The FOLLOWME project aims at developing new tools and processes for fighting cyber-crimes against modern digital services, by addressing the existing difficulties to locate the origin of attacks to wireless communications. Indeed, today many critical services and industrial systems rely on wireless networks for communication with people and interaction with the Internet of Things (IoT), hence become vulnerable to a broad number of cyber-threats that includes brute force denial of service at the physical layer with continuous, spot, or selective jamming, as well as more elaborated attacks at the data link layer by interception, replication or alteration of packets. While detecting this kind of attacks is not difficult with common cyber-security tools, and even trivial for jamming, finding their origin and identifying culprits is almost impossible today, yet indispensable to stop them, especially when attacks are generated with portable or self-made devices that continuously move around.
The project will investigate the feasibility of using Unmanned Aerial Vehicles (UAVs, aka flying drones) to locate and even chase attackers during illicit usage of the radio spectrum. The FOLLOWME concept is a cyber-physical security framework that integrates network telemetry with wireless localization. The former triggers alarms in case of anomalies or known attack patterns and provides coarse-grained indication of the physical area (i.e., position of affected access gateways), whereas the latter systematically scans such area to identify the exact location of the attacker. To this purpose, UAVs will be equipped with antennas and the necessary software to process both received signal measures and packets, in order to carry out localization tasks and continuously inspect the network traffic. Using UAVs allow to scan the relevant area quicker than walking or driving vehicles, to reach inaccessible areas (e.g., pipelines or powerlines across mountains and rural areas), and to have better opportunity to work in line-of-sight than equipment operated along roads. The integration includes visualization of the attack source location on map and indications of the flying route for scanning the area to the drone operator.
The project will specifically address long-range metropolitan area networks, specifically the LoRa protocol, which is the typical scenario for Smart City services (including infomobility and transportation, surveillance, health, education, utilities, emergency and other kinds of services). The scope will include advanced tools for analysis of LoRaWAN traffic and detection of anomalies, localization of LoRa devices, as well as design and field experimentation of a working prototype for the UAV. The results from the project will provide better confidence about the feasibility and performance of the overall FOLLOWME concept, which represent the preliminary step towards extension to other protocols and experimentation with potential users.
Project abstract
