (2014), worst stealthy the implementation of and expensive civilian Liu et al. (2012) and Kwon et al. (2014), the worst stealthy GPS spoofer (Humphreys et al. (2008)). Since then, there were cyberetattacks wereand derived andetanalyzed, which can maximize the implementation of a portable and less expensive civilian Liu al. (2012) Kwon al. (2014), the worst stealthy GPS spoofer (Humphreys et al. (2008)). Since then, there were cyber attacks were derived and analyzed, which can maximize GPS spoofer (Humphreys et (2008)). Since then, there attacks were and which can extensive attentions about the security and privacy issues ofwere the cyber the state estimation error of theanalyzed, UAV’s state while GPS spoofer (Humphreys et al. al. (2008)). Since then,issues thereof were attacks were derived derived and analyzed, whichestimator can maximize maximize extensive attentions about the security and privacy the cyber the state estimation error of the UAV’s state estimator while extensive attentions about the security and issues of the the state estimation error of the UAV’s state estimator while system equipped with a GPS receiver, suchprivacy as mobile applicanot being detected, where GPS spoofing attack was considered extensive attentions about the security and privacy issues of the the state estimation error of the UAV’s state estimator while system equipped with a GPS receiver, such as mobile applicanot being detected, where GPS spoofing attack was considered system equipped with a GPS receiver, such as mobile applicanotsensor being detected, detected, wherecase GPSofspoofing spoofing attack was was considered tions (Crump (2011)), power net and smart grid (Shepard et al. not as compromised cyber attacks. However, for a system equipped with a GPS receiver, such as mobile applicabeing where GPS attack considered tions (Crump (2011)), power net and smart grid (Shepard et al. as sensor compromised case cyber attacks. However, for aa tions (Crump power net and smart grid (Shepard al. as sensor compromised case of cyber attacks. However, for (2012), Gong (2011)), et al. (2012)) and various vehicles includinget Unsafety assessment purpose, theof algorithms derived in Liu et tions (Crump (2011)), power net and smart grid (Shepard et al. as sensor compromised case of cyber attacks. However, foral. a (2012), Gong et al. al. (2012))(Pajic and various various vehiclesand including Un- safety assessment purpose, the algorithms derived in Liu et al. (2012), Gong et (2012)) and vehicles including Unsafety assessment purpose, the algorithms derived in Liu et al. manned Ground Vehicles et al. (2014)) Unmanned (2012) and Kwon et al. (2014) obtain all the optimal injected (2012), Gong et al. (2012)) and various vehicles including Unsafety assessment purpose, the algorithms derived in Liu et al. manned Ground(Shepard Vehicleset(Pajic (Pajic et al. al. (2014)) andwidely Unmanned and Kwon et al. (2014) obtain all the optimal manned Ground Vehicles et and Unmanned (2012) and et obtain the injected Aerial Vehicles al. (2012)). The focus exists (2012) values using an off-line computation. In Kwon et al. injected (2015), manned Ground(Shepard Vehicleset(Pajic et al. (2014)) (2014)) andwidely Unmanned (2012) and Kwon Kwon et al. al. (2014) (2014) obtain all all the optimal optimal injected Aerial Vehicles al. (2012)). The focus exists values using an off-line computation. In Kwon et Aerial Vehicles (Shepard et al. (2012)). The focus widely exists values using using an off-lineattack computation. In by Kwon et al. al. (2015), (2015), in hardware implementation (Di et al. (2012)), successful GPS values real-time GPSan spoofing constrained a sequential probAerial Vehicles (Shepard et al. (2012)). The focus widely exists off-line computation. In Kwon et al. (2015), in hardware implementation (Di et etetal. al. (2012)), successful GPS real-time GPS spoofing constrained by aa sequential probin hardware implementation (Di GPS real-time GPS spoofing attack constrained by sequential probattack requirements (Tippenhauer al.(2012)), (2011)) successful and GPS attack ability ratio detector is attack discussed, however, there is no exploin hardware implementation (Di et al. (2012)), successful GPS real-time GPS spoofing attack constrained by a sequential probattack requirements (Nighswander (Tippenhauer et et al. (2011)) and GPS GPS attack attack ability ratio detector is discussed, however, there is no exploattack requirements (Tippenhauer al. (2011)) and ability ratio detector is discussed, however, there is no explolevel investigations et al. (2012)). ration of driving the UAV to arbitrary malicious destination. attack requirements (Tippenhauer et al. (2011)) and GPS attack ability ratio detector is discussed, however, there is no explolevel investigations investigations (Nighswander et et al. (2012)). (2012)). ration of driving the UAV to arbitrary malicious destination. level ration of the to malicious destination. level investigations (Nighswander (Nighswander et al. al. (2012)). ration of driving driving the UAV UAV to arbitrary arbitrary malicious destination.  Different from existing works, we consider a scenario, in which This work is supported by National Science Foundation of China under Grant  Different from existing works, we consider a scenario, in which work is supported by National Science Foundation of China under Grant  This Different from existing works, we consider a scenario, in This work is supported by National Science Foundation of China under Grant the UAV is automatically piloting along a reference trajectory, U1401253 and National Key R&D Program Under Grant 2016YFB0800204.  Different from existing works, we consider a scenario, in which which This work is supported by National Science Foundation of China under Grant the UAV is automatically piloting along a reference trajectory, U1401253 and National Key R&D Program Under Grant 2016YFB0800204. the U1401253 the UAV UAV is is automatically automatically piloting piloting along along aa reference reference trajectory, trajectory, U1401253 and and National National Key Key R&D R&D Program Program Under Under Grant Grant 2016YFB0800204. 2016YFB0800204. Copyright © 2016, 2016 IFAC 291Hosting by Elsevier Ltd. All rights reserved. 2405-8963 © IFAC (International Federation of Automatic Control) Copyright 2016 IFAC 291 Copyright © 2016 IFAC 291 Peer review© of International Federation of Automatic Copyright ©under 2016 responsibility IFAC 291Control. 10.1016/j.ifacol.2016.10.412

