Security Management Toolchain

Detailed Description

The component developed by IKERLAN is a Security Management Toolchain which is aimed towards the monitoring and control of the drone’s security. The main objective of this component is to increase the security level of drone-to-drone and drone-to-infrastructure communication through the identification and correction of issues that may suppose a threat. Several attacks that may potentially compromise the security of the communication links have been considered, such as eavesdropping or spoofing.. Considering the above, the Security Management Toolchain provides different monitoring, update, and visualization features in order to detect anomalous behavior and vulnerabilities within the drone.

The drone may present potential vulnerabilities due to multiple factors (e.g., outdated software versions, abnormal execution patterns, abnormal communications patterns, etc.) that may result in different cyber-attacks. This component addresses such vulnerabilities by the continuous monitoring of key security parameters. This allows to have an overall picture of the system, to detect faulty configuration that may suppose a risk and be able to change system configuration with the objective of addressing such issues. In case a software component version (applications, libraries, or certificates) is not correctly updated, it would be easier to attack and therefore it would become a potential target for any kind of cyber-attacks. The main security aspects addressed by this component are cyberthreat identification and cyberattack detection, such as identity spoofing, brute force, elevation of privilege, eavesdropping, hacking, among others.

Design and Implementation

The core of this component is built around a software solution that combines a Security Information Management (SIM) and Security Event Management (SEM) system, a Security Information and Event Management (SIEM). A framework based on a SIEM solution, collects and aggregates security data from network devices, servers, domain controllers, etc., bringing it together into a single centralized platform. It provides security data analysis from the data generated by applications and network hardware. In essence, a SIEM is a data aggregator, search, and reporting system, which stores, correlates, and applies analytics to security data to discover trends, detect threats and enable alerts. Thus, the Security Management Tool enables to carry out log data analysis, intrusions and malware detection, file integrity monitoring, configuration assessment or vulnerability detection.

Detection methodologies has been integrated to obtain the required security information and be able to send logs to the SIEM. To this end, this component includes both Host-based Intrusion Detection System (HIDS) and Network Intrusion Detection System (NIDS), which monitor network traffic for suspicious activities and possible threats, and issues alerts when such activities are discovered, generating system logs and identifying the design of usual attacks. In our use-case, the HIDS will monitor and analyze the internal aspects of the on-board device located in the drone, while the NIDS will examine the network traffic between the drone platform and the SIEM.

The detail for these modules and the whole component is divided between D5.5 and the D5.6 documents. To obtain a deeper insight of overall work, it is suggested to read both documents.

Contribution and Improvements

The contribution of this component focuses on the security of the drone. The inclusion of an IDS into the world of IoT devices is something that is going to be needed in the near future. With this component we have prooved that drones and IDS can coexist and work together without problems.

This component has been tuned and improved along the project, adpating to the needs of the devices is has to work with. Along the process, while some functionalities were added and configured, continous tests wer done to check the correct implementation. Not only that, the idea to add new functionalities, such as the automatic update of vulnerable components, came from a research to identify the best way to help on security on the drone area of knowledge. This implementation, even it may see complex at first wil help detecting attacks and preventing them, making the drones more secure, and in consecuence more efficient.