azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-21 11:11:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
af5eb13ecb01b1ac9804aa5fdaf963e68c29904e
gps-denied-onboard/_docs/01_solution/security_analysis.md
T
Oleksandr Bezdieniezhnykh af5eb13ecb update GPS-denied onboard research docs
2026-04-29 17:03:57 +03:00

45 lines
4.7 KiB
Markdown
Raw Blame History

# Security Analysis
## Threat Model
| Asset | Threat Actors | Attack Vectors | Impact |
|-------|---------------|----------------|--------|
| Flight-controller position input | GPS spoofer, compromised companion process, malicious ground operator | False `GPS_INPUT`, EKF source misconfiguration, replayed MAVLink packets | Aircraft navigates to wrong location or leaves route/geofence |
| Satellite cache | Compromised cache sync source, stale imagery, physical access attacker | Tile replacement, stale metadata, manifest tampering | False satellite anchors or cache poisoning |
| Onboard tile write-back | Bad EKF state, compromised companion, service ingestion bug | Misaligned generated tiles promoted into shared basemap | Cross-flight error propagation |
| Local API | Unauthorized network client, operator laptop malware | Object localization abuse, health/session tampering, denial of service | Data leakage or service interruption |
| FDR logs | Physical capture, insider misuse | Extraction of route, imagery thumbnails, telemetry | Operational intelligence exposure |
| Model/runtime artifacts | Supply-chain attacker, license-incompatible artifact source | Modified TensorRT engines, malicious Python packages, poisoned descriptors, noncommercial model weights in product build | Silent false outputs, code execution, or product license violation |
## Per-Component Security Requirements and Controls
| Component | Risk Level | Controls |
|-----------|------------|----------|
| Frame ingest and calibration | Medium | Store signed calibration profiles; reject unexpected resolution/intrinsics; log camera timestamp drift; never persist raw frames except allowed failure thumbnails. |
| Satellite cache | High | Signed manifests, checksums per package, capture-date metadata, source identity, freshness gates, immutable trusted service-source tiles, local cache verification at startup. |
| VPR and local matching | High | Treat retrieval as untrusted candidate only; require geometric verification, inlier thresholds, freshness checks, covariance consistency, and ESKF innovation gates. |
| ESKF/state estimator | High | Conservative covariance floors, Mahalanobis gates, source-label transitions, false-position event logging, fail-closed to degraded fix_type when uncertainty is high. |
| MAVLink output | High | Pin ArduPilot parameters; emit GPS_INPUT from one process; validate rate and sequence; no v1 ODOMETRY; send `fix_type=0` or degraded accuracy when estimator is invalid. |
| Local API | Medium | Bind to localhost by default; require JWT/API key for network exposure; validate pixel bounds and request schema; rate-limit commands. |
| FDR | Medium/high | Segment files with checksums, rollover logs, no raw frame archive, encrypt or protect storage when mission secrecy requires it. |
| Tile write-back | High | Only write candidate tiles when parent pose covariance passes strict threshold; sidecar stores parent pose, covariance, source ancestry, and quality score; Suite Service requires multi-flight voting before trusted promotion. |
| Dependency/runtime | Medium | Pin package versions, build TensorRT engines at install time, verify model checksums, run dependency vulnerability scanning in CI, and block noncommercial model weights such as official Magic Leap SuperPoint unless separately licensed. |
## Security Controls Summary
1. **Trust boundary**: The onboard system trusts only signed Satellite Service cache packages and live FC telemetry from the configured MAVLink link.
2. **No direct provider calls**: Commercial provider credentials never live on the aircraft; the onboard system consumes only prebuilt cache artifacts.
3. **Fail closed**: Match failures, stale tiles, bad covariance, or state-estimator inconsistency downgrade the source label and `GPS_INPUT` accuracy/fix state.
4. **No dual-source v1 fusion**: `ODOMETRY` is intentionally disabled in v1 to avoid EKF source ambiguity.
5. **Cache poisoning defense**: Generated tiles remain candidate/soft trust until covariance gates and Satellite Service voting promote them.
6. **Local-first API**: The API is not part of the hot path and is local-only unless explicitly configured with authentication.
7. **Forensics without raw-frame hoarding**: FDR captures enough to replay decisions while respecting the no-raw-photo restriction.
## Open Security Work
- Define the cache manifest schema and signing mechanism.
- Pin ArduPilot version and parameter set in deployment docs.
- Decide whether onboard FDR encryption is mandatory for the operating environment.
- Select and scan final model weights and TensorRT engine build pipeline; confirm ALIKED/SIFT/DeDoDe artifact licenses before product packaging.
- Add CI checks for dependency vulnerabilities and generated OpenAPI schema drift.
Reference in New Issue View Git Blame Copy Permalink