2016 IFAC NECSYS 292 September 8-9, 2016. Tokyo, Japan

Jie Su et al. / IFAC-PapersOnLine 49-22 (2016) 291–296

and the attacker has an intention of driving it towards any definite destination via real time GPS spoofing attack. Since the UAV is often equipped with a Kalman-residual based fault detector, it is critical for the attacker to carefully design the GPS spoofing strategy in order to manipulate the UAV toward the malicious destination without triggering the detector. Meanwhile, it is also of interest to investigate the capacity of such attacks under the constraint of the detector. 1.3 Contribution The contributions of this paper are threefolds. (1) We consider the scenario in which the UAV is equipped with a fault detector, and the GPS spoofing attacker intends to manipulate it towards a destination without triggering the detector. To the best of the authors’ knowledge, the problem considered in this paper is novel. (2) We formulate the problem as a real-time constrained optimization problem. A greedy strategy is proposed to determine the injected GPS measurement of each time instant. (3) In order to interpret the proposed strategy, we analyze and compute the attainable location set of UAV under GPS spoofing attack, which quantifies the capability of GPS spoofing attack under the constraint of fault detector. The remainder of the paper is organized as follows: In Section 2, we give the preliminaries about the system model, the fault detector, the attack model and the problem formulation. In Section 3, we propose the real-time attack decision strategy and provide the solution for the considered optimization problem. In Section 4, numerical examples are shown to illustrate the results. Finally, Section 5 concludes the paper. 2. PRELIMINARIES AND PROBLEMS 2.1 System Model Given the loose coupling of GPS measurements and strap-down Inertial Navigation System (INS), the attitude dynamics of UAV could not be affected by GPS spoofing attack, which has been confirmed through field testing by (Kerns et al. (2014)). Since the intention of the attacker is only falsifying the position and velocity information of the victim UAV, the system model can be described as a linear translational dynamic model as follows, x(k + 1) = Ax(k) + Bu(k), (1) am (k) = u(k) + w(k), (2) y(k) = x(k) + v(k), (3) �T � where x(k) = posx (k) posy (k) velx (k) vely (k) . The four elements of x(k) represent the position of the east direction and the north direction, the velocity of the east direction and the north direction, respectively. A and B are the system matrices satisfying ⎡ 2 ⎤ ⎡ ⎤ Ts /2 0 1 0 Ts 0 ⎢ 0 Ts ⎥ ⎢0 0 1 0 ⎥ ,B = ⎣ 2 A=⎣ ⎦, 0 1 0 Ts ⎦ Ts /2 0 00 0 1 0 Ts where Ts is the sampling time, and u(k) is the input produced by the system controller. am (k) represents the acceleration measurement from the accelerometer, which is corrupted by a zero mean Gaussian white measurement noise w(k) with a covariance matrix W . y(k) represents the GPS measurement, 292

