计算机应用 ›› 2020, Vol. 40 ›› Issue (8): 2286-2292.DOI: 10.11772/j.issn.1001-9081.2019122160

• 网络空间安全 • 上一篇    下一篇

基于MAVLink协议的无人机系统安全通信方案

张凌浩1, 王胜1, 周辉2, 陈一凡3, 桂盛霖3   

  1. 1. 国网四川省电力公司 电力科学研究院, 成都 610000;
    2. 国网四川省电力公司 检修公司, 成都 610041;
    3. 电子科技大学 计算机科学与工程学院, 成都 611731
  • 收稿日期:2019-12-24 修回日期:2020-02-25 出版日期:2020-08-10 发布日期:2020-05-14
  • 通讯作者: 桂盛霖(1983-),男,重庆人,副教授,博士,CCF会员,主要研究方向:嵌入式软件、信息安全,shenglin_gui@uestc.edu.cn
  • 作者简介:张凌浩(1985-),男,山东威海人,工程师,博士,主要研究方向:电力信息安全;王胜(1987-),男,四川达州人,工程师,硕士,主要研究方向:网络安全;周辉(1985-),男,四川遂宁人,工程师,主要研究方向:网络安全;陈一凡(1996-),男,福建泉州人,硕士研究生,主要研究方向:嵌入式软件。
  • 基金资助:
    国网四川省电力公司科技资助项目(521997170017)。

Secure communication scheme of unmanned aerial vehicle system based on MAVLink protocol

ZHANG Linghao1, WANG Sheng1, ZHOU Hui2, CHEN Yifan3, GUI Shenglin3   

  1. 1. Electric Power Research Institute, State Grid Sichuan Electric Power Company, Chengdu Sichuan 610000, China;
    2. Maintenance Company, State Grid Sichuan Electric Power Company, Chengdu Sichuan 610041, China;
    3. School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 611731, China
  • Received:2019-12-24 Revised:2020-02-25 Online:2020-08-10 Published:2020-05-14
  • Supported by:
    This work is partially supported by the Science and Technology Project of State Grid Sichuan Electric Power Company (521997170017).

摘要: MAVLink是一种应用于无人机(UAV)与地面站(GCS)之间的轻量级通信协议,它定义了一组包括UAV状态和GCS控制命令的UAV与GCS交互的双向消息。针对MAVLink协议缺乏足够的安全机制,存在可能导致严重威胁和隐患的安全漏洞的问题,提出了一种基于MAVLink协议的UAV系统安全通信方案。首先,UAV持续交替广播连接请求。然后,GCS向UAV发送公钥,双方利用DH算法进行密钥协商计算出共享密钥,并使用AES算法对MAVLink消息包进行加密通信,完成身份认证;若UAV在规定时间内未收到GCS发送的公钥或对MAVLink消息包解密错误则主动断开连接,更新公钥后重新广播连接请求。另外,针对UAV系统存在被恶意篡改的安全问题,在启动引导时对UAV系统固件进行了自校验。最后,基于形式化验证工具UPPAAL证明了所提方案具有活性、可连接性以及连接唯一性,并对UAV PX4 1.6.0与GCSQgroundControl3.5.0的通信过程进行抓包测试。结果表明,所提的UAV系统安全通信方案能够防止在UAV与GCS通信过程中存在的恶意窃听、篡改消息、中间人攻击等恶意攻击,并且对UAV性能影响较小,较好地解决了MAVLink协议存在的安全漏洞。

关键词: 无人机, 安全功能, 安全通信, 自校验, 形式化验证

Abstract: The MAVLink is a lightweight communication protocol between Unmanned Aerial Vehicle (UAV) and Ground Control Station (GCS). It defines a set of mutual bi-directional messages between UAV and GCS, including UAV states and GCS control commands. However, the MAVLink protocol lacks sufficient security mechanisms, and there are security vulnerabilities that may cause serious threats and hidden dangers. To resolve these problems, a security communication scheme for the UAV system based on the MAVLink protocol was proposed. First, the connection requests were broadcasted by the UAV constantly and alternately; then the public key was sent to the UAV by the GSC, and the DH algorithm was used by both sides to negotiate a shared key, and the AES algorithm was used to encrypt the communication on MAVLink message packages, achieving identity authentication. If the UAV did not receive the public key sent by the GCS within the specified time or a decryption error on MAVLink message package happened, the UAV would actively disconnect and update a new public key to rebroadcast the connection request. In addition, concerning the security problem of the UAV system being maliciously tampered with, the system firmware was self-checked during booting. Finally, based on the formal verification platform UPPAAL, it has been proved that the proposed scheme has the security properties of liveness, connectability and connection uniqueness. Results of the communication process between UAV PX4 1.6.0 and GCS QgroundControl 3.5.0 show that the proposed secure communication scheme of UAV system can prevent malicious eavesdropping, message tampering, man in the middle attack and other malicious attacks in the communication process between UAV and GCS, and solve the security vulnerabilities of MAVLink protocol well with little effect on UAV performance.

Key words: Unmanned Aerial Vehicle (UAV), security function, secure communication, self-checking, formal verification

中图分类号: