PEER STABS YOU IN THE BACK

Betrayal is a part of life we all recognize. Someone who appeared friendly turns out to have been acting against us all along; friends who turned enemies in the blink of an eye. It appears that multi-agent systems, drones and networked devices are not immune to betrayals either.

While architecting the algorithm for my flocking drone node, I went down the fascinating rabbit hole of security in embedded networked systems. By specifications, all of the nodes in our system featured a CMAC — Cipher-based Message Authentication Code. Essentially this is a procedure that, given a secret key and a message, outputs a short pseudorandom-looking tag that lets you check the integrity and authenticity of the message received.

For my project, only the last 4 bytes of the CMAC were used, providing 2^32 possible values — roughly 45 years to break via brute force if the attacker could transmit at 3 Hz. The team key, however, may be compromised in myriad other ways. Developers can leak the key (intentionally or via a GitHub slip). Devices can be physically captured, putting the shared key in danger of extraction via unsecured debugging interfaces or sophisticated side-channel attacks.

It is these vulnerabilities I decided to target for the adversary portion of the project. There are many ways to exploit a drone's flocking behaviour, but I found cohesion — the rule that steers each drone toward the average position of its neighbours — one of the easiest and most elegant to exploit.

Once a packet passes CMAC verification, the victim trusts all position and velocity data unconditionally. There's no physics check, no behavioural validation — just blind trust. The targeted ghost attack simply generated 3 fake drones, each with a basic uniquely identifying MAC address, around 15–45 metres ahead of the victim, all with velocities biased towards the simulation boundary. The intention: lead the targeted drone toward a designated area. In a real deployment, this could steer drones into restricted airspaces, dangerous locations, or obstacles.

The attack was remarkably effective with little overhead. The victim drone was steered 93 metres off its course, using only 38 packets and 3 fake identities.

The attack's insider nature, proper authentication and plausible states are just like betrayals from those close — almost impossible to foresee. Simple behavioural and state validation techniques are unlikely to detect it, and the real-time constraints mean detection mechanisms must be computationally lightweight yet sophisticated enough to distinguish attacks from legitimate rapid manoeuvres.

Trusting is hard. Cryptography solves authentication; validation requires far more sophistication. For physical systems like drone swarms, a single compromised node can manipulate the entire flock. The fundamental tension lies in real-time constraints versus security overhead.

So what's more important: trust or performance? Perhaps graceful degradation when trust breaks is the answer.

[1] M. J. Dworkin, "Recommendation for block cipher modes of operation," NIST Special Publication 800-38B, 2016. nist.sp.800-38b