and v(k) is the corresponding measurement noise which is also a zero mean white Gaussian noise with a covariance matrix R. k ∈ {0, 1, · · · , N } denotes the discrete-time index which is taken from the finite time horizon [0, N ]. Due to the presence of the measurement noise, a precise estimation of the system state should be completed by an estimator, which is described by (Kwon et al. (2014)) x ˆ(k + 1) =Aˆ x(k) + Bam (k) +L(k + 1)(y(k + 1) − Aˆ x(k) − Bam (k)), where x ˆ(k + 1) represents the estimation result, and L(k + 1) represents the steady state Kalman gain, satisfying L(k + 1) = P (k + 1|k)(P (k + 1|k) + R)−1 , where P (k+1|k) represents one step predicted error covariance matrix. P (k +1|k) is the solution of the following discrete-time algebraic Riccati equation, P (k + 1|k) =AP (k + 1|k)AT + (I − BC)Q(I − BC)T + BRB T − AP (k + 1|k)C

(CP (k + 1|k)C T + R)−1 CP (k + 1|k)AT , where the process noise covariance Q is given by Q = BW B T . By referring to Kerns et al. (2014), this paper considers such a controller for the autopilot function, u(k) = −K(ˆ x(k) − xref (k)). K is the control gain which is designed so that the closedloop system is stable. Since (A, B) is a controllable pair, the eigenvalues of A − BK can be placed anywhere in the lefthalf place. xref (k) is the reference trajectory driven by aref (k) described as follows, xref (k + 1) = Axref (k) + Baref (k). Model-based residual testing is a simple and broadly used detection method (Kerns et al. (2014), Bar-Shalom et al. (2004)), therefore, this paper considers the residual generated by Kalman filter at time instant k, r(k) = y(k) − Aˆ x(k − 1) − Bam (k − 1), (4) which follows a zero-mean Gaussian distribution with a constant covariance matrix, Σr (k) = P (k) + R. Abrupt changes of the system can be detected by testing the following two incompatible statistical hypotheses, H0 : r(k) ∼ N (0, Σr (k)) and H1 : r(k)  N (0, Σr (k))

Here N (a, Σ) represents the Gaussian distribution with mean a and covariance Σ. An evaluation of the residual should be made as the decision basis. Similar to Liu et al. (2012), Kwon et al. (2013) and Kwon et al. (2014), we choose rT (k)Σr −1 (k)r(k) as the residual evaluation in this paper. Then the decision is made by H0

rT (k)Σr −1 (k)r(k)  h, H1

where h is the chosen threshold value. Taking m as the dimension of the measurement vector y(k), the threshold value h should be bigger than m (Bar-Shalom et al. (2004)). If the system is normally operating, the values computed by the detector will follow a χ2 distribution with m degrees of freedom (Kwon et al. (2014)).

