TASK 5: RF Communication in UAVs

Objective: Learn about radio frequencies used in UAVs (2.4GHz, 5.8GHz, Lora). Understand the various security implications in the different wireless protocols used in drones, along with the emerging threats and ways of mitigation. Understand the procedure which goes behind the binding of an ELRS receiver. Bind the 2.4 GHz RP1 Rx with the TX 16S MK-ll.
Outcomes and Learnings:

• A frequency band is a range of frequencies within the electromagnetic spectrum allocated for a specific purpose.
• Most commonly, there are two types of frequency bands that are widely used around the globe, i.e. 2.4 GHz and 5GHz.
• 2.4 GHz is the most commonly used frequency band which is used in other appliances too, such as oven and cell phones, which results in the interference with the the WiFi signal and slows down the speed.
• As a result, 5GHz was introduced, which is used by comparatively less devices, resulting in better WiFi signal.
• Wireless Channel: It is a way to fine tune and alter a frequency. (It can be imagined as an old radio on which the frequency needs to be changed so as to get the better signal for clear voice.)
  Higher number of non-overlapping channels would mean lesser interference, stable connections.
  • 2.4 GHz has 11 wireless channels.
  • It has only 3 non-overlapping channels, namely Channel 1,6 and 11.
  • On the other hand, 5GHz has 25 non-overlapping channels.

---

Feature	2.4 GHz	5 GHz
Frequency Range	~2.4 to 2.5 GHz	~5.15 to 5.825 GHz (varies by region)
Speed	Lower maximum speed (up to ~600 Mbps)	Higher maximum speed (up to several Gbps)
Range	Longer range (better wall penetration)	Shorter range (weaker penetration)
Channels Available	11 (3 non-overlapping)	25 non-overlapping
Interference	Higher (used by many devices: Bluetooth, etc)	Lower (less congested, more channels)
Best For	Larger coverage areas with fewer devices	High-speed, short-distance connections
Latency	Typically higher	Lower latency (better for gaming, streaming)
Device Compatibility	Supported by almost all Wi-Fi devices	Newer devices required for full support

---

LoRaWAN: Long Range Wide Area Network
It uses unlicensed frequency band for long-range communication. It is built on top of LoRa (Long Range), which is a physical layer modulation technique. It is classified into 3 classes: Class A, Class B, Class C.\

Class A	Class B	Class C
Longest battery life	Average battery life	Longest battery life
Stays in sleep mode for majority of the time	Listens to network perodically	Listens to network continuously
Example-Fire Alarm	Example- Metering of temperature, humidity	Example- Traffic monitoring

LoRa Architecture:

1. Gateways: It receives messages from the devices.
   Demodulates LoRa message (packet).
   Forwards packets to network server with the use of Internet or LAN.
2. Network Server: It handles authentication and authorisation.
   It schedules downlink messages.
   It communicates with application server.
3. Application Server: It receives messages from netwrok server and decrypts the data.\

The frequency band used by LoRa varies region by region. In India, it operates in the 865–867 MHz band.

---

Drone Components:

Component	Function	Key Protocols Used	Potential Vulnerabilities
Command & Control (C2)	Transmits pilot instructions to the drone	2.4 GHz/5.8 GHz Wi-Fi, FHSS, DSSS, LTE, SATCOM	Signal interception, jamming, protocol spoofing
Telemetry Data	Provides real-time flight data (position, altitude, speed)	MAVLink, DJI Lightbridge, LoRa, DroneCAN	Data injection, signal hijacking
Video Transmission	Sends live feed to the pilot or external system	FPV (Analog or Digital), OcuSync, Wi-Fi, 5G LTE	Man-in-the-middle (MITM) attacks, feed interception
Navigation & GPS	Enables autonomous navigation and geofencing	GPS, GLONASS, BeiDou, Galileo	GNSS spoofing, jamming, denial of service
Payload Data Link	Transfers sensor and payload data	4G/5G, SATCOM, proprietary links	Data exfiltration, interference, encryption bypass

---

Key Wireless Protocols & Security Risks in UAVs:

i) 2.4 GHz & 5.8 GHz Radio Control (RC) Signals

• Widely used for drone control.
• Security Risks: Vulnerable to signal interception, hijacking, and jamming attacks

ii) Wi-Fi-Based Drone Control

• Drones equipped with Wi-Fi control are convenient to use.
• Security Risks: Man-in-the-middle (MITM) attacks, Deauthentication attacks (Wi-Fi jamming), Packet injection for remote takeover.

iii) MAVLink Protocol: Open-Source Telemetry Standard

• Used extensively in autonomous UAVs
• Security Risks: Unencrypted data exchange (default settings)
  Susceptible to data injection attacks, allowing unauthorized control.

