Securing Mobile IoT with Unmanned Aerial Systems

Any cellular network user needs to be identified and authorized by the network to access its services. In addition, the network needs to be authenticated by the users so that mutual trust can be established. Man in the middle attacks affect the integrity of messages by capturing the transmitted data and forwarding a manipulated version to the destination [9]

Capacity is a common metric used for evaluating modern wireless communications systems. Malicious users can exploit the fact that radio resources are limited and can leverage knowledge about how they are managed by the network. If, for example, malicious users create fake service requests or participate in broadcasting fake messages, the radio frequency (RF) spectrum will become congested and the communications services less reliable and potentially less available [10]. Mechanisms that allow recovering corrupted or lost messages are usually based on retransmission and additional processing. This adds to the RF congestion, increases latency and power consumption, among others. GPS spoofing attacks typically provide false location coordinates and, possibly, time offsets which can then lead to RF interference and service unavailability.

Eavesdroppers can capture packets or monitor user/network activity to compromise confidentiality and privacy [11]. The identities, positions, actions and trajectories of mobile users/IoT devices therefore need to be securely transmitted to avoid unauthorized tracking of devices and exploitation of data. For most cases, it is important that devices regularly report their presence and control or sensor data. This increases the attack surface and poses security challenges, especially for the IoT, where resources are limited.

A malfunctioning or malicious device can significantly compromise the radio access network performance. For example, a device that is not adhering to the time advance commands sent by the serving base station, can create significant interference from its transmission. Many outdoor devices use GPS signals as the synchronization source, but can use infrastructure nodes, where available, or other sources. If no external source exists, frequency and timing drifts will occur that add up over time. This can cause significant interference and system malfunctioning. The system needs to monitor such transmissions, or unauthorized transmissions, in general, and make the corresponding devices accountable before they cause major damage to the network operation.

The eavesdropping attack is the ability of a malicious node to intercept exchanged packets between legitimate nodes or fixed infrastructure. This type of attack can be very harmful for IoT networks because of the anonymous leakage of confidential information without legitimate transmitter/receiver knowledge. To this end, the aerial relay has been proposed as a mitigation technique to minimize the eavesdropper’s wiretap link rate. The objective of this paper is to illustrate how UAV path planning and speed of the aerial relay can influence the secrecy rate of a mobile IoT device in the presence of an eavesdropper.

Figure 1 illustrates a scenario where an authenticated UAV is relaying messages between a cellular base station and ground IoT device, while a ground eavesdropper is attacking the direct link between the user equipment (UE) and the base station.

Early research has shown how UAVs can extend cellular networks and be used to improve the security of terrestrial networks [12, 13, 14]. References [12] and [13] propose using UAVs as jammers to enhance the physical layer security of cellular networks. They investigate the effects of having a strong LoS jamming link between the UAV and a single or multiple eavesdroppers. Reference [14] discusses the use of UAVs as mobile relays to improve the results of static relays for static ground users. The authors use the difference-of-concave (DC) program to solve the secrecy rate maximization problem and find that each DC iteration yields a closed-form solution.

This paper extends those initial results [12, 13, 14] and considers the UAV dynamics to gain new insights on how UAVs can be effectively used to increase the secrecy of the channel. We consider the mobility parameters of the UAV and study the secrecy rate for mobile IoT ground devices. We compare the proposed UAV relaying approach to a base station handover.

For a ground receiver, the received signals from a UAV features the LoS signal, non-LoS (NLoS) signals and multiple reflected components which cause multipath fading [15]. The resulting A2G mean pathloss can be calculated as

$$P{L_{\varsigma}}(d,{h_{t}},{h_{r}})=FSPL\left(d\right)+{\eta_{\varsigma}}\left({{h_{t}},{h_{r}}}\right),$$

(1)

where $\varsigma=\left\{{LOS,NLOS}\right\}$, $d$ is the communication distance, $h_{t}$ and $h_{r}$ denote the heights of the transmitter (Tx) and receiver (Rx), $FSPL\left(d\right)=20{\log_{10}}\left({\frac{{4\pi fd}}{c}}\right)$ is the free space pathloss model, and ${\eta_{\varsigma}}\left({{h_{t}},{h_{r}}}\right)$ is the mean value of the excessive pathloss. The parameters $f$ and $c$ stand for the carrier frequency and the speed of light.