2016 IFAC NECSYS September 8-9, 2016. Tokyo, Japan

Jie Su et al. / IFAC-PapersOnLine 49-22 (2016) 291–296

2.2 Attack Model Given a determined victim UAV, the attacker could get the system parameters through existing techniques (Kwon et al. (2014), Zhang et al. (2015), Qi et al. (2015), Zhang et al. (2016)), including A, B, Q, R. Meanwhile, the communication between the Ground Control Station (GCS) and the victim vehicle may be vulnerable (Kacem et al. (2015)), therefore, an eavesdropping attack may be operated by the attacker to obtain the state estimation of the UAV, including the position, velocity, and acceleration at each time instant. Additionally, the attacker could inject the falsified GPS measurement to the navigation component, using either of the following two methods. (1) Send out y ∗ (k) with a GPS signal simulator, such as the GPS spoofer implemented in Humphreys et al. (2008). When the code phase, the Doppler frequency of the GPS spoofing signal is aligned with the legitimate GPS signal, and the power of GPS spoofing signal is greatly higher than the legitimate one, thus, the GPS receiver in the radiation scope will accept the GPS spoofing signal, which contains falsified position and velocity values; (2) Hack the onboard navigation computer and inject y ∗ (k) by implementing a data level GPS spoofing attack Nighswander et al. (2012). Without loss of generality, we analyze the situation at time instant k to illustrate the attack process. In the rest of this article, we use the superscript notation ∗ to denote the corresponding variable of the UAV under attack. For example, x∗ (k) represents the position and velocity of the UAV under attack. The attacker could use the obtained estimation and system input at time instant k − 1 to compute the state prediction at time instant k, x ˆ∗ (k|k − 1) = Aˆ x∗ (k − 1) + Bu(k − 1). Meanwhile, by the definition of the residual r(k), the falsified GPS measurement y ∗ (k) could be designed by, y ∗ (k) = x∗ (k|k − 1) + r∗ (k). (5) ∗ It is clear that y (k) can be directly computed once r∗ (k) is determined. After an injection of the falsified GPS measurement, the estimation result of the victim at time instant k + 1 will be, x ˆ∗ (k) =Aˆ x∗ (k − 1) + Bam ∗ (k − 1) (6) ∗ ∗ ∗ x (k − 1) + Bam (k − 1)), +L(k)(y (k) − Aˆ which will affect the generated control command, u∗ (k) = −K(ˆ x∗ (k) − xref (k)). (7) The system states at time instant k + 1 are, x∗ (k + 1) = Ax∗ (k) + Bu∗ (k). (8) Consequently, the main goal of the attacker is to design the malicious residual r∗ (k) which could yield the corresponding GPS measurement y ∗ (k), in order to manipulate the UAV toward the malicious destination. 2.3 Problem Formulation Denote the malicious destination as xN , including a pair of position coordinates. The objective of the attacker is to drive the victim toward xN efficiently, without triggering the fault detector. Here the meaning of “drive” is to make the location of the UAV at each time instant under attack approaching xN , according to the GPS spoofing process described in Sec. 2.2. 293

293

Therefore, we mathematically formulate the distance between xN and current location of UAV as follows, �xN − f x∗ (k)�2 , ∀k ∈ {1, · · · , N }, (9) where   1000 f= . 0010 To avoid triggering the alarm of the fault detector, the malicious designed residual in the attack process should satisfty the following constraint, r∗ T (k)Σr −1 (k)r∗ (k) ≤ h, ∀k ∈ {1, · · · , N }. (10) Therefore, we investigate the following two problems in the rest of this paper. (i) Since the inequality constraint (10) is a real-time generated criteria, it is difficult to directly utilize the common optimal control algorithms. Therefore, the first problem is how to design r∗ (k) for the GPS spoofing attack in order to minimize (9) at each time instant under the constraint (10). (ii) The second problem is to investigate the largest attainable location set under any arbitrary GPS spoofing attack. 3. SOLUTION 3.1 Malicious Residual Determination Without loss of generality, we study the decision problem at time instant k. Following the attack process described in Section 2, each attack action can adapt a greedy strategy, which minimizes the difference between next position f x∗ (k + 1) and the malicious destination xN . The objective function (9) could be rewritten as (xN − f x∗ (k + 1))T (xN − f x∗ (k + 1)). (11) Substituting equation (8), (7) and (6) into (11), we obtain (xN − f x∗ (k + 1))T (xN − f x∗ (k + 1)) (12) x(k|k − 1) =(xN − f Ax(k) + f BK(ˆ

+ Lr∗ (k) − xref (k)))T (xN − f Ax(k) + f BK(ˆ x(k|k − 1) + Lr∗ (k) − xref (k))), where r∗ (k) is the only variable to be determined. Let χ(k) represent the deterministic part of equation (12), χ(k) = xN − f Ax(k) + f BK x ˆ(k|k − 1) − f BKxref (k). The objective function will be abbreviated as follows, (xN − f x∗ (k + 1))T (xN − f x∗ (k + 1)) =(χ(k) + f BKLr∗ (k))T (χ(k) + f BKLr∗ (k))

=r∗ T (k)LT K T B T f T f BKLr∗ (k) + 2χT (k)f BKLr∗ (k) + χT (k)χ(k). Then, the first problem could be reformulated as the following constrained optimization problem, Problem 3.1. min r∗ T (k)LT K T B T f T f BKLr∗ (k) ∗ r (k)

+ 2χT (k)f BKLr∗ (k) + χT (k)χ(k), s.t.

r∗ T (k)Σr −1 (k)r∗ (k) ≤ h.

Since both of the objective and the constraint are quadratic function of r ∗ (k), such a problem is Quadratically Constrained

2016 IFAC NECSYS 294 September 8-9, 2016. Tokyo, Japan

Jie Su et al. / IFAC-PapersOnLine 49-22 (2016) 291–296

Quadratic Programming (QCQP) problem, which is NP-Hard (Lu et al. (2011)). A Lagrangian multiplier γ ∈ R+ could be introduced to solve this problem. Then the corresponding Lagrangian function is defined as, Lk (r∗ (k), μ) =r

∗T

(k)LT K T B T f T f BKLr∗ (k) ∗

T

+ 2μT (k)f T f BKLr∗ (k) − μT (k)f T f μ(k),

r∗ T (k)Σr −1 (k)r∗ (k) ≤ h.

Define the Lagrangian function of problem (3.2) as follows,

+ γ(r∗ T (k)Σr −1 (k)r∗ (k) − h). ∗T

Let = arg minr∗ (k) maxγ Lk (r (k), γ) be the solution to the dual problem of the primal problem (3.1), then the KarushKuhn-Tucker (KKT) condition which characterizes the solution to the dual problem is given by ⎧ γo > 0 ⎪ ⎪ ⎨ γo (ro∗ T (k)Σr −1 (k)ro∗ (k) − h) = 0 ⎪LT K T B T f T f BKLro∗ (k) + 2χT (k)f BKL ⎪ ⎩ +γo Σr −1 (k)ro∗ (k) = 0.

We can notice that the objective and the constraint are both convex, therefore, the KKT conditions are necessary and sufficient (Boyd and Vandenberghe (2004)). Utilizing the numerical solver, optimal ro∗ (k) can be obtained. The falsified measurement y ∗ (k) can be determined by the solution ro∗ (k), in accordance to the definition of r∗ (k). 3.2 Attainable Location Set For an interpretation of the capability of GPS spoofing attack under the constraint, we investigate the attainable location set at time instant k+1, which could be formulated as �f (x∗ (k+1)− xref (k + 1))�2 . Such a study could reveal that the difference between the location under attack and the reference location is bounded by a circle in R2 . It is direct to rewrite �f (x∗ (k + 1) − xref (k + 1))�2 using the quadratic form (x∗ (k + 1) − xref (k + 1))T f T f (x∗ (k + 1) − xref (k + 1)). (13) Substituting equation (8), (7) and (6) into (13), we obtain −(x∗ (k + 1) − xref (k + 1))T f T f (x∗ (k + 1) − xref (k + 1)) x(k|k − 1) + Lr∗ (k) = − (Ax∗ (k) − BK(ˆ

r (k)

s.t.

