Faculty of Technology and Society
Department of Computer Science and Media Technology
Master Thesis Project 15p, Spring 2020
Hacking your drone data
ByJonas Gabrielsson
Supervisors:
Bahtijar Vogel & Joseph Bugeja
Examiner:
2
Contact information
Author:
Jonas Gabrielsson E-mail: [email protected]Supervisors:
Bahtijar Vogel E-mail: [email protected]Malmö University, Department of Computer Science and Media Technology.
Joseph Bugeja
E-mail: [email protected]
Malmö University, Department of Computer Science and Media Technology.
Examiner:
Johan Holmgren
E-mail: [email protected]
3
Abstract
The last couple of years has seen a rapid growth in smart devices. The smart devices are exponentially gaining more popularity both as a complement to our daily lives in the form of IoT products aiding in our everyday tasks and as a way we communicate and work. An estimation of 75.44 billion devices will be connected to the internet by 2025. With the rapid development and normalization of IoT devices, questions regarding privacy has never been more important. This thesis focuses on privacy in relation to one of the most emerging technologies, drones.
Drones have been discussed frequently in both governmental and commercial sectors for its inevitable normalization in the airspace. Previously privacy and drones has been researched and discussed from the point of view of which drones are used to infringe on people’s privacy. This thesis explores privacy from another point of view, the view of the drone owner. By exploring privacy from the drone users’ point of view, this thesis shows the importance of better privacy measurements by proposing a conceptual model to existing popular privacy definitions. To investigate privacy in this context, a case has been conducted which proved and validated what kind of data is at risk of being hijacked. The thesis provides a conceptual model that aims to help commercial drone owners to analyze how privacy infringements can occur, why they could occur and how to account for them in the future. Furthermore, the thesis highlights the vulnerability that WIFI dependent devices poses with DDoS attacks. The findings of this thesis show that an infringement of privacy regarding commercial drones requires more clear privacy regulations and definitions, as well as highlighting privacy vulnerabilities in commercial drones.
4
Popular science summary
When the drones inevitably take over, what will happen to our privacy?
Drones or UAVs are a becoming a more and more common sight in the world’s airspace. Drones are now more frequently than ever, utilized, discussed and depicted in movies and TV shows. Drones are utilized both commercially and by governments for the common good for the citizens in our world. With the aid of drones, one can save lives, record public events and get your purchases delivered right to your doorstep, already in 2013 Amazon proclaimed that they will be conducting deliveries with drones in the near future. That future is today. However, the technological progress that drones bring has not come unquestioned, as drones have also been used in a negative sense. Drones have been reported to hover above prisons with the intent of aiding criminals to escape, as well as been used to sabotage the aviation safety and to invade people’s privacy. With the diverse technology that drones are, all kind of sensors can be attached and incorporated into the drone ecosystem. To make some sense of whether drones are good or bad and how its presence will affect our daily lives, this thesis aims to explore the privacy issues that comes with the normalization of drones in our airspace in a refined and progressive way.
Privacy will be explored from the drone user perspective instead of as more common exploring drones as a tool to infringe on people’s privacy.
5
Acknowledgement
Firstly, my supervisors, Bahtijar Vogel & Joseph Bugeja. I am forever grateful. Thank you for your support, patience and invaluable feedback and guidance.
Secondly, I would like to thank my family for their love and support during the writing of this thesis, without whom, this would not have been possible.
Finally, I express a sincere gratitude towards my friends, especially, Enikő Matók & Ignacio Monge for their support and friendship.
6
Table of contents 1 Introduction ... 11 1.1 Motivation ... 13 1.2 Research Questions ... 14 1.3 Outline ... 16 2 Methodology ... 17 2.1 Action Research ... 18 2.2 Experiments ... 19 2.3 Application of methodology ... 202.4 Limitations & Threats to validity ... 23
2.5 Ethics ... 24
3 Background & Related work ... 26
3.1 Background ... 26
3.2 Related work... 28
3.2.1 Summary ... 31
4 Drone Case & Results ... 34
4.1 Technological Deployment ... 34
4.1.1 NodeMCU (With attacker code) ... 34
4.1.2 The equipment ... 39
4.2 The attack (Wireshark) ... 40
4.3 Attack Scenario ... 45
4.3.1 Recreational-User ... 46
4.3.2 Advanced user ... 46
4.3.3 Settings ... 47
4.3.4 Attack Scenario overview ... 48
4.4 Experiments ... 49
7
4.4.2 Experiment 2 – Privacy – Data extraction ... 51
4.4.3 Experiment 3 – Initial Deauthentication Attack ... 54
4.4.4 Experiment 4 – Deauthentication Attack on Airborne Drone ... 56
4.5 Experiments insights ... 58
5 Discussion ... 59
5.1 Conceptual Model ... 59
5.2 Losing drone and data ... 62
5.3 Privacy consequences ... 64 5.4 Attack ... 67 6 Conclusion ... 70 6.1 Answers ... 70 6.2 Research contribution ... 72 6.3 Future work ... 73 References ... 74
8
List of Figures
FIGURE 1:ILLUSTRATION OF THE RESEARCH METHODOLOGIES USED IN THIS THESIS. ... 17
FIGURE 2:A DEAUTHENTICATION ATTACK.THIS IS WHERE A DEAUTHENTICATION ATTACK INTERFERENCE IN A DEVICE TO WLAN ACCESS POINT SCHEMATIC DIAGRAM ... 27
FIGURE 3:THE NODEMCU USED IN THIS THESIS. ... 35
FIGURE 4:ILLUSTRATION OF THE DEAUTHENTICATION ATTACK WITH THE ATTACK CODE FUNCTIONS ILLUSTRATED IN ATTACK LOOP ... 38
FIGURE 5:THE DRONE AND THE APPURTENANT REMOTE USED IN THIS THESIS ... 39
FIGURE 6:THE DIFFERENT VIEWS OF THE APP.FRAME ONE DISPLAYING THE STARTING SCREEN.FRAME TWO DISPLAYING THE “IN -FLIGHT” SCREEN.FRAME THREE SHOWING MEDIA (VIDEOS) RECORDED.FRAME FOUR SHOWING THE FLIGHT DATA.FRAME FIVE SHOWING PICTURES TAKEN. ... 40
FIGURE 7:PACKAGES/SECOND SENT DURING THE DEAUTHENTICATION ATTACK.THE SPIKES BETWEEN 85-95 SECOND MARK AND AFTER 175 SECONDS IS SHOWING WHEN THE ATTACK IS EFFECTIVE ... 42
FIGURE 8:PACKAGES SHOWN INDIVIDUALLY DURING THE DEAUTHENTICATION ATTACK.THIS IS THE PACKAGES THAT IS "KICKING OUT" DEVICES FROM THE NETWORK ... 43
FIGURE 9:FLOWCHART OF WHAT HAPPENS DURING THE DEAUTHENTICATION ATTACK.THE MONITORING FROM WIRESHARK FRAME SHOWS WHAT PART OF THE ATTACK THAT IS BEING MONITORED AND ANALYZED ... 44
FIGURE 10:ILLUSTRATION OF EXPERIMENT 1, WHERE THE MID-AIR FLIGHT TAKEOVER IS CONDUCTED ... 50
FIGURE 11:ILLUSTRATION OF EXPERIMENT 2, WHERE THE ACCESS OF THE DATA EXTRACTION IS DEPICTED. ... 53
