RU2704268C1 - Method, system and device for cryptographic protection of communication channels of unmanned aerial systems - Google Patents

Method, system and device for cryptographic protection of communication channels of unmanned aerial systems Download PDF

Info

Publication number
RU2704268C1
RU2704268C1 RU2018118339A RU2018118339A RU2704268C1 RU 2704268 C1 RU2704268 C1 RU 2704268C1 RU 2018118339 A RU2018118339 A RU 2018118339A RU 2018118339 A RU2018118339 A RU 2018118339A RU 2704268 C1 RU2704268 C1 RU 2704268C1
Authority
RU
Russia
Prior art keywords
uav
key
nsu
cryptographic
module
Prior art date
Application number
RU2018118339A
Other languages
Russian (ru)
Inventor
Кирилл Викторович Борисов
Ирина Евгеньевна Любушкина
Сергей Петрович Панасенко
Юрий Васильевич Романец
Артем Владимирович Сиротин
Владимир Кимович Сырчин
Original Assignee
Общество с ограниченной ответственностью Фирма "Анкад"
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Общество с ограниченной ответственностью Фирма "Анкад" filed Critical Общество с ограниченной ответственностью Фирма "Анкад"
Priority to RU2018118339A priority Critical patent/RU2704268C1/en
Application granted granted Critical
Publication of RU2704268C1 publication Critical patent/RU2704268C1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication

Abstract

FIELD: cryptography.SUBSTANCE: group of inventions relates to secure wireless communication systems and is intended to protect wireless communication channels between an unmanned aerial vehicle (UAV) or similar remotely controlled apparatus and a ground control station (GCS). Technical result is achieved using key carriers equipped with cryptographic functions, UAV and GCS mutual authentication scheme based on asymmetric cryptographic keys combined with common symmetric key calculation circuit, and a circuit for generating a session master key and encryption keys and calculating an simulator for subsequent generation of a secure wireless communication channel between the UAV and the GCS, which enables encryption of the transmitted information and monitoring its integrity, wherein the mutual authentication schemes, the common symmetric key calculations and the session keys generation are developed taking into account the UAV application specifics and the wireless communication channels formation between the UAV and the GCS.EFFECT: provision of cryptographic protection of control channels, telemetry and data transfer of UAV payload from unauthorized access to data transmitted via data channels and its unauthorized modification.49 cl, 4 dwg

Description

The invention relates to the field of secure wireless communication systems and is intended to protect wireless communication channels between an unmanned aerial vehicle (UAV) or a similar remotely controlled device and a ground control station (NSU). Its use will allow to obtain a technical result in the form of cryptographic protection of control channels, telemetry and data transfer of the UAV payload from unauthorized access (unauthorized access) to information transmitted through these channels and from its unauthorized modification.

Unmanned aerial systems (LHC), as a rule, include a ground control station, an unmanned aerial vehicle and communication channels between them. Depending on the characteristics and tasks of the UAV, it can be controlled both automatically and manually using commands transmitted by the operator to the UAV via the remote control (RC), which is a special case of a ground control station.

Protection of communication channels between the NSO and the UAV from external software and hardware impacts is currently one of the most pressing problems. Attacks on UAVs can be aimed at intercepting control, disabling UAVs, receiving or distorting information transmitted by the UAV payload, or for further attacks on NSOs and systems interacting with it.

Currently, there are many means of protecting the integrity and confidentiality of information transmitted through various communication channels, including wireless. However, there is a certain specificity of LHC protection, determined by a combination of unauthorized or accidental access to LHC systems, as a result of which there may be a violation of confidentiality (copying, illegal distribution), integrity (destruction, alteration) and accessibility (blocking) of information. In particular, when developing protective equipment for the LHC, it is necessary to take into account the following features (see, for example, [1-3]):

1. UAVs, like other robotic systems, usually operate under the control of operating systems (OS), specially designed to control robotic systems and systems, among which are specialized real-time operation systems (RTOS). One of the main requirements for such OSs is the requirement to ensure predictability or determinism of system behavior in the worst external conditions, which differs sharply from the requirements for general-purpose OSs, which mainly relate to their performance and the possibility of application on various hardware platforms.

2. The UAV is a complex integrated automated system - the equipment and components on board the UAV are structurally integrated into systems designed to solve individual problems. Individual systems can be combined into larger structural elements - complexes. A complex of on-board equipment is a set of functionally connected systems, devices, sensors, computing devices. The UAV control system provides control and interaction between all UAV complexes or systems.

3. UAVs in the general case can also be represented as a telecommunication system consisting of devices between which information is exchanged using special protocols.

In addition, the most important UAV operational characteristics are their interrelated properties such as the maximum payload weight of the UAV and the maximum duration and range of the UAV. Since UAV onboard equipment is usually powered from its own power source, which has a limited resource, all systems operating onboard UAVs must be economical, i.e. the lowest possible power consumption.

Therefore, the means of protecting information from external software and hardware influences for the onboard part of the LHC must have small overall dimensions and low resource consumption. UAV signal encryption also should not significantly complicate the process of real-time data exchange, disrupt the efficiency of the transmission of commands and information flows. Therefore, UAV communication channel protection systems should have a minimum weight and present the minimum possible requirements for computing resources in order to minimize the negative impact on the UAV basic operational characteristics listed above.

The threat of the above-mentioned attacks on UAVs may arise as a result of the formation of a threat channel between the source of the threat and the UAV. Since UAVs use channels of wireless communication with NSUs, the threat can be realized by exploiting the existing channels of wireless communication with UAVs.

In an ideal embodiment, all UAV wireless channels with NSOs should be protected (control channel, telemetry channel, and information transfer channel from the UAV payload). However, taking into account the requirements of the minimum resource consumption of UAV protection systems, in many cases the protection of only the most critical channels for the interaction of UAVs with NSOs is considered, which include the following:

- the control channel, since the main UAV threats (such as control interception or failure) are most easily implemented if the attacker successfully operates the UAV control channel (see, for example, [4, 5]);

- Telemetry channel, since the successful substitution of telemetric information by an attacker can also lead to the implementation of the UAV threats listed above.

It should be noted that at present there are a fairly large number of information protection methods for standard wireless communication protocols and their implementations (see, for example, [6]). However, their use directly to protect the communication channels of the UAV and the NSO is impossible or inappropriate for the following reasons:

1. The methods, protocols and implementations of cryptographic algorithms depend on the organization of the radio channel itself and the structure of the deployed wireless network. Direct copying of any set of information security methods and protocols for use in UAV communication channels is impossible due to the discrepancy between the principles of radio channel organization, the number of communication objects and their connectivity structure.

2. Many methods, for example, the organization of a trusted object authentication center, a key generation and distribution center, have significant redundancy when applied to the LHC.

3. The use of many security methods leads to a significant increase in the load on the communication channels and reduces the bandwidth of the channels. In the UAV control system, any excessive load on the communication channels can lead to a decrease in the transmission rate of control information and affect the controllability and flight dynamics of the aircraft itself.

4. One of the basic principles of mass communication standards is the convenience, simplicity and transparency of settings for the average user. This principle also applies to security methods, which leads to the fact that manufacturers are forced to use the default settings, which allow you to connect to communication systems, but reduce the security of data transfer.

5. Incorrect implementation of cryptographic algorithms and especially cryptographic key management systems, as well as their development without taking into account the features of subsequent application, lead to the presence of vulnerabilities in such implementations (see, for example, [7]).

Note that the specifics of UAV application requires the use of specially adapted for UAV schemes for generating, distributing and using key information that are significantly different from those in conventional wireless communication security protocols.

The applicant’s analysis of patent and scientific and technical information showed the presence of patents for methods, devices and information protection systems based on the use of cryptographic algorithms and designed to protect the communication channels of UAVs or similar devices or easily adapted for use for these purposes.

For example, in US patent US 8219799 dated July 10, 2012 [8] Lockheed Martin Corporation proposes a secure communication system including a data processor, an Internet protocol converter that converts data, an encryptor / decoder for additional security, and a cryptographic module , evaluating the level of data security and checking cryptographic keys. The communication processor provides real-time control and can change the source or recipient of the data, encryption key, security level, communication protocol in response to sensor data received from a communication object or from command signals from a connected or remote control system.

In US patent US 9531689 dated 12/27/2016 [9] a method and system for encrypting and decrypting data in a memory device and in data packets transmitted over a communication network is proposed. The system consists of two network processing devices, one of which is intended for reception and storage of transmitted data, and the second for their transmission. When transmitting, information is encapsulated in a frame of data packets, which is a hallmark of the transmitted data. Packages can be compressed before encryption. The patented system can be used to protect communication channels in the LHC.

In Chinese patent CN 105491564 dated 04/13/2016 [10], a method is proposed for establishing secure communication in an environment with multiple UAVs using a reliable interaction protocol to avoid false requests and responses. Data is encrypted using a private key, which ensures the confidentiality of messages.

A significant part of patents is devoted to identification, authentication and authorization of access objects and subjects in systems using UAVs.

For example, the Chinese company SZ DJI Technology protected a group of patents with authentication systems and UAV flight rules generation methods that contain an authentication center and a flight control system configured to control access to UAVs based on authentication of UAVs and the corresponding UAV user by their identifiers (in particular, US patents US 9412278 from 08/09/2016 [11], US 9805372 from 10/31/2017 [12], US 9805607 from 10/31/2017 [13], US 9870566 from 01/16/2018 [14]).

In the international patent WO 2017042403 dated March 16, 2017 [15], the Spanish company Tecteco Security Systems patented a method and device for creating secure control mechanisms for air navigation of unmanned vehicles, increasing the safety of UAV air navigation by means of authentication, authorization and protection mechanisms against current technical vulnerabilities.

In US patent US 9542850 dated January 10, 2017 [16], a method and device for secure communication with UAVs are proposed that provide UAV authentication upon request for a flight. Based on the results of this procedure, on the basis of information about the UAV components, the possibility of a flight is determined and the flight path is calculated, instructions on the flight route are transmitted and permission is issued for the flight. The UAV credentials, on the basis of which its authentication is performed, include, in particular, the private encryption key, the public key certificate and the UAV identification number.

The American company Microsoft Technology Licensing has patented an authorization system for UAVs, which controls access to UAV control (US patent US 9651944 dated 05.16.2017 [17]). This system contains a UAV controller connected via an interface to a control authorization unit containing a processor, a communication interface, and memory. Receiving the identification code from the UAV controller, which is entered by the operator, the authorization tool checks its compliance with the stored signed digital certificate. A similar authentication procedure is carried out for any received control team. If the digital certificate is not valid, the authorization tool does not allow the operator to initiate control instructions and does not transmit the UAV control instruction.

In addition to solutions to ensure the protection of UAV channels using cryptographic algorithms, it is worth paying attention to a number of patents that provide protection of transmitted information without the use of cryptography.

For example, in the international patent WO2005020445 dated November 10, 2005 [18], special microwave antennas for safe data transmission, providing reliable point-to-point communication in short-range wireless data networks, and a transponder with high directivity of the signal and an additional jamming signal of the same spectrum, preventing the interception of transmitted messages.

Of interest is also the Northrop Grumman Systems proposed method for protecting communications between UAVs and spacecraft at a frequency in the range of 50-70 GHz according to US patent US 8594662 dated November 26, 2013 [19], which includes selecting a signal frequency based on the flight altitude the plane and the angle between the spacecraft and the plane.

In addition, a fairly large number of patents are devoted to methods and means of distributing key information that can be used in UAVs or similar remotely controlled devices.

For example, in US patent US 5841864 dated 11.24.1998 [20], Motorola proposed a method that provides one-way device authentication and exchange of session keys based on a pre-shared secret for the subsequent protection of messages transmitted over the communication channel.

In US patent US 6816970 dated November 9, 2004 [21] IBM Corporation proposed a three-step method for mutual authentication and exchange of session symmetric keys based on an open key distribution scheme, and session keys can be used subsequently to protect the communication channel between authentication subjects, and to encrypt the data stored on them.

Closest to the proposed method and system of cryptographic protection of communication channels of the LHC (prototype) are the method and system of secure control and monitoring of remotely controlled devices proposed by The Charles Stark Draper Laboratory (USA) and described in US patent US 9871772 dated January 16, 2018. [22].

The system and method, considered as a prototype, provide a sufficiently high level of data transfer security for small devices with limited computing resources, which are controlled via a wireless communication channel. A special case of such devices are UAVs.

The main components of the system described in US patent US 9871772 are as follows:

- a remotely controlled device (RCD - Remotely Controlled Device), the analogue of which is an UAV;

- The main control element (PCE - Primary Control Element), the analogue of which is the NSI;

- optional control element - an additional control station located in front at the estimated course of movement of the controlled vehicle (FO - Forward Observer).

The method described in US patent US 9871772 consists in performing the following sequence of actions on the part of the RF:

1. The RFE requests and receives its parameters from the RCD.

2. Based on the obtained parameters, the PCE selects the public key associated with a particular RCD instance.

3. The RFE generates the main (first) key set, valid during the upcoming RCD mission and including the master key of this RCD instance.

