In recent years, the rapid advancement of low-altitude economies has propelled the widespread adoption of civil drones across various sectors, including logistics, agriculture, environmental monitoring, and disaster response. As these unmanned aerial vehicles become integral to critical operations, their network security vulnerabilities pose significant risks. Civil drones rely on wireless communication for command transmission and data exchange, making them susceptible to threats such as hijacking, data interception, and denial-of-service attacks. To address these challenges, our research focuses on the application of commercial cryptography technologies to enhance the security of civil drone systems. We propose a comprehensive testing and validation framework to evaluate the effectiveness of cryptographic solutions in real-world scenarios, ensuring robust protection while maintaining operational efficiency.
The security landscape for civil drones is fraught with challenges, including remote hijacking through protocol exploits, replay attacks that manipulate communication data, and unauthorized data access. These threats underscore the need for robust cryptographic measures. Commercial cryptography, particularly national algorithms like SM2 and SM4, offers a viable solution by providing encryption, authentication, and integrity checks. In our study, we explore how these algorithms can be integrated into key aspects of civil drone operations, such as identity authentication, data transmission, and storage. By implementing cryptographic protocols, we aim to mitigate risks and ensure the confidentiality, authenticity, and availability of drone systems, which is crucial for safeguarding sensitive information in applications like infrastructure inspection and surveillance.
Civil drones face numerous network security threats that can compromise their functionality and data integrity. For instance, attackers may exploit weak authentication mechanisms to impersonate authorized users, leading to unauthorized control or data manipulation. Additionally, eavesdropping on unencrypted communication channels can result in sensitive information leakage, while denial-of-service attacks disrupt operations by overwhelming system resources. To counter these issues, commercial cryptography provides essential tools such as digital signatures for identity verification, symmetric encryption for data protection, and hash functions for integrity assurance. Our analysis reveals that the integration of these technologies into civil drone systems not only addresses existing vulnerabilities but also aligns with regulatory requirements for data protection in critical sectors.
The application of commercial cryptography in civil drones spans several critical phases. In identity authentication, we employ public-key algorithms like SM2 to verify the legitimacy of drones and ground stations. This process involves digital certificates and signature validation, ensuring that only trusted entities can establish communication links. For data transmission, symmetric encryption algorithms such as SM4 or AES are used to encrypt command signals, telemetry data, and video streams, preventing interception and tampering during wireless exchanges. In data storage, encryption safeguards sensitive information collected by civil drones, such as geographic or environmental data, from unauthorized access. Moreover, in hijacking scenarios, cryptographic measures like end-to-end encryption and certificate-based authentication make it difficult for malicious actors to take control, as unauthorized commands cannot be decrypted or verified.
To validate the efficacy of cryptographic applications in civil drones, we developed a testing framework that simulates real-world operational environments. This framework includes a civil drone system equipped with cryptographic capabilities and a testing system for data collection and analysis. The testing process involves creating scenarios for identity authentication, data transmission, and storage, as well as hijacking attempts. We measure performance metrics such as encryption latency and functional correctness to assess the impact on system efficiency. For example, in identity authentication tests, we verify certificate validity and signature processes, while in transmission tests, we evaluate the delay introduced by encryption algorithms. This approach ensures that cryptographic implementations do not compromise the real-time performance required for civil drone operations.
In identity authentication testing for civil drones, we focused on the mutual verification between drones and ground stations using SM2-based digital signatures. The functional tests confirmed that certificates were valid, not revoked, and issued by trusted authorities, with algorithms meeting security standards. Performance tests measured the latency added by signature and verification processes. Over 100 trials, the average delay was minimal, demonstrating that cryptography does not hinder authentication speed. The results are summarized in Table 1, which shows the consistency and low latency across different authentication types, reinforcing the suitability of SM2 for civil drone systems.
| Test Scenario | Number of Trials | Average Latency (ms) |
|---|---|---|
| Drone-Ground Station Mutual Authentication | 100 | 2 |
| Operator Login to Ground Station | 100 | 2 |
| Operator Login to Control Center | 100 | 2 |
The latency in identity authentication can be modeled using the formula for signature and verification time. For SM2, the signature generation involves computing $$ s = k^{-1} \cdot (e + d_A \cdot r) \mod n $$, where \( k \) is a random number, \( e \) is the hash of the message, \( d_A \) is the private key, and \( r \) is derived from the elliptic curve point. Verification requires checking $$ s \cdot G = e \cdot P_A + r \cdot Q $$, with \( G \) as the base point and \( P_A \), \( Q \) as public key components. The efficiency of this process ensures that civil drones maintain swift authentication without security compromises.
Data transmission tests for civil drones evaluated the encryption of flight status, control commands, and video streams using SM4 and AES algorithms. Functional tests confirmed that encrypted data could not be decrypted without the proper key, ensuring confidentiality. Performance tests measured the additional latency due to encryption and decryption. As shown in Table 2, SM4 and AES introduced minimal delays, with SM4 performing slightly better in some scenarios, highlighting its competitiveness for civil drone applications where real-time communication is critical.
| Transmission Type | Algorithm | Number of Trials | Average Latency (ms) |
|---|---|---|---|
| Flight Status Data | SM4 | 100 | 1.002 |
| Flight Status Data | AES | 100 | 1.03 |
| Video Data | SM4 | 100 | 1.3 |
| Video Data | AES | 100 | 1.54 |
| Control Commands | SM4 | 100 | 1.003 |
| Control Commands | AES | 100 | 1.002 |
The encryption process for data transmission in civil drones can be described using block cipher modes. For SM4 in Output Feedback (OFB) mode, the ciphertext is generated as $$ C_i = P_i \oplus E_k(O_i) $$, where \( P_i \) is the plaintext block, \( E_k \) is the encryption function with key \( k \), and \( O_i \) is the output feedback. In Cipher Block Chaining (CBC) mode, used for video data, the formula is $$ C_i = E_k(P_i \oplus C_{i-1}) $$, with \( C_{i-1} \) as the previous ciphertext block. These modes ensure secure data flow for civil drones while minimizing performance overhead.
Data storage encryption tests for civil drones involved encrypting flight logs and video data at the ground control center using SM4 and AES in CBC mode. Functional tests verified that stored data remained confidential and could be correctly decrypted. Performance tests measured the encryption latency, as summarized in Table 3. The results indicate that encryption adds negligible delay for flight data but more for video, yet remains within acceptable limits for civil drone operations, emphasizing the practicality of cryptographic storage solutions.
| Storage Type | Algorithm | Number of Trials | Average Latency (ms) |
|---|---|---|---|
| Flight Data | SM4 | 100 | 1.003 |
| Flight Data | AES | 100 | 1.022 |
| Video Data | SM4 | 100 | 4.81 |
| Video Data | AES | 100 | 2.52 |
In hijacking scenario tests for civil drones, we compared plaintext and ciphertext transmission modes. When using plaintext, unauthorized ground stations could easily hijack the drone by sending commands, but with encryption, such attempts failed due to the inability to decrypt or verify messages. This demonstrates the critical role of cryptography in protecting civil drones from malicious takeovers. The comparative analysis underscores that encryption not only secures data but also enhances the resilience of civil drone systems against real-world threats.
Overall, our research confirms that commercial cryptography significantly improves the security of civil drones without compromising performance. The SM2 and SM4 algorithms exhibit latency and efficiency comparable to international standards, making them suitable for integration into civil drone networks. By providing a validated testing framework and practical insights, we contribute to the advancement of secure civil drone applications, supporting the growth of low-altitude economies. Future work should focus on optimizing these cryptographic solutions for diverse civil drone use cases, ensuring long-term security and reliability.