@MASTERSTHESIS\{IMM2017-07037,
    author       = "T. H. Lützen",
    title        = "A Security Framework for Unmanned Aerial Vehicles and Practical Exploitation Analysis",
    year         = "2017",
    school       = "Technical University of Denmark, Department of Applied Mathematics and Computer Science",
    address      = "Richard Petersens Plads, Building 324, {DK-}2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk",
    type         = "",
    note         = "{DTU} supervisor: Christian D. Jensen, cdje@dtu.dk, {DTU} Compute",
    url          = "http://www.compute.dtu.dk/english",
    abstract     = "The goal of this thesis is to present a general model for drones in order to conduct a risk analysis of them. The {CORAS} method and {NIST} risk management framework is used to do conduct the analysis. This is done in order to make a general security framework for drones and test it against different practical exploits to see if the framework catches the correct threats. The Parrot {AR} drone 2.0 is used as a reference point and the same exploits are tested on the {SJRC} T30VR drone. Furthermore the reverse engineering and exploitation of an {RC} controlled Hubsan nano Q4 cam drone is done by using a software defined radio. Afterwards the results of the experiments are used to find mitigation proposals on the most critical threats and to secure the drones. This showcases that the threats would have been captured by the security framework and could have been prevented using it. In the end future work in relation to be conducted in the field of drone security is presented.

M{\aa}let med dette speciale er at pr{\ae}sentere en generel model for droner for at kunne udf{\o}re en risikoanalyse af dem. {CORAS} metoden og {NIST} risiko management frameworket bruges til udf{\o}relsen af analysen. Dette g{\o}res for at lave et generelt sikkerhedsframework for droner og teste det imod forskellige praktiske angreb for at se om frameworket opfanger de korrekte trusler. Parrot {AR} 2.0 dronen bruges somreferencepunkt og de samme angreb testes p{\aa} en {SJRC} T30VR drone. Derudover unders{\o}ges reverse engineering og angreb af en radiokontrolleret Hubsan nano Q4 cam drone ved hj{\ae}lp af en software defined radio. Bagefter bruges resultaterne af eksperimenterne til at finde l{\o}sningsforslag p{\aa} de mest kritiske trusler og for at sikre dronerne. Dette viser at truslerne vil blive opfanget af sikkerhedsframeworket og kunne v{\ae}re undg{\aa}et ved at bruge det. Til sidst pr{\ae}senteres fremtidigt arbejde der skal udf{\o}res inden for dronesikkerhed."
}