4. PCE encrypts the generated key set using the RCD public key.

5. The encrypted key set is transmitted to the RCD via the key download interface.

6. PCE encrypts the first command intended for RCD on the first encryption key generated from the master key of this RCD instance.

7. The first command and the information necessary for the authentication of the PCE by the RCD (authentication label) is sent to the RCD via a wireless communication channel.

It is assumed that the key loading interface in RCD is used once (in preparation for a specific mission) and, by definition, is trusted, i.e. represents, for example, a wired interface that is used only in a trusted environment, while further sending of commands is carried out via a wireless interface that is not trusted.

In turn, the RCD performs the following sequence of actions that respond to actions initiated by the RFE and described above:

1. RCD receives an encrypted key set from the RFE.

2. RCD decrypts the key set to get its master key from it.

3. The RCD receives the first encrypted command from the PCE over the wireless communication channel.

4. RCD authenticates the PCE based on the received authentication token using the preloaded hash key.

5. RCD decrypts the first command received on the first encryption key generated from the master key.

Subsequently, the commands transmitted to the RCD from the PCE side are encrypted on the currently used encryption key, which synchronously changes to RCD and PCE after a certain number of commands (including the option of changing the key after each command) or at predetermined time intervals.

RCD parameters can include either an identifier that uniquely identifies a specific RCD instance or an RCD directly public key. Parameters can be printed on the outer surface of the RCD (for example, in the form of a barcode) and read optically or can be stored in the memory of the near-field RFID tag (NFC - Near-Field Interface) and read using the appropriate reader.

If there is one or more additional control stations (FO), the sent control commands to the RCD from the FO side are encrypted using an additional (second) key set containing an additional master key designed to protect the wireless communication between the FO and a specific RCD instance . The mechanisms for generating current encryption keys from this master key and changing them are similar to those in the interaction of PCE and RCD.

PCEs and FOs can simultaneously manage multiple instances of RCD, and the principles of interaction between system components described above do not change.

US patent US 9871772 also describes one of the possible options for implementing a hardware module that provides protection of communication channels according to the proposed method (cryptographic module). The description of the patent states that the cryptographic module should be implemented as a dedicated device, and the specific implementation of the algorithms underlying the patented method can be performed in hardware (in the form of specialized microcircuits) or software (in the form of programmable logic integrated circuits or in the form of software software running on general purpose microprocessors (microcontrollers)). We also note that the algorithms of the cryptographic module are slightly different depending on its specific application (on RCD, PCE or FO); nevertheless, all these system components can be equipped with the same type of cryptographic modules with the possibility of their parameterization to provide various applications. The cryptographic module described in US patent US 9871772 is a prototype of the claimed device.

In addition to the main (first) and additional (second) key sets described above, the method allows the use of a third key set to protect data transmitted wirelessly from the RCD to the PCE, and a fourth key set to protect data transmitted wirelessly from side RCD on FO.

Note that US patent US 9871772 describes a number of variations of the method of secure control and monitoring of remotely controlled devices, the differences between which are as follows:

- What specific parameters are used to identify the RCD, how they are stored and read;

- by what principle is the change of current encryption keys carried out;

- how are encryption keys stored on the RCD;

- Are electronic signature methods used to protect the integrity of key sets uploaded to the RCD;

- whether the same type of cryptographic modules are used on all components of the system;

- Is the procedure for securely establishing a connection between RFE and FO used?

- how the key sets are managed and used when there are several FOs in the system;

- is it possible to control several RCDs simultaneously from the PCE and FO;

- whether the third and fourth key sets are used to protect data transmitted from the RDC over the wireless communication channel, respectively, on the PCE and FO.

The proposed by the applicants method of cryptographic protection of communication channels LHC has a number of advantages compared to the method described in the prototype, which boils down to the following:

1. A simplified protocol for the distribution of key information in comparison with the prototype, without compromising the quality of protection. In addition, the proposed key information distribution protocol provides protection against man-in-the middle (MITM) attacks, while the prototype description explicitly states that the key distribution schemes used do not provide protection against this class of attacks.

2. Performing in all cases only mutual authentication of the UAV and the NSO, while the prototype does not provide for FO authentication by RCD, which can lead to potential interception of RCD by introducing false FOs into the system.

3. In addition to cryptographic protection, the claimed method also provides an additional protection factor based on a pseudo-random reconfiguration of the radio parameters between the UAV and the NSO.

4. The inventive method involves, in addition to the control and telemetry channels, encryption of UAV payload information transmitted to the NSU, while in the prototype the encryption of the control channel is mandatory, encryption of the telemetry channel is optional, and only encryption of the video signal, and only if it is used for remote control of the RCD by the PCE or FO and only to the extent necessary for such control.

5. The inventive method involves the possibility of implementing the algorithms and protocols of cryptographic protection of the LHC communication channels provided by it, not only in a dedicated cryptographic hardware module, but also in the form of software modules running directly on the UAV flight controller or on the computing resources of existing NSO equipment. The absence of the need to install a hardware cryptographic module on UAVs, on the one hand, does not require structural changes in UAVs and, on the other hand, to a much lesser extent (only due to additional energy consumption) worsens the main operational characteristics of UAVs, i.e. maximum UAV payload weight and / or maximum duration / range.

6. The inventive method improves the quality of the protection of the communication channels of the LHC compared to the prototype, since it involves encrypting the entire message, while in the described structure of the message of the prototype there are unencrypted service fields (“bypass” fields) through which information leakage is theoretically possible.

7. The inventive method also assumes that the hardware or software implementation of cryptographic transformations is equipped with additional modules that provide monitoring of the health of modules performing cryptographic transformations, as well as their self-testing - at startup and periodically during operation.

The cryptographic protection system of the LHC communication channels proposed by the applicants implements the proposed method and, in addition to the advantages of the cryptographic protection method of the LHC communication channels described above, also has the following advantages compared to the system described in the prototype:

1. In contrast to the prototype, in which the message structure between the system components and the command system is rigidly fixed, the claimed system does not impose restrictions on the command system used. This makes the claimed system significantly more flexible and universal, since the system can be built on a much wider range of equipment used in UAVs and NSUs, while the system described in the prototype can only be implemented on equipment that implements the described message structure and command system , i.e. on equipment originally designed for use in such a system.

2. The ability to implement a cryptographic module in the form of software modules that are executed directly on the UAV flight controller allows, on the one hand, to reduce the cost of the system as a whole compared to the prototype and, on the other hand, to implement the system using a wider range of existing equipment like UAVs, and NSI, because it does not require structural changes to the hardware of the existing UAV / NSI to ensure the connection of the hardware cryptographic module provided for by the prototype m.

The inventive device is one of the options for implementing the proposed method of cryptographic protection of communication channels LHC.

The technical result is achieved as follows:

1. The method of cryptographic protection of communication channels between the NSO and the UAV consists in the following sequence of actions:

Step 1) Using a key NSU carrier equipped with computing resources and non-volatile memory, as well as cryptographic functions, a pair of asymmetric NSU keys is generated: secret and public NSU keys.

Step 2) Using a key UAV carrier equipped with computing resources and non-volatile memory, as well as cryptographic functions, a pair of asymmetric UAV keys is generated: secret and public UAV keys.

Step 3) The NSU and UAV public keys are copied to, respectively, the UAV key carrier and NSU key carrier, after which the NSU key carrier contains the NSU secret and public UAV keys and the UAV public key, and the UAV key carrier contains the UAV secret and public keys and the public NSU key.

Step 4) The UAV cryptographic module, equipped with software or hardware implementation of cryptographic algorithms, the ability to initiate message transfer to the NSO and the optional ability to block the port connecting the UAV flight controller to communication channels, initiates the generation of a common secret pre-master key (intended for further generation of a master key based on it) based on the UAV secret key and the NSU public key.

Step 5) The UAV cryptographic module reads the UAV public key, the NSU public key and the common secret pre-master key from the UAV key carrier.

Step 6) The NSU cryptographic module, equipped with software or hardware implementation of cryptographic algorithms, the ability to initiate message transfer to UAVs and the optional ability to block the exchange interface with the UAV control software, initiates the generation of a common secret pre-master key based on the secret key carrier of the NSU NSU key and UAV public key.

Step 7) The cryptographic module of the NSO reads the public key of the NSO, the public key of the UAV and the common secret pre-master key from the key carrier of the NSO.

Step 8) The cryptographic module of the UAV checks the state of its readiness for operation.

Step 9) The UAV cryptographic module initiates sending a message to the NSO cryptographic module containing the UAV public key and a random number of UAVs.

Step 10) The NSU cryptographic module, which is in the standby mode of messages from the communication channel, receives this message from the UAV and checks if it has received the UAV public key. If the NSI cryptographic module does not have such a public key, then the NSI cryptographic module ignores the received message and returns to the message standby mode.

Step 11) The cryptographic module of the NSU initiates the sending of a response message to the cryptographic module of the UAV containing the public key of the NSU and a random number of NSUs.

Step 12) The cryptographic module of the UAV receives a response message from the cryptographic module of the NSU and checks whether it has received the public key of the NSU. If the NSI cryptographic module does not have such a public key, then the UAV cryptographic module ignores this message and returns to step 9.

Step 13) The UAV cryptographic module generates a master key (intended for further generation of session cryptographic keys based on it) based on a pre-master key, a random number of UAVs and a random number of NSOs.

Step 14) The cryptographic module of the NSO generates a master key based on the pre-master key, a random number of UAVs and a random number of NSU.

Step 15) The cryptographic module of the UAV on the basis of the master key generates a session encryption key and a session key for calculating the insert.

Step 16) The cryptographic module of the NSO, based on the master key, generates a session encryption key and a session key for calculating the insert.

Step 17) The UAV cryptographic module generates a test message encrypted on the generated session encryption key and initiates its sending to the NSU cryptographic module.

Step 18) The NSU cryptographic module receives and decrypts the test message from the UAV cryptographic module and checks its compliance with the expected test message. If the test message does not meet the expected one, then the NSU cryptographic module considers that an error has occurred in establishing session cryptographic keys, and returns to the message waiting mode.

Step 19) The NSU cryptographic module generates a response test message encrypted on the generated session encryption key and initiates its sending to the UAV cryptographic module.

Step 20) The UAV cryptographic module receives and decrypts the test message from the NSU cryptographic module and checks its compliance with the expected test message. If the test message does not match the expected one, then the UAV cryptographic module considers that an error has occurred in establishing session cryptographic keys, and returns to step 9.

Step 21) The cryptographic module of the UAV sets the ready-to-work flag.

Step 22) The cryptographic module of the NSO sets the flag for readiness for work.

Step 23) The UAV cryptographic module opens the connection port of the flight controller.

Step 24) The cryptographic module of the NSO opens the interface of exchange with software that manages the UAV.

Step 25) Further information exchange via control and telemetry channels between the NSO and the UAV is carried out in a secure mode using encryption based on the generated session encryption key and with integrity monitoring based on the generated session authentication calculation key.

The inventive method also applies to various variations of the above sequence of actions, which include, but are not limited to, the following:

- is a pseudo-random reconfiguration of the radio parameters between the UAV and the NSO used

- is it intended to equip cryptographic modules with the capabilities of performance monitoring and self-testing;

- Is it possible to use cryptographic modules to encrypt payload data transmitted from UAVs to NSOs?

- Is it possible to simultaneously control several UAVs from one NSO, etc.

2. The system of cryptographic protection of communication channels between the NSO and the UAV includes the following components:

Component 1) The cryptographic module of the NSU, which implements the claimed method of cryptographic protection of communication channels between the NSU and the UAV in the part of the NSU, implemented in hardware or software on a dedicated hardware device equipped with computing resources, an interface for connecting the key carrier of the NSU and software or hardware implementation of cryptographic algorithms, generation functions random or pseudo-random numbers and interaction functions with the key carrier of the NSO, as well as the possibility of initiating the transmission of messages on UAV and optional feature software blocking communication interface performing UAV control of a dedicated hardware device is connected in the gap between the main computing module and NSO transceiver NSO.

Component 2) A UAV cryptographic module that implements the claimed method of cryptographic protection of communication channels between an NSU and an UAV in terms of UAVs, implemented in hardware or software on a dedicated hardware device equipped with computing resources, the ability to connect key UAV media and software or hardware implementation of cryptographic algorithms, generation functions random or pseudo-random numbers and interaction functions with a UAV key carrier, as well as the possibility of initiating community transmission on the NSC and the optional ability to block the port for connecting the UAV flight controller to the communication channels, while a dedicated hardware device is connected to the gap between the UAV flight controller and the UAV transceiver.

Component 3) The key carrier of the NSU, equipped with computing resources and non-volatile memory, as well as cryptographic functions.

Component 4) A key UAV carrier equipped with computing resources and non-volatile memory, as well as cryptographic functions.

The cryptographic module of the NSI can be implemented in software and run directly on the main computing module of the NSI, which in this case should be equipped with an interface for connecting the key carrier of the NSI.

The UAV cryptographic module can also be implemented in software and run directly on the UAV flight controller; in this case, the UAV should be equipped with an interface for connecting the key carrier of the UAV.

The inventive system also extends to the option of providing cryptographic protection of communication channels between the NSU and the UAV while simultaneously controlling several UAVs from one NSU, regardless of the specific implementation of the cryptographic module of the NSU and the cryptographic module of the UAV listed above.

