IEEE Symposium on Security and Privacy 2019
RSA Conference Asia Pacific & Japan 2019

Drones' Cryptanalysis - Smashing Cryptography with a Flicker

Ben Nassi *       Raz Ben Netanel *        Adi Shamir **       Yuval Elovici *             

*Ben-Gurion University of the Negev         **Weizmann Institute of Science

Abstract

In an "open skies" era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (e.g., delivering pizza) or an illegitimate purpose (e.g., taking a peek at a person showering in his/her own house)? Over the years, many methods have been suggested to detect the presence of a drone in a specific location, however since populated areas are no longer off limits for drone flights, the previously suggested methods for detecting a privacy invasion attack are irrelevant. In this paper, we present a new method that can detect whether a specific POI (point of interest) is being video streamed by a drone. We show that applying a periodic physical stimulus on a target/victim being video streamed by a drone causes a watermark to be added to the encrypted video traffic that is sent from the drone to its operator and how this watermark can be detected using interception. Based on this method, we present an algorithm for detecting a privacy invasion attack. We analyze the performance of our algorithm using four commercial drones (DJI Mavic Air, Parrot Bebop 2, DJI Spark, and DJI Mavic Pro). We show how our method can be used to (1) determine whether a detected FPV (first-person view) channel is being used to video stream a POI by a drone, and (2) locate a spying drone in space; we also demonstrate how the physical stimulus can be applied covertly. In addition, we present a classification algorithm that differentiates FPV transmissions from other suspicious radio transmissions. We implement this algorithm in a new invasion attack detection system which we evaluate in two use cases (when the victim is inside his/her house and when the victim is being tracked by a drone while driving his/her car); our evaluation shows that a privacy invasion attack can be detected by our system in about 2-3 seconds.

Citation

@INPROCEEDINGS {crypta2019nassi,
author = {B. Nassi and R. Ben-Netanel and A. Shamir and Y. Elovici},
booktitle = {2019 2019 IEEE Symposium on Security and Privacy (SP)},
title = {Drones' Cryptanalysis - Smashing Cryptography with a Flicker},
year = {2019}, volume = {}, issn = {2375-1207}, pages = {832-849},
keywords = {drones;privacy;cryptanalysis;side-channel-attack},
doi = {10.1109/SP.2019.00051},
url = {https://doi.ieeecomputersociety.org/10.1109/SP.2019.00051},
publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, month = {may} }

@inproceedings{nassi2019drones,
title={Drones’ Cryptanalysis-Smashing Cryptography with a Flicker},
author={Nassi, Ben and Ben-Netanel, Raz and Shamir, Adi and Elovici, Yuval},
booktitle={IEEE Symposium on Security and Privacy (SP), Vol. 00}, pages={833--850}, year={2019} }

Talks

Press

Wired.png
sop-resize-200-BGU-LOGO.png
eurek.png
campus-safety.png
ynet.png
GLobes_logo-575.jpg

FAQs

What is so special about Game of Drones methods compared to other methods?

Other methods can detect a nearby drone. But, they all fail to detect whether a specific POI is being streamed by a drone or not, a distinction that depends on the camera angle instead of the drone's location.

Can I apply Game of Drones methods?

Yes you can. All you need is a laptop (with Linux OS) and a controlled flickering LED strip.

 

How is the streamed POI revealed?

Modern video encoders use compression (delta framing) algorithms in order to provide high quality streams. There is a strong connection between the percentage of changing pixels in a frame and the bitrate that is required to encode the stream. Forcing a change to the pixels in a streamed video requires a higher bitrate to encode stream.

 

Does detecting a streamed POI from an encrypted FPV channel require crypto-analysis/hacking skills?

No. Anyone with a limited set of computer skills can detect what is being streamed from an encrypted FPV channel by applying our methods. Q: Can these methods be applied to other FPV channels besides Wi-Fi FPV? A: Yes. We demonstrated our methods on Wi-Fi FPV, because it is so popular. You can detect a streamed POI from an encrypted FPV channel of any drone that uses delta framing algorithms for video encoding. However, you need to find the demodulation protocol (from layer 1 to layer 2) that converts the intercepted radio signals to binary.

What is the impact of this research?

It empowers the victim.

 

What areas will be influenced by this research?

Some armies use drones for their daily tasks. For example, one of the units of the Israel Defense Forces uses the DJI Mavic. In addition, supplying a watermarked radio signal that was intercepted from a drone might even be considered as a proof in a court of law that a drone was used for spying on a specific target.

Related Publications

Game of Drones - Detecting Streamed POI from Encrypted FPV Channel

  • Twitter Social Icon
  • Facebook Social Icon
  • LinkedIn Social Icon
  • gmail_logo_PNG10
  • PGP_Icon