Un-Rocking Drones
Foundations of Acoustic Injection Attacks and Recovery Thereof
Jinseob Jeong†, Dongkwan Kim‡, Joonha Jang†, Juhwan Noh†, Changhun Song†, and Yongdae Kim†
†KAIST, ‡Samsung SDS
Network and Distributed Systems Security (NDSS) Syposium, 2023.
Overview
In "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors (USENIX '15)", Son et al. show that playing sound in particular frequency can cause resonation of gyroscope sensor, which, in turn, causes drones to crash due to the fluctuation of rotor speed.
This study revisits this problem. This paper has three main results:
1) Development of an open-source acoustic injection testbeds (SITL, HITL, Baremetal).
2) "Sampling jitter" is a critical factor causing drones to crash.
3) Unrocker is an open-source POC implementing a DAE (denoising autoencoder)-based IMU sensor recovery.
Video-A. Motivating Example
Motivating Example
This video is divided into two parts.
The first part shows the "Rocking Drone" experiment, showing that an acoustic injection attack causes the drone to fall.
The latter part of the video shows that the acoustic injection test in the SITL simulation does not crash the drone.
Why?
Video-B. Resonating IMU with and withour samplining jitter
Implication of Acoustic Injection with and without Sampling Jitter
This video shows the differences in the implications of acoustic injection attacks with the existence of sampling jitter.
In our acoustic injection tests, the drone with sampling jitter crashed while the drone without sampling jitter flew normally.
This shows that sampling jitter could be a critical factor in acoustic injection attacks.
Video-C. Safety errors from compromised IMU sensors
Safety Errors from Acoustic Injection Attacks
Acoustic injection attacks cause several safety errors: EKF errors, GPS position errors, and barometric altitude errors.
The reason is because the resonance signal affects the in-band frequencies of the drones.
EKF innovation (blue : with jitter, red : without jitter)
EKF Innovation Values
The innovation in EKF is the difference between the measurement and prediction, and a large value indicates potential system failure.
Due to the sampling with jitter, the innovation values of the attacked drone show significant deviations.
Video-D. Sampling jitter decreases the spoofing attack.
Sampling Jitter Prevents the Spoofing (In-Band Resonance) Attack.
In Walnut paper, authors claimed that controling the sampling frequency can control the sample accelerometer output. Or equivalently, one may control the direction of the drones.
This attack in practice may not work, because of the sampling jitter, as it spreads out the resonating frequency.
Video-E. Measurement of actual jitter in Pixhawk board
Measurement of Jitter in the Pixhawk Board
Approximately 100us of jitter was observed, showing imprecise MCU.
Video-F. Mitigating by using heuristic denoising filters.
Heuristic Denoising Test on Our Testbed
We also tested if we can remove resonating signal using heuristic denoising filters; Sav-Gol smoothing filter and industry-standard Wiener filter.
Both failed to mitigate acoustic injection attacks.
Video-G. Recovery test of UnRocker for mission flight
Mission Flight with and without Unrocker
The drones with resonating IMUs without unrocker failed to complete its planned mission.
However, UnRocker was able to recover the IMU signal, enabling the drone to successfully complete the mission."
Paper Information
Jinseob Jeong, Dongkwan Kim, Joonha Jang, Juhwan Noh, Changhun Song, Yongdae Kim, UnRocking Drones : Foundattions of Acoustic Injection Attacks and Recovery Thereof," Network and Distributed Systems Security (NDSS) Symposium, 2023, (paper link)
LaTex:BibTex
@inproceedings{jeong2023unrocker,
title={UnRocking Drones : Foundattions of Acoustic Injection Attacks and Recovery Thereof},
author={Jeong, Jinseob and Kim, Dongkwan and Jang, Joonha and Noh, Juhwan and Song, Changhun and Kim, Yongdae},
booktitle={Network and Distributed Systems Security (NDSS) Symposium},
year={2023}
}
Contact
If you have any questions or comments, please don't hesitate to contact the first author Jinseob Jeong (jeongjinseob@gmail.com)
Source code & dataset
Refer to our github : https://github.com/jinseobjeong/UnRocker
We would like to thank all anonymous reviewers who reviewed our paper.
Appendix. Experiments on Recovering Sensor Values
Dataset
Trainset : 27M pairs (2 drones x 2 sensors x 3 axes x 5 amplitudes x 5 times x 360 sec x 250 Hz = 27M)
Basic testset : Total 72 cases for evaluation. Testset were not used/seen on training phase.
Evasion testset : Total 54 cases, 3 drones x 2 sensors x 3 axes x 1 amplitude (max) x 3 attack variants (+100Hz, -100Hz, varied ampltitudes)
Actual injection testset : Total 3 cases (stationary gyroscope, stationary accelerometer, drone flight gyroscope)
We have released our full-dataset on (https://github.com/jinseobjeong/UnRocker)
The signal quality (SNR) of testset sensor data
1) Evaluation of UnRocker (orange: compromised signals, blue: recovered signals, green: benign signals)
IRIS Acceleromter (m/s²) : x/y/z axes
IRIS gyroscope (rad/s) : x/y/z axes
Solo Acceleromter (m/s²) : x/y/z axes
Solo gyroscope (rad/s) : x/y/z axes
Actual drone acceleromter (m/s²) : x/y/z axes
Actual drone gyroscope (rad/s) : x/y/z axes
Actual drone actual injection testset (rad/s) : z-axis data
2) Evasion of UnRocker (orange: compromised signals, blue: recovered signals, green: benign signals)
Acceleromter (m/s²) : +100Hz/-100Hz/varied amplitudes
Gyroscope (rad/s) : +100Hz/-100Hz/varied amplitudes
3) Comparison to Heuristic Filters (orange: compromised signals, blue: recovered signals, green: benign signals)
Acceleromter (m/s²) : LPF/Sav-Gol/Wiener/UnRocker
Gyroscope (rad/s) : LPF/Sav-Gol/Wiener/UnRocker
4) Comparison to State-of-the-art Denoising Approach (DFL: Deep-Feature-Loss network)
(orange: compromised signals, blue: recovered signals, green: benign signals)
Gyroscope, nominal (rad/s) : UnRocker/DFL
Gyroscope, -100Hz (rad/s) : UnRocker/DFL
Gyroscope, +100Hz (rad/s) : UnRocker/DFL