The composition of the claimed system may also include a key center that provides centralized generation of cryptographic keys and the preparation of key carriers of UAVs and key carriers of NSOs.

3. The device of cryptographic protection of communication channels between the NSU and the UAV is made on a common board and contains the following elements:

Element 1) The control microcontroller, which includes the following software functional modules running on the control microcontroller:

- a control module that manages the remaining software modules and elements of the device;

- module for ensuring confidentiality and integrity of information exchange;

- authentication module;

- a module for generating and processing key information;

- a module for generating random or pseudo-random numbers;

- interaction module with a key medium;

- a module for interaction with a transceiver.

Element 2) Non-volatile memory for storing the above software modules.

Element 3) Interface for connecting to an external computing device.

Element 4) An interface for interacting with a key medium.

Element 5) The interface of interaction with the transceiver.

In addition to those listed above, the following software modules running on it can be included in the control microcontroller:

- device self-test module;

- the integrity control module of the device software.

As a result of the analysis of the prior art by the applicant, including a search by patent and scientific and technical sources of information and identification of sources containing information about analogues of the claimed technical solution, no source was found characterized by features identical to all the essential features of the claimed technical solution set forth in the claims .

The determination from the list of identified analogs of the prototype as the closest analogue in terms of the totality of features made it possible to establish the combination of the distinguishing features of the claimed method, system and device for the cryptographic protection of communication channels of unmanned aerial complexes that are essential to the applicant’s technical result. An additional search carried out by the applicant did not reveal known solutions containing features that match the distinctive features of the claimed system. Therefore, the claimed technical solution meets the criterion of "novelty."

The claimed technical solution does not follow for the specialist explicitly from the prior art and is not based on a change in quantitative characteristics. Therefore, the claimed technical solution meets the criterion of "inventive step".

Graphic Images:

In FIG. 1 and FIG. 2 shows simplified diagrams of the main algorithm of the main variant of the method of cryptographic protection of communication channels between the NSU and the UAV described above, where:

- in FIG. 1 shows a diagram of the preliminary stage of the main algorithm;

- in FIG. 2 is a diagram of the regular operation phase of the main algorithm. The block numbering in FIG. 1 and FIG. 2 corresponds to the step numbers of the main algorithm:

1 - step of generating a key pair of the NSO;

2 - step for generating a UAV key pair;

3 - step of exchanging public keys;

4 - step for generating a pre-master key on the UAV side;

5 - step of reading keys from the key carrier of the UAV;

6 - step for generating a pre-master key on the NSU side;

7 - step of reading keys from the key carrier of the NSU;

8 - step to verify UAV readiness;

9 - step of sending the public key and a random number of UAVs;

10 - step verification of the UAV public key;

11 is a step of sending a public key and a random number of NSOs;

12 - step verification of the public key of the NSO;

13 is a step for generating a master key on the UAV side;

14 is a step for generating a master key on the NSO side;

15 is a step for generating session keys on the UAV side;

16 is a step for generating session keys on the NSO side;

17 is a step for sending a test message;

18 is a test message verification step;

19 is a step of sending a response test message;

20 is a step for verifying a response test message;

21 - step of setting the flag of UAV readiness for operation;

22 - step of setting the flag of readiness of the NSO to work;

23 is a step of opening a port for connecting a flight controller;

24 is a step of opening an exchange interface with UAV control programs;

25 is a step of exchanging information in a secure mode.

In FIG. 3 shows a diagram of the cryptographic protection system of communication channels between the NSO and the UAV, where:

101 - a complex of onboard equipment UAV;

102 - equipment of the NSU;

103 - communication channel between the UAV and the NSO;

104 is the key center of the system.

Components of the UAV 101 avionics complex:

111 - flight controller;

112 - the key carrier of the UAV;

113 - cryptographic module UAV;

114 - transceiver UAV. Components of NSU 102 equipment:

121 - the main computing module of the NSU;

122 - UAV control software;

123 - cryptographic module of the NSU;

124 - a key carrier of NSOs;

125 - transceiver NSI.

In Fig. 4, a block diagram of a cryptographic protection device for communication channels between an NSU and an UAV is presented, where: 201 is a general device board;

211 - control microcontroller;

212 - non-volatile memory;

213 - interface for connecting to an external computing device;

214 — an interface for interacting with a key medium;

215 is a communication interface with a transceiver. Software function modules running on the control microcontroller 211:

221 - control module;

222 - module for ensuring confidentiality and integrity of information exchange;

223 - module authentication and establishing a secure connection;

224 - a module for generating and processing key information;

225 - module generating random or pseudo-random numbers;

226 — interaction module with a key medium;

227 - module of interaction with the transceiver;

228 - device self-test module;

229 - module integrity control software device.

In accordance with FIG. 1 and FIG. 2, the method of cryptographic protection of communication channels between the NSO and the UAV consists in performing the sequence of steps described below.

At the preliminary stage, asymmetric keys are generated and the UAV and NSO public keys are exchanged. At this stage, the main actions are performed by key carriers of UAVs and NSOs. At the same time, these actions are initiated by devices external to key carriers, for example, cryptographic modules of UAVs and NSUs.

To perform the operations provided for by the method, key carriers must be devices equipped with at least:

- computing capabilities;

- the operating system and / or control firmware;

- operational and non-volatile memory;

- cryptographic functions.

As key carriers smart cards with a contact or contactless interface can be used, which correspond to the families of standards GOST R ISO / IEC 7816 [23] and / or GOST R ISO / IEC 14443 [24]. An example of such smart cards is a smart card based on the domestic MIK51SC72D chip manufactured by Mikron PJSC.

As an alternative to a key medium, cryptographic tokens connected to a USB port and having a command system similar to that described in the standard GOST R ISO / IEC 7816-4-2013 [25] can be used. An example of such tokens is the Rutoken device manufactured by Active-Soft CJSC.

The options, the capabilities of key carriers and the requirements for them will be described in more detail below - in part of the description of the claimed cryptographic protection system for communication channels between the NSO and the UAV.

An external device that interacts with key media must have a hardware and software interface for connecting key media. For example, when using smart cards as key carriers, the external device must be equipped with a smart card reader and an appropriate software module that provides interaction with the reader and smart card.

Step 1) Using the key carrier of the NSO, a pair of asymmetric NSU keys is generated: the secret and public keys of the NSO.

To generate a key pair when using smart cards or cryptographic tokens as key carriers, the GENERATE ASYMMETRIC KEY PAIR command of the standard GOST P ISO / IEC 7816-4-2013 can be used [25]. This command also allows you to get the value of the generated public key from the key medium, which can be used in step 3, where the keys are exchanged.

When using the smart cards presented as examples based on the domestic MIK51SC72D microcircuit or the Rootoken device, a key pair is generated that complies with GOST R 34.10-2001 [26] and / or GOST R 34.10-2012 [27].

Step 2) Using the UAV key carrier, a pair of asymmetric UAV keys is generated: the UAV secret and public keys.

Step 3) The NSU and UAV public keys are copied to, respectively, the UAV key carrier and NSU key carrier, after which the NSU key carrier contains the NSU secret and public UAV keys and the UAV public key, and the UAV key carrier contains the UAV secret and public keys and the public NSU key.

As a result, the UAV key carrier must contain the following set of keys:

- UAV secret key;

- UAV public key;

- the public key of the NSO.

The key NSU carrier must contain the following set of keys:

- NSU secret key;

- the public key of the NSU;

- the public key of the UAV.

Since some variants of the proposed method imply the possibility of simultaneous control of several UAVs from one NSO, the key carrier of the NSO in this case should contain the public keys of all UAVs controlled from this NSO, i.e. in this case, the key carrier of the NSU must contain the following set of keys:

- NSU secret key;

- the public key of the NSU;

- public key UAV number 1;

- ...

- public key UAV number N.

An alternative option is to use on the NSO side separate key carriers for interaction with each of the controlled UAVs. In this case, the nth key carrier from the key NSU carriers contains the following set of keys:

- NSU secret key;

- the public key of the NSU;

- public key UAV number n.

The options described above for distributing UAV public keys to key NSO carriers can be combined.

Key storage, identification and comparison with a specific UAV can be carried out in various ways. For example, each public key can be stored in a separate key file in the file system of the smart card, with the file name being a number corresponding to the number of a specific UAV.

Thus, after completing step 3, the formation of sets of keys on the key carriers of the UAV and the NSU is completed.

Further steps relate to the regular operation phase of the main algorithm that implements the claimed method of cryptographic protection of communication channels between the NSO and the UAV. They are performed after the formation of sets of keys on key carriers of the UAV and NSU, produced at the preliminary stage, and are carried out by cryptographic modules of the UAV and NSU. The main result of this stage is the establishment of a secure exchange between UAVs and NSOs.

Cryptographic modules are designed to implement transformations within the framework of the algorithms provided by the claimed method, for which each cryptographic module must include a hardware or software implementation of all the necessary functions and algorithms. In more detail, the options, the capabilities of cryptographic modules and the requirements for them will be described later - in part of the description of the claimed cryptographic protection system for communication channels between the NSO and the UAV.

Cryptographic modules can be equipped with various self-testing and health monitoring mechanisms, including, for example, the following:

- integrity control of downloadable and executable software modules;

- performance of test tasks (in terms of cryptographic algorithms);

- quality control of random numbers generated, etc.

In this case, the UAV cryptographic module must complete the self-test procedure before performing step 4 and interrupt the operation of the algorithm with the generation of the corresponding error code / error message if the self-test showed an error situation.

A similar self-test with similar consequences in case of detection of an error situation should be performed by the cryptographic module of the NSO before performing step 6.

In the future, a self-test by the cryptographic module of the UAV and the NSO can be performed periodically as the secure exchange of information between the UAV and the NSO is performed.

Step 4) The UAV cryptographic module initiates the generation by the UAV key carrier of a common secret pre-master key (intended for further generation of a master key based on it) based on the UAV secret key and the NSU public key.

The generation of a common secret pre-master key based on the UAV secret key and the NSU public key can be performed in various ways. In particular, the Diffie-Hellman algorithm on elliptic curves (see, for example, [28]) or the VKO_GOSTR3410_2012 algorithm [29] can be used for this.

To generate a shared secret pre-master key when using smart cards or cryptographic tokens as key carriers, the GENERAL AUTHENTICATE command of the standard GOST R ISO / IEC 7816-4-2013 can be used [25].

Step 5) The UAV cryptographic module reads the UAV public key, the NSU public key and the common secret pre-master key from the UAV key carrier.

As mentioned above, the public keys of both the UAV and the NSO can be stored in the file system files of the key carrier. In this case, their reading can be carried out by the file functions of the key medium (see, for example, [25]).

When using smart cards or cryptographic tokens as a key medium, a shared secret pre-master key can be obtained from the key medium as a result of executing the GENERAL AUTHENTICATE command of the standard GOST R ISO / IEC 7816-4-2013 [25].

Since after performing this step, further use of the UAV key carrier by the claimed method is not provided, the UAV key carrier can be disconnected from the cryptographic module. In addition, in order to minimize the weight of the equipment (and, accordingly, minimize the deterioration of the UAV basic operational characteristics listed above) used to implement the proposed method, the hardware of the interface for connecting the UAV key carrier can be disconnected from the cryptographic module of the UAV. For example, when using smart cards as key carriers, a smart card reader may be disconnected from the cryptographic module, which may have a significant weight.

Step 6) The NSU cryptographic module, equipped with software or hardware implementation of cryptographic algorithms, the ability to initiate message transfer to UAVs and the optional ability to block the exchange interface with the UAV control software, initiates the generation of a common secret pre-master key based on the secret key carrier of the NSU NSU key and UAV public key.

Step 7) The cryptographic module of the NSO reads the public key of the NSO, the public key of the UAV and the common secret pre-master key from the key carrier of the NSO.

Since, after performing this step, further use of the key NSU media by the claimed method is not provided, if necessary, the key NSU media can be disconnected from the cryptographic module of the NSU.

Step 8) The cryptographic module of the UAV checks the state of its readiness for operation.

Step 8 is optional and is performed if the cryptographic module of the UAV is equipped with self-testing and performance monitoring mechanisms.

Step 9) The UAV cryptographic module initiates sending a message to the NSO cryptographic module containing the UAV public key and a random number of UAVs.

The inventive method assumes that the initiator of the described process of establishing a secure connection between the UAV and the NSU is the UAV, while the NSU is in standby mode and enters the active phase of the process, which includes a set of further steps of the algorithm, after receiving the message provided by step 9. the above steps of the regular operation stage of the algorithm related to the NSI can be performed on the NSI in advance: for example, automatically after turning on the NSI or connecting the key carrier of the NSI, by the command ora NSU, etc. After that, the NSO goes into standby mode.

In the case when one NSO is used to control several UAVs at the same time, it should be able to perform further steps of the algorithm in parallel with all or part of the UAV as it receives the message from step 9 from any UAV.

Unlike the NSU, the UAV initiates the active phase of the process of establishing a secure connection between the UAV and the NSU; therefore, the UAV does not have a standby mode: the algorithm’s regular operation can be started on the UAV automatically when it is turned on or when the UAV key carrier is connected using a special operator commands, etc.