FIGURE 12:THE CONCEPTUAL MODEL ... 61
9
List of Tables
TABLE 1:RELATED WORK APPLIED IN RELATION TO THE METHODOLOGY USED FOR THIS THESIS ... 20
TABLE 2:PERSONAS APPLIED IN RELATION TO THE METHODOLOGY USED FOR THIS THESIS ... 21
TABLE 3:SETTINGS APPLIED IN RELATION TO THE METHODOLOGY USED FOR THIS THESIS ... 22
TABLE 4:DRONE CASE EXPERIMENTS APPLIED IN RELATION TO THE METHODOLOGY USED FOR THIS THESIS ... 23
TABLE 5:ARELATED WORK SUMMARY... 33
TABLE 6:A LIST OF COMPONENTS ... 40
TABLE 7:SETTINGS OF CASES... 47
TABLE 8:ATTACK SCENARIOS ... 48
10
List of acronyms COTS DoS EASA FAA GPS HTTP IoTCommercially of the shelf Denial of Service
European Union Aviation Safety Agency
Federal Aviation Administration Global Positioning System Hypertext Transfer Protocol Internet of Things IP Internet Protocol IT PTP SSH TCP UAV WEP WLAN WPA WPA2 Information Technology Peer-To-Peer Secure Shell
Transmission Control Protocol Unmanned Aerial Vehicle Wired Equivalent Privacy Wireless Local Area Network WIFI Protected Access WIFI Protected Access 2
11
1 Introduction
Internet of things (IoT) has in the last couple of years taken over the world and smart cities are currently taking form, were connected devices in the least thinkable places has become a standard of living with toothbrushes, refrigerators, lawnmowers, cars and drones to mention a few. IoT is a broad term described in multiple ways. Van Oorschot and Smith [1] describe it as everyday objects and physical infrastructure with embedded, at massive scale, processor-based systems. Haus, Krol, Yi Ding and Ott [2] describes it as a keyword covering various aspects related to the extension of the Internet and Web into the physical realm. The Cambridge dictionary defines the internet of things as “objects with computing devices in them that are able to connect to each other and exchange data using the internet” [3].
According to Statista [4] an estimated 75.44 billion devices worldwide will be connected to the internet by 2025. The estimated population on earth by 2025 is 8.19 billion [5] which would mean that there is an average of 9.2 devices connected to the internet per person worldwide. At the time of writing April 29th, 2020, there is an estimated 6.58
devices per person connected to the internet worldwide. This would suggest an increase of 2.62 devices per person in just 4-5 years. To put this further into perspective, this estimation is of every (documented) person in existence worldwide. In essence, this means that every person regardless of technological experience or adhibition as well as the less technologically fortunate countries in the world are included in the statistics.
With the increasing amounts of IoT devices per person comes a vulnerability aspect. From having to hack the computers in the early 2000s in order to get privacy data, we are nowadays moving towards hacking your refrigerator.
An issue that arises is that whilst Microsoft or Apple, all praised IT companies, values the privacy of their costumers and actively prevents attacks on their devices, the small appliance companies that are trying to ride the IoT wave might not prioritise privacy in their devices as much. Smart cities are starting to take form with smart homes and consumer IoT getting more and more popular, as according to Statista [6] 375.3 million smart homes will be on the market in 2024. This creates a demand on releasing products capable of
12
communicating through the internet in a cheap and fast manner. Releasing products cheap and fast means shortcuts, and thus, privacy is compromised.
Kaspersky released a report on attacks deployed against IoT devices in 2019 in which more than 100 million attacks on IoT devices were detected during the first half of 2019 [7].
This is a severe increase since 2018, when 12 million attacks were detected during the same period. The global average cost for a data breach in 2020 is estimated to be $3.86M [8]. To estimate the total cost globally one can, take the Kaspersky report [7] which presented more than 100 million attacks. Combined with the 2020 average cost indicates that data breaches related to IoT devices would cost approximately $386 Trillion if all attacks resulted in a data breach.
Unmanned aerial vehicles (UAVs) or drones as they are more commonly referred to, are aircrafts that do not require a human pilot on board the aircrafts. Alongside internet of things drones have seen in the last couple of years seen an unhinged increase in both areas of use and users operating drones for commercial, military and private uses. According to the Federal Aviation Administration (FAA) the number of hobbyist and commercial drones registered in the United States where 1.512 million units 2017. Unfortunately, the statistics found were only from the United States. This could be because the American government requires drones weighing more than 249 grams to be registered with the FAA [9]. According to the FAA the estimated growth factor in civilian and governmental drone usage is a factor of 10 between 2016-2021 in the United States [9].
Regarding the countries within the Europe Union, the European Union Aviation Safety Agency (EASA) have voted (and passed) for a regulation that requires similar registrations in 2019. However, the regulation is coming to force in from June 2020, which means statistics are yet to be released.
With the current launch of 5G networks, the speed on networks (radio & wireless) will theoretically be 20 times faster than the current 4G network. This will allow a greater amount of data to be collected and transferred which in turn will increase the need for privacy (counter) measurements. Parkvall, Furuskog Kishiyama, Harada and Nakamura states that 5G will provide essentially unlimited access to information anywhere and
13
anytime for anyone and anything, thereby being key to the evolution of the Networked Society [10].
Since 5G will support a wide range of industries, security managements need to meet the different ecosystems and the motivations from all the different stakeholders. ”5G will
bring applications with very high bandwidth and very low latency requirements like 3D video HD screens, self-driving cars, and industry automation. The violation of Service Level Agreements (SLAs) may lead to reputation issues and penalties and to protect the revenue as well as to prevent brand damage mobile network operators should be capable to enforce strong performance and ultra-reliability requirements from applications. “[11]
1.1 Motivation
Privacy is a broad term defined by several different people in several different ways. Cambridge dictionary describes it as “someone’s right to keep their personal matters and relationships secret” [12]. There is not any correct meaning or definition of privacy, however Solove [12] argues that there are 6 general types of privacy based on previously popular definitions.