According to field test measurements [15], the occurrence probability of a LOS link ${\rho_{LoS}}(\theta)$ between a UAV transmitter and a ground receiver is given by

		$\displaystyle{\rho_{LoS}}(\theta)=\frac{1}{{1+C\exp\left[{-B\left({\theta-C}\right)}\right]}},$		(2)
		$\displaystyle\theta=\frac{{180}}{\pi}\arctan\left({\frac{{{h_{t}}}}{r}}\right),$

where $C$ and $B$ are constant values that depend on the communications environment, e.g. rural, urban, or dense urban. Parameter $h_{t}$ represents the height of the UAV transmitter and $r$ the horizontal distance between the UAV and the ground receiver. Note that the LoS and NLoS probabilities are related as ${\rho_{NLoS}}(\theta)=1-{\rho_{LoS}}(\theta)$.

The spatial expectation of pathloss is given by

$\displaystyle PL(\theta,d,{h_{t}},{h_{r}})=\sum\limits_{\varsigma}{{\rho_{\varsigma}}(\theta)P{L_{\varsigma}}(d,{h_{t}},{h_{r}})}.$

(3)

The path loss is higher for a NLoS than for a LoS link because of shadowing and indirect signal paths. We use the parameter $\eta=\frac{{{\eta_{LOS}}}}{{{\eta_{NLOS}}}}$ to denote the ratio of excessive attenuation factor for NLoS links compared to LOS links.

The Nakagami-m distribution is used to describe the small scale fading $g$ in A2G channels.

For ground communications, we consider both the distance dependent large-scale fading and small-scale fading. The signal transmitted from the ground transmitter is attenuated with a coefficient ${f_{G}}=g{d^{-\alpha}}$, where $g$ is the channel power gain with exponential distribution, $d$ is the communication link distance between the ground transmitter and receiver, and $\alpha$ is the path-loss exponent.

The signal-to-noise ratio (SNR) of ground communications is given by

$\displaystyle SN{R_{G}}=\frac{{{P_{T}}{f_{G}}}}{{B{n_{0}}}},$

(4)

where $P_{T}$ indicates the transmit power of the ground transmitter, $B$ is the channel bandwidth and $n_{0}$ is the noise spectral density.

In this paper, we consider a mobile IoT device. We examine the secrecy rate of this mobile IoT device with a static eavesdropper. Without loss of generality, the mobility of the ground user and the aerial relay will be over the x-axis with fixed y-position for all nodes (Tx, Rx, and relay). First we define two parameters that will be used for deriving our mobility model:

• •

  The distance step ($dx$) is a constant step size that corresponds to the granularity of movement.
  

• •

  The speed rate ($SR$) is a ratio that defines how fast the UAV flies with respect to the mobile IoT device. When $SR=1$, the UAV will maintain the same speed as the moving IoT device and closely follow it (same x coordinates). When $SR>1$, the UAV will be in front of the ground IoT receiver. When $SR<1$, the UAV will lag the IoT receiver.

The following model is used to define the mobility of the ground IoT device and the UAV relay:

$$IoT_{X_{t+1}}=IoT_{X_{t}}+dx,$$

(5)

$$UAV_{X_{t+1}}=SR*IoT_{X_{t+1}},$$

(6)

where $IoT_{X_{t+1}}$ and $UAV_{X_{t+1}}$ are the next x-positions of the ground IoT device and aerial relay in the next time step. $UAV_{X_{t+1}}$ is calculated as a function of the position of IoT device and the speed rate.

In this subsection, we present the secrecy rate of the ground legitimate user where an authenticated UAV serves as an aerial relay. The UAV forwards the user information. The secrecy rate ${R_{Sec}}$ of the ground legitimate user is then calculated as the difference of the legitimate information rate ${R_{L}}$ and the interception rate ${R_{I}}$, i.e., ${R_{Sec}}=\max\left({{R_{L}}-{R_{I}},0}\right)$. More specifically, we have

$\displaystyle{R_{L}}=\max\left({{R^{L}_{T}},{R^{L}_{R}}}\right),$

(7)

$\displaystyle{R_{I}}=\max\left({{R^{I}_{T}},{R^{I}_{R}}}\right),$

(8)

where $R^{L}_{T}$ is the data rate from the legitimate transmitter to the legitimate receiver, $R^{L}_{R}$ is the data rate from the legitimate aerial relay to the legitimate receiver, $R^{I}_{T}$ is the data rate from the legitimate transmitter to the eavesdropper, and $R^{I}_{R}$ is the data rate from the legitimate aerial relay to the eavesdropper. Considering a UAV that serves as an aerial relay, we split a time-slot into two parts. One is for the UAV receiving information from the ground transmitter, and the other is for UAV transmitting data to the ground receiver.

More specifically, we have

$\displaystyle R_{T}^{L}=B{\log_{2}}\left({1+\frac{{g{{\left\|{{x_{BS}}-{x_{UE}}}\right\|}^{-\alpha}}}}{{B{n_{0}}}}}\right),$

(9)

	$\displaystyle R_{R}^{L}=$	$\displaystyle B{\log_{2}}\left({1+{{1\mathord{\left/{\vphantom{1{B{n_{0}}}}}\right.\kern-1.2pt}{B{n_{0}}}}}}\right.\hfill$		(10)
		$\displaystyle\cdot\left.{PL({\theta_{UAV-UE}},\left\|{{x_{UAV}}-{x_{UE}}}\right\|,{h_{UAV}},{h_{UE}})}\right),$

$\displaystyle R_{T}^{I}=B{\log_{2}}\left({1+\frac{{g{{\left\|{{x_{BS}}-{x_{EAV}}}\right\|}^{-\alpha}}}}{{B{n_{0}}}}}\right),$

(11)

	$\displaystyle R_{R}^{I}=$	$\displaystyle B{\log_{2}}\left({1+{{1\mathord{\left/{\vphantom{1{B{n_{0}}}}}\right.\kern-1.2pt}{B{n_{0}}}}}}\right.\hfill$		(12)
		$\displaystyle\cdot\left.{PL({\theta_{UAV-EAV}},\left\|{{x_{UAV}}-{x_{EAV}}}\right\|,{h_{UAV}},{h_{EAV}})}\right),$

where $\left\|{a-b}\right\|$ denotes the distance between $a$ and $b$, $PL(\cdot)$ is the spatial expectation pathloss of A2G channel which is given by (3). Therefore, the secrecy rate of the ground IoT device is given in (13) at the top of next page.

The overarching scenario is that of a base station serving IoT devices. We consider the downlink data transmission, which can be a combination of user and control data or configuration signals. This is applicable to many applications, such as private content downloading, or software upgrades. For the sake of illustration and without loss of generality, we consider a single IoT device that may represent several nearby devices.

The IoT device and the UAV relay, when used, are moving on a straight line. They may, for example, follow a long straight road. The IoT device and the UAV relay move at some speeds, which are not necessarily constant nor identical. Two base stations and one eavesdropper are considered at fixed locations on the same road. When the UAV relay is used, the base station uses beamforming to the UAV and the fronthaul channel (from the base station to the UAV) is assumed to be at full capacity and orthogonal to the access channel (UAV to ground devices).

The UAV uses an omnidirectional antenna. The path loss exponent is 4 and the Rayleigh distribution is used to model the small-scale fading of ground links. The remaining simulation parameters are provided in Table I.

This scenario can be scaled by adding additional IoT devices, base stations, UAVs and eavesdroppers. When more nodes are used, their locations and trajectories need to be defined in the three dimensional space.