T

+ 2χ (k)f BKLr (k) + χ (k)χ(k)

ro∗

Problem 3.2. − r∗ (k)LT K T B T f T f BKLr∗ (k) min ∗

(14)

− xref (k)) − xref (k + 1))T f T f (Ax∗ (k) − BK(ˆ x(k|k − 1) + Lr∗ (k) − xref (k)) − xref (k + 1)).

Lk (r∗ (k), λ) = − r∗ T (k)LT K T B T f T f BKLr∗ (k) + 2μT (k)f T f BKLr∗ (k)

+ μT (k)f T f μ(k) + λ(r ∗ T (k)Σr −1 (k)r∗ (k) − h), where λ ∈ R+ is the Lagrangian multiplier. As the objective function of problem (3.2) is concave, its KKT system could be described by (Lu et al. (2011)), ⎧ ∗ T T T T ∗ ⎨∇Lk (r (k), λ)|r∗ (k)=ro∗ (k) = L K B f f BKLro (k) −1 T T ∗ +2μ (k)f f BKL + λo Σr (k)ro (k) = 0 ⎩ λo (ro∗ T (k)Σr −1 (k)ro∗ (k) − h) = 0. 4. EVALUATION

4.1 Nominal Scenario Without Attack The sampling frequency is chosen as Ts = 1s. Meanwhile, the time horizon is set to 30s. The UAV has a planning path described by the sequence xref (k), k ∈ {1, · · · , N }, which is computed by aref (k). Since the planning path can be arbitrary, here we choose a time varying reference input, with [0.25 0.433]T as the value of aref (1), ⎧ T ⎪ ⎨[0.1k 0.4k] , 1 < k ≤ 10 aref (k) = [0 −0.25k]T , 11 < k ≤ 20 ⎪ ⎩[0.02k 0.15k]T . 21 < k ≤ 30

By referring to Kerns et al. (2014), the measurement noise variances of the GPS receiver are set as σposition = 2m, σvelocity = 0.3m/s. The measurement bias variance of the accelerometer is set as σacceleration = 0.05m/s2 .

The controller of the UAV has a constant gain (Kerns et al. (2014)), � � 1200 K= . 0012 Since the dimension of the state m = 4, we set the threshold of the fault detector h as 4.5.

Similarly, we use μ(k) to represent the deterministic part of equation (14), apart from the term including the variable r∗ (k), ˆ(k|k − 1) μ(k) =Ax∗ (k) − BK x + BKxref (k) − xref (k + 1).

Then we have

−(x∗ (k + 1) − xref (k + 1))T f T f (x∗ (k + 1) − xref (k + 1))

= − (μ(k) − BKLr∗ (k))T f T f (μ(k) − BKLr∗ (k))

= − r∗ (k)LT K T B T f T f BKLr∗ (k)

+ 2μT (k)f T f BKLr∗ (k) − μT (k)f T f μ(k).

Then, the attainable location set problem can be reformulated as follows, 294

We conduct the simulation of the nominal system with Matlab. Fig. (1) shows the position tracking performance. The line with circle markers represents the reference trajectory dominated by the reference input aref (k), the line with square markers represents the estimation results from the estimator, and the line with diamond markers represents the operation results driven by the controller u(k). We can see that the difference between operation states and the reference states are trivial, which demonstrates that the UAV can track the reference trajectory very well under normal conditions. Fig. (2) shows the corresponding performance of the fault detector. Each value computed by the fault detection algorithm is presented as a star marker. The threshold of the detector is shown by the solid line. We can find that all of the fault detection values are lower than the threshold.

2016 IFAC NECSYS September 8-9, 2016. Tokyo, Japan

Jie Su et al. / IFAC-PapersOnLine 49-22 (2016) 291–296

295

It is interpretable that for some destinations, it is more difficult to drive the UAV close to the malicious destination in finite T time horizon. For example, we choose xN = [500 −500] to illustrate such a process.