1. The right to be let alone – stated by Samuel Warren and Louis Brandeis
2. Limited access to the self – the ability to shield oneself from unwanted access by others
3. Secrecy – the concealment of certain matters from others
4. Control over personal information – the ability to exercise control over information about oneself
5. Personhood – the protection of one’s personality, individuality and dignity
6. Intimacy – control over or limited access to, one’s intimate relationships or aspects of life
Solove states that the conceptions often overlap but each of the 6 definitions has a distinctive perspective on privacy [12]. In an ideal world, no one would have anything to hide, and no one would have any reasons to misuse or abuse any personal information whatsoever. However, that is not the world we live in. Personal information is bought, stolen, lost, manipulated, analysed and misused by several players in all sectors [7]. With
14
the last decades technology boom, the need for privacy has increased. A good example of a countermeasure as well as importance of this is that the European Union’s regulation/law GDPR which was passed in the European parliament [13].
Whilst IoT & UAVs are increasing in popularity within both the commercial and governmental sectors, the privacy concerns need to be addressed in a likewise pace. Therefore, the motivation of this thesis is to create better knowledge in both private and governmental sectors as well as the academic community. This thesis aim is to explore different hacking capabilities and skill sets needed to infringe drone privacy data as well as create a better privacy understanding regarding the consequences for commercial drone owners. The purpose is to increase the knowledge of privacy as well as highlight counter measurements that needs to be addressed in the drone development and in extension the development of IoT products in general.
The novelty of this work is the approach in which privacy issues are explored, the technology specification in drone and cheap easy access hardware. The novelty of this work is also the approach to explore what kind of technical prerequisite and compositions are needed both at human and at technology levels. For example, who can perform a malicious privacy breach, what kind of technology are needed as well as what kind of educatory or acquired skills are mandatory or sufficient for such an attack? Thus, this thesis will show what of the stated qualities and at what level they are needed to highlight future needed privacy measurements as well as research.
Since drones are more than just UAVs, the privacy concerns must accommodate the multiple usages and purposes the drone, and its appurtenant components can have.
1.2 Research Questions
This thesis will focus on the privacy of one of the IoT devices, drones. Drones and privacy are not a new phenomenon and drones has been proven to be a highly effective way of invading people’s privacy [14]. Uchidiouno, Manweiler and Weisz designed a scenario-based survey showing that 53% of the participants agreed that the drone had invaded their privacy in their given scenario. 27% disagreed and the rest were (20%) neutral [14]. However, this Master thesis will examine privacy the other way around, the privacy of the
15
one operating and/or owning the drone. With more data being collected (5G), the bigger are the security and privacy impacts if the drones are compromised. With more drones connected to the internet, with the higher speed and data transfer capabilities that will come, the greater could the privacy breaches be.
As stated, both in the section about IoT and in the section about drones, there is an increase in the number of devices. The number of attacks on the devices are also rapidly increasing and therefore more research and countermeasures are needed.
This research will focus on commercial drones and the privacy concerns that comes with them due to the increasing numbers of hobbyist and commercial drones stated above. The following two research questions are formulated to explore this in the thesis.
The research questions:
RQ1: What skills and capabilities are needed to execute a drone attack? RQ2: What are the privacy consequences to the owner of the drone?
In the following sections, a set of experiments will be conducted in order to answer the research questions stated. The experiments will be complemented by an extensive literature review, in which the first question will be of focus. As research question 2 is based on question 1, it will draw on the results from the literature review and the result of the experiments, and thus be based on the discussion of the results of question 1.
16
1.3 Outline
This master thesis contains six chapters that will answer the research questions stated in the previous section. The following chapter will introduce the methodologies used in this thesis and where said methodologies are applied.
The third chapter reviews background and needed terminology explanations on the main subject explored in this thesis as well as related literature.
The fourth chapter is the Drone Case study where the experiments are conducted with explanations of all the components used in this thesis.
The fifth chapter will discuss the findings in this thesis.
Lastly, the sixth chapter will provide the answers to the research questions and concluding remarks and future work propositions.
17
2 Methodology
This master thesis utilizes a mixed research methodology approach. The different methodologies used are described and elaborated upon in the following subsections. The mixed methodology definition used stems from Denscombe [15].
The choice of using Denscombe’s research definition is based on the fact that the research is aiming to explore privacy in relation to drones. Privacy, as stated by Solove [12], has varied definitions based on who is asked, but all of them stated in the introduction revolves around social perception. Denscombe’s methodology definitions are therefore utilized in this thesis due to the fact that the methods he defines are from a social research point of view [15].
Denscombe [15] describes a mixed method approach with three different characteristics. 1. A preference for viewing research problems from a variety of perspectives
2. The combination of different types of research within a single project
3. The choice of methods based on what works best for tackling a specific problem
Figure 1: Illustration of the research methodologies used in this thesis.
These three characteristics fits well into this thesis because each of these aids to answer the research questions stated in chapter 1.2. Figure 1 exhibits the three characteristics utilized in both Action Research and Experiments which combined becomes this thesis’s Methodology.
Said characteristics are thus valid as the thesis will answer the question “what skills and capabilities are needed to execute a drone attack?”. The answer to this question must
18
include several perspectives since capabilities and skills are measured based on how much skills are needed.
2.1 Action Research
Action research is a highly diverse research method described by Oates, B.J., [16]. It originates from the 1940s where doctors and scientists worked with psychological and social disorders post-world war II. Scientists had no initial theory of treatments, but planned, acted and reflected upon their interventions and gradually developed a body of knowledge. This method has since been used as a way for consultants to pass their work as research. The characteristics of action research have thus been beneficial in exploring the research questions stated in this thesis. Some of the characteristics stated by Oates [16] are:
• An iterative cycle of plan-act-reflect • An emphasis on change
• Action outcomes plus research outcomes
In this thesis Action research is the underlying methodology to answer the research questions (RQ1 & RQ2). The iterative cycle of plan-act-reflect allows the researcher to do something in a real-world situation and then reflect on what happened or was learnt. The emphasis on change is doing things that makes a difference in the research and then learn how it affected the change. Action outcomes plus research outcomes relates to both action (practical achievements in the problem situation) and research (learning about the processes of problem-solving and acting in a situation) [16].
The action research is conducted throughout the thesis as the main process and method of research due to the nature of the research questions where different skillsets will be measured as well as consequences based on the different skillsets.
19
2.2 Experiments
Experiments are an empirical investigation designed to examine properties and relationships between specific factors. Denscombe [15] states three things that “lie at heart” when conducting experiments.
