Unmanned H-6U Little Bird. Photo courtesy of Boeing
A Pentagon-funded research team led by Rockwell Collins has demonstrated the ability to protect flight- and mission-critical systems from cyber attacks, the electronic systems manufacturer said.
The team, which includes Boeing, Galois, Data 61, HRL and the University of Minnesota, developed tools and technologies to guard critical systems from malware and demonstrated their capabilities on a small, unmanned quadcopter and Boeing’s H-6U Unmanned Little Bird earlier this year. The demonstrations were performed under the U.S. Defense Advanced Research Projects Agency’s (DARPA) High-Assurance Cyber Military Systems (HACMS) initiative
“We have proofs of correctness that the systems that we built do not have vulnerabilities that can be exploited by an attacker,” said Darren Cofer, a fellow at the Rockwell Collins Advanced Technology Center, at a recent briefing on the demonstrations. “That proof — using the tools and technologies that we've developed in HACMS that we can apply to other systems — is the important result from the program.”
Under the HACMS initiative, DARPA since 2012 has been working to prove that a “Formal Methods” approach — using mathematically based techniques for the specification, development and verification of software and hardware systems — could help develop software capable of preventing hackers from accessing critical flight control systems and other avionics.
That military R&D agency picked Rockwell Collins in 2013 to develop new Formal Methods tools to provide cybersecurity solutions for unmanned air vehicles. The Cedar Rapids, Iowa-based company at that time had been developing its expertise in Formal Methods for more than a decade.
In April, DARPA awarded the Rockwell Collins team a contract to use those tools and technologies to secure platforms against cyber attack, with their initial application in support of U.S. Navy programs.
The team’s tools and technologies include architectural modeling and analysis, a secure microkernel and automatic generation of the application code. They rely on “mathematical reasoning to ensure the absence of vulnerabilities that can be exploited in a cyber attack, improving the safety and security of critical electronic systems in military and commercial platforms,” Rockwell Collins said.
In the recent demonstrations, Cofer explained, the researchers call on their “red team” of cyber-attack specialists to exploit vulnerabilities in each of the aerial platforms.
For the unmanned quadcopter, that was an unprotected Wi-Fi datalink that allowed production of a memory-protection vulnerability flaw in onboard software. The quadcopter’s flight control interface was a secure system, as was its authentication and encryption component, which runs the data link.
But the drone’s camera used commercial-off-the-shelf (COTS) software that had not been proven to be free of vulnerabilities, including the memory-protection flaw. Red team hackers were able to use the Wi-Fi data to access the Linux virtual machine on which camera software ran and use the memory-protection vulnerability to access the drone’s encryption keys. They then overwrote those keys with their own code, which allowed them to disrupt the video feed from the drone and seize control of the aircraft by replacing its ground control station with their own.
The team’s Formal Methods solution partitioned onboard systems allow them to reengineer the drone’s software to partition the camera from the flight-critical systems. While hackers might still use the unprotected Wi-Fi interrupt the cameras functions, Cofer said, they could not reach the flight control interface or the authentication and encryption component.
For the unmanned Little Bird, the vulnerability was an onboard USB port. While U.S. military systems typically restrict the use of USBs, the H-6U uses one to store flight data from its sorties.
On that unmanned helicopter, an L-3 Wescam MX-15 electro-optical/infrared sensor can be used to provide guidance information for the aircraft. For instance, that camera can be used to lock on a position on the ground and calculate that position's GPS coordinates, with the aircraft then entering into an orbit pattern over the location.
“So the aircraft is being guided by the camera itself," Cofer said.
The HACMS red team built a virus that could be inserted into the vehicle over the USB port and infect the data-logging process. “From there,” Cofer said, “it goes and compromises the camera-control software, telling it to stow itself so it can't be used anymore to provide that guidance information. The mission can't be carried out and they have to abort.”
Reengineered with the team’s solution, Cofer said, the camera’s commercial COTS software is segregated in its own partition with its own copy of Linux. The data-logging process is in its own partition with its own Linux copy. Both are separated from the flight-critical software that talks to the flight control computer and provides guidance and navigation information to the vehicle.
“So now when the same attack is launched,” Cofer said, “the malware can’t get anywhere past the data-logging software, can't compromise the camera, can't affect the guidance or the ability of the vehicle to perform its mission.”