Architecture and Hardware

Eyes on the Skies

An aerial drone delivering pizzas.
Security researchers warn delivery drones present "serious privacy concerns" that need addressing before such services fully launch.

The prospect of drones delivering urgently needed goods to our back yards or front doors, just 30 minutes after we have clicked "buy now" online, is certainly a compelling one, especially so in the era of Covid-19 lockdowns, where zero-human-contact delivery is welcome.

While delivery drones may sound captivating to many consumers, in fact they present "serious privacy concerns" that need addressing before such services start bigtime, warn security researchers at the Indian Institute of Science (IISc) in Bangalore.

At issue, says lead researcher Vinod Ganapathy, director of computer systems security at IIS, is the fact that delivery drones are much more than simple cargo-carrying flying machines: they are airborne, wirelessly connected, location-aware computer platforms peppered with potentially invasive arrays of sensors.

This means that as a parcel-carrying drone meanders around, then hovers over, a property as it navigates to the safest touchdown spot—sensing and avoiding power lines, phone cables, clothes lines and street lamps—its sensors might also be able to capture a great deal of data on households and their inhabitants, the IISc team says.

For instance, a drone's cameras could capture still images or video of people in the house (perhaps even in various states of undress in gardens, pools, hot tubs, or while sunbathing). Vehicles and their license plates could be captured, too, and laser-ranging LiDAR sensors could acquire data about buildings and outbuildings. As the drone moves around, its GPS sensors could map the entire property.

The IISc team's concern is that data acquired in that manner could be used by a logistics firm or marketed to data brokers to target households with, for example, ads for related products such as pools, patio sets, house extensions, swing sets, cars, and garage equipment.

The more sensors the drone has, the greater the potential for trouble. For example, if a microphone is incorporated so that, after landing, a customer could verbally query a delivery with the fulfillment center that dispatched the drone, that could also aid spammers, marketers, or hackers. " The more sensors there are on the drone, the more channels to violate privacy. Attackers are incredibly creative at using various sensors in novel ways to implement attacks, so such a microphone could be used to record conversations in a private home when the drone is in the process of making a delivery," says Ganapathy.

Alongside his colleagues Rakesh Rajan Beck and Abhishek Vijeev, Ganapathy is not merely highlighting the risks. The IISc team has developed a solution: a software framework that can be adopted, and adapted, for local privacy laws by drone delivery service operators.

Called Privaros, it is a privacy policy-enforcing software framework designed to work with the middleware used at the heart of most drones: the real-time version of Willow Garage's Robot Operating System (ROS2). "Privaros is a set of enhancements to ROS2, rather than something that runs on top of it. It adds privacy enforcement technology and, in particular, mandatory access control policy enforcement," says Ganapathy.

What that means is that Privaros allows what they call "host airspaces" such as cities, municipalities, neighborhoods, apartment complexes, and hospitals, to impose privacy policies on "guest" delivery drones licensed to fly in the locality.

"So a host airspace can specify a policy that requires any guest drone that enters its airspace to refrain from wirelessly transmitting, or locally storing in an on-board SD card, any images or video captured when within the host's airspace," according to the researchers.

Privaros works well, the team reports, because its privacy rules harness ROS2 procedures similar to those that allow drones to obey national flight rules, such as the Digital Sky policy of India's Directorate General of Civil Aviation, which prevents drones from flying over forbidden zones like military installations. Privaros is globally portable; explains Ganapathy, "There is nothing in the core mechanisms of Privaros that are tailored to Digital Sky, and it is certainly applicable to regulations that may be developed by the U.S. Federal Aviation Administration or the European Aviation Safety Agency,"

Nirupam Roy, a delivery drone security researcher at the University of Maryland at College Park, is impressed with Privaros. With his colleague Nakul Garg, Roy developed a very low power audio frequency doppler radar for drones that allows them to quickly avoid projectiles like bricks and baseballs, which thieves might throw to bring them down in order to steal their parcels as drones fly low and slow near their destinations.

"The Privaros team have identified this privacy and security concern, and proposed a practical framework for privacy-compliant navigation of delivery drones. Delivery drones are now a reality, so it is definitely very timely research, and it is a thorough implementation they have built," says Roy.

Delivery drones are indeed already a reality, especially in China. Alibaba and its rival already have services up and running, but the service many people in the West will be waiting for, from Amazon Prime Air, is still under development at a U.K. research center just east of Cambridge.

Amazon's Seattle, WA, headquarters declined to comment on the privacy preserving technology.

Ganapathy is undaunted, however, and hopes other developers will help them make drone deliveries a success, privacy-wise. Says Ganapathy, " These are early days in the drone privacy space, and Privaros is an early technology that's designed to help. We call on the community to build upon Privaros to address this important problem."

Paul Marks is a technology journalist, writer, and editor based in London, U.K.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More