1. Controls - Manipulation of variables
2. Empirical observation and measurement - Changes following the introduction of potentially relevant factors
3. The identification of causal factors - Introduction or exclusion of factors
The manipulation of variables allows the researcher to identify factors that are important and introduce or exclude them from situations so that their effect can be observed. Changes following the introduction of potentially relevant factors are important to experiment [15] due to the measurements of changes that are conducted. The introduction or exclusion of factors to the research enables the researcher to pinpoint which factor causes the outcome to occur. The conducted experiments are presented and elaborated upon in section 4.4.
20
2.3 Application of methodology
The mixed research methodology will be used in this thesis in several ways.
To emphasize where and how the mixed methodology is utilized in this thesis, 4 tables have been created (Table 1, 2, 3 & 4) in order to clarify the purpose of each part of the mixed methodology in relation to the different parts of the thesis.
Table 1: Related Work applied in relation to the methodology used for this thesis
Related Work Action Research Experiments Research
Questions Uchidiono, Manweiler and Weisz [14] Plan-Act-Reflect Empirical observation and measurement & identification of causal factors RQ 2 Altaway and Youssef [25] Plan-Act-Reflect Empirical observation and measurement & identification of causal factors RQ 1 & 2
Rena et al [30] Plan-Act-Reflect Empirical observation and measurement & identification of causal factors
RQ 1
Lagkas et al [27] Plan-Ac-Reflect Empirical observation and measurement & identification of causal factors
RQ 1 & 2
Haus et al [28] Plan-Act-Reflect Empirical observation and measurement & identification of causal factors RQ 2 Bugeja, Jacobsson and Davidsson [29] Plan-Act-Reflect Empirical observation and measurement & identification of causal factors RQ 1
21
Table 1 shows the related work put into the perspective of the research methodology chosen for this thesis. As depicted in Figure 1, both action research and experiments are related to the mixed research methodology chosen for this thesis with three different key characteristics each. The related work section in this thesis (3.2) covers the first part of action research, which is the Plan-Act-Reflect iterative cycle stated by Oates, B.J., [16]. From the experimental part of the mixed research methodology stated by Denscombe [15] the related work section covers empirical observation and measurement and the identification of causal factors. The reason for these parts being depicted in the related work is because of the nature of related work, which has laid the foundation for the experiments that provides the novelty of the thesis. These are the privacy issues that have previously been explore, the technology specification in drones as well as the approach to explore what kind of technical prerequisite and compositions are needed both at human and technology levels.
Table 2: Personas applied in relation to the methodology used for this thesis
Persona Action Research Experiments Research
Questions Recreational User Emphasis on
change Control: Manipulation of variables, empirical observation and measurement, identification of causal factors RQ 2
Advanced user Emphasis on
change Control: Manipulation of variables, empirical observation and measurement, identification of causal factors RQ 2
22
Table 3: Settings applied in relation to the methodology used for this thesis
Setting Action Research Experiments Research
Questions Rural Emphasis on change Control: Manipulation of variables, empirical observation and measurement, identification of causal factors RQ 2 Urban Emphasis on change Control: Manipulation of variables, empirical observation and measurement, identification of causal factors RQ 2
Table 2 & 3 shows personas and settings as means to diversify the results of the drone case and are a prerequisite for this thesis’s mixed research methodology. In order to manipulate variables, observe changes following the introduction of potentially relevant factors as well as have the ability to include or exclude factors as stated by Denscombe [15], the personas and settings in table 2 and 3 are key factors that are necessities to answer research question 2. From the Action Research part of the mixed research methodology stated by Oates B.J., [16] the emphasis on change will be key characteristics when evaluating the privacy consequences to the owner of the drone.
Table 4 is depicting the Drone case (i.e., the experiments) conducted in this thesis. Since action research was one of the main parts of the mixed research methodology, the drone case was built upon the Plan-Act-Reflect, Emphasis on change and research outcome principle which makes the steps of the case study problematic in assessing beforehand what to expect. It is thus, hard to indicate what the next step should be since the planning acting and reflection is based on the current body of knowledge [16]. However, the Drone case started with the Plan-Act-Reflect idea of how can the drone be exploited without having to hack it? Table 4 is also showing all the parts of this thesis research methodology and that it is related to both research questions stated.
23
Table 4: Drone Case Experiments applied in relation to the methodology used for this thesis
Drone Case Action Research Experiments Research
Questions Test 1 Plan-Act-Reflect, Action outcome + Research outcomes Empirical observation and measurement RQ 1 & 2
Test 2 Emphasis on change,
Action outcomes + Research outcomes Control: Manipulations of variables, identification of causal factors RQ 1 & 2 Test 3 Plan-Act-Reflect, Action outcomes + Research outcomes Empirical observation and measurement, identification of causal factors RQ 1 & 2
Test 4 Emphasis on change,
Action outcomes + Research outcomes
Identification of causal factors
RQ 1 & 2
Denscombe [15] states that a mixed research methodology has characteristics suited for viewing research problems from a variety of perspectives, combining different types of research and the choice of methods based on what works best for tackling a specific problem. This is utilized in the thesis by having the research questions related to all the different parts of the thesis as depicted in Table 1, 2, 3 & 4. Not all the characteristics shown in figure 1 are applicable to all the parts of this thesis. However, all the characteristics are applied in this thesis in order to answer the research questions stated.
2.4 Limitations & Threats to validity
The reason for choosing the mixed research methodology instead of quantitative research methodologies is that even though the skills and capabilities could be measured in levels, the kind of skills and capabilities are of a qualitative nature. The consequences to the user being attacked are not measured in numbers. The consequences could have a monetary bifactor such as loss of intellectual property, but that is not directly applicable to the drone being hacked. Therefore, the mixed research approach provides the most reliable, unbiased method of answering the research questions stated. Since this work is done by one author,
24
there is only one level of skills and capabilities that could be applied on the experiments conducted. Therefore, other ways of tackling this question are needed.
Internal validity threats in this thesis are that the work is exploring what kind of skills and experience are needed to perform an attack based on an action research method approach and therefore the skills learned in this thesis might have gaps that could have been overseen.
External validity threats in this thesis are that the work conducted in the thesis is done with one specific IoT Device, the drone, which could lead to generalizations regarding the results due to the fact that it is done inside the area of IoT. If the findings of this thesis were to be put inside another context than what are researched, one must consider the consequences of changing IoT device.
