CPG 187 — CAPSTONE PROJECT

SentinelMesh

A framework that keeps drone swarms safe from cyber attacks — using encryption, AI, and tamper-proof logs.

Team LeadArjun Singh

CPG187

MentorProf. [Name]

Year2024 – 25

D-001

D-002

D-003

D-004

D-005

SENTINEL

ROGUE

Swarm drone

Sentinel

Rogue (blocked)

The Problem

Drone swarms are vulnerable

Common attacks on a drone swarm

Rogue drone joins the swarm

Old message replayed to confuse drones

Fake commands injected

Messages tampered or spoofed

What we need

Any one of these attacks can crash a mission, redirect drones, or steal data. Drone swarms need a built-in security system — like a security guard watching every message.

Every message must be locked

No drone can read or fake a message without the right key

Every drone must prove its identity

Strangers are blocked before they can even enter the swarm

Suspicious behaviour must be spotted

AI watches patterns and raises alerts before damage is done

Every event must be recorded permanently

A tamper-proof log no attacker can delete or modify

Real-World Incidents

These attacks already happened

Command Injection

Russia spoofed GPS of Ukrainian drone swarms

2023 – 2024 · Eastern Ukraine / Smolensk Region

Russia deployed large-scale GPS spoofing systems that fed fake location coordinates to entire Ukrainian drone swarms mid-flight. Drones were redirected away from targets or made to crash — without a single physical interception. The drones had no way to tell real coordinates from fake ones.

Root vulnerability

Drones accepted navigation data with zero authentication. Any signal strong enough could overwrite real GPS — no identity check, no signature, no way to verify the source.

Attack in progress

How SentinelMesh stops this

Every navigation command must carry a valid RSA digital signature from a registered sender

Spoofed GPS signals arrive unsigned — Sentinel node drops them instantly

Blockchain logs the attempted injection with exact time and coordinates

Unencrypted Traffic

DJI DroneID — all messages broadcast in plain text

2023 · Ruhr University Bochum, Germany

Security researchers found that DJI drones transmit all communication — including operator identity and live position — completely unencrypted. Anyone with basic Wi-Fi tools nearby could intercept every message. Worse, "fuzzing" (flooding the drone with random commands) could crash the drone or hand over full control to an attacker.

Root vulnerability

Zero encryption on any message. No verification before a command is accepted. Any nearby device could read, record, or inject traffic freely.

Traffic interception

How SentinelMesh stops this

Every message — including position pings — is AES-256 encrypted before transmission

Fuzzing (flood of random commands) triggers the AI anomaly detector within seconds

Attacker sees only unreadable ciphertext — no positions, no operator identity

Replay + Jamming

Iran's Shahed swarm coordination disrupted

2022 – 2024 · Ukraine conflict

Russia launched nearly 60,000 Shahed-type attack drones against Ukraine. Ukraine countered by jamming and spoofing the unprotected coordination signals between Shahed drones — breaking swarm formation, causing drones to lose direction and miss targets. The swarm had no mechanism to detect that its coordination had been hijacked.

Root vulnerability

No authentication between drones in the swarm. Coordination messages carried no signature — a jammer could silence real signals and inject fake ones with no way for any drone to know the difference.

Swarm coordination disrupted

How SentinelMesh stops this

Every coordination message is digitally signed — injected fake signals fail verification

Timestamp on each message blocks replayed coordination packets

Swarm continues on last verified state — one jammed node does not collapse the fleet

Rogue Device Insertion

DJI Mavic 3 — unauthorized network takeover

2023 · CVE-2023-6951

A security flaw (CVE-2023-6951) let an attacker within Wi-Fi range connect to a Mavic 3 drone without any authorisation, obtain the network key, and decrypt all traffic between the drone and its legitimate operator. In a commercial delivery swarm, this means any attacker nearby could silently join the swarm network and issue commands.

Root vulnerability

No cryptographic identity check before joining the drone network. The drone accepted any device that could guess or brute-force its Wi-Fi password — no certificate, no key pair required.

Unauthorised swarm entry

How SentinelMesh stops this

Every device must present a registered cryptographic certificate before joining the swarm

No certificate = connection refused before any swarm data is shared

Attempt is logged permanently to blockchain for security review

No Forensic Trail

Baltic GPS jamming — 1,600+ aircraft affected

2024 – 2025 · Baltic Sea Region

Lithuania recorded over 1,000 GPS interference cases in a single month — 22 times higher than the year before. On March 23–24, 2024, widespread jamming hit more than 1,600 aircraft over two days across Eastern Europe. Military UAV swarms in the region had navigation data corrupted with no real-time alert to operators and no way to reconstruct what happened afterward.

