[RT1] P4-based SDN for Enhanced Scalability, Controllability, and Flexibility

The high mobility of UAVs leads to frequent changes in network elements with which they communicate directly (both with other UAVs and with ground devices). Rapid, frequent, and unpredictable changes in location can also result in communication interruptions, data loss, and disruptions in task execution.  These dynamic conditions pose substantial challenges in effectively managing the NAC network, especially as it expands in scale. In the original project, we primarily focus on optimizing computation task execution within individual UAVs by harnessing resources from neighboring UAVs. Our effort in this supplementary project is to extend beyond this scope to contemplate the concurrent execution of multiple tasks by multiple UAVs cooperatively. This is a highly complex problem that not only requires addressing the mobility, uncertainty, and real-time challenges encountered by individual UAVs during resource sharing, but also involves various network-wise challenges such as routing, resource management, and task scheduling. Traditional networking strategies, which rely on additional protocols like SNMP [22-24] to gain a comprehensive view of the network, may further complicate the management of NAC networks.

In this project, we will confront these challenges by exploring the Software-Defined Networking (SDN) [4-6]. SDN decouples the control plane from individual network devices, thus facilitating centralized network management and the agile creation of networks. A pivotal element in SDN is the SDN controller, which offers an all-encompassing network perspective. By integrating controlling applications within it, we can optimize network performance [19,20]. Notably, SDN offers several additional benefits beyond flexibility and controllability. For instance, it has been shown that SDN can enhance security against UAV network attacks [10-12], defend against cyber threats [13][14], and improve efficiency and energy savings [15][16]. SDN can also facilitate energy-efficient UAV flight control using 5G networks [17][18].

Despite the appealing advantages SDN offers, it also possesses some limitations. In typical applications, the operation of the control plane (i.e., SDN controller) is limited to transmitting the contents of the flow table to the SDN switch. This is commonly achieved through the OpenFlow protocol. The content of the table is determined by applications embedded above the controller. The operation of the switch involves only: (i) extracting relevant header fields; (ii) searching the flow table for an entry corresponding to the processed packet; and (iii) performing actions, such as forwarding the packet to the appropriate switch port or discarding the packet, associated with the respective entry. This approach restricts the ability to support new protocols created for project needs. It is also suboptimal in terms of energy efficiency due to the number of functions performed by the switch. To overcome this limitation, we propose to use the Protocol-independent Packet Processor Programming (P4) language to build a software defined NAC (SD-NAC) network (see our preliminary works in [25]).

The P4 language [21], first introduced in 2014, is a high-level language for programming protocol-independent packet processors. It offers multiple advantageous features aligned with our objectives. It empowers the definition of packet processing algorithms, extending the control from the input interface to the output interface. In contrast, the OpenFlow protocol in SDN devices limits user control to the flow table contents. Moreover, P4 exhibits remarkable versatility by accommodating various hardware platforms, spanning from potent processors and FPGAs to IoT solutions like the Raspberry Pi 4. Furthermore, when preparing the program code that defines the operation of the data plane, P4 compilers prepare the relevant functions needed by the SDN controller, offering reliable interoperability between SDN switches and SDN controllers. The enormous flexibility in network building and the networking functions offered by P4 has also made it exceptionally conductive to implementing advanced cyber security mechanisms, such as Moving Target Defense (MTD) in SDN networks. The numerous hardware platforms on which it is possible to prepare applications in the P4 language prompts research into the feasibility of extending the existing capabilities by incorporating additional elements, e.g., integrating cryptographic functions into network interface cards (NICs) in SDN (implemented onboard UAVs or in servers). The P4 language specifications and available libraries have not been optimized for cryptographic functions, so research in this area is planned as part of the project. If the research yields positive results, we plan to propose an extension to the P4 language standard and develop the necessary libraries accordingly.

