News & Blog.
BLOG POSTS
Protect Your Drone: Essential Tips for Securing Your C2 Link
One of the essential requirements to ensure responsible and safe use of drones is the presence of a control link protected against unauthorised access.
In this article, we will explore in depth the importance of this feature and how it plays a key role in protecting drone operations.
In this article, we will explore in depth the importance of this feature and how it plays a key role in protecting drone operations.
Table of Contents
Drone Security or Cybersecurity
We could define drone security with the definition used in “computer security”, as a drone is actually a computer system that manages data and is able to communicate with other devices, such as the pilot control unit, mobile phones, tablets or even a control centre located many kilometres away.
Computer security or cybersecurity focuses on safeguarding the integrity of information, particularly with regard to its processing, with the aim of preventing manipulation of data and control by unauthorised individuals. Its main objective is to ensure the protection of people, technological systems and data against possible damage and threats perpetrated by third parties. Within cybersecurity we can distinguish different typologies:
Computer security or cybersecurity focuses on safeguarding the integrity of information, particularly with regard to its processing, with the aim of preventing manipulation of data and control by unauthorised individuals. Its main objective is to ensure the protection of people, technological systems and data against possible damage and threats perpetrated by third parties. Within cybersecurity we can distinguish different typologies:
Hardware security
Particularly in drones, it would be responsible for preventing components of the aircraft, control station or other equipment involved in the operation from being tampered with by third parties.
In some cases this can be achieved by preventing access to vital aircraft components through the use of the enclosure protecting the aircraft, but it is largely the responsibility of the Operator and Pilot to always keep an eye on the aircraft so that it is not accessible to anyone who might tamper with it. For example, by loosening the screws on a propeller.
In some cases this can be achieved by preventing access to vital aircraft components through the use of the enclosure protecting the aircraft, but it is largely the responsibility of the Operator and Pilot to always keep an eye on the aircraft so that it is not accessible to anyone who might tamper with it. For example, by loosening the screws on a propeller.
Software security
There are many software components involved in the control of the aircraft. For example, the firmware loaded in the aircraft flight controller, the firmware of the control station, the APP software that can be used on a smartphone or tablet to control and manage aircraft configuration, etc.
All this software must be secure and avoid having vulnerabilities that could allow third parties to access and manipulate the aircraft.
All this software must be secure and avoid having vulnerabilities that could allow third parties to access and manipulate the aircraft.
Network security
Finally, we come to the one we will talk about in depth in this article: network security. In this case, we understand the network as the communications that will take place between the aircraft and all the devices participating in the flight, the well-known “C2 Link”.
This type of security will prevent third parties from being able to use the communication system and take control or manipulate the aircraft configuration, creating a high-risk situation during the execution of the flight.
In order to understand how C2 Link security works, we will look at some of the most common technologies that can be used to prevent these attacks or manipulations.
This type of security will prevent third parties from being able to use the communication system and take control or manipulate the aircraft configuration, creating a high-risk situation during the execution of the flight.
In order to understand how C2 Link security works, we will look at some of the most common technologies that can be used to prevent these attacks or manipulations.
VPN for drones: link and data protection
Communications are normally carried out in two different ways: on a local network or through a network that relies on public internet-based communications.
Local network
A local network is a communication that can be made between two devices that talk to each other directly or between several devices that talk to each other through the use of a “router”, which is responsible for distributing the information between the devices. Within the local network, data is transferred without encryption, as it should be considered a trusted environment where there will be no unknown devices stealing data.
An example of a local network applied to drones would be a direct connection from the drone to a laptop, smartphone or control station via wifi. The pilot will look for the drone’s connection name in its list of available wifi connections and connect to it.
Networking via the public internet
In this case, the devices are not close enough to talk to each other and must talk to each other using the internet. Once data is transferred over the internet, it will travel from point A (e.g. the drone) to point B (e.g. the control station), sharing “data highways” with millions of other users.
An example of connection applied to drones could be a “drone in a box” type drone, where the pilot is not physically next to the aircraft and the connection is made, for example, via a SIM card using 4G or 5G.
What would happen if a third party were to enter the local network uninvited? What would happen if data sent over the public internet network were to be captured by third parties? In both cases the security of the data and the control of the aircraft could be compromised. This is where the use of VPN communications makes sense.
VPN stands for “Virtual Private Network” and is used to establish a protected connection when using both local networks and over public networks such as the internet. This protection is achieved by encrypting data and disguising online identity, making it difficult for third parties to track online activities and steal data.
Once activated, the VPN will hide the identity of the aircraft and send all data encrypted and over a private connection. This means that the internet provider and other third parties cannot see the data being sent and received while piloting the aircraft. A VPN works like a filter that converts all your data into unintelligible text. If someone manages to intercept your data, it is of no use to them as it is not readable.
Local network
A local network is a communication that can be made between two devices that talk to each other directly or between several devices that talk to each other through the use of a “router”, which is responsible for distributing the information between the devices. Within the local network, data is transferred without encryption, as it should be considered a trusted environment where there will be no unknown devices stealing data.
An example of a local network applied to drones would be a direct connection from the drone to a laptop, smartphone or control station via wifi. The pilot will look for the drone’s connection name in its list of available wifi connections and connect to it.
Networking via the public internet
In this case, the devices are not close enough to talk to each other and must talk to each other using the internet. Once data is transferred over the internet, it will travel from point A (e.g. the drone) to point B (e.g. the control station), sharing “data highways” with millions of other users.
An example of connection applied to drones could be a “drone in a box” type drone, where the pilot is not physically next to the aircraft and the connection is made, for example, via a SIM card using 4G or 5G.
