Security#

Air SDK provides unique security features (Hardware Secure Element and Digital Certificate). This prevents running malicious code on the drone and allows to secure the connection between the drone and your own systems.

General description#

Secure Element#

The Secure Element is a hardware component, similar to a smart card:

  • it provides a Drone Certificate used to identify each drone in a unique way.

  • it provides an associated private key for third parties to authenticate drones.

  • like a safe, it stores keys.

  • it provides cryptographic computation. It verifies digital signature o flight missions and drone firmware.

The Secure Element of the drone is a WISEKEY VaultIC405. It is FIPS 140-2 (Federal Information Processing Standard) compliant.

In addition, the Secure Element has a Common Criteria EAL5+ certification. The certification description is available here and the Security Target is here.

Drone Certificate#

Each drone has a unique digital certificate. Drone certificate are signed by Parrot (acting as a dedicated Certificate Authority).

Certificate example:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 4919 (0x1337)
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = FR, ST = None, L = Parrot, CN = drones.parrotdrones.com, emailAddress = ca@parrotdrones.com
        Validity
            Not Before: Feb 13 10:03:02 2020 GMT
            Not After : Jun 14 10:03:02 2044 GMT
        Subject: C = FR, ST = None, L = Parrot, CN = 1337.drones.parrotdrones.com, emailAddress = ca@parrotdrones.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (521 bit)
                pub:
                    04:01:44:85:29:1f:82:fe:f8:13:a7:5d:5e:33:a3:
                    b4:2d:ac:45:e7:ba:aa:36:dd:4e:66:d7:8d:ef:f0:
                    8f:13:ac:1a:0a:d4:8d:2d:f7:44:15:2f:b0:71:4b:
                    56:d8:a9:7a:f5:12:28:4e:ba:99:49:73:fa:63:d7:
                    56:e6:b7:5f:b4:32:45:00:96:c6:ce:7f:cb:45:3d:
                    45:1a:c1:01:90:61:78:65:84:89:54:59:5d:64:79:
                    8f:7a:c3:8b:30:9f:08:1d:4f:b1:86:71:9e:79:9d:
                    6f:43:09:cb:02:16:85:d0:ac:a2:5c:c9:5c:5d:db:
                    bd:46:13:ed:70:1b:ea:5f:45:81:58:05:32
                ASN1 OID: secp521r1
                NIST CURVE: P-521
    Signature Algorithm: ecdsa-with-SHA256
         30:81:88:02:42:01:ae:00:7e:64:c6:8b:5c:25:e0:06:97:36:
         7d:10:da:38:be:f3:b1:a2:a7:d5:ba:df:30:71:59:01:40:77:
         ee:11:c6:57:bf:b7:17:7d:99:bd:41:30:ea:e0:f4:c1:19:64:
         3e:4a:63:0e:87:9c:df:f9:5d:d6:a5:6a:65:37:32:8a:81:02:
         42:00:d1:8b:50:23:95:76:18:97:f4:ab:a0:7d:9a:47:97:27:
         d0:d0:47:87:fc:46:c4:20:62:18:6e:d3:a2:14:0e:13:c4:41:
         15:de:26:13:cd:52:85:f9:79:ab:b3:0d:84:0e:3e:da:d0:86:
         0d:3e:26:5f:5b:f3:9c:a9:8c:5a:25:4d:8a
-----BEGIN CERTIFICATE-----
MIICXDCCAb0CAhM3MAoGCCqGSM49BAMCMHMxCzAJBgNVBAYTAkZSMQ0wCwYDVQQI
DAROb25lMQ8wDQYDVQQHDAZQYXJyb3QxIDAeBgNVBAMMF2Ryb25lcy5wYXJyb3Rk
cm9uZXMuY29tMSIwIAYJKoZIhvcNAQkBFhNjYUBwYXJyb3Rkcm9uZXMuY29tMB4X
DTIwMDIxMzEwMDMwMloXDTQ0MDYxNDEwMDMwMloweDELMAkGA1UEBhMCRlIxDTAL
BgNVBAgMBE5vbmUxDzANBgNVBAcMBlBhcnJvdDElMCMGA1UEAwwcMTMzNy5kcm9u
ZXMucGFycm90ZHJvbmVzLmNvbTEiMCAGCSqGSIb3DQEJARYTY2FAcGFycm90ZHJv
bmVzLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAUSFKR+C/vgTp11eM6O0
LaxF57qqNt1OZteN7/CPE6waCtSNLfdEFS+wcUtW2Kl69RIoTrqZSXP6Y9dW5rdf
tDJFAJbGzn/LRT1FGsEBkGF4ZYSJVFldZHmPesOLMJ8IHU+xhnGeeZ1vQwnLAhaF
0KyiXMlcXdu9RhPtcBvqX0WBWAUyMAoGCCqGSM49BAMCA4GMADCBiAJCAa4AfmTG
i1wl4AaXNn0Q2ji+87Gip9W63zBxWQFAd+4Rxle/txd9mb1BMOrg9MEZZD5KYw6H
nN/5XdalamU3MoqBAkIA0YtQI5V2GJf0q6B9mkeXJ9DQR4f8RsQgYhhu06IUDhPE
QRXeJhPNUoX5eauzDYQOPtrQhg0+Jl9b85ypjFolTYo=
-----END CERTIFICATE-----