The SD-NAC network designed for the project will consist of a ground-based SDN controller and a certain number of SDN switches connecting radio stations (see Fig. 2). Each UAV will be equipped with a SmartNIC card, on which necessary packet processing functions will be implemented using the P4 language. To enhance network reliability, a partial implementation of SDN controller functions is also anticipated on UAVs. This will prevent a situation where a group of UAVs loses connection with the main controller, leading to a cessation of their tasks. To evaluate the effectiveness of the proposed method, we will examine the time it takes for all UAVs to reestablish connection with the main controller and/or the time to achieve routing convergence. Additionally, communication interruption characteristics for individual UAVs, transmission delays, and data loss probability will be examined.

The novelty of this endeavor lies in its potential to transform task execution and management within highly distributed, dynamic, and resource-constrained networks.

[RT2] Lightweight Cryptography Algorithms for Enhanced Security

Creating a secure airborne network is crucial for robust and reliable airborne computing. Nevertheless, airborne networking faces a diverse array of threats, such as jamming, eavesdropping, hijacking, spoofing, and DoS attacks, as identified in [7][8]. These threats can cause transmission failures, malfunctions in UAV operations, or unauthorized changes to UAV control authority. Moreover, UAVs frequently capture sensitive data, such as images, videos, and location information, making it imperative to safeguard the confidentiality and integrity of this data. While SDN can improve communication security between UAVs and SDN servers, it falls short in addressing this dual challenge associated with UAV-to-UAV communications and data on the UAVs. A viable solution is to deploy cryptography algorithms for both data processing and data transmission [1]. However, directly deploying traditional cryptography algorithms such as the Rivest-Shamir-Adleman (RSA) [26] may not be feasible, considering the inherent constraints of UAVs in computing power, energy resources, memory capacity, and available bandwidth. Hence, it is imperative to meticulously address these constraints while prioritizing security measures.

Our strategy entails a rigorous empirical evaluation to assess the suitability of several well-recognized lightweight cryptography algorithms and investigates integration of suitable algorithms into the NAC system.  We will primarily focus on a subset of algorithms selected from the pool of finalists in response to a call by the National Institute of Standards and Technology (NIST) aimed at standardizing lightweight cryptography algorithms [9]. Noteworthy algorithms slated for investigation encompass: 1) ASCON, a permutation-based Authenticated Encryption with Associated Data (AEAD) and hash scheme, which was chosen as the predominant lightweight authenticated encryption solution during the NIST competition; 2) Elephant, a permutation-based AEAD scheme that adheres to a nonce-based encryptthen-MAC construction methodology; 3) GIFT-COFB, an AEAD scheme based on block ciphers, with the underlying block cipher being GIFT-128; and 4) Xoodyak, a permutation-based AEAD and hashing scheme that relies on a fixed 384-bit permutation operated in Cyclist mode. The analysis will start by assessing the feasibility of integrating these lightweight cryptographic algorithms into NAC, considering factors such as compatibility, introduced overhead, energy consumption, etc. This will allow securing direct connections among the UAVs, which will be a significant step to enable new applications on the system. Subsequently, successful candidates will undergo implementation on the onboard computing devices of the UAVs (see Fig. 1). Commonly used devices include Raspberry Pi 4, Jetson TX2 and its variants. Lastly, we will conduct an extensive comparative study among the implemented candidates, focusing on their effectiveness in securing data processing and transmission for NAC, resource consumption and overhead. This evaluation will involve a range of flight tests at the PUT airport (see facilities).

The novelty of this endeavor lies in its potential to revolutionize secure airborne communication within resource-constrained and highly dynamic environments. It also paves the way for achieving secure airborne computing and, more broadly, mobile computing

[RT3] New UAV Models for Enhanced Resilience Against Electronic Warfare

UAVs are actively used in the Russia-Ukrainian war. According to Ukraine’s government project “Army of drones” report in June-September 2023 [27], 1,280 Russian fighting vehicles were destroyed by drones. Both Russia and Ukraine prioritize the local production of UAVs and pilot training, with the “Army of drones” project alone training 3,354 pilots in June 2023 [28], including 2,822 multirotor, 495 FPV and 38 fixed-wing UAV operators. However, the production of military-grade, electronic warfare-resistant UAVs in Ukraine and its allies has been progressing slowly. Consequently, most UAVs are still imported civil multirotor copters, such as the Autel EVO MAX 4T, with 2,000 received in October 2023 [29]. Civil UAVs face two primary vulnerabilities: (i) signals intelligence: This involves geolocating the UAV pilot for potential kinetic strikes. Protection of the UAV pilot from detection by geolocation remains a significant challenge, with possible threats including MRLS Grad system, KAB-500 guided bombs, Ka-52 NAR full load, etc.; (ii) electronic warfare (EW): This encompasses the disruption of control channel communications (most dangerous), disruption of GNSS communications (often in place, forcing pilots to use software ATTI mode to protect against spoofing), and disruption of the video channel (less dangerous, as skilled pilots can navigate blind in this scenario).

     The deployment of NAC in Ukraine has introduced several new challenges, especially concerning the protection against Russian EW systems [30-32]. To address these challenges, we propose to enhance NAC network design through software simulation in real operating conditions, including battlefield scenarios. For this purpose, we plan to use a custom modeling environment written in Python 3, capable of providing: (i) network calculus model estimations (NCBound, Saihu); (ii) cellular automaton modeling (CellPyLib, Netomaton); (iii) Petri nets modeling (SNAKES); (iv) machine learning methods (Weka 3 wrapper); and (v) network structure optimization (NetworkX). By utilizing this simulator, we will assess the impact of various factors on the NAC performance, including (i) the influence of existing military systems of radio-electronic interference (using the example of the possibility of interference of modern Russian-made devices); (ii) the influence of commercially available anti-drone systems (which are currently used in Ukraine by the aggressor, including non-Russian ones); and (iii) the impact of specially developed anti-drone systems (highly complex software components, COTS hardware from open resellers, used by the aggressor in Ukraine). Subsequently, we will incorporate these factors into the system modeling, which has the potential to greatly enhance network resilience against Russian EW systems. Particularly, we will improve the NAC system model with more precise models of individual UAVs and the environment, including: (i) electronic warfare vehicle complexes produced by Russian federation; (ii) digital elevation model (DEM) of current battlefield in Ukraine (DeepStateMap gray zone); (iii) static trench-level electronic warfare anti-drone systems; (iv) portable electronic warfare weapons (individual anti-drone guns); and (v) airborne signal retranslators and FCSS transceiver equipment captured by Ukrainian forces (e.g., the Russian FPV “Kuznechik” module). With the improved NAC system model, we will estimate network delay and throughput based on the theories of network calculus, cellular automaton, and Petri nets.

Furthermore, we will consider sets of characteristics specific to the type of drone: including (i) FPV attack drones (e.g., the KH-S7 FPV drone shown in Fig. 3a): These require a low latency video stream and cost-effective encryption equipment due to their high speed and single-use nature; (ii) Multi-rotor reconnaissance and attack drones (e.g., the DJI Mavic 3 shown in Fig. 3b, which is the most popular drone presently used on battlefields in both Russian and Ukraine): These demand a stable control channel at short distances, enabling them to swiftly exit areas of intensive EW; and (iii) Fixed-wing reconnaissance-strike drones (e.g., the Spectator fixed wing drone developed at KPI as shown in Fig. 3c): These require stable long-range control and data transmission channels. After structural optimization on the designed NAC network, we will evaluate the proposed network using the existing Ukrainian counter unmanned aircraft systems (CUAVs) of the Bukovel type. The evaluation metrics include network throughput, network delay, network structural integrity, preservation of CIA properties, etc. Ukrainian early-career researchers, eligible for military service during war in Ukraine, have undergone training in military reconnaissance with multicopter drones. They have access to diverse training facilities with different drone types and electronic warfare testing sites.

The novelty of this endeavor lies in its potential to enhance current Ukrainian drone communication technologies, offering intellectual advantage over existing anti-UAV systems.