Vulnerability Analysis of the MAVLink Protocol for Command and Control of Unmanned Aircraft

Author

Joseph A. Marty

Date of Award

3-14-2014

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD.

Abstract

The MAVLink protocol is an open source, point-to-point networking protocol used to carry telemetry and to command and control many small unmanned aircraft. This research presents three exploits that compromise confidentiality, integrity, and availability vulnerabilities in the communication between an unmanned aerial vehicle and a ground control station using the MAVLink protocol. The attacks assume the configuration settings for the data-link hardware have been obtained. Field experiments using MAVProxy to compromise communication between an ArduPilot Mega 2.5 autopilot and the Mission Planner application demonstrate that all three exploits are successful when MAVLink messages are unprotected. A methodology is proposed to quantify the cost of securing the MAVLink protocol through the measurement of network latency, power consumption, and exploit success. Experimental measurements indicate that the ArduPilot Mega 2.5 autopilot running the ATmega2560 processor at 16 MHz with the standard, unsecured MAVLink protocol consumes on average 0.0105 additional watts of power per second and operates with an average additional latency of 0.11 seconds while under the most resource-intensive attack than when not under attack.

AFIT Designator

AFIT-ENG-14-M-50

DTIC Accession Number

ADA598977

Recommended Citation

Marty, Joseph A., "Vulnerability Analysis of the MAVLink Protocol for Command and Control of Unmanned Aircraft" (2014). Theses and Dissertations. 613.
https://scholar.afit.edu/etd/613