ABSTRACT
Unmanned Aerial Systems (UAVs, Drones), initially known only for their military applications, are getting increasingly popular in the civil sector as well. Over the military canvas, drones have already proven themselves as a potent force multiplier through unmanned, round-the-clock, long-range and high-endurance missions for surveillance, reconnaissance, search and rescue, and even armed combat applications. With the emergence of the Internet of Things (IoT), commercial deployments of drones are also growing exponentially, ranging from cargo and taxi services to agriculture, disaster relief, risk assessment and monitoring of critical infrastructures. Irrespective of the deployment sector, drones are often entrusted to conduct safety, time and liability critical tasks, thus requiring secure, robust and trustworthy operations. In contrast, the rise in UAVs' demand, coupled with market pressure to reduce size, weight, power and cost (SwaP-C) parameters, has caused vendors to often ignore security aspects, thus inducing serious safety and security threats. As UAVs rely on Global Positioning System (GPS) for positioning and navigation, they can fall prey to GPS jamming and spoofing attacks. The vulnerability of GPS to spoofing has serious implications for UAVs, as victim drones using civil GPS can be misdirected or even completely hijacked for malicious intents, as already demonstrated in several academic research efforts using commercially available GPS spoofing hardware. Beside UAVs, GPS spoofing attacks are equally applicable to other GPS-dependent platforms, including manned aircraft, ground vehicles, and cellular systems. This paper conducts a comprehensive review of GPS spoofing threats, with a special focus on their applicability over UAVs and other GPS-dependent mobile platforms. It presents a novel taxonomy of GPS spoofing attacks and critically analyzes different spoofing techniques based upon placement of spoofing device, attack stealthiness, attack methodologies, and objectives of the attacker. We also discuss some of the recent experiments from open literature which utilized commercially available hardware for successfully conducting spoofing attacks.
ABSTRACT
Real-time and ubiquitous patient monitoring demands the use of wireless data acquisition through resource constrained medical sensors, mostly configured with No-input No-output (NiNo) capabilities. Bluetooth is one of the most popular and widely adopted means of communicating this sensed information to a mobile terminal. However, over simplified implementations of Bluetooth low energy (BLE) protocol in eHealth sector is susceptible to several wireless attacks, in particular the Man-in-the-Middle (MITM) attack. The issue arises due to a lack of mutual authentication and integrity protection between the communicating devices, which may lead to compromise of confidentiality, availability and even the integrity of this safety-critical information. This research paper presents a novel framework named MARC to detect, analyze, and mitigate Bluetooth security flaws while focusing upon MITM attack against NiNo devices. For this purpose, a comprehensive solution has been proposed, which can detect MITM signatures based upon four novel anomaly detection metrics: analyzing Malicious scan requests, Advertisement intervals, RSSI levels, and Cloned node addresses. The proposed solution has been evaluated through practical implementation and demonstration of different attack scenarios, which show promising results concerning accurate and efficient detection of MITM attacks.