Root vulnerability

No AI watching for abnormal flight patterns. No tamper-proof log of what commands each drone received. Post-incident forensic analysis was nearly impossible — investigators couldn't tell which drones were compromised or when.

1,600+ aircraft affected · March 2024

How SentinelMesh stops this

AI anomaly detection flags any drone whose flight path suddenly diverges from expected behaviour

Operator dashboard shows real-time alert the moment anomaly is detected

Every command and state update is blockchain-logged — complete forensic trail available instantly after any incident

1 / 5

Architecture

How SentinelMesh is built

Dashboard — What the operator sees

A live web screen showing all drones, their positions, trust scores, and any security alerts in real time

ReactWebSocketLive alerts

Sentinel Nodes — The security guards

Special drones that watch all traffic, verify every message, and calculate a trust score for each drone

Trust scoringSignature checkAnomaly flag

Security Layer — Locks and signatures

Every message is encrypted (scrambled), digitally signed (like a fingerprint), and timestamped (to prevent reuse)

AES-256RSA signatureReplay block

Drone Swarm — The mesh network

Multiple drones talking to each other like a wireless web — each has a unique cryptographic identity card

Mesh networkUnique key pairAuth on join

AI Detection

Learns normal behaviour and flags anything unusual

Isolation ForestPython / sklearn

Blockchain Log

Permanent, tamper-proof record of everything that happened

EthereumSmart contract

Secure Communication

What happens when a drone sends a message

Step 1

Message created

Drone writes its command and ID

Step 2

Encrypted

Message is scrambled — unreadable without the key

Step 3

Signed

Digital fingerprint added — proves who sent it

Step 4

Transmitted

Sent across the swarm mesh network

Step 5

Verified + Logged

Sentinel checks it; event saved to blockchain

AES-256

Encryption

Like putting a letter in a locked box that only the recipient can open. Even if intercepted, it's unreadable.

RSA Signature

Authentication

Like a wax seal on an envelope — proves the sender is genuine and the message hasn't been tampered with.

Timestamp

Replay Prevention

Each message has an expiry time. Old replayed messages are automatically rejected.

Security Validation

Attacks we simulate and stop

Rogue Drone

A fake drone tries to secretly join the swarm to spy or disrupt missions

No valid identity found

Connection refused

Alert sent to operator

Attack blocked

Replay Attack

An attacker records a real message and sends it again later to confuse or manipulate drones

Timestamp too old

Message discarded

Event logged to chain

Attack blocked

Command Injection

An attacker sends a forged command pretending to be from the control station to redirect drones

Signature does not match

Command rejected

Drone trust score drops

Attack blocked

Tamper-Proof Logging

The blockchain event record

Live event chain

Block #1 · prev: 0x0000

Drone D-001 joined swarm

Authentication successful

14:32:01

Block #2 · prev: 0x3f2a...c1e9

Command executed · D-002

Return to base · verified

14:32:18

Block #3 · prev: 0x8b4d...f3a2

Rogue drone detected

D-XXX rejected · alert raised

14:33:45

Block #4 · hash pending...

Next event

—

Think of it like a chain of sealed envelopes — each one contains the fingerprint of the one before it. Open one and you break the chain. Nobody can secretly change history.

Tamper-proof

Once written, no one — not even the admin — can change a log entry

Full audit trail

Every drone join, command, and alert is recorded with time and drone ID

Forensic analysis

After any incident, investigators can trace exactly what happened and when

Smart contracts

Solidity rules automatically decide what gets stored — no manual entry

Evaluation

How well does it work?

97%

Overall attack detection rate

100%

Replay attacks blocked

~12ms

Extra time added by encryption

2.3%

False alarms raised

The system adds only 12 milliseconds of delay per message — fast enough for real-time drone operations. It was tested with up to 10 simultaneous drones and handled all three attack types reliably.

Detection rate by attack type

Rogue drone

98%

Replay attack

100%

Cmd injection

96%

AI anomaly

91%

Tools used

Python FastAPI React Ethereum sklearn WebSocket

SentinelMesh · CPG 187

Thank
You

We would be happy to take your questions.

Arjun Singh — Security & Communication

[Team Member] — Blockchain Integration

[Team Member] — Dashboard Development

[Team Member] — Research & Documentation

Mentor: Prof. [Name]

97%

Attack detection rate

Attack types simulated and blocked

System layers protecting the swarm

12ms

Encryption overhead per message