Fig. 1. Nominal trajectory tracking results. 

)DXOW'HWHFWRUYDOXH

)DXOW'HWHFWRUYDOXH 7KUHVKROGYDOXH



Fig. 5. Malicious destination and reference trajectory in different quadrants.

 





)DXOWGHWHFWRUYDOXH 7KUHVKROGYDOXH









7LPHKRUL]RQV





)DXOWGHWHFWRUYDOXH







Fig. 2. Fault detection results of the nominal situation.

 

4.2 Attack Scenario



T

Here we set the definite malicious destination xN = [70 160] , to illustrate the performance of the proposed malicious residual determination algorithm. All of the parameters are the same with the nominal scenario.







7LPHKRUL]RQV







Fig. 6. Fault detection results under attack. As shown in Fig. (5), there is still a gap between xN and the last operation location. Fig. (6) shows the corresponding performance of the fault detector. 4.3 Attainable Location Set Illustration T

Here we set xN = [500 −500] , and illustrate the largest attainable location set computed by the proposed algorithm. We choose 5 instants of the time horizon, k = 5, 10, 15, 20, 25, to show the attainable location set, which is represented by a location range circle. Fig. 3. Malicious destination and reference trajectory in the same quadrant. 

)DXOW'HWHFWRU9DOXH

)DXOW'HWHFWRU9DOXH 7KUHVKROG9DOXH

    

Fig. 7. Location range circle at time instant 5, 10, 15, 20, 25. 













7LPHKRUL]RQV







Fig. 4. Fault detection results under attack. As shown in Fig. (3), the UAV has a suspended location T [71.15 157.1] , which is very close to xN . Such a location is reached at time instant 20. Meanwhile, from Fig. (4), it can be observed that the fault detector is not triggered throughout the entire GPS spoofing attack process. 295

As shown in Fig. (7), using the proposed greedy strategy, the location of the victim vehicle manipulated by GPS spoofing attack is on the boundary of the location range circle. The radius of the circle is growing larger with time, as the Kalman predication becomes more unreliable. To observe the influence of varying threshold of the fault detector on the radius of the circle, we set h as 4.5, 9, 18 and compute the radius of the circle.

2016 IFAC NECSYS 296 September 8-9, 2016. Tokyo, Japan

Jie Su et al. / IFAC-PapersOnLine 49-22 (2016) 291–296

Fig. 8. Radius of the circle at each time instant when h = 4.5, 9, 18. As shown in Fig. (8), the bars with star hatched, backslash hatched and cross hatched represent the radius of the circle when h = 4.5, h = 9 and h = 18, respectively. We can find that the radius is growing larger when the threshold h grows larger at the same time instant. 5. CONCLUSION In this paper, we explore a real-time malicious manipulation method of the UAV equipped with a compound scalar testing fault detector via GPS spoofing attack. The attack scenario is specified as driving the UAV under attack toward the malicious destination without triggering the fault detector. The real-time sequential constrained optimization problem is formulated and solved. We also analyze and compute the attainable location set of the UAV under attack, which quantifies the capability of GPS Spoofing attack under the constraint of the fault detector. For future work, we will implement GPS spoofing signal on USRP N210 (Di et al. (2012)), and validate the proposed strategy on a commercial drone UAV. REFERENCES Bar-Shalom, Y., Li, X.R., and Kirubarajan, T. (2004). Estimation with applications to tracking and navigation: theory algorithms and software. John Wiley & Sons. Boyd, S. and Vandenberghe, L. (2004). Convex optimization. Cambridge university press. Cai, G., Dias, J., and Seneviratne, L. (2014). A survey of smallscale unmanned aerial vehicles: Recent advances and future development trends. Unmanned Systems, 2(02), 175–199. Carroll, J.V. (2003). Vulnerability assessment of the us transportation infrastructure that relies on the global positioning system. The Journal of Navigation, 56(02), 185–193. Chmaj, G. and Selvaraj, H. (2015). Distributed processing applications for uav/drones: a survey. In Progress in Systems Engineering, 449–454. Springer. Crump, C. (2011). How gps tracking threatens our privacy. http://edition.cnn.com/2011/11/07/ opinion/crump-gps/. Di, R., Peng, S., Taylor, S., and Morton, Y. (2012). A usrpbased gnss and interference signal generator and playback system. In Proc. IEEE/ION PLANS, 470–478. Gong, S., Zhang, Z., Trinkle, M., Dimitrovski, A.D., and Li, H. (2012). Gps spoofing based time stamp attack on real time wide area monitoring in smart grid. In Proc. IEEE SmartGridComm, 300–305. Humphreys, T.E., Ledvina, B.M., Psiaki, M.L., OHanlon, B.W., and Kintner Jr, P.M. (2008). Assessing the spoofing threat: Development of a portable gps civilian spoofer. In Proc. ION GNSS, volume 55, 56. 296