2.5 Ethics
Due to the nature of the research questions and the aim of this thesis, ethics is an important factor to consider. For this master thesis, the European Code of Conduct for Research Integrity [17] has been closely followed. The research principles presented by All European Academics [17] are Reliability, Honesty, Respect and Accountability. Reliability is to ensure the quality of the research, the methodology and the analysis and use of resources. Honesty is to conduct the research in a transparent, fair and unbiased way. Respect is to respect colleagues, research participants, society, ecosystems, cultural heritage and the environment. Accountability is for the research from idea to publication, for its management and organization, for training and for its wider impacts.
The nature of this master thesis and the conducted work benefits from clarifying computer ethics more closely since the thesis focuses on topics that could be considered unethical, such as: hacking, intrusion and privacy violations.
In order to clarify how research that tries to exploit weaknesses in systems, objects and other connected systems, a need to understand the intent is needed. When it comes to hacking, we have the white hat hackers and the black hat hackers. The white hat hackers are considered to be the good hackers, who does the hacking in order to improve security and preserve privacy and integrity. A black hat hacker is considered to be the bad hackers and are solely operating for personal gain, or just for the fun of it [18].
25
Harper et al [18] compares a penetration attack from an ethical and an unethical point of view. The ethical penetration attack differentiates from the unethical on some key characteristics. Ethical hacking has a clear and open purpose, is documented and has the intent to improve and prevent security and privacy concerns. Unethical hacking is taking place in the hidden and deliberately tries to cover tracks and aims to harden systems for malicious intent, i.e., fix vulnerabilities so the owner of a system or device cannot regain access [18].
This master thesis is clearly documented, with ethical guidelines complementing the research and thus must be considered ethical. The experiments in the forthcoming sections are done with complete and recorded consent, as well as having every step documented and clearly presented.
26
3 Background & Related work
In this chapter, background information on relevant technology will be provided, as well as information about protocols and in-depth terminology. In this section, related work will also be reviewed and discussed. The related work is conducted with the aim to give insight into the current state of research conducted in the fields related to this thesis.
3.1 Background
In this subsection, a background on technology relevant to this thesis will be provided as well as in-depth terminology on protocols and attacks. This is to provide a general understanding of the aim and novelty of the research in this thesis.
When drones first started to appear, they were almost solely used for military purposes. The first drone (UAV) was a missile first used in 1918 by the United States government. The drone was called the “Kettering bug”. Since then, drones have been drastically improved and is currently a promising tool within both the military and the commercial sectors. The commercial drone market started to emerge in 2006 when the FAA issued the first ever commercial drone permit upon the realization of the potential non-military drone could have. The first drone as we recognize them today was released in 2010 by the company “Parrot”. The drone named “Parrot AR Drone”, controlled via WIFI, became an immediate success and won the 2010 CES Innovations award and almost a half a million units were sold [19] [20]. The biggest landmark for commercial drones came 2013 when Jeff Bezos (Amazon) released a concept video depicting drone delivery. In December 2016, the first ever autonomous drone delivery took place [21].
Today, the commercial drone industry is steadily growing with an estimation of reaching a market worth $43 billion by 2024 [22].
This thesis research capabilities needed to execute an attack on a drone. Therefore, an attempt to attack the drone is conducted using a deauthentication attack.
A deauthentication attack or a deauthentication denial-of-service attack is an attack on the IEEE 802.11 Wireless Local Area Network (WLAN). IEEE provided several encryption techniques, Wired Equivalent Privacy (WEP), Wi-Fi protected Access (WPA)
27
and WPA2. All these encryption techniques only encrypt the data frames, to cite Agarwal, Biswas and Nandi: “The management and control frames are crucial for establishment,
maintenance and data exchange are always sent in an un-encrypted (clear-text) fashion [23].”
That is what a deauthentication attack is exploiting. A deauthentication attack is when someone is sending copious amounts of data frames to a client. The data frames sent are perceived (by the client) as management frames and therefore disconnects from the network.
Figure 2: A deauthentication attack. This is where a deauthentication attack interference in a device to WLAN Access Point schematic diagram
28
Since a deauthentication attack is just an act of sending data frames to disconnect clients, any files cannot be stolen or tempered with, unless the device that is attacked connects to another device after the deauthentication attack [23]. In figure 2, the complete data exchange between the client and access point are depicted with the deauthentication attack illustrated as to where in the communication chain it is disrupting the communication. In the case of this thesis, the Client device is the drone controller, the WLAN access point is the drone and attacker are the person who tries to disrupt the communication between the drone and the drone controller (smartphone).
The reason for how this method of attack is possible is that the deauthentication attack exploits the way drones communicate. The drone is basically a flying router which transmits signal to a controller, just as in a home network, the router transmits packages to a phone or computer.
Transmission Control Protocol (TCP) defines how to communicate through networks, i.e., how application programs exchange data. TCP works with the standard Internet Protocol (IP), which combined is how computers send data to each other. TCP is used to ensure secure data transmission between a server and a client. There are several protocols that are based on the TCP, SSH, Peer-To-Peer (PTP) and HTTP to mention a few [24].
3.2 Related work
Uchidiouno, Manweiler and Weisx [14] explore privacy concerns in public perception regarding drone usage. The research is aimed at public fears and perception about privacy, and states that excessive data collection is the most visible kind of privacy violation when it comes to drone usage. Through a scenario-based survey, they estimated that approximately 53% of the participants agreed that drones had invaded their privacy in their given scenario. 27% disagreed and the rest were neutral. When adding a privacy preserving technology parameter, the results drastically decreased (from 53% to 38%) which their findings state that with technological privacy interventions applied, negative emotions towards drones and privacy concerns decreases.
In another study by Altawy and Youssef [25], awareness of security, privacy and safety aspects associated with the deployment of civilian drones in the national airspace, with the
29
more specific aim to analyze possible attacks that could result in crashes or hijacking of drones are explored. In their paper, Altawy and Youssef [25] categorize civilian drones in three categories in which remote pilot-controlled drones are almost exclusively hobbyist drones and remote supervised controlled drones are drones used for deliveries [25]. Altaway and Youssef [25] furthermore states that for civilian drones to properly be integrated into the national airspace, drones are required to demonstrate a practical resolution for a sense and avoid feature. This is due to the regulation stated by FAA that drones must “deploy an automated sense-and-avoid intelligent systems that offers a safety
levels equal to or even exceeding that of a manned aircraft”. In order for an attack on a
drone to be identified as such, the attacks need to have a characteristic. These are described in different ways depending on who is asked. Chabukswar [26] states that it needs to have either, revelation, knowledge or disruption capabilities. Altawy and Youssef states that attacks on drones have different receptors based on the nature of the attack. Attacks on the flight controller and ground station could be jamming or spoofing the GPS data and transmissions as well as manipulation of the controller, ground station or the mission assignment system [25]. Attacks on the data link could be Control signal jamming, DoS and Control signal spoofing. Altaway and Youssef raises some good ideas about security requirements, but not how to actually solve in real life attacks. The security measures raised are based on an entire UAV operation, every aspect of it [25].
