azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-21 09:41:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
af5eb13ecb01b1ac9804aa5fdaf963e68c29904e
gps-denied-onboard/_docs/01_solution/security_analysis.md
T
Oleksandr Bezdieniezhnykh af5eb13ecb update GPS-denied onboard research docs
2026-04-29 17:03:57 +03:00

4.7 KiB
Raw Blame History

Security Analysis

Threat Model

Asset Threat Actors Attack Vectors Impact
Flight-controller position input GPS spoofer, compromised companion process, malicious ground operator False GPS_INPUT, EKF source misconfiguration, replayed MAVLink packets Aircraft navigates to wrong location or leaves route/geofence
Satellite cache Compromised cache sync source, stale imagery, physical access attacker Tile replacement, stale metadata, manifest tampering False satellite anchors or cache poisoning
Onboard tile write-back Bad EKF state, compromised companion, service ingestion bug Misaligned generated tiles promoted into shared basemap Cross-flight error propagation
Local API Unauthorized network client, operator laptop malware Object localization abuse, health/session tampering, denial of service Data leakage or service interruption
FDR logs Physical capture, insider misuse Extraction of route, imagery thumbnails, telemetry Operational intelligence exposure
Model/runtime artifacts Supply-chain attacker, license-incompatible artifact source Modified TensorRT engines, malicious Python packages, poisoned descriptors, noncommercial model weights in product build Silent false outputs, code execution, or product license violation

Per-Component Security Requirements and Controls

Component Risk Level Controls
Frame ingest and calibration Medium Store signed calibration profiles; reject unexpected resolution/intrinsics; log camera timestamp drift; never persist raw frames except allowed failure thumbnails.
Satellite cache High Signed manifests, checksums per package, capture-date metadata, source identity, freshness gates, immutable trusted service-source tiles, local cache verification at startup.
VPR and local matching High Treat retrieval as untrusted candidate only; require geometric verification, inlier thresholds, freshness checks, covariance consistency, and ESKF innovation gates.
ESKF/state estimator High Conservative covariance floors, Mahalanobis gates, source-label transitions, false-position event logging, fail-closed to degraded fix_type when uncertainty is high.
MAVLink output High Pin ArduPilot parameters; emit GPS_INPUT from one process; validate rate and sequence; no v1 ODOMETRY; send fix_type=0 or degraded accuracy when estimator is invalid.
Local API Medium Bind to localhost by default; require JWT/API key for network exposure; validate pixel bounds and request schema; rate-limit commands.
FDR Medium/high Segment files with checksums, rollover logs, no raw frame archive, encrypt or protect storage when mission secrecy requires it.
Tile write-back High Only write candidate tiles when parent pose covariance passes strict threshold; sidecar stores parent pose, covariance, source ancestry, and quality score; Suite Service requires multi-flight voting before trusted promotion.
Dependency/runtime Medium Pin package versions, build TensorRT engines at install time, verify model checksums, run dependency vulnerability scanning in CI, and block noncommercial model weights such as official Magic Leap SuperPoint unless separately licensed.

Security Controls Summary

  1. Trust boundary: The onboard system trusts only signed Satellite Service cache packages and live FC telemetry from the configured MAVLink link.
  2. No direct provider calls: Commercial provider credentials never live on the aircraft; the onboard system consumes only prebuilt cache artifacts.
  3. Fail closed: Match failures, stale tiles, bad covariance, or state-estimator inconsistency downgrade the source label and GPS_INPUT accuracy/fix state.
  4. No dual-source v1 fusion: ODOMETRY is intentionally disabled in v1 to avoid EKF source ambiguity.
  5. Cache poisoning defense: Generated tiles remain candidate/soft trust until covariance gates and Satellite Service voting promote them.
  6. Local-first API: The API is not part of the hot path and is local-only unless explicitly configured with authentication.
  7. Forensics without raw-frame hoarding: FDR captures enough to replay decisions while respecting the no-raw-photo restriction.

Open Security Work

  • Define the cache manifest schema and signing mechanism.
  • Pin ArduPilot version and parameter set in deployment docs.
  • Decide whether onboard FDR encryption is mandatory for the operating environment.
  • Select and scan final model weights and TensorRT engine build pipeline; confirm ALIKED/SIFT/DeDoDe artifact licenses before product packaging.
  • Add CI checks for dependency vulnerabilities and generated OpenAPI schema drift.
Reference in New Issue View Git Blame Copy Permalink