Kacem, T., Wijesekera, D., and Costa, P. (2015). Integrity and authenticity of ads-b broadcasts. In Proc. IEEE Conference on Aerospace, 1–8. Kerns, A.J., Shepard, D.P., Bhatti, J.A., and Humphreys, T.E. (2014). Unmanned aircraft capture and control via gps spoofing. Journal of Field Robotics, 31(4), 617–636. Kwon, C., Liu, W., and Hwang, I. (2013). Security analysis for cyber-physical systems against stealthy deception attacks. In Proc. IEEE ACC, 3344–3349. Kwon, C., Liu, W., and Hwang, I. (2014). Analysis and design of stealthy cyber attacks on unmanned aerial systems. Journal of Aerospace Information Systems, 11(8), 525–539. Kwon, C., Yantek, S., and Hwang, I. (2015). Real-time safety assessment of unmanned aircraft systems against stealthy cyber attacks. Journal of Aerospace Information Systems, 13(1), 27–45. Liu, W., Kwon, C., Aljanabi, I., and Hwang, I. (2012). Cyber security analysis for state estimators in air traffic control systems. In Proc. AIAA Guidance, Navigation, and Control Conference. Lu, C., Fang, S.C., Jin, Q., Wang, Z., and Xing, W. (2011). Kkt solution and conic relaxation for solving quadratically constrained quadratic programming problems. Journal on Optimization, 21(4), 1475–1490. Nighswander, T., Ledvina, B., Diamond, J., Brumley, R., and Brumley, D. (2012). Gps software attacks. In Proc. ACM CCS, 450–461. Pajic, M., Weimer, J., Bezzo, N., Tabuada, P., Sokolsky, O., Lee, I., and Pappas, G.J. (2014). Robustness of attack-resilient state estimators. In Proc. ACM/IEEE ICCPS, 163–174. Qi, Y., Cheng, P., Shi, L., and Chen, J. (2015). Event-based attack against remote state estimation. In Proc. IEEE CDC, 6844–6849. Shepard, D.P., Bhatti, J.A., Humphreys, T.E., and Fansler, A.A. (2012). Evaluation of smart grid and civilian uav vulnerability to gps spoofing attacks. In Proc. ION GNSS, volume 3. Tippenhauer, N.O., P¨opper, C., Rasmussen, K.B., and Capkun, S. (2011). On the requirements for successful gps spoofing attacks. In Proc. ACM CCS, 75–86. Wiki (2011). Irancu.s. rq-170 incident. https://en. wikipedia.org/wiki/Iran%E2%80%93U.S. RQ-170 incident. Zhang, H., Cheng, P., Shi, L., and Chen, J. (2015). Optimal denial-of-service attack scheduling with energy constraint. Automatic Control, Transactions on, 60(11), 13023–3028. Zhang, H., Cheng, P., Shi, L., and Chen, J. (2016). Optimal dos attack scheduling in wireless networked control system. Control Systems Technology, Transactions on, 24(3), 843– 852.