What would happen if a third party were to enter the local network uninvited? What would happen if data sent over the public internet network were to be captured by third parties? In both cases the security of the data and the control of the aircraft could be compromised. This is where the use of VPN communications makes sense.
VPN stands for “Virtual Private Network” and is used to establish a protected connection when using both local networks and over public networks such as the internet. This protection is achieved by encrypting data and disguising online identity, making it difficult for third parties to track online activities and steal data.
Once activated, the VPN will hide the identity of the aircraft and send all data encrypted and over a private connection. This means that the internet provider and other third parties cannot see the data being sent and received while piloting the aircraft. A VPN works like a filter that converts all your data into unintelligible text. If someone manages to intercept your data, it is of no use to them as it is not readable.
Wifi WPA-2 for drones: wireless security
WPA-2 or “Wifi Protected Access 2” is a security encryption protocol that protects traffic on wireless networks. To do this, the protocol uses cryptographic keys to encrypt the data that is being sent within the local network via wifi (if you want to know what a local network is, you can find the definition in the previous section).
Using WPA-2, if a third party with an monitoring device tries to capture and read the data being sent between devices on the wireless network, they will need to know what encryption key is being used. In the case where this system or others that encrypt the communication packets are not used, reading the data would be as easy as sitting on a bus near a couple talking and listening to their conversation. With an encrypted system, it would be like listening to them in a language you do not know at all.
Routers and some drones are labelled with an encryption key. It is advisable to modify this key, as anyone who can access the drone could obtain the encryption key and access control of the aircraft in flight and create a major security problem.
Using WPA-2, if a third party with an monitoring device tries to capture and read the data being sent between devices on the wireless network, they will need to know what encryption key is being used. In the case where this system or others that encrypt the communication packets are not used, reading the data would be as easy as sitting on a bus near a couple talking and listening to their conversation. With an encrypted system, it would be like listening to them in a language you do not know at all.
Routers and some drones are labelled with an encryption key. It is advisable to modify this key, as anyone who can access the drone could obtain the encryption key and access control of the aircraft in flight and create a major security problem.
SSID for drones: identification of the equipment in the network
The SSID is the public name of a wireless network. For example, if we want to connect to a drone via wifi and we search for available connections, its SSID could be for example DRONE01.
The SSID can be modified or hidden. In the first case, a non-representative name could be used to hide the nature of the network from curious onlookers. This way it could be a drone, an automatic hoover, a router or a smartphone. In the case of the hidden SSID, it will be more difficult for someone to show interest in stealing the data or control, as it will not appear in the list of available connections.
In order to connect to a hidden SSID, it must be manually configured step-by-step on the control station
FHSS protection: strengthening drone link security
Finally, we will talk about a system that is responsible for the protection of the communications of control stations that operate using the most typical radio control protocols.
In the old days, radio controlled aircraft were connected to the transmitter by setting up a specific channel for use. The problem is that if someone set up the same channel, total control of the aircraft could be lost. To avoid this, many communication protocols have been created to ensure that this cannot happen intentionally or unintentionally.
One of these, for example, is the FHSS. In a very simplified form, the FHSS is responsible for continuously changing the frequency on which data is transferred between the transmitter and the drone. This means that if someone occupies a frequency in use, it will immediately change and will not be a problem for the safety of the aircraft.
It should be noted that this method of communication is not only used in radio control transmitters, it is also used in wireless communications such as wifi, mobile phones, bluetooth, etc.
Before starting to change communication channels, the drone and the control station must negotiate which switching pattern they will follow, and only they will know this. The frequency or channel change is very fast and is performed many times per second, making any interception attempt extremely difficult unless the hopping pattern is known.
In the old days, radio controlled aircraft were connected to the transmitter by setting up a specific channel for use. The problem is that if someone set up the same channel, total control of the aircraft could be lost. To avoid this, many communication protocols have been created to ensure that this cannot happen intentionally or unintentionally.
One of these, for example, is the FHSS. In a very simplified form, the FHSS is responsible for continuously changing the frequency on which data is transferred between the transmitter and the drone. This means that if someone occupies a frequency in use, it will immediately change and will not be a problem for the safety of the aircraft.
It should be noted that this method of communication is not only used in radio control transmitters, it is also used in wireless communications such as wifi, mobile phones, bluetooth, etc.
Before starting to change communication channels, the drone and the control station must negotiate which switching pattern they will follow, and only they will know this. The frequency or channel change is very fast and is performed many times per second, making any interception attempt extremely difficult unless the hopping pattern is known.
Conclusion
In conclusion, securing a drone’s control link becomes a cornerstone of the safety and success of any drone operation. It is not simply an optional measure, but a fundamental necessity in the world of drone technology.
This control link not only ensures that the aircraft responds appropriately to the operator’s instructions, but also prevents unauthorised persons from interfering with the flight. In a world where privacy and information security are increasingly critical, drone protection is essential.
Improper handling of a drone could have serious consequences, from invasion of privacy to the potential for physical harm or accidents. In addition, in commercial and governmental applications, the security of the data transmitted by the drone is of utmost importance.
Encryption technology, the use of robust security protocols and the implementation of FHSS protection systems are just some of the ways in which we can ensure the security of these control links.
This control link not only ensures that the aircraft responds appropriately to the operator’s instructions, but also prevents unauthorised persons from interfering with the flight. In a world where privacy and information security are increasingly critical, drone protection is essential.
Improper handling of a drone could have serious consequences, from invasion of privacy to the potential for physical harm or accidents. In addition, in commercial and governmental applications, the security of the data transmitted by the drone is of utmost importance.
Encryption technology, the use of robust security protocols and the implementation of FHSS protection systems are just some of the ways in which we can ensure the security of these control links.