Each certificate has a unique Common Name, for example 1337.drones.parrotdrones.com, in the above certificate. A drone certificate is associated to an ECDSA key pair, generated with NIST curve P-521 domain parameters. These parameters have been chosen in order to ensure a long lifetime of the private key. And users won’t need to renew the drone keys and certificate.

The drone certificate authority is drones.parrotdrones.com. You can download the public key here.

You can download the drone certificate:

$ curl -i "http://anafi-ai.local/api/v1/secure-element/drone.der"

Digital Signature#

Description#

In order to prevent an attacker to run malicious code, the drone will only execute authorized and digitally signed flight missions. ECDSA keys are used for digital signature. The drone’s user is the only one able to configure the public keys of the flight mission trusted providers.

Generate a key pair#

The flight mission provider has to generate an ECDSA key pair to sign flight missions. He can use the same key to sign different version of a flight mission or different flight missions. The user will only have to configure one key per provider.

The provider has to choose P-521 domain parameter. He can generate his own private key this way:

$ openssl ecparam -name secp521r1 -genkey -noout -out fm-provider-private-key.pem

Important

This private key shall never be shared with anyone and has to be stored on a secured system. For example, on a secure server used to build and signed flight missions. As an alternative, the provided build system also proposes to use remote management of the key with AWS Key Management Service (KMS). https://aws.amazon.com/kms/

The public key can be extracted this way for a local key:

$ openssl ec -in fm-provider-private-key.pem -pubout -out fm-provider-public-key.pem
read EC key
writing EC key

The output file fm-provider-public-key.pem is the key that the flight mission provider will share with his clients.

Add a key to the Secure Element#

As a user, you can choose which flight mission provider you trust. You can add the provider’s key into the wallet of the Secure Element of your drone with the manage_keys.py utility.

$ ./build/dragon_buildext_mission/manage_keys.py --add-key fm-provider-public-key.pem
INFO:root:Retrieving drone serial number
INFO:root:-> PIXXXXXXXXXXXXXXXX
INFO:root:Generating challenge
INFO:root:Sending challenge to drone
INFO:root:Completing operation with drone response
INFO:root:Writing drone SENC/SMAC in '/tmp/tmpwocw63xh'
INFO:root:Adding key 'fm-provider-public-key.pem' to the drone
truncating vsnprintf buffer: [,]
Connection to remote secure element established.
Public key fm-provider-public-key.pem written into slot 0.

This command involves a succession of web API calls to Parrot servers as well as the drone described in this sequence diagram.

../_images/manage_keys.svg
  • The call to accounts.parrot.com generates a temporary authentication token that is then used to other calls to academy.parrot.com

  • The second part retrieves the default user’s credential to connect to the Secure Element. This is done using a challenge/signature procedure to ensure the user is connected to the drone.

  • The last part actually add the new key the the Secure Element using a secure bridge provided by the external tool passe-muraille.

Note: The user account secret to access the Secure Element can be stored locally for future use. In this case the passe-muraille tool can be used directly to handle more actions. See its help message for more information.

$ passe-muraille -h