• Authorized access - The system must be built so only authorised users may access the system.
• Availability - all the element of the system must perform their required function • Information confidentiality-Information integrity
• System integrity
• Accountability of actions
The requirements stated, would (if applicated) solve the security, privacy and safety issues that a drone could encounter and in extension provide a safe environment for both stakeholders and users in both physical and internal aspects regarding drone usage.
30
A paper providing a framework for the preventing attacks described in Altaway and Youssef’s paper [25] is the one of Lagkas et al [27]. In their paper a more holistic approach for advancing security and privacy levels in UAVs is proposed. The proposed framework is built on the notion that mobile semiautonomous devices are expected to enter the IoT architecture with their own requirements of well-established and high-quality security support and approaches [27]. The benefit of having this framework would be that different kinds of drone-based missions would not be differentiated across different platforms or application domains, since it is all under the “umbrella” of IoT architecture [27]. However, the proposed framework with attached IoT architecture is not yet validated. Therefore, the authors [27] propose that the next step would be to build a simulation model as proof of concept.
Another study explores the feasibility of using small commercially off the shelf (COTS) drones to create indoor maps of IoT devices [28]. The mapping of IoT devices, their capabilities and deployment of new devices creates and opportunity to avoid potential threats and further extend the user’s privacy [28].
Drones were used to detect and identify devices and in combination with indoor localization at the user device, information about possible threats towards the user could be communicated. The results stated by the authors [28] showed that the testing done with the drones significantly improved the number of detected IoT devices, but also raised the issue regarding the battery capacity of the drones.
An Analysis of Malicious Threat Agents for the Smart Connected home is categorized by Bugeja et al [29], as human, technological and environmental actors. The agents are then further categorized by their respective motivation and capabilities. The attackers (agents) can for example target power grids and other IoT devices as part of cyber warfare, terror and/or organized crime. More relatable to this thesis, it could be used by hacktivists, thieves and hackers. An important part of this thesis is the different capabilities needed for the attacks described by Bugeja et al [29]. Bugeja, Jacobsson and Davidsson concluded their paper with a general observation that reported security vulnerabilities involve factors that are associated with low capability levels, both by the attack and the user being attacked.
31
This indicates that the importance of security education and awareness for the user of IoT products [29].
Rana et al [30] have explored how to improve the security of UAVs and drones by using blockchain technology. Since drones could carry multiple different sensors an overall security solution is needed. The solution proposed by the authors is blockchain technology. The technology exposes the data transfers from the drone and all the sensors. Every time data is sent, a (new) block is generated with a unique hash value. For every new block generated the hash value of the previous block will be stored inside and thus creating a blockchain stored on the cloud [30]. A vulnerability issue raised and answered by Rena et al [30] is that each block could be subjected to outside manipulation and thus breaking the chain. The answer to this would be to add a timestamp system. This research was conducted on military drones, but the Rena et al [30] claim that in the near future, this technology could be implemented on consumer drones using phones to run servers working with blockchain technology.
3.2.1 Summary
In this section, different aspects related to privacy and drones are discussed. The related work chosen for this thesis all touches on the privacy and drone topic in different aspects as can be seen in Table 5. The findings from Uchidiouno, Manweiler and Weisz [14] clearly state that a technical intervention to privacy issues regarding drones decreases predetermined negative emotions towards drones. Altawy and Youssef [25], provides a proposal for security requirements and countermeasures for withstanding an attack on the drone. Rana et al [30], provides a technical solution to the privacy vulnerabilities when operating drones. Lagkas et al [27] confirms that the technical solution towards the privacy vulnerabilities proposed by Rana et al [30] is valid by providing a framework which the blockchain solution fits in. Haus et al [28] made an experiment to prevent IoT based attacks by using drones to locate malicious hardware. Their experiments show that it is possible but also found out that the battery capacity is limited, which would make the drone (in this research) safer due to the limited time the drone can operate and in extension be attacked.
32
Bugeja, Jacobsson and Davidsson [29], have explored the requirements raised in RQ1 of this thesis in a broader topic than this thesis explores and provides a clear view of the technological requirements needed to perform attacks on IoT devices as well as the capabilities needed to perform such attacks.
The perspective missing from the reviewed literature and provides novelty to this thesis is that the view of privacy, which when it comes to drones are only explored through the ones not operating the drones. When the privacy issues concerning drones are discussed, the drones are just a mere tool to invade other people’s privacy with. This provides validity to the experiments conducted in chapter 4 as well as the novelty of filling the research gap regarding commercial drones which requires more extensive research as the number of drones increase every year and is becoming a more common sight in the sky. Table 5, furthermore, indicates that the vast selection of literature found is not exploring what this thesis aims to do. Privacy is explored, but not from the drone operator’s point of view. Privacy is explored from a view that aims to keep other people safe from privacy breaches enabled by drone.
33
Table 5: A Related work summary Uchidiouno, Manweiler and Weisz [14] Altawy and Youssef [25] Rana et al [30] Lagkas et al [27] Haus et al [28] Bugeja, Jacobsson and Davidsson [29] Topic Privacy, public perception about drone privacy. Security, privacy and safety regarding deployment of civilian drones. Security of UAVs using blockchain technology. UAV application areas enabled by IoT and 5G. Using drones to create indoor maps. Analysing malicious threat agents for smart homes. Author Contributions Survey based research of privacy preserving interventions. Attack definitions based on target, possible attacks. Blockchain technology in an UAV scenario Fleet management, aerial networking, privacy and security challenges. Mapping devices in an indoor environment. Human, technological and environmental actors, Author Findings Technological privacy interventions applied decreases negative emotions towards drones. Security requirement proposal as well as countermeasures. Blockchain could be used to improve security and privacy breaches. A framework built using mobile. semiautonomous devices. Detection is improved but battery capacity is limited. Capabilities and technological requirement to perform attacks
34
4 Drone Case & Results
In this chapter, the attack model will be explained. The attack with all of its components will be defined, explained and displayed below. The experiments are conducted according to and follows the guidelines from ProjectPlace [31] and follows the scientific method [32]. This chapter will seek to provide an answer to research question 1. This chapter will also provide some insights regarding research question 2 when combined with the privacy definitions stated by Solove [12] and in the background (chapter 3).
4.1 Technological Deployment
In this section, detailed explanations of the components used in this master’s thesis will be provided.
4.1.1 NodeMCU (With attacker code)
NodeMCU is a cheap open source IoT platform. It is based on the popular ESP8266. The firmware uses the Lua scripting language.