Step 10) The NSU cryptographic module, which is in the standby mode of messages from the communication channel, receives this message from the UAV and checks if it has received the UAV public key. If the NSI cryptographic module does not have such a public key, then the NSI cryptographic module ignores the received message and returns to the message standby mode.

Step 11) The cryptographic module of the NSU initiates the sending of a response message to the cryptographic module of the UAV containing the public key of the NSU and a random number of NSUs.

Step 12) The cryptographic module of the UAV receives a response message from the cryptographic module of the NSU and checks whether it has received the public key of the NSU. If the NSI cryptographic module does not have such a public key, then the UAV cryptographic module ignores this message and returns to step 9.

Thus, if the step of establishing a secure connection, consisting of performing steps 9-12, is unsuccessful, the UAV cryptographic module initiates a second attempt to establish a secure connection.

Step 13) The UAV cryptographic module generates a master key (intended for further generation of session cryptographic keys based on it) based on a pre-master key, a random number of UAVs and a random number of NSOs.

The generation of the master key based on the pre-master key can be performed in various ways. In particular, a hash algorithm (for example, GOST R 34.11-2012 [30]) or a message authentication code calculation algorithm based on hash algorithms (for example, HMAC_GOSTR3411_2012_256 [29]) can be used directly for this.

Note that the pre-master key is long-term, since it is based on the long-term keys of the NSU and UAVs, while the master key is session, because it involves random numbers of UAVs and NSUs generated respectively in steps 9 and 11 of the described an algorithm.

Step 14) The cryptographic module of the NSO generates a master key based on the pre-master key, a random number of UAVs and a random number of NSU.

Step 15) The cryptographic module of the UAV on the basis of the master key generates a session encryption key and a session key for calculating the insert.

Generation of session keys based on the master key can also be performed in various ways. In particular, for this, any of the encryption algorithms described in GOST R 34.12-2015 [31] in the simulation mode described in GOST R 34.13-2015 [32], or the key diversification function KDF_GOSTR3411_2012_256 [29] can be used.

Step 16) The cryptographic module of the NSO, based on the master key, generates a session encryption key and a session key for calculating the insert.

Step 17) The UAV cryptographic module generates a test message encrypted on the generated session encryption key and initiates its sending to the NSU cryptographic module.

For encryption of the test message (the small size of the test message is implied) any encryption mode can be applied, in particular, from those described in the standard GOST R 34.13-2015 [32].

Moreover, the inventive method does not limit the set of possible applied algorithms and encryption modes, as well as hashing algorithms, integrity control, key pair generation, common key calculation, key differentiation, etc., as well as the parameters of all these algorithms, algorithms, modes and parameters from any subset. However, to simplify the implementation of the cryptographic module, it is not recommended to use several different cryptographic algorithms for each of their categories (encryption, hashing, etc.) in the cryptographic module.

Step 18) The NSU cryptographic module receives and decrypts the test message from the UAV cryptographic module and checks its compliance with the expected test message. If the test message does not meet the expected one, then the NSU cryptographic module considers that an error has occurred in establishing session cryptographic keys, and returns to the message waiting mode.

To simplify the implementation, a constant message may be used in step 17; in this case, the verification of the correctness of the test message after its decryption is reduced to a binary or string comparison of the received and expected messages.

The encrypted test message may also include the value of the session key for calculating the self-insert, which will make it possible to verify the equivalence of the values of this key on the UAV side and on the NSU side. As an alternative, the option may be considered when, in step 17, the UAV cryptographic module also generates a test message simulated in the test message calculated on the generated session key for calculating the simulated test message and initiates its sending to the NSI cryptographic module together with the encrypted test message. In this case, at step 18, the NSO cryptographic module receives and decrypts the test message from the UAV cryptographic module, calculates the simulations on the generated session key and checks its simulations. If the test message insert is incorrect, then the NSU cryptographic module considers that an error has occurred in establishing session cryptographic keys, and returns to the message standby mode.

These comments also apply to steps 19 and 20 of the algorithm described below.

Step 19) The NSU cryptographic module generates a response test message encrypted on the generated session encryption key and initiates its sending to the UAV cryptographic module.

The time interval between sending a test message from the UAV to the NSU (step 17) and receiving a response test message (steps 19-20) can be controlled using a special timer, which can be set on the side of the UAV after step 17. In this case, if the response the test message provided by step 19, the UAV was received with exceeding the predefined time interval, such a response test message is ignored on the side of the UAV, and steps 17-19 are repeated.

Step 20) The UAV cryptographic module receives and decrypts the test message from the NSU cryptographic module and checks its compliance with the expected test message. If the test message does not match the expected one, then the UAV cryptographic module considers that an error has occurred in establishing session cryptographic keys, and returns to step 9.

Thus, if the step of establishing a secure connection, which consists in performing steps 9-20, is unsuccessful, the UAV cryptographic module initiates a second attempt to establish a secure connection.

Step 21) The cryptographic module of the UAV sets the ready-to-work flag.

Step 22) The cryptographic module of the NSO sets the flag for readiness for work.

In the event that several UAVs are controlled from one NSO at the same time, the flag of NSO readiness for operation can be set in relation to a specific UAV, i.e. the number of NSO readiness flags in this case is several - according to the number of UAVs controlled, each flag related to establishing a secure connection between the NSO and a specific UAV.

Step 23) The UAV cryptographic module opens the connection port of the flight controller.

This step is optional and is performed only if the cryptographic module of the UAV has the option of software or hardware blocking of the connection port of the flight controller. In this case, the inventive method assumes that before performing the regular operation of the main algorithm, the UAV cryptographic module blocks the connection port of the flight controller.

Step 24) The cryptographic module of the NSO opens the interface of exchange with software that manages the UAV.

This step is optional and is performed only if the cryptographic module of the NSO has the ability to programmatically or hardware lock the exchange interface with software that manages the UAV. In this case, the claimed method assumes that before performing the regular operation phase of the main algorithm, the cryptographic module of the NSU blocks this interface.

In the event that several UAVs are controlled simultaneously from one NSU and the NSU cryptographic module is capable of software or hardware blocking of the exchange interface with the UAV control software, this interface opens after the first successful establishment of a secure exchange of information with any of the UAVs controlled.

Step 25) Further information exchange via control and telemetry channels between the NSO and the UAV is carried out in a secure mode using encryption based on the generated session encryption key and with integrity monitoring based on the generated session authentication calculation key.

The inventive method does not impose any restrictions on the used algorithms and encryption modes and message integrity control. In particular, for encrypting messages, the encryption algorithms described in GOST R 34.12-2015 [31] can be used in operating modes designed for data encryption and described in GOST R 34.13-2015 [32], and for monitoring message integrity, use the same encryption algorithms in the calculation mode of the insert.

As an additional protection measure, a synchronization of the encryption keys of the transmitted data can be provided on the UAV and the NSU side, for which packet numbers can be entered in the transmitted data packets and each packet can be encrypted on a separate key, the value of which is dependent on the packet number.

In addition to exchanging information via control and telemetry channels, after step 24, the payload data transmitted from the UAV to the NSU can also be transmitted in a secure mode using encryption based on the generated session encryption key and integrity control based on the generated session authentication calculation key.

In the event that several UAVs are controlled from one NSO at the same time and the resources of one cryptographic module on the NSO side are insufficient to perform the operations provided for by the claimed method, several cryptographic modules may be installed on the NSO to perform the required operations in parallel. In this case, the software of the NSO may include the implementation of mechanisms of static or dynamic load balancing between the cryptographic modules of the NSU.

In the process of performing the actions provided by the claimed method, and within the framework of further secure data exchange between the UAV and the NSU, for the purpose of additional protection of the radio exchange, a pseudo-random reconfiguration of the radio parameters between the UAV and the NSU can be used.

The algorithm for performing the basic actions within the framework of the proposed method of cryptographic protection of communication channels of unmanned aerial systems, in addition to the steps listed above, may also include a number of additional actions for processing various error situations. The above describes only the main error situations that are directly related to the process of installing a secure data exchange between the UAV and the NSO.

In addition to them, in the process of performing the actions provided by the claimed method, other errors may occur, including those related to the loss of information packets, signals and other problems of wireless exchange between UAVs and NSOs. To process them, additional actions may be included in the algorithm described above, as an example of which can be repeated sending information packets, reinstalling the wireless connection and the like. At the same time, the processing of error situations related to the exchange of data between UAVs and NSUs can be performed both at the level of cryptographic modules of UAVs and NSUs, and at the level of transceiver devices that are part of UAVs and NSUs.

In accordance with FIG. 3, the claimed system of cryptographic protection of communication channels of unmanned aircraft systems contains the following main components:

1. The cryptographic module of the UAV 113.

2. The key carrier of the UAV 112.

3. The cryptographic module of NSU 123.

4. The key carrier of NSU 124.

The inventive system operates in accordance with the claimed method of cryptographic protection of communication channels of unmanned aerial systems.

The cryptographic module UAV 113 is designed to perform operations on the UAV side to establish a secure data exchange between the UAV and the NSU and then encrypt and protect the integrity of the data transmitted over wireless communication channels 103 between the UAV and the NSU.

Similarly, the cryptographic module of the NSO 123 is designed to perform operations on the NSO side to establish a secure exchange of data between the UAV and the NSU and then encrypt and protect the integrity of the data transmitted via wireless communication channels 103 between the UAV and the NSU.

Various implementations of the cryptographic modules of the UAV and NSU are possible, in particular:

- the UAV / NSI cryptographic module can be a dedicated hardware device connected to an external computing device and containing hardware and / or software implementation of the transformations provided by the claimed method in the form of specialized microcircuits, microcircuits with programmable logic (FPGA - programmable logic integrated circuits), software and / or firmware modules;

- the cryptographic module UAV / NSI can be a software implementation of the transformations provided for by the claimed method, performed directly on the computing resources of an external computing device.

An external computing device in this case means:

- flight controller 111 in the case of a UAV;

- the main computing module 121 of the NSO, which means the central processor or similar computing device operating as part of the main computer equipment of the NSO: the application server (if the workstation of the operator of the NSO is designed as a terminal operating according to the architecture of the “thin client”), a personal computer, laptop computer, smartphone, etc.

The choice of a specific implementation option for a cryptographic module can be affected, incl. following factors:

- the ability to connect a hardware cryptographic module to existing UAV or NSI equipment;

- the ability to download the software implementation of the cryptographic module and its implementation on existing computing resources;

- whether there are enough resources of the external computing module to carry out the software implementation of the cryptographic module, taking into account the need to run on the same resources (the UAV flight controller or the NSU main computing module) software designed to solve the main tasks of the UAV flight controller or the main NSU computing module;

- how much the connection of the UAV hardware cryptographic module will worsen the basic UAV operational characteristics (such as the maximum payload weight and maximum flight duration / range), etc.

In the cryptographic module of the UAV / NSU, the functions necessary to perform the transformations provided for by the claimed method must be implemented, including of the following:

- cryptographic algorithms and their application modes;

- cryptographic key generation functions;

- algorithms for generating random or pseudo-random numbers;

- interaction functions with a UAV key carrier (for the UAV cryptographic module) or NSI (for the NSU cryptographic module);

- functions of interaction with the main computing module, etc. The UAV cryptographic module must also be able to initiate the transmission of messages to the NSU via the UAV 114 transceiver. Similarly, the NSU cryptographic module must also be able to initiate the transmission of messages to the UAV via the UAV NSU transmitting device 125.

In the case of the software implementation of the cryptographic module, all the transformations provided by the claimed method are performed directly on the UAV flight controller or on the NSU main computing module. At the same time, to enhance protection during the software implementation of the cryptographic module the following measures can be provided:

- isolation of the processes performed as part of the software implementation of the cryptographic module from the main operating environment of the computing module;

- duplication of calculations to ensure their reliability.

A variant of a combined cryptographic module software implementation is also possible, characterized by the following features:

- if the UAV 101 avionics complex or NSU 102 equipment already includes software and / or hardware implementation of all or part of the used cryptographic algorithms or random / pseudorandom number generation algorithms, then the cryptographic module may not contain implementations of these algorithms, which In this case, they can be replaced by functions that ensure the implementation of existing in the complex of onboard equipment UAV 101 or equipment of NSU 102 implementations of cryptographic algorithms or al random / pseudo random number generation algorithms;

- the remaining required algorithms and functions are implemented programmatically in the cryptographic module of the UAV / NSU.

In the case of hardware implementation of the UAV / NSU cryptographic module, the cryptographic module can be connected to the main computing device via any interface that provides sufficient speed for transmitting the required data. Examples include USB, PCI Express, or UART interfaces, which are typical for general-purpose computer equipment (which is relevant for NSOs) and for UAV flight controllers.

The power supply of the UAV / NSU hardware cryptographic module can be carried out both via the interface of its connection to the UAV 111 flight controller or the NSU 121 main computing module, and from an external power source. The inventive system does not impose any restrictions on how to power the cryptographic modules of the UAV / NSU.

