Air SDK provides unique security features (Hardware Secure Element and Digital Certificate). This prevents running malicious code on the drone and allows to secure the connection between the drone and your own systems.
The Secure Element is a hardware component, similar to a smart card:
it provides a Drone Certificate used to identify each drone in a unique way.
it provides an associated private key for third parties to authenticate drones.
like a safe, it stores keys.
it provides cryptographic computation. It verifies digital signature o flight missions and drone firmware.
The Secure Element of the drone is a WISEKEY VaultIC405. It is FIPS 140-2 (Federal Information Processing Standard) compliant.
In addition, the Secure Element has a Common Criteria EAL5+ certification. The certification description is available here and the Security Target is here.
Each drone has a unique digital certificate. Drone certificate are signed by Parrot (acting as a dedicated Certificate Authority).
Certificate: Data: Version: 1 (0x0) Serial Number: 4919 (0x1337) Signature Algorithm: ecdsa-with-SHA256 Issuer: C = FR, ST = None, L = Parrot, CN = drones.parrotdrones.com, emailAddress = email@example.com Validity Not Before: Feb 13 10:03:02 2020 GMT Not After : Jun 14 10:03:02 2044 GMT Subject: C = FR, ST = None, L = Parrot, CN = 1337.drones.parrotdrones.com, emailAddress = firstname.lastname@example.org Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (521 bit) pub: 04:01:44:85:29:1f:82:fe:f8:13:a7:5d:5e:33:a3: b4:2d:ac:45:e7:ba:aa:36:dd:4e:66:d7:8d:ef:f0: 8f:13:ac:1a:0a:d4:8d:2d:f7:44:15:2f:b0:71:4b: 56:d8:a9:7a:f5:12:28:4e:ba:99:49:73:fa:63:d7: 56:e6:b7:5f:b4:32:45:00:96:c6:ce:7f:cb:45:3d: 45:1a:c1:01:90:61:78:65:84:89:54:59:5d:64:79: 8f:7a:c3:8b:30:9f:08:1d:4f:b1:86:71:9e:79:9d: 6f:43:09:cb:02:16:85:d0:ac:a2:5c:c9:5c:5d:db: bd:46:13:ed:70:1b:ea:5f:45:81:58:05:32 ASN1 OID: secp521r1 NIST CURVE: P-521 Signature Algorithm: ecdsa-with-SHA256 30:81:88:02:42:01:ae:00:7e:64:c6:8b:5c:25:e0:06:97:36: 7d:10:da:38:be:f3:b1:a2:a7:d5:ba:df:30:71:59:01:40:77: ee:11:c6:57:bf:b7:17:7d:99:bd:41:30:ea:e0:f4:c1:19:64: 3e:4a:63:0e:87:9c:df:f9:5d:d6:a5:6a:65:37:32:8a:81:02: 42:00:d1:8b:50:23:95:76:18:97:f4:ab:a0:7d:9a:47:97:27: d0:d0:47:87:fc:46:c4:20:62:18:6e:d3:a2:14:0e:13:c4:41: 15:de:26:13:cd:52:85:f9:79:ab:b3:0d:84:0e:3e:da:d0:86: 0d:3e:26:5f:5b:f3:9c:a9:8c:5a:25:4d:8a -----BEGIN CERTIFICATE----- MIICXDCCAb0CAhM3MAoGCCqGSM49BAMCMHMxCzAJBgNVBAYTAkZSMQ0wCwYDVQQI DAROb25lMQ8wDQYDVQQHDAZQYXJyb3QxIDAeBgNVBAMMF2Ryb25lcy5wYXJyb3Rk cm9uZXMuY29tMSIwIAYJKoZIhvcNAQkBFhNjYUBwYXJyb3Rkcm9uZXMuY29tMB4X DTIwMDIxMzEwMDMwMloXDTQ0MDYxNDEwMDMwMloweDELMAkGA1UEBhMCRlIxDTAL BgNVBAgMBE5vbmUxDzANBgNVBAcMBlBhcnJvdDElMCMGA1UEAwwcMTMzNy5kcm9u ZXMucGFycm90ZHJvbmVzLmNvbTEiMCAGCSqGSIb3DQEJARYTY2FAcGFycm90ZHJv bmVzLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAUSFKR+C/vgTp11eM6O0 LaxF57qqNt1OZteN7/CPE6waCtSNLfdEFS+wcUtW2Kl69RIoTrqZSXP6Y9dW5rdf tDJFAJbGzn/LRT1FGsEBkGF4ZYSJVFldZHmPesOLMJ8IHU+xhnGeeZ1vQwnLAhaF 0KyiXMlcXdu9RhPtcBvqX0WBWAUyMAoGCCqGSM49BAMCA4GMADCBiAJCAa4AfmTG i1wl4AaXNn0Q2ji+87Gip9W63zBxWQFAd+4Rxle/txd9mb1BMOrg9MEZZD5KYw6H nN/5XdalamU3MoqBAkIA0YtQI5V2GJf0q6B9mkeXJ9DQR4f8RsQgYhhu06IUDhPE QRXeJhPNUoX5eauzDYQOPtrQhg0+Jl9b85ypjFolTYo= -----END CERTIFICATE-----
Each certificate has a unique Common Name, for example
in the above certificate.
A drone certificate is associated to an ECDSA key pair, generated
with NIST curve P-521 domain parameters. These parameters have been
chosen in order to ensure a long lifetime of the private key.
And users won’t need to renew the drone keys and certificate.
The drone certificate authority is
drones.parrotdrones.com. You can download the public key here.
You can download the drone certificate:
$ curl -i "http://anafi-ai.local/api/v1/secure-element/drone.der"
In order to prevent an attacker to run malicious code, the drone will only execute authorized and digitally signed flight missions. ECDSA keys are used for digital signature. The drone’s user is the only one able to configure the public keys of the flight mission trusted providers.
Generate a key pair#
The flight mission provider has to generate an ECDSA key pair to sign flight missions. They can use the same key to sign different version of a flight mission or different flight missions. The user will only have to configure one key per provider.
The provider has to choose P-521 domain parameter. They can generate their own private key this way:
$ openssl ecparam -name secp521r1 -genkey -noout -out fm-provider-private-key.pem
This private key shall never be shared with anyone and has to be stored on a secured system. For example, on a secure server used to build and signed flight missions. As an alternative, the provided build system also proposes to use remote management of the key with AWS Key Management Service (KMS). https://aws.amazon.com/kms/
The public key can be extracted this way for a local key:
$ openssl ec -in fm-provider-private-key.pem -pubout -out fm-provider-public-key.pem read EC key writing EC key
The output file
fm-provider-public-key.pem is the key that the flight mission provider will
share with their clients.
Add a key to the Secure Element#
As a user, you can choose which flight mission provider you trust. You can add the
provider’s key into the wallet of the Secure Element of your drone with the
$ airsdk keys add fm-provider-public-key.pem Connection to remote secure element established. Public key fm-provider-public-key.pem written into slot 1.
This command involves a succession of web API calls to Parrot servers as well as the drone described in this sequence diagram.
The call to accounts.parrot.com generates a temporary authentication token that is then used to other calls to academy.parrot.com
The second part retrieves the default user’s credential to connect to the Secure Element. This is done using a challenge/signature procedure to ensure the user is connected to the drone.
The last part actually add the new key the the Secure Element using a secure bridge provided by the external tool
Note: The user account secret to access the Secure Element can be stored locally for future use.
In this case the
passe-muraille tool can be used directly to handle more actions. See its help
message for more information.
$ passe-muraille -h