Developer: ESP8266 Opensource Community Type: Single-board microcontroller
Operating System: XTOS CPU: ESP 8266 LX106 Memory: 128kBytes Storage: 4MB
35
Figure 3: The NodeMCU used in this thesis.
The deauthentication firmware used in this thesis is originally created by Stefan Kremser [33]. The code is downloaded from his GitHub repository and is installed with Arduino IDE. Arduino IDE is an open-source code editor for uploading code and programs to electronic boards like the Arduino board or (in this thesis) the NodeMCU Figure 3. Since Arduino is compatible with numerous different boards, it was in this case needed to install the specific core for the board used in this thesis. The core for the board use was installed through these URLs 12.
With the two cores installed, the nodeMCU was plugged into the computer via the USB port and selected in the board selection under Tools in Arduino IDE. The repository was downloaded through GitHub and installed via the .ino file added. The code was uploaded to the board via the USB cable. Due to new updates on the source code, I found that version 2.0 worked more stable on my board than the newer one 2.1.
1http://arduino.esp8266.com/stable/package_esp8266com_index.json
36
The attack used in this project could be found in the reference list [33], the main functionality i.e., the part that sends packages is shown in the code snippet below. The method also counts any retries if the package was not successfully sent:
bool Attack::sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t ch, uint16_t tries) { setWifiChannel(ch);
bool sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0;
for (int i = 0; i < tries && !sent; i++) sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0; if (sent) tmpPacketRate++;
return sent;
The package sent by the attack has 26 bytes. The following code snippet shows the content of these bytes and what they stand for. For example, we can observe that the first two bytes in the package declare is typed as deauthentication. [33]:
uint8_t deauthPacket[26] = {
/* 0 - 1 */ 0xC0, 0x00, // type, subtype c0: deauth (a0: disassociate)
/* 2 - 3 */ 0x00, 0x00, // duration (SDK takes care of that)
/* 4 - 9 */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // reciever (target) /* 10 - 15 */ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, // source (ap) /* 16 - 21 */ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, // BSSID (ap) /* 22 - 23 */ 0x00, 0x00, // fragment & squence number /* 24 - 25 */ 0x01, 0x00 // reason code (1 = unspecified reason)
To call the function in the application created by [33] is:
void Attack::start() { stop(); prntln(A_START); attackTime = currentTime; attackStartTime = currentTime; accesspoints.sortAfterChannel(); stations.sortAfterChannel(); running = true; }
The attack is stopped by cleaning up all temporary values and counters in the memory and setting the global "running" value to false. This method is called when the predefined duration of the attack is over [33].
void Attack::stop() { if (running) { running = false; deauthPkts = 0; beaconPkts = 0; probePkts = 0; deauth.packetCounter = 0; beacon.packetCounter = 0; probe.packetCounter = 0; deauth.maxPkts = 0; beacon.maxPkts = 0; probe.maxPkts = 0;
37
packetRate = 0; deauth.tc = 0; beacon.tc = 0; probe.tc = 0; prntln(A_STOP); } }While sending packages in a loop, the program periodically checks if the global value "running" is still true. If the attack ends, the previously shown stop method sets this value to false for the package sending method to halt [33].
bool Attack::isRunning() { return running; }
While the attack is running in-memory, counters are frequently updated, and the elapsed time is measured to determine if the attack is done. If so, the stop method is called [33].
void Attack::updateCounter() {
// stop when timeout is active and time is up
if ((timeout > 0) && (currentTime - attackStartTime >= timeout)) { prntln(A_TIMEOUT);
stop(); return; }
// deauth packets per second if (deauth.active) {
if (deauthAll) deauth.maxPkts = settings.getDeauthsPerTarget() *
(accesspoints.count() + stations.count() * 2 - names.selected()); else deauth.maxPkts = settings.getDeauthsPerTarget() *
(accesspoints.selected() + stations.selected() * 2 + names.selected() + names.stations());
} else {
deauth.maxPkts = 0; }
In figure 2, the deauthentication attack is put into the context of how it works, and the lines of code shown above is what happens within the attack loop frame. In figure 4, the function is called were “bool Attack:sendPacket” is the main functionality and sends the deauthentication frames “uint8_t deauthPacket”. To initiate the attack the function “void Attack::start()” is called where the attack packages are sent to the target in a loop. To stop the attack, the “void Attack::stop()” function is called where all package sending is stopped if the attack is running as verified in “bool Attack:isRunning()”. When the attack is running, a counting method called “void Attack::updateCounter()” is active where the attack is monitored to make sure it is working, and if not letting us know. The last function illustrated in figure 4 is “if (deauth.active)”. This is the function that is sending the deauthentication if all previous parameters are working.
38
Figure 4: Illustration of the deauthentication attack with the attack code functions illustrated in Attack Loop
39
4.1.2 The equipment
This section describes the equipment used and references both the Aircraft and the App, which is available on both Appstore and Google Play. The decision to use the Mavic Air drone is based on its status as one of the most popular and diverse drones on the market [34].
The drone
The drone used in this master’s thesis is a DJI Mavic Air (figure 5). It is a lightweight drone operating on the 2,4GHz & 5GHz Network. The drone can be operated via an ordinary smartphone with or without a connected remote controller (figure 5). The drone has a port for an external SD Card.
Figure 5: The drone and the appurtenant remote used in this thesis
The DJI GO app is the software or app that is operating the drone as well as recording and storing all the drone data that is captured during the flights. The drone cannot be operated without this app. The app collects videos, photos, time of departure, time of landing, the duration of all flights as well as all the GPS data as can be shown in figure 6.
40
Figure 6: The different views of the app. Frame one displaying the starting screen. Frame two displaying the “in-flight” screen. Frame three showing media (videos) recorded. Frame four showing
the flight data. Frame five showing pictures taken.
A full list of the other components is presented in the table 6 below. Table 6: A list of components
Computers Smartphones Drone Network
related
Software
MacBook Air iPhone X Drone (DJI
MAVICK AIR
NodeMCU Wireshark
iMac iPhone 8 Drone Remote Apple Airport
Time Capsule
Arduino IDE
Drone battery Routers DJI Go App
4.2 The attack (Wireshark)
In order to see the packages being sent from the nodeMCU, Wireshark was used. According to their website: “Wireshark is the world’s foremost and widely-used network
protocol analyser”. The tool allows the user to see what packages are being sent on a
network in a detailed way. This tool was used to monitor the deauthentication attack live [35].
The attack was launched from a different network than what the computer running Wireshark is connected to. It consisted of frames sent in this network defined by the IEEE 802.11 (WIFI) protocol. Hence, a solution was needed to monitor that wireless network
41
from the computer
.
This was solved by the feature in the Apple Airport Time Capsule router. The router has a built-in monitor mode, which allows the router to see which packages are flying in space. When Wireshark was up and running in monitor mode, the next step was to define filters for the captured packages. When monitoring network traffic in an apartment building you realise that there are a lot of packages being sent and received every second. During a 9.5-minute Wireshark session, 545895 packages where obtained. Therefore, you need to isolate the attack from every other package that are being transmitted. To sort the packages, a defining filter for the captured packages was used.wlan.fctype ==0 && wlan.fc.type_subtype == 0x0c
Which is the kind of packages a deauthentication attack is, i.e., the package type that a deauthentication is sending. A package in 802.11 protocol is called frame. As stated in the background (chapter 3) in the Deauthentication DoS attack part, the packages send in a Deauthentication DoS attack is the same control frames that are crucial for the establishment maintenance and data exchange a (IEEE 802.11 protocol) network is using to work ordinary. Therefore, these deauthentication frames of the attack are needed to be identified in the captured data flow. This was done via observing a spike in packages send on a specific network that was attacked by a deauthentication attack. When monitoring the spike on the network currently being attacked, a Mac address were found.
The Mac address were f2:3e:c3:0a:bf:90. Therefore the final sorting in Wireshark were:
wlan.fctype ==0 && wlan.fc.type_subtype == 0x0c && wlan.addr == f2:3e:c3:0a:bf:90.
The wlan.addr == f2:3e:c3:0a:bf:90 filter specifies the specific MAC address for the devices
42
Figure 7: Packages/second sent during the deauthentication attack. The spikes between 85-95 second mark and after 175 seconds is showing when the attack is effective
During the attack, the number of frames increased tremendously, as can be seen on the Wireshark I/O Graph. As seen in figure 7 the attack occurred between the 85 and 95 second mark and after approximately 175 seconds from the starting point of observing the packages. There is the spike in packages send shown. Since the network under attack is not doing anything in-between attacks, therefore the graph shows no other packages. In figure 7, the packages created, as shown above in the code example are being observed when sent from the Mac address f2:3e:c3:0a:bf:90. The frame length is 55 bytes (440 bits). Figure 8 shows the frequency of the attack recorded between the 85 and 95 second mark i.e., the first spike in figure 7. In figure 8 the process is depicted in its entirety. Figure 9 illustrates the process of connecting the controller (iPhone) to the drone and the communication process. It also shows were in the process the deauthentication attack is launched and that it is being monitored by (in this case) the monitoring tool Wireshark.
43
Figure 8: Packages shown individually during the deauthentication attack. This is the packages that is "kicking out" devices from the network
44
Figure 9: Flowchart of what happens during the deauthentication attack. The monitoring from Wireshark frame shows what part of the attack that is being monitored and analyzed
45
4.3 Attack Scenario
In this section, attack scenarios of two different drone users will be provided, as well as two different settings. The scenarios are based on two user personas created from two different kind of drone usages [36] [37] [38].
Scenarios are commonly used as a method of problem-solving by concretization, using a specific story [39]. Scenarios can then be used to capture the interaction between the user and the product, environment or system as well as the structure and behavior of interactive functions [39].
In this thesis the scenarios are used to capture the interaction between the user and the product when the environmental or system structure are being manipulated to make the interactive functions perform an undesired action in a malicious way. The scenarios will then be put into two different settings due to the settings ability to create diversity to the experiments [39]. The use of scenarios in this thesis works as a change variable. In the methodology chapter (chapter 2), it is referred to as emphasis on change in the action research methodology were doing things that makes a difference in research and then learn how it affected the change is a key part [16]. In the experiment part of the mixed research methodology used in this thesis, the attack scenario and it’s intended change value is related to all the parts defined by Denscombe [15], The manipulation of variables allowing the identifications factors to be observed, the changes following said introduction and the introduction or exclusion of the factors.
Adding the attack scenario with the underlying parts presented below the scenario will serve as a change value that allows the results from the experiments be reviewed from both the action outcomes and the research outcomes, which will highlight the practical achievements in the problem situation and the research as a thesis with learning about the process of problem-solving and acting in a situation as stated by Oates [16].
46
4.3.1 Recreational-User
The Recreational User persona is based on the recreational user regulations provided by the FAA [36] and the different types of drones provided by [38]. The recreational user is a technology enthusiast that is using the drone to record family gatherings and creating hobbyist like multimedia recordings. This user takes as much time preparing the shots as flying the drone. The recreational user is always trying to impress his surroundings by knowing about drones and being able to operate them. The recreational user [36] has basic equipment and uses the drone in a hobbyist fashion creating data as referred to in [38]. The security awareness is based on the novice level of experience defined by Furnell, Bryant & Phippen [40] and the risk categories high to moderate defined by Othman et al [41]. The high category risk means that the user is not aware of the dangers of security and privacy breachers. The moderate category risk means that the user is aware of the dangers involving security and privacy breaches but need further education on the subject [41].
The recreational user: • Basic equipment
• Private shots/videos/location data • Low security awareness
• Losing the drone and data is more related to “sentimental value” than monetary loss.
4.3.2 Advanced user
The advanced user persona is based on the commercial operator regulations provided by the FAA [37] and the different types of drones provided by [38]. The advanced user is using the drone for work related or to gain profit based on advanced drone usage. This user works for a company and does not care about the cost of the drone or its components since the user did not pay for the drone. The drone the advanced user is using has multiple sensors and has the ability to collect multiple different kind of datasets. The advanced user [37] has professional equipment and uses the drone in a commercial fashion creating data as referred to in [36]. The security awareness is based on the advanced level of experience defined by
47
Furnell, Bryant & Phippen [40] and the risk categories elevated to low defined by Othman et al [41]. The elevated security risk means that the user has some security and privacy training. The low security risk means that the user is aware of security and privacy risks and their potential implications which their behavior reflects upon [41].
The advanced user:
• Professional equipment
• Data can be considered Intellectual Property of a company that guy works for with the drone
• Presumably higher security awareness
• Losing the drone suggest a data breach for the company
4.3.3 Settings
Two different settings will be provided to compare different implications based on scenery which in this thesis is the rural and the urban setting. The rural setting consists of limited public places and people but covers big landmasses. The urban setting is the opposite. A lot of public places, people in a smaller area than the rural setting. The reason for having two different settings is that the privacy issues could vary depending on surroundings. In table 7, the different characteristics of the two settings are presented.
Table 7: Settings of cases
Rural Urban
Few Houses A lot of houses, buildings and offices
Few people Many people