The UAV hardware cryptographic module 113 is preferably installed in the gap between the flight controller 111 and the transceiver module 114, but other installation options are possible. At the same time, it is desirable that the UAV cryptographic module (regardless of its implementation option) has the ability to block the port connecting the UAV flight controller to the communication channels, which is necessary to prevent potential leakage of insecure data through the UAV transceiver module 114. However, this feature is considered optional.

The hardware cryptographic module of the NSU 123 is also preferably installed in the gap between the main computing module of the NSU 121 and the transceiver of the NSU 125, but other installation options are possible. For the cryptographic module of the NSU (regardless of its implementation option), it is desirable to provide the ability to block the exchange interface with the software 122 that controls the UAV, which is necessary to prevent the transfer of commands to the communication channel 103 between the UAV and the NSU until the formation of a secure data exchange channel between the UAV NSU. However, this feature is also considered optional.

The cryptographic module of the UAV 113 and the cryptographic module of the NSU 123 perform various parts of the algorithm for establishing a secure communication channel between the UAV and the NSU provided by the claimed method from the UAV and the NSU, respectively. Those. the algorithms implemented by the UAV cryptographic module and the NSU cryptographic module are actually different and therefore the UAV cryptographic module and the NSU cryptographic module can be implemented in the form of various devices or various software implementations.

But since the algorithms performed by the cryptographic module of the NSU and the cryptographic module of the UAV have many common components, the cryptographic module of the UAV and the cryptographic module of the NSU can be implemented as a single device or a single software implementation, in which using a program parameter (flag) and / or hardware switch the purpose of a specific instance of the cryptographic module is specified, which determines the algorithms and / or modes of its operation, i.e. whether this instance of the cryptographic module is used as the cryptographic module of the UAV or the cryptographic module of the NSU.

In any of the above options for the implementation of cryptographic modules UAV / NSU, since the claimed method does not limit the use of specific cryptographic algorithms, modes and parameters of their work, it is necessary to ensure the compatibility of the used cryptographic modules UAV and cryptographic modules of the NSU within one instance of the claimed system, i.e. . use identical cryptographic algorithms, modes and parameters of their application in them.

At the same time, there is no need to use equivalent implementations of the UAV cryptographic module and the NSU cryptographic module within one instance of the claimed system. Those. irrespective of the specific version of the hardware or software implementation of the cryptographic module of the NSU, any version of the hardware or software implementation of the cryptographic module of the UAV can be used, taking into account the necessary compatibility of the cryptographic module of the NSU and the cryptographic module of the UAV. The absence of this restriction also applies to the case when several UAVs are controlled from one NSO at the same time: within the framework of such a system, the cryptographic modules of all UAVs and the NSU cryptographic module can be implemented in various ways, provided that they are compatible.

The UAV key carrier 112 and NSU 124 key carrier are devices equipped with at least the following components and capabilities:

- computing capabilities;

- the operating system and / or control firmware and / or other software / firmware modules that manage other components of the UAV / NSU key carrier, as well as the interaction between them and between the key carrier and the UAV / NSU cryptographic module, to which the key the media is connected;

- operational and non-volatile memory;

- software (microprogram) and / or hardware implementation of cryptographic algorithms, including algorithms for generating random or pseudorandom numbers.

The inventive system does not impose restrictions on the principles of organizing the storage of cryptographic keys and other data in non-volatile memory of the key carrier of the UAV / NSU. For example, in the non-volatile memory of the key carrier of the UAV / NSU, a file system can be provided according to the standard GOST R ISO / IEC 7816-4-2013 [25].

Cryptographic algorithms implemented in key UAV / NSU carriers and used in the process of establishing secure data exchange between UAVs and NSUs should be compatible with cryptographic algorithms implemented in UAV / NSU cryptographic modules, including in terms of modes and parameters of their operation.

The UAV key carrier 112 and the NSU key carrier 124 are connected, respectively, to the UAV cryptographic module 113 and the NSU 123 cryptographic module. Therefore, the UAV / NSU cryptographic modules must be equipped with an interface for connecting the UAV / NSU key carrier, including the port for connecting it and / or the necessary external device, interactions with the key medium (depending on the type of key medium used), and also the interaction required with the key medium (and / or external device) key with media (if available) software / firmware.

As mentioned earlier, cryptographic smart cards (smart cards based on microcircuits with cryptographic capabilities) or cryptographic tokens can be cited as examples of possible key UAV / NSU carriers. When using cryptographic tokens connected via USB, the corresponding cryptographic module must be equipped with a USB interface and an appropriate port for connecting the token. When using smart cards, the corresponding cryptographic module must be equipped not only with a USB interface, but also with a contact or contactless smart card reader connected to it.

The inventive system does not impose any restrictions on the types or models of key carriers of UAVs / NSUs, as well as on their connection interfaces and / or devices for interacting with key carriers, provided that they meet the described requirements. In addition, within the framework of one instance of the claimed system, various types / models of key carriers of UAVs and NSUs can be used, provided that the previously formulated requirement for their compatibility with the corresponding cryptographic modules of UAVs / NSUs is met.

In the case of using the software implementation of the UAV 113 cryptographic module, the UAV 101 avionics complex should be equipped with an interface for connecting the UAV key carrier, including a port for its connection and / or the necessary external device for interacting with key carrier, as well as necessary for interacting with key carrier (and / or an external device for interacting with key medium, if any) software / firmware; in this case, the cryptographic module of the UAV 113 and the key carrier of the UAV 112 should be able to interact.

In the case of using the software implementation of the cryptographic module of the NSU 123, the equipment of the NSU 102 should also be equipped with an interface for connecting the key carrier of the NSU, including the port for its connection and / or the necessary external device for interacting with the key carrier, as well as necessary for interaction with the key carrier (and / or external device for interaction with key media, if available) software / firmware; in this case, the possibility of interaction between the cryptographic module of NSU 123 and the key medium of NSU 124 should be provided.

Management of key carriers of UAVs / NSOs is carried out from an external device; key UAV / NSU carriers are passive devices that ensure the execution of certain commands initiated by an external device.

External (control) with respect to the key carrier of the UAV 112 device in the one shown in FIG. 3 variant of the claimed system is the cryptographic module UAV 113, and the external (control) device in relation to the key carrier of the NSU 124 is the cryptographic module NSU 123, regardless of the hardware or software implementation of the cryptographic module UAV / NSU and specific components of the onboard equipment complex UAV 101 or NSU equipment 102 in the case of a software implementation, respectively, of the cryptographic module of the UAV and the cryptographic module of the NSU.

Moreover, the claimed system of cryptographic protection of communication channels of the LHC does not impose restrictions on the control devices at the preparatory stage of the proposed method of cryptographic protection of communication channels of the LHC (steps 1-3 of the previously described algorithm), in which the preparation of key carriers of UAVs / NSUs, including the generation of asymmetric pairs keys and public key exchange. The preparatory phase can be performed in advance, and there is no need to prepare the UAV key carrier when it is directly connected to the UAV: UAV key carrier can be prepared at the NSU; in this case, the external (control) device with respect to the UAV key carrier is any component of the NSO equipment on which the corresponding control software is implemented (or there is a similar hardware implementation).

Moreover, the key carriers of all UAVs (including the case when several UAVs are controlled from the same NSO) and the key carrier of NSUs can be prepared at some dedicated key center 104, which performs centralized preparation of key carriers of UAVs and NSUs. In this case, the key center 104 is also considered as part of the claimed system, and the external (control) device in relation to the key carriers of the UAV / NSU is any component of the equipment of the key center on which the corresponding control software is implemented (or there is a similar hardware implementation) .

The inventive method provides that after the step of reading cryptographic keys from the UAV key carrier (step 5 of the algorithm described above), further use of the UAV key carrier is not carried out.

Therefore, after performing this step, the key carrier of the UAV can be disconnected from the cryptographic module of the UAV. In addition, in order to minimize the weight of the equipment (and, therefore, minimize the deterioration of the UAV basic operational characteristics listed above) related to the claimed system, the hardware of the interface for connecting the UAV key carrier can be disconnected from the cryptographic module of the UAV (including any hardware modules, providing interaction with key carriers, for example, smart card readers).

The inventive device cryptographic protection of communication channels LHC, a structural diagram of which is shown in Fig. 4, is one of the possible examples of the implementation of the cryptographic module, which can be used as a cryptographic module LHC or cryptographic module NSU within the claimed system of cryptographic protection of communication channels LHC.

In accordance with FIG. 4 and the functions performed by it, the claimed device consists of two main functional elements located on the general board of the device 201:

- control microcontroller 211;

- non-volatile memory 212.

Note that the control microcontroller, depending on its type and model, may contain sufficient non-volatile memory to accommodate the software modules described below and other data; in this case, the installation of dedicated non-volatile memory is not required.

The composition of the control microcontroller 211 includes software modules that run on the control microcontroller during operation of the device:

1. The control module 221, which is the main software module of the claimed device. This module provides control of all other software modules running on the control microcontroller and the interaction between them.

2. The module for ensuring confidentiality and integrity of information exchange 222. This module provides protection for information exchange between UAVs and NSOs, that is, performs, in particular, encryption of messages and control of their integrity.

It is in this module that the used cryptographic algorithms and their operation modes are implemented. If it is necessary to perform cryptographic operations in other software modules (for example, in the authentication module and establishing a secure connection 223), calls are made to the module for ensuring the confidentiality and integrity of information exchange 222 from other software modules.

3. The module of authentication and establishing a secure connection 223. This module provides authentication of the parties of information exchange and basic operations to establish a secure connection between the UAV and the NSO; it is this module that ensures the execution of the sequence of actions provided by the algorithms of the proposed method of cryptographic protection of the LHC communication channels.

The implementation of this sequence of actions is carried out in interaction with other software modules in terms of their functionality.

4. The module for generating and processing key information 224. This module provides the implementation of transformations on cryptographic keys, i.e. the calculation of derivative keys (in the algorithm described above, the calculation of the master key based on the pre-master key) and diversification of keys (in the algorithm described above, the calculation of the encryption key and the calculation key of the insertion key based on the master key).

In addition, this module initiates the key carrier UAV / NSU, connected to the cryptographic module via interface 214, key generation functions (in the algorithm described above, generating asymmetric key pairs and calculating a common secret pre-master key). Interaction with the key carrier of the UAV / NSU is carried out by this module through the module of interaction with the key carrier 226.

The key information generation and processing module 224 is also responsible for writing keys to the UAV / NSU key carrier and reading keys from the UAV / NSU key carrier.

5. The module for generating random or pseudo-random numbers 225. This module is responsible for generating random numbers based on non-deterministic physical processes or pseudo-random numbers based on deterministic algorithms, including cryptographic (the generation of pseudorandom numbers can be performed, for example, in accordance with the recommendations set forth in the document [33]). This module can also carry out procedures for monitoring the generated random / pseudo-random numbers against the criteria of randomness.

When using cryptographic algorithms to generate pseudorandom numbers, this module interacts with the module for ensuring confidentiality and integrity of information exchange 222. To initialize and (if necessary) reinitialize the process of generating pseudorandom numbers, some quantity can be used (for example, obtained from a physical random number sensor) received from an external source. An external UAV / NSU key carrier or any other data source (for example, user keyboard input) can be used as an external source. In the latter case, this value is transmitted to the control microcontroller 211 by an external computing device via an interface for connecting to an external computing device 213.

6. The key carrier interaction module 226. This module is responsible for transmitting commands initiated by other program modules (for example, key information generation and processing module 224) to the UAV / NSU key carrier through the interface with the key carrier 214 and for receiving responses from the key UAV / NSI carrier, their processing and transmission of the data received in the responses to the calling module.

The inventive device allows the possibility of using various options for key media within the same inventive system (for example, cryptographic smart cards and cryptographic tokens or cryptographic smart cards of various models). The module for interacting with key carrier 226 should include the implementation of the necessary protocols for interacting with all used types / models of key carriers of UAVs / NSUs and / or devices for interacting with them (for example, smart card readers). All differences in protocols and other aspects of interaction with various types / models of key carriers should be worked out precisely at the level of the module for interaction with key carrier 226, which should provide other program modules with a single interface for interaction with key carriers of UAVs / NSOs, independent of their specific types or models.

7. The module of interaction with the transceiver 227. This module is responsible for the transfer of information from the claimed device to the transceiver module, which is part of the complex of onboard UAV equipment or NSC equipment, as well as for the reception and processing of information from the transceiver module. In addition, this module may be responsible for locking and unlocking the transceiver module.

Interaction with the transceiver module is carried out through the interaction interface with the transceiver 215.

8. Device self-test module 228. This module is optional. If it is available, it ensures the performance of self-testing procedures of the claimed device, and the self-testing of the device can be carried out both at the start of the device and periodically, for example, at predetermined time intervals, after receiving or transmitting a certain amount of transmitted data from the moment of the previous self-test, etc.

Performing a device self-test should not interfere with the execution of the other device functions by the claimed device.

9. The software integrity control module of the device 229. This module is optional. If available, it controls the integrity of the remaining modules of the device before loading them into the control microcontroller 211.

Integrity control can be performed on the basis of any types of data checksumming, including cryptographic data (for example, using the CRC32 checksumming algorithm [34] or using the GOST R 34.11-2012 [30] hashing algorithm), for example, by checking the summation of each of the program modules before downloading and subsequent comparison of the received checksum with a reference value that can be stored in non-volatile memory 212 of the claimed device.