iv) 4G/5G LTE & SATCOM-Controlled Drones

• Long range accessibility for drones over mobile networks.
• Security Risks:
  Harder to detect due to lack of RF emissions
  Cloud-based control allows remote operation from anywhere

Emerging Threats in Drone Communication Systems

1.GNSS Spoofing & GPS Jamming
Attackers can transmit counterfeit GPS signals, tricking drones into miscalculating their location.
Impact: UAVs can be forced to change flight paths or even crash.
Countermeasure: Multi-constellation GNSS receivers and inertial navigation backups. 2.Signal Hijacking & Remote Takeover Attacks
Weak encryption allows attackers to inject false commands into drone control links.
Countermeasure: Strong encryption (e.g., AES-256) and authentication-based command inputs.
3.Network-Based Attacks on Wi-Fi-Controlled Drones
Wi-Fi-controlled drones are highly susceptible to deauthentication and MITM attacks.
Countermeasure: WPA3 encryption, SSID broadcasting disablement, and dynamic IP allocation.

Strategies for Securing Drone Communication Networks

1.RF Spectrum Monitoring Passive RF monitoring detects UAV emissions within the 300 MHz – 6 GHz range.
Helps identify C2 links, telemetry beacons, and FPV signals in real time.

2.Encrypted Telemetry & Secure Authentication Implementing secure command authentication prevents unauthorized access.
End-to-end encryption minimizes hijacking risks.

3.Deep Packet Inspection for Networked UAVs Cellular-connected drones can be identified via traffic analysis.
Detects suspicious drone activity over LTE networks.

4.Adaptive Counter-UAS Technologies AI-driven RF anomaly detection classifies drone activity.
Multi-sensor fusion (RF, radar, EO/IR cameras) enhances detection accuracy.

---

ELRS

• Express Long Range System is an open-source radio control protocol. It offers a number of features that make it an appealing option for use on FPV drones.
• It's designed to provide low latency, long range, and high stability with its LoRa technology.
• The low latency and high performance of ELRS make it a popular choice for FPV (First Person View) racing and drone applications, where responsiveness and speed are crucial.
• Some of the advantages offered by ELRS are Low Latency, Long Range, Open Source, available in both frequency bands : 2.4 GHz (offers lower latency) and 900 MHz (better penetration).
  Working: ELRS is present in the hand controller and the ELRS receiver is present in the drone/quadcopter. It links with the hand controller and provides the wireless link which controls the drone.
  Setup:
• Install ExpressLRS Configurator (from GitHub)
• Flash Firmware to TX and RX
• Use same binding phrase in firmware.
• Bind Devices
• Auto-bind via binding phrase (recommended), or press physical bind button.
• Configure Betaflight
• Set UART for serial RX
• Set Receiver to CRSF protocol
• Check Channels & Failsafe

TASK 6: Basics of PID

Objective: Understand PID tuning for UAV stability
Learn how GPS Hold and Altitude Hold work, tabulate the differences between the two
Tabulate the differences between GPS Hold and Altitude Hold
Outcomes and Learnings: In drones, a PID (Proportional-Integral-Derivative) control system is a sophisticated method for maintaining stable flight and precise control over various aspects like altitude, orientation, and movement. It works by continuously calculating the difference between the drone's desired state and its current state, then adjusting motor speeds to minimize that difference.
P – Proportional Reacts to the current error The bigger the error, the bigger the correction.
I – Integral Reacts to the accumulated past error Helps eliminate long-term steady-state error.
D – Derivative Reacts to the rate of change of error Predicts future error, helps with stability and response speed\

• An example to better understand it:
  Imagine driving a car to stay in the center of a lane:
  P pushes you back toward the center the more you're off.
  I remembers if you're consistently off to one side and corrects it.
  D slows your steering response if you're overcorrecting too fast.

---

Altitude Hold is used when flying in calm indoor/outdoor areas and want help with vertical stability.
GPS Hold is used when you want the drone to hover in one place without drifting, especially outdoors.
GPS-Global Positioning System
The following tabular column provides more insight on the difference between the two.

Feature	Altitude Hold	GPS Hold (Position Hold)
Function	Maintains constant altitude	Maintains altitude and horizontal position
Sensors Used	Barometer / IMU	GPS + Barometer / IMU
Horizontal Stability	Not maintained (can drift)	Maintained (resists wind and movement)
Wind Resistance	No compensation	Automatically corrects for wind
Use Case	Indoor or GPS-denied environments	Outdoor flying with GPS signal
Precision	Moderate (altitude only)	High (position and altitude)
Navigation Ability	No position lock	Locks current GPS coordinates
Drift Control	Manual correction required	Automatically stabilized

TASK 7 : Different Flight modes in Mission Planner

Objectives: Explore, learn & understand the use case of the following flