The document discusses the MAVSEC project, which aims to secure the MAVLink protocol used in ArduPilot and PX4 unmanned aerial systems. It details features of the MAVLink protocol, including its packet structure and various message types used for communication between drones and ground control stations. The paper also highlights the importance of securing this communication for applications in the Internet of Drones and smart city initiatives.

1. MAVSec: Securing the MAVLink
Protocol for Ardupilot/PX4 Unmanned
Aerial Systems
AZZA ALLOUCH, OMAR CHEIKHROUHOU,
ANIS KOUBAA, MOHAMED KHALGUI, TAREK ABBES
IWCMC-MOROCCO 2019
THE 15TH INTERNATIONAL WIRELESS COMMUNICATIONS &
MOBILE COMPUTING CONFERENCE IN MOROCCO
JUNE 25TH, 2019

2. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
ANIS KOUBAA
▸ Aide to Rector of Research Governance
▸ Full Professor in Computer Science
▸ Research Associate CISTER, Portugal
▸ Director of RIOTU Research Lab
▸ Research Interest
▸ Internet of Things
▸ Cloud Robotics
▸ Deep Learning

3. INTERNET-OF-DRONES FOR SMART CITIES
TEAM
▸ Basit Qureshi
(Researcher)
▸ Bilel Ben Jdira
(Research Assistant)
▸ Mahmoud AlAhdab
(Research Engineer)
▸ Maram AlAjlan
(Research Assistant)

4. Research Professors
Postdoc Openings
PhD Internships
INTERNET-OF-DRONES FOR SMART CITIES

5. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
MAVLINK
▸ The Micro Aerial Vehicle Link (MAVLink)
▸ open source communication protocol
▸ used for the bidirectional data exchange between the Drone and the Ground
Control Station (GCS) .
▸ It specifies a set of messages that are exchanged between a small unmanned
vehicle and a ground station.

6. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
DRONE AUTOPILOT AND HARDWARE

7. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4
UNMANNED AERIAL SYSTEMS
MAVLINK: INTERNET OF DRONES
drone
Leverage the use of cloud computing and IoT
MAVLink MAVLink
Cloud

8. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
APPLICATION: INTERNET OF DRONES

9. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4
UNMANNED AERIAL SYSTEMS
DRONE TRACKING

10. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
MAVLINK HEADER

11. MAVLINK 2.0 PACKET STRUCTURE
MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
NUMBER 0 1 2 3 4 5 6 7 8 9 10 11
ACRONYMS STX LEN INC
FLAGS
CMP FLAGS SEQ SYS ID COMP ID MSG ID PAYLOAD CKA CKB SIGNATURE
RANGE 0xFD 1 byte 1 byte 1 byte 1 byte 1 byte 1 byte 3 byte 0-255
bytes
1 byte 1 byte 13 bytes
SHORT
DESCRIPTI
ON
Start Payload
length
Incompatib
ility flags
Compatibility
flags
Packet
sequen
ce
Sender
ID
Component
ID
Message
type
Actual data Checksum
with seed
value A
Checks
um
with
seed
value B
Message
authentication

12. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
HEARTBEAT MESSAGE
▸ {“custom_mode":0,
▸ “type”:2,
▸ “autopilot”:3,
▸ “base_mode":81,
▸ “system_status":3,
▸ “mavlink_version":3,
▸ “sysid":1,
▸ “compid":0,
▸ "msgid":0}
{“len”:9,”seq”:59,"sysid":1,"compid":1,"msgid":0,"payload":{"payload":{"hb":
[0,0,0,0,2,3,81,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0],"offset":,"isReadOnly":false,"bigEndian":true,"nativeByteOrder":
false,"mark":-1,"position":9,"limit":512,"capacity":512,"address":0},"index":
9},"crc":{"MAVLINK_MESSAGE_CRCS":
[50,124,137,0,237,217,104,119,0,0,0,89,0,0,0,0,0,0,0,0,214,159,220,168,24,23,170,14
4,67,115,39,246,185,104,237,244,222,212,9,254,230,28,28,132,221,232,11,153,41,39,0,
0,0,0,15,3,0,0,0,0,0,153,183,51,82,118,148,21,0,243,124,0,0,38,20,158,152,143,0,0,0
,
106,49,22,29,12,241,233,0,231,183,63,54,0,0,0,0,0,0,0,175,102,158,208,56,93,211,108
,
32,185,84,0,0,124,119,4,76,128,56,116,134,237,203,250,87,203,220,25,226,0,29,223,85
,
6,229,203,1,0,0,0,0,0,0,0,0,0,0,42,49,0,134,219,208,188,84,22,19,21,134,0,78,68,189
,
127,154,21,21,144,1,234,73,181,22,83,167,138,234,240,47,189,52,174,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,204,49,170,44,83,46,0],"CRCvalue":20045}}

13. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
GLOBAL POSITION MESSAGE
▸ {“time_boot_ms":5487599,
▸ “lat":-353632599,
▸ “lon":1491652293,
▸ “alt":584030,
▸ “relative_alt":0,
▸ “vx":3,
▸ “vy":7,
▸ “vz":0,
▸ “hdg":18312,
▸ “sysid":0,
▸ “compid":0,
▸ "msgid":33}
{"len":28,"seq":1,"sysid":1,"compid":1,"msgid":33,"payload":{"payload":
{"hb":
[-17,-94,83,0,-87,-2,-21,-22,-59,-50,-24,88,94,-23,8,0,0,0,0,0,2,0,5,0,0,0,
-124,71,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"offset":
0,"isReadOnly":false,"bigEndian":true,"nativeByteOrder":false,"mark":-1,"po
sition":28,"limit":512,"capacity":512,"address":0},"index":28},"crc":
{"MAVLINK_MESSAGE_CRCS":
[50,124,137,0,237,217,104,119,0,0,0,89,0,0,0,0,0,0,0,0,214,159,220,168,24,2
3,170,144,67,115,39,246,185,104,237,244,222,212,9,254,230,28,28,132,221,232
,
11,153,41,39,0,0,0,0,15,3,0,0,0,0,0,153,183,51,82,118,148,21,0,243,124,0,0,
38,20,158,152,143,0,0,0,106,49,22,29,12,241,233,0,231,183,63,54,0,0,0,0,0,0
,
0,175,102,158,208,56,93,211,108,32,185,84,0,0,124,119,4,76,128,56,116,134,2
37,203,250,87,203,220,25,226,0,29,223,85,6,229,203,1,0,0,0,0,0,0,0,0,0,0,42
,
49,0,134,219,208,188,84,22,19,21,134,0,78,68,189,127,154,21,21,144,1,234,73
,
181,22,83,167,138,234,240,47,189,52,174,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0,0,0,0,0,0,0,0,0,0,8,204,49,170,44,83,46,0],"CRCvalue":61991}}

14. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
GLOBAL POSITION MESSAGE

15. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
SURVEY

16. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
SECURITY THREATS

17. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
POSSIBLE ATTACKS
eavesdroppingMan-in-the-middleHijackingDoS Jamming Impersonation

18. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
SECURITY THREATS
Security objective Threats Mitigations
Confidentiality
Eavesdropping
Data link interception
Man-in-the-middle
Identity spoofing
Hijacking
Data link encryption
Integrity
Packet injection
Man-in-the-middle
Fabrication
Message deletion
Message modification
Replay attack
Hash
Authentication
MAC
Availability
Command and control
data link spoofing
Channel jamming
Routing attack
Denial of service
Flooding
Authentication

19. SOLUTION
MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
MAVLink protocol on
Drone
Telemetry data and
status information
Commands and
controls data
MAVLink protocol
on GCS
Encrypt
payload
Decrypt
payload
Encrypt
payload
Decrypt
payload

20. BACKGROUND ON CRYPTOGRAPHIC
ALGORITHMS

21. COMPARISON OF SYMMETRIC ALGORITHMS
Algorithm Description Nature Characteristics
AES-CBC 64-bit plaintext blocks are XORed
preceding 64-bit ciphertext
Block cipher Used for
large amounts of data
AES-CTR Each block of plaintext is XORed
with an encrypted counter. The
counter is incremented for each
block.
Stream cipher No padding
Flexible
Blocks are encrypted and
decrypted in Parall
RC4 a stream of plaintext is XOR ed
with a keystream
to produce a stream of ciphertext
Stream cipher Efficient for real time processing
Variable key size
ChaCha20 A stream of plaintext is encrypted
using a
keystream, with block i of the
plaintext XORed with the
output of the ChaCha20 block
function
Stream cipher Fast with a high level of security
No padding
MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS

22. MAVSEC: INTEGRATION OF ENCRYPTION
MECHANISMS INTO MAVLINK

23. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
MAVSEC
Header
AES-CTR, AES-CBC,
ChaCha20, and RC4
Encrypted
payload

24. EXPERIMENTAL VALIDATION

25. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
EXPERIMENT SET UP
MAVProxy

26. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS
PERFORMANCE METRICS
▸CPU processing time: time spent to encrypt the message
▸ Memory consumption rate: measures the memory required for the
running process.

27. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS

28. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS

29. MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS

30. RESULTS OF THE COMPARISON
▸ ChaCha20 has better performance and is more efficient than other
encryption algorithms.
▸ ChaCha20 can be adopted to secure MAVLink protocol.
▸ ChaCha20 guarantees the confidentiality of the MAVLink messages,
without affecting its performance, consuming less memory space and CPU
to preserve the memory and save the battery for resource-constrained
drones.
MAVSEC: SECURING THE MAVLINK PROTOCOL FOR ARDUPILOT/PX4 UNMANNED AERIAL
SYSTEMS