The inventive device has the following interfaces:

1. The interface to connecting to an external computing device 213. In this case, the external device may be one of the following devices:

- flight UAV controller in case the claimed device functions as a cryptographic module of the UAV;

- the main computing module of the NSU in case the inventive device functions as a cryptographic module of the NSU; the main computing module of the NSO is the central processor or similar computing device that operates as part of the main computer equipment of the NSU: server, personal computer, laptop, smartphone, etc.

The inventive device can be connected to an external computing device via any interface that provides sufficient speed to transmit the required data. Examples include USB, PCI Express, or UART interfaces, which are typical for general-purpose computer equipment (which is relevant for NSOs) and for UAV flight controllers.

The power of the inventive device is also carried out through the interface to connect to an external computing device 213, but can be carried out by any other means.

2. The interaction interface with key carrier 214. This interface provides connection to the claimed device of the key carrier of the UAV (if the device functions as a cryptographic module of the UAV) or the key carrier of the NSU (if the device functions as the cryptographic module of the NSU), as well as interaction with the connected key carrier UAV / NSU.

As mentioned earlier, the UAV / NSU key carrier can be connected not directly to this interface, but through some intermediate device that provides interaction with the key carrier of the type used (for example, the smart card reader can be an intermediate device when using cryptographic smart cards as key carriers of UAVs / NSOs).

As an example of an interface for interacting with key medium 214, a USB interface can be mentioned.

The power supply of the key carrier of the UAV / NSU connected to the claimed device and / or the key carrier interaction device (if such a device is present) can be carried out through the interaction interface with the key carrier 214 or in any other way.

3. The interaction interface with the transceiver 215. This interface provides the connection of the claimed device and the transceiver and the interaction between them.

In this case, any interfaces can be used that provide sufficient speed for transmitting the required data. Other examples here are USB or UART.

Through the interaction interface with the transceiver 215, power can be supplied to the transceiver, which can also be carried out in any other way.

The inventive device operates in accordance with the claimed method of cryptographic protection of communication channels of the LHC, performing the functions of a cryptographic module UAV or cryptographic module NSU.

After turning on the device to the control microcontroller 211 from the non-volatile memory 212, the software integrity control module of the device 229 (if any) is loaded. This module reads the remaining software modules, calculates their checksums and verifies that the calculated checksums match the reference values stored in the non-volatile memory 212 of the device.

After that, the device performs a self-test by the self-test module of the device 228 (if any). As mentioned above, periodic self-testing of the device can be performed in the future during the operation of the device.

If the integrity control of the software of the device and / or the self-testing of the device revealed errors in its operation and / or violation of the integrity of the software, then the further operation of the device is blocked; in this case, the device can issue a corresponding error message to the external computing device through the interface to connect to the external computing device 213 and / or the transceiver through the interaction interface with the transceiver 215.

If the system in which the inventive device operates includes the preparation of key media when they are directly connected to the inventive device (and not, for example, on a dedicated key center providing centralized preparation of key media) and the preparation of key media has not been completed before, then the device initiates work with the connected key medium, ensuring the implementation of the preliminary stage of the proposed method - the stage of preparation of the key medium, which runs asymmetric key pair generation and exchange of public keys. At this stage, the control module 221 and the key information generation and processing module 224 are involved, which interact with the key medium through the interaction module with the key medium 226 and the interaction interface with the key medium 214.

Then, the cryptographic module performs the steps of the regular operation of the main algorithm that implements the claimed method of cryptographic protection of communication channels between the NSU and the UAV, in terms of the actions of the cryptographic module of the UAV or the cryptographic module of the NSU. As a result of this stage, a secure data exchange channel is formed between the UAV and the NSO.

At this stage, the control module 221, the module for ensuring the confidentiality and integrity of information exchange 222, the authentication and secure connection establishment module 223, the key information generation and processing module 224, and the random or pseudorandom number generation module 225 are involved. In this case, these modules can initiate interaction with the following external devices in relation to the claimed device:

- with an external computing device through a control module 221 and an interface for connecting to an external computing device 213;

- with a key medium through an interaction module with a key medium 226 and an interaction interface with a key medium 214;

- with a transceiver through an interaction module with a transceiver 227 and an interaction interface with a transceiver 215.

After establishing a secure data exchange between the UAV and the NSO, the claimed device operates as follows:

- information intended for transmission to the wireless radio channel and further transmission to the UAV (from the NSU) or to the NSU (from the UAV) is transmitted by the external computing device via the interface to the external computing device 213 and the control module 221, then it is encrypted and supplied information necessary to control the integrity of information in the module for ensuring confidentiality and integrity of information exchange 222 (which, if necessary, can also use the module for generating random or sevdosluchaynyh 225 numbers), then the result information processing unit 222 is transferred to the transceiver module through interaction with the transceiver 227 and the interface to the transceiver 215;

- the encrypted information received from the wireless radio channel is transmitted by the transceiver through the interaction interface with the transceiver 215 and the interaction module with the transceiver 227, then the privacy and integrity module 222 information is decrypted and its integrity is verified, after which the decrypted information is transmitted to the external computing device through the control module 221 and the interface to connect to the external subtraction Call duration 213.

If it is impossible for some reason to decrypt the message received from the wireless communication channel and / or detect a violation of its integrity, the received message is ignored. In this case, the device may issue a corresponding error message to the external computing device via an interface for connecting to external computing device 213 and / or a transceiver device through an interaction interface with a transceiver device 215.

The remaining components of the claimed device at the data exchange stage between the UAV and the NSU after the establishment of a secure communication channel are not used, with the exception of the self-testing module of the device 228 (if any), which can perform periodic self-testing of the device during its operation.

The inventive device cryptographic protection of communication channels LHC can be implemented on the basis of well-known purchased components. The applicant has developed an experimental sample of the claimed device, based on the use of the following components and modules:

- a Core746I breadboard containing the STM32F746IGT6 (Cortex-M7) control microcontroller, which has a large amount of non-volatile memory;

- software modules (control module, module for ensuring confidentiality and integrity of information exchange, authentication and secure connection establishment module, key information generation and processing module, random or pseudorandom number generation module, key carrier interaction module, and receiver-transmitter interaction module) written in the C programming language and made in the form of firmware microcontroller firmware;

- UART interface is used as an interface for connecting an external computing device and an interface for interacting with a transceiver device;

- the USB interface in the microUSB form factor is used as the interface for connecting the key medium;

- as key carriers, the experimental sample can use cryptographic smart cards based on the domestic MIK51SC72D chip and its variants; interaction with smart cards is carried out through the KRIPTON-SSK smart card reader, connected to the experimental sample through the microUSB-USB adapter;

- power supply of the experimental sample is carried out through a dedicated interface from an external computing device;

- the experimental sample contains a dedicated interface for power supply of the transceiver.

The following cryptographic algorithms are implemented in the software modules of the device:

- as a message encryption algorithm, the “Magma” algorithm is used according to GOST R 34.12-2015 [31] in the gamma mode with feedback according to ciphertext according to GOST R 34.13-2015 [32];

- as the algorithm for monitoring the integrity of messages, the Magma algorithm is used GOST R 34.12-2015 [31] in the calculation mode of the self-insert according to GOST R 34.13-2015 [32];

- the algorithms VKO_GOSTR3410_2012 [29] and GOST R 34.11-2012 [30] are used as algorithms for calculating the shared key and diversifying the keys.

Additionally, the experimental model of the device is equipped with a RESET power reset button, power and USB indicators, as well as operating mode switches.

In addition, a test mode of its operation with increased data processing speed was implemented in the experimental sample.

The conducted load testing of the experimental sample showed the effectiveness of encryption operations at 115200 kbit / s in full duplex mode (simultaneous processing of data received and transmitted), which is more than enough to implement command-telemetry channel protection with maximum telemetry data generation by the flight controller. When activating the test mode implemented in the experimental sample with increased data processing speed, information protection of the data channel of the payload data channel from the UAV to the NSU can also be implemented with a number of limitations.

The applicant has also developed an experimental sample of the claimed system, based on the use of the following components and solutions:

- The NSU is built on the basis of a personal computer equipped with an Intel i5 processor, 4 GB of RAM, 240 GB SSD, the required number of USB ports and the freely distributed operating system Ubuntu Linux 16.04;

- as the UAV control software, the freely distributed QGroundControl software installed on the NSU computer is used;

- there is one controlled UAV in the system, assembled by the applicant on the basis of the Pixhawk 2.4.8 flight controller and other purchased components;

- as the transceiver modules of the NSU, the 3DR Telemetry Kit 433 MHz is used;

- the experimental model of the claimed device described above in various operating modes is used as a cryptographic module of a UAV and a cryptographic module of an NSU;

- the NSI cryptographic module is connected to the USB port of the NSI computer through the USB-UART adapter and receives power from an external power supply through a dedicated connector;

- the NSU transceiver is connected to the UART port of the NSU cryptographic module and receives power from the dedicated connector of the NSU cryptographic module;

- the UAV cryptographic module is connected to the UAV flight controller via the UART interface and receives power from the UAV flight controller through a dedicated connector;

- the UAV transceiver is connected to the UART port of the UAV cryptographic module and receives power from the dedicated connector of the UAV cryptographic module;

- cryptographic smart cards based on the domestic MIK51SC72D microcircuit are used as key carriers of UAVs and NSUs;

- as a device for interacting with key UAV / NSU carriers, the KRIPTON-SSK contact smart card reader is used, which is connected to the USB ports of the UAV / NSU cryptographic modules via a microUSB-USB adapter.

Testing of an experimental sample of the claimed system showed the possibility of achieving the goal in the form of a cryptographically secure system for protecting UHC information exchange channels, as well as the correctness and effectiveness of the proposed method of cryptographic protection of UHC communication channels that underlies the claimed system.

The above information indicates that for the claimed system and device cryptographic protection of communication channels LHC in the form as described in the relevant paragraphs of the claims, confirmed the possibility of carrying out the invention using the described means.

Therefore, the claimed technical solution meets the criterion of "industrial applicability".

The inventive system of cryptographic protection of communication channels of the LHC or similar systems based on the implementation of the proposed method of cryptographic protection of communication channels of the LHC is recommended to be used to protect communication channels between the UAV and the NSU (control channels, telemetry and data transfer of the payload of the UAV) in all cases when it is required ensuring the integrity and confidentiality of information transmitted through these communication channels.

The inventive device cryptographic protection of communication channels of the LHC, based on the implementation of cryptographically strong domestic standards for cryptographic transformations, can be used in the systems of cryptographic protection of the channels of the LHC as the main components - cryptographic modules of the UAV and / or cryptographic modules of the NSU.

Information sources:

1. Boev N. M., Sharshavin P. V., Nigruts I. V. Building communication systems for unmanned aerial vehicles for transmitting information over long distances. // News of SFU. Technical science. Section IV. Complexes with UAVs.

2. Prokopyev I. V. Beckov A. V. The structure of the control system of unmanned aerial vehicles for special purposes. // Proceedings of the International Symposium "Reliability and Quality", 2012, Volume 1.

3. Shilov K. E. Development of a system for automatic control of an unmanned aerial vehicle of multi-rotor type. // Proceedings of the Moscow Institute of Physics and Technology, 2014, Volume 6, No. 4.

4. Kamkar S. SkyJack. // http://samy.pl - Private Blog - Dec 2, 2013.

5. Agadzhanov M. Is it difficult to steal a copter? Several already implemented methods of intercepting control. // https://geektimes.ru/post/281934/.

6. Sigma Design. Software Design Specification. Security 2 Command Class, version 0.9, 2016.

7. Anderson R. Why Cryptosystems Fail. // http://www.cl.cam.ac.uk - University Computer Laboratory, Cambridge.

8. Patent No. US 8219799. Secure Communication System. - Jul. 10, 2012.

9. Patent No. US 9531689. System and Method for Encryption of Network Data. -Dec. 27, 2016.

10. Patent No. CN 105491564. Method for Establishing a Secure Communication Link in a Multi-UAV Environment. - Apr. 13, 2016.

11. Patent No. US 9412278. Authentication Systems and Methods for Generating Flight Regulations. - Aug. 9, 2016.

12. Patent No. US 9805372. Authentication Systems and Methods for Generating Flight Regulations. - Oct. 31, 2017.

13. Patent No. US 9805607. Authentication Systems and Methods for Generating Flight Regulations. - Oct. 31, 2017.

14. Patent No. US 9870566. Authentication Systems and Methods for Generating Flight Regulations. - Jan. 16, 2018.

15. Patent No. WO 2017042403. Secure Control of Unmanned Vehicles. - Mar. 16,

2017.

16. Patent No. US 9542850. Secure Communications with Unmanned Aerial Vehicles. -Jan. 10, 2017.

17. Patent No. US 9651944. Unmanned Aerial Vehicle Piloting Authorization. -May 16, 2017.

18. Patent No. WO2005020445. Microwave Self-Phasing Antenna Arrays for Secure Data Transmission & Satellite Networks Crosslinks. - Nov. 10, 2005.

19. Patent No. US 8594662. Method and Apparatus for Protected Communications to High Altitude Aircraft. - Nov. 26, 2013.

20. Patent No. US 5841864. Apparatus and Method for Authentication and Session Key Exchange in a Communication System. - Nov. 24, 1998.

21. Patent No. US 6816970. Security Method and System for Persistent Storage and Communications on Computer Network Systems and Computer Network Systems Employing the Same.-Nov. 9, 2004.

22. Patent No. US 9871772. Cryptographic System for Secure Command and Control of Remotely Controlled Devices. - Jan. 16, 2018 - prototype.

23. GOST P ISO / IEC 7816. Identification cards. Cards on integrated circuits.

24. GOST R ISO / IEC 14443. Identification cards. Cards on integrated circuits contactless. Close action cards.

25. GOST R ISO / IEC 7816-4-2013. Identification cards. Cards on integrated circuits. Part 4. Organization, protection and teams for sharing.

26. GOST R 34.10-2001. Information technology. Cryptographic information security. The processes of formation and verification of electronic digital signatures.

27. GOST R 34.10-2012. Information technology. Cryptographic information security. The processes of formation and verification of electronic digital signatures.

28. Barker E., Chen L., Roginsky A., Smid M. NIST Special Publication 800-56A Revision 2. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. // http://csrc.nist.gov - National Institute of Standards and Technology -May 2013.

29. Recommendations for standardization P 50.1.113-2016. Information technology. Cryptographic information security. Cryptographic algorithms associated with the use of electronic digital signature algorithms and hash functions.

30. GOST R 34.11-2012. Information technology. Cryptographic information security. Hash function.

31. GOST R 34.12-2015. Information technology. Cryptographic information security. Block ciphers.

32. GOST R 34.13-2015. Information technology. Cryptographic information security. The modes of operation of block ciphers.

33. Barker E., Kelsey J. NIST Special Publication 800-90. Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised). // http://csrc.nist.gov - National Institute of Standards and Technology - March 2007.

34. Koopman P. 32-Bit Cyclic Redundancy Codes for Internet Applications. // http://www.ece.cmu.edu - 2002 - Carnegie Mellon University, Pittsburgh, USA.

Claims (49)

1. A method of cryptographic protection of communication channels between a ground control station and an unmanned aerial vehicle, which consists in performing the following sequence of actions: at the first step, using the key carrier of the ground control station (NSI) equipped with computing resources and non-volatile memory, as well as cryptographic functions, is generated a pair of asymmetric NSU keys, including the secret and public keys of the NSU; at the second step, using a key carrier of an unmanned aerial vehicle (UAV) equipped with computing resources and non-volatile memory, as well as cryptographic functions, a pair of asymmetric UAV keys is generated, including the UAV secret and public keys; in the third step, the NSU and UAV public keys are copied to, respectively, the UAV key carrier and the NSU key carrier, after which the NSU key carrier contains the NSU secret and public UAV keys and the UAV public key, and the UAV key carrier contains the UAV secret and public keys and the public NSU key; at the fourth step, the UAV cryptographic module, equipped with software or hardware implementation of cryptographic algorithms, the ability to initiate message transfer to the NSO and the optional ability to block the port connecting the flight controller to communication channels, initiates the generation of a common secret pre-master key for further generation by the UAV key carrier on the basis of the master key, on the basis of the UAV secret key and the NSU public key; in the fifth step, the UAV cryptographic module reads the UAV public key, the NSU public key and the common secret pre-master key from the UAV key carrier; at the sixth step, the cryptographic module of the NSU equipped with software or hardware implementation of cryptographic algorithms, the ability to initiate the transmission of messages to the UAV and the potential possibility of blocking the communication interface with the software that manages the UAV, initiates the generation of a shared secret pre-master key based on the secret key from the NSU NSU key and UAV public key; at the seventh step, the cryptographic module of the NSU reads the public key of the NSU, the public key of the UAV and the common secret pre-master key from the key carrier of the NSO; at the eighth step, the UAV cryptographic module checks the state of its readiness for work; in the ninth step, the UAV cryptographic module initiates sending a message to the NSU cryptographic module containing the UAV public key and a random number of UAVs; at the tenth step, the cryptographic module of the NSU, which is in the standby mode of messages from the communication channel, receives this message from the UAV and checks if it has a public key of the UAV, if the NSU cryptographic module does not have such a public key, then the cryptographic module of the NSU the received message and returns to the message standby mode; at the eleventh step, the cryptographic module of the NSU initiates sending a response message to the cryptographic module of the UAV containing the public key of the NSU and a random number of NSUs; at the twelfth step, the UAV cryptographic module receives a response message from the NSU cryptographic module and checks if it has a received NSU public key, while if the NSU cryptographic module does not have such a public key, then the UAV cryptographic module ignores this message and returns to the ninth step ; at the thirteenth step, the UAV cryptographic module generates a master key intended for further generation of session cryptographic keys based on it, based on the pre-master key, a random number of UAVs and a random number of NSOs; at the fourteenth step, the cryptographic module of the NSO generates a master key based on the pre-master key, a random number of UAVs and a random number of NSU; in the fifteenth step, the UAV cryptographic module, based on the master key, generates a session encryption key and a session key for calculating an insertion code; in the sixteenth step, the cryptographic module of the NSO, on the basis of the master key, generates a session encryption key and a session key for calculating the insertion key; at the seventeenth step, the UAV cryptographic module generates a test message encrypted on the generated session encryption key and initiates its sending to the NSU cryptographic module; in the eighteenth step, the cryptographic module of the NSU receives and decrypts the test message from the cryptographic module of the UAV and checks its compliance with the expected test message, while if the test message does not correspond to the expected one, the cryptographic module of the NSU considers that an error has occurred in establishing session cryptographic keys, and returns to the mode Message Waiting at the nineteenth step, the NSO cryptographic module generates a response test message encrypted on the generated session encryption key, and initiates its sending to the UAV cryptographic module; at the twentieth step, the UAV cryptographic module receives and decrypts the test message from the NSU cryptographic module and checks its compliance with the expected test message, while if the test message does not correspond to the expected one, then the UAV cryptographic module considers that there was an error in establishing session cryptographic keys, and returns to action ninth step; at the twenty-first step, the UAV cryptographic module sets the flag for operational readiness; at the twenty-second step, the cryptographic module of the NSO sets the flag for readiness for work; at the twenty-third step, the UAV cryptographic module opens the port for connecting the flight controller; at the twenty-fourth step, the cryptographic module of the NSO opens the exchange interface with the software that manages the UAV; further exchange of information on control and telemetry channels between the NSO and the UAV is carried out in a secure mode using encryption based on the generated session encryption key and integrity control based on the generated session key for calculating the insert, while performing the above sequence of actions and as part of the further exchange of information between the NSO and the UAV with the aim of additional protection of radio exchange can be used pseudo-random reconfiguration of the parameters of the radio communication between UAVs and the NSO.
2. The method according to p. 1, characterized in that: at the seventeenth step, the UAV cryptographic module also generates an imitation test message, calculated on the generated session key for calculating the imitation, and initiates its sending to the cryptographic module of the NSU together with an encrypted test message; in the eighteenth step, the cryptographic module of the NSU receives and decrypts the test message from the cryptographic module of the UAV, calculates the calculation of the insertion code on the generated session key and checks its insertion, in this case, if the insertion of the test message is incorrect, then the cryptographic module of the NSU considers that there was an error in establishing session keys and returns to the message standby mode; at the nineteenth step, the cryptographic module of the NSO also generates an imitation of the response test message calculated on the generated session key for calculating the imitation of the insert, and initiates its sending to the cryptographic module of the UAV together with the encrypted response test message; at the twentieth step, the UAV cryptographic module receives and decrypts the test message from the NSU cryptographic module, computes the simulation of the insertion code on the generated session key and checks its insertion code, while if the simulation response of the response test message is incorrect, then the cryptographic module of the UAV believes that an error has been established in the establishment of session cryptographic keys , and returns to the ninth step.
3. The method according to p. 1, characterized in that: prior to the fourth step, the UAV cryptographic module performs a self-test, which can also be performed periodically as information is exchanged between the UAV and the NSO at various time intervals and / or after a certain number of transmitted messages and / or on the instructions of the NSO; Prior to the sixth step, the NSI cryptographic module performs a self-test, which can also be performed periodically as information is exchanged between the UAV and the NSI at various time intervals and / or after a certain number of transmitted messages and / or by the commands of the NSI operator.
4. The method according to p. 2, characterized in that: until the fourth step, the UAV cryptographic module performs a self-test, which can also be performed periodically as information is exchanged between the UAV and the NSO at various time intervals and / or after a certain number of transmitted messages and / or on the instructions of the NSO; Prior to the sixth step, the NSI cryptographic module performs a self-test, which can also be performed periodically as information is exchanged between the UAV and the NSI at various time intervals and / or after a certain number of transmitted messages and / or by the commands of the NSI operator.
5. The method according to claim 1, characterized in that after completing the twenty-fourth step, the payload data transmitted from the UAV to the NSU is also transmitted in a secure mode using encryption based on the generated session encryption key and integrity control based on the generated session key calculation of the insert.
6. The method according to p. 2, characterized in that after completing the twenty-fourth step, the payload data transmitted from the UAV to the NSU is also transmitted in a secure mode using encryption based on the generated session encryption key and integrity control based on the generated session key calculation of the insert.
7. The method according to p. 3, characterized in that after completing the twenty-fourth step, the payload data transmitted from the UAV to the NSO is also transmitted in a secure mode using encryption based on the generated session encryption key and integrity control based on the generated session key calculation of the insert.
8. The method according to p. 4, characterized in that after completing the twenty-fourth step, the payload data transmitted from the UAV to the NSO is also transmitted in a secure mode using encryption based on the generated session encryption key and integrity control based on the generated session key calculation of the insert.
9. The method according to p. 1, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
10. The method according to p. 2, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
11. The method according to p. 3, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
12. The method according to p. 4, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
13. The method according to p. 5, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
14. The method according to p. 6, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
15. The method according to p. 7, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
16. The method according to p. 8, characterized in that the cryptographic protection of communication channels between the NSU and the UAV according to the specified method can be carried out between one NSU and simultaneously several UAVs controlled from it.
17. A system of cryptographic protection of communication channels between a ground control station and an unmanned aerial vehicle, consisting of four components, where: component 1 is a cryptographic module of a ground control station (NSU) that implements the inventive method of cryptographic protection of communication channels between an NSU and an unmanned aerial vehicle ( UAV) in the part of the NSU, implemented in hardware or software on a dedicated hardware device equipped with computing resources, a key nose connection interface dividing the NSU and the software or hardware implementation of cryptographic algorithms, the functions of generating random or pseudorandom numbers and the functions of interacting with the key carrier of the NSU, as well as the ability to initiate the transmission of messages to the UAV and the optional ability to block the communication interface with the software that controls the UAV, with a dedicated hardware the device is connected to the gap between the main computing module of the NSO and the transceiver of the NSO, which can support l pseudo-random reconfiguration of the radio parameters between the UAV and the NSO; component 2 is a UAV cryptographic module that implements the claimed method of cryptographic protection of communication channels between the NSU and the UAV in the UAV part, implemented in hardware or software on a dedicated hardware device equipped with computing resources, a fixed or removable interface for connecting the UAV key carrier and software or hardware implementation of cryptographic algorithms, functions for generating random or pseudo-random numbers and interaction functions with a key UAV carrier, as well as the ability to initiate the transmission of messages to the NSU and the optional ability to block the port connecting the UAV flight controller to the communication channels, while the dedicated hardware device is connected to the gap between the UAV flight controller and the UAV transceiver, which can support pseudo-random reconfiguration of the radio communication between the UAV and the NSU; component 3 is a key NSU carrier equipped with computing resources and non-volatile memory, as well as cryptographic functions; component 4 is a key UAV carrier equipped with computing resources and non-volatile memory, as well as cryptographic functions.
18. The system according to p. 17, in which component 1 is a cryptographic module of the NSU that implements the inventive method of cryptographic protection of communication channels between the NSU and the UAV in the part of the NSU, implemented in software and executed directly on the main computing module of the NSU equipped with an interface for connecting the key carrier of the NSU , while the software implementation of the cryptographic module of the NSO includes the implementation of cryptographic algorithms, including algorithms for generating pseudorandom numbers, or functions using cryptographic algorithms, including random or pseudorandom number generation algorithms implemented in hardware in the main computing module of the NSU, as well as the implementation of the functions of interacting with the key carrier of the NSU, initiating the transmission of messages to the UAV and (optionally) blocking the communication interface with the software that controls the UAV.
19. The system according to p. 17, in which component 2 is a cryptographic module of the UAV, which implements the claimed method of cryptographic protection of communication channels between the NSU and the UAV in the UAV part, implemented in software and executed directly on the UAV flight controller, while the UAV is equipped with a fixed or removable the UAV key carrier connection interface, and the UAV cryptographic module software implementation includes the implementation of cryptographic algorithms, including pseudo-random number generation algorithms l, or the functions of using cryptographic algorithms, including algorithms for generating random or pseudo-random numbers, implemented in hardware as a complex of UAV onboard equipment, as well as the implementation of the functions of interacting with a UAV key carrier, initiating message transmission to the NSU and (optionally) blocking the connection port of the UAV flight controller to communication channels.
20. The system according to p. 18, in which component 2 is a cryptographic module of the UAV that implements the claimed method of cryptographic protection of communication channels between the NSU and the UAV in the UAV part, implemented in software and executed directly on the UAV flight controller, while the UAV is equipped with a fixed or removable the UAV key carrier connection interface, and the UAV cryptographic module software implementation includes the implementation of cryptographic algorithms, including pseudo-random number generation algorithms l, or the functions of using cryptographic algorithms, including algorithms for generating random or pseudo-random numbers, implemented in hardware as a complex of UAV onboard equipment, as well as the implementation of the functions of interacting with a UAV key carrier, initiating message transmission to the NSU and (optionally) blocking the connection port of the UAV flight controller to communication channels.
21. The system according to p. 17, characterized in that it consists of: components 2 can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU; 4 components can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU.
22. The system according to p. 18, characterized in that it consists of: components 2 can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU; 4 components can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU.
23. The system according to p. 19, characterized in that it consists of: components 2 can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU; 4 components can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU.
24. The system according to p. 20, characterized in that it consists of: components 2 can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU; 4 components can be several in accordance with the number of UAVs, which are controlled simultaneously with one NSU.
25. The system according to p. 21, characterized in that it contains a number of cryptographic UAV modules (components 2) that implement the claimed method of cryptographic protection of communication channels between the NSU and the UAV in the UAV part, can be implemented in hardware or software on dedicated hardware devices , each of which is equipped with computing resources, a fixed or removable interface for connecting the UAV key carrier and software or hardware implementation of cryptographic algorithms and key interaction functions the UAV carrier, as well as the possibility of initiating the transmission of messages to the NSU and the optional ability to block the port connecting the UAV flight controller to the communication channels, while each of the selected hardware devices is connected to the gap between the UAV flight controller and the UAV transceiver, while the remaining number UAV cryptographic modules that implement the claimed method of cryptographic protection of communication channels between the NSU and the UAV in terms of UAVs, is implemented in software and is not performed only on UAV flight controllers, each UAV equipped with a fixed or removable interface for connecting the UAV key carrier, and the software implementation of the UAV cryptographic module includes the implementation of cryptographic algorithms, including pseudo-random number generation algorithms, or the functions of using cryptographic algorithms, including random generation algorithms or pseudo-random numbers implemented in hardware in the complex of onboard equipment of the UAV, as well as the implementation of the interaction functions actions with the UAV key carrier, initiating the transmission of messages to the NSU and (optionally) blocking the port for connecting the UAV flight controller to the communication channels.
26. The system according to p. 22, characterized in that it contains a number of cryptographic UAV modules (components 2) that implement the claimed method of cryptographic protection of communication channels between the NSU and the UAV in the UAV part, can be implemented in hardware or software on dedicated hardware devices , each of which is equipped with computing resources, a fixed or removable interface for connecting the UAV key carrier and software or hardware implementation of cryptographic algorithms and key interaction functions the UAV carrier, as well as the possibility of initiating the transmission of messages to the NSU and the optional ability to block the port connecting the UAV flight controller to the communication channels, while each of the selected hardware devices is connected to the gap between the UAV flight controller and the UAV transceiver, while the remaining number UAV cryptographic modules that implement the claimed method of cryptographic protection of communication channels between the NSU and the UAV in terms of UAVs, is implemented in software and is not performed only on UAV flight controllers, while each UAV is equipped with a fixed or removable interface for connecting the UAV key carrier, and the software implementation of the UAV cryptographic module includes the implementation of cryptographic algorithms, including pseudo-random number generation algorithms, or the functions of using cryptographic algorithms, including random generation algorithms or pseudo-random numbers implemented in hardware in the complex of onboard equipment of the UAV, as well as the implementation of the interaction functions actions with the UAV key carrier, initiating the transmission of messages to the NSU and (optionally) blocking the port for connecting the UAV flight controller to the communication channels.
27. The system according to p. 21, characterized in that it may include several cryptographic modules of the NSU (components 1), while the software of the NSU may include the implementation of mechanisms for static or dynamic load balancing between the cryptographic modules of the NSU.
28. The system according to p. 22, characterized in that it may contain several cryptographic modules of the NSU (components 1), while the software of the NSU may include the implementation of mechanisms of static or dynamic load balancing between the cryptographic modules of the NSU.
29. The system according to p. 23, characterized in that it may contain several cryptographic modules of the NSU (components 1), while the software of the NSU may include the implementation of mechanisms of static or dynamic load balancing between the cryptographic modules of the NSU.
30. The system of claim 24, characterized in that there may be several cryptographic modules of the NSU (components 1) in its composition, while the software of the NSU may include the implementation of mechanisms for static or dynamic load balancing between the cryptographic modules of the NSU.
31. The system according to p. 25, characterized in that it may include several cryptographic modules of the NSU (components 1), while the software of the NSU may include the implementation of mechanisms for static or dynamic load balancing between the cryptographic modules of the NSU.
32. The system of claim 26, characterized in that there can be several cryptographic modules of the NSU (components 1) in its composition, while the NSU software may include the implementation of mechanisms of static or dynamic load balancing between the cryptographic modules of the NSU.
33. The system according to p. 17, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of a key UAV carrier and a key NSU carrier.
34. The system according to p. 18, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of the key carrier of the UAV and the key carrier of the NSU.
35. The system according to p. 19, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of the key carrier UAV and key carrier NSU.
36. The system according to p. 20, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of the key carrier UAV and key carrier NSU.
37. The system according to p. 21, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
38. The system according to p. 22, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
39. The system according to p. 23, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
40. The system according to p. 24, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
41. The system according to p. 25, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
42. The system according to p. 26, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
43. The system according to p. 27, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
44. The system of claim 28, wherein the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
45. The system of claim 29, wherein the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
46. The system of claim 30, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
47. The system according to p. 31, characterized in that the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
48. The system of claim 32, wherein the system includes component 5, which is a key center that provides centralized generation of cryptographic keys and the preparation of key UAV carriers and key NSU carriers.
49. The device of cryptographic protection of communication channels between a ground control station and an unmanned aerial vehicle, made on a common board and containing five elements, where: element 1 is a control microcontroller, which includes the following software functional modules that are executed on the control microcontroller during operation devices: a control module that controls the remaining elements of the device and software modules running on the control microcontrol Llera, as well as the interaction between them; a module for ensuring the confidentiality and integrity of information exchange, which ensures the protection of information exchange between an unmanned aerial vehicle (UAV) and ground control station (NSU) by encrypting messages and monitoring their integrity and including the implementation of the cryptographic algorithms used and their operating modes, including for use by other software modules; an authentication and secure connection establishment module that provides a sequence of actions to authenticate the parties of information exchange and establish a secure connection between the UAV and the NSU, provided for by the claimed method of cryptographic protection of communication channels between the NSU and the UAV, and this sequence can be performed in interaction with other elements of the device in parts of their functionality; a key information generation and processing module that provides transformations on cryptographic keys, including the calculation of derivative keys (including the calculation of the master key based on the pre-master key) and the diversification of keys (including the calculation of the encryption key and the calculation key of the insertion key based on master key), as well as initiating the key carrier to perform key generation functions (generate asymmetric key pairs and calculate the common secret pre-master key) and key recording functions on a key medium and reading keys from a key medium; a random or pseudorandom number generation module that provides random number generation based on non-deterministic physical processes or pseudo-random numbers based on deterministic algorithms (including cryptographic), as well as (optional) the execution of control procedures for generated random or pseudorandom numbers against randomness criteria, and generation pseudo-random numbers based on cryptographic algorithms is performed by this module in conjunction with the conf the identity and integrity of information exchange, and to initialize and (if necessary) reinitialize the process of generating pseudorandom numbers, a random variable obtained from an external source, including a key medium, can be used; a module for interacting with a key medium, which ensures transmission (via an interface for interacting with a key medium) to a key medium of commands initiated by other program modules, as well as processing responses to commands received from the key medium and transmitting the data received from the key medium to the initiating command; a module for interacting with a transceiver device that provides information transfer (via an interaction interface with a transceiver device) to a transceiver device and receives and processes information received from a transceiver device, as well as (optionally) locks and unlocks the transceiver devices if necessary; an optional device self-test module that provides for the device to perform self-testing procedures, which can be performed both at the start of the device and periodically during its operation; optional software integrity control module providing integrity control of the remaining device software modules; element 2 is a non-volatile memory for long-term storage of program modules running on element 1; element 3 is an interface for connecting to an external computing device; element 4 is an interface for interacting with a key medium; Element 5 is an interface for interaction with a transceiver.
RU2018118339A 2018-05-18 2018-05-18 Method, system and device for cryptographic protection of communication channels of unmanned aerial systems RU2704268C1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
RU2018118339A RU2704268C1 (en) 2018-05-18 2018-05-18 Method, system and device for cryptographic protection of communication channels of unmanned aerial systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
RU2018118339A RU2704268C1 (en) 2018-05-18 2018-05-18 Method, system and device for cryptographic protection of communication channels of unmanned aerial systems

Publications (1)

Publication Number Publication Date
RU2704268C1 true RU2704268C1 (en) 2019-10-25

Family

ID=68318552

Family Applications (1)

Application Number Title Priority Date Filing Date
RU2018118339A RU2704268C1 (en) 2018-05-18 2018-05-18 Method, system and device for cryptographic protection of communication channels of unmanned aerial systems

Country Status (1)

Country Link
RU (1) RU2704268C1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2722925C1 (en) * 2019-10-09 2020-06-04 Общество с ограниченной ответственностью "Доверенные Решения" (ООО "Доверенные Решения") Method for secure data exchange
US10873460B2 (en) * 2015-12-10 2020-12-22 SZ DJI Technology Co., Ltd. UAV authentication method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2446606C1 (en) * 2007-12-29 2012-03-27 Чайна Ивнкомм Ко., Лтд. Method of access with authentication and access system with authentication in wireless multi-hop network
US20160274578A1 (en) * 2015-03-22 2016-09-22 Microsoft Technology Licensing, Llc Unmanned aerial vehicle piloting authorization
WO2017042403A1 (en) * 2015-09-09 2017-03-16 Tecteco Security Systems, S.L. Secure control of unmanned vehicles
US9871772B1 (en) * 2015-03-17 2018-01-16 The Charles Stark Draper Laboratory, Inc. Cryptographic system for secure command and control of remotely controlled devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2446606C1 (en) * 2007-12-29 2012-03-27 Чайна Ивнкомм Ко., Лтд. Method of access with authentication and access system with authentication in wireless multi-hop network
US9871772B1 (en) * 2015-03-17 2018-01-16 The Charles Stark Draper Laboratory, Inc. Cryptographic system for secure command and control of remotely controlled devices
US20160274578A1 (en) * 2015-03-22 2016-09-22 Microsoft Technology Licensing, Llc Unmanned aerial vehicle piloting authorization
WO2017042403A1 (en) * 2015-09-09 2017-03-16 Tecteco Security Systems, S.L. Secure control of unmanned vehicles

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10873460B2 (en) * 2015-12-10 2020-12-22 SZ DJI Technology Co., Ltd. UAV authentication method and system
RU2722925C1 (en) * 2019-10-09 2020-06-04 Общество с ограниченной ответственностью "Доверенные Решения" (ООО "Доверенные Решения") Method for secure data exchange

Similar Documents

Publication Publication Date Title
US10614216B2 (en) Paravirtualized security threat protection of a computer-driven system with networked devices
EP3050335B1 (en) Systems and methods for nfc access control in a secure element centric nfc architecture
EP2923478B1 (en) Policy-based techniques for managing access control
KR101687275B1 (en) Trusted data processing in the public cloud
ES2802265T3 (en) Authorization method of an operation to be performed on a target computing device
US9154488B2 (en) Secured access to resources using a proxy
KR102057159B1 (en) Authentication of client devices based on entropy from the server or other device
EP3605475A1 (en) Secure communication method based on smart door lock system and smart door lock system thereof
AU2016238935B2 (en) Secondary device as key for authorizing access to resources
US9223994B2 (en) Secure transaction method from a non-secure terminal
CN103138934B (en) Safe key generating means and safe key generate method
US20170222815A1 (en) Control mechanisms for data processing devices
RU2518924C2 (en) Wireless device, user access control client request method and access control client method
EP2424185B1 (en) Method and device for challenge-response authentication
US9135425B2 (en) Method and system of providing authentication of user access to a computer resource on a mobile device
CN101258505B (en) Secure software updates
US9953145B2 (en) Configuration method, configuration device, computer program product and control system
US8295484B2 (en) System and method for securing data from a remote input device
US10587600B2 (en) Systems, methods and apparatuses for determining proximity of communication device
EP2884692B1 (en) Updating software on a secure element
US10469469B1 (en) Device-based PIN authentication process to protect encrypted data
CN100527145C (en) Programmable processor supporting secure mode
ES2739896T3 (en) Secure access to device data
US10129240B2 (en) Distributing security codes through a restricted communications channel
EP2698756B1 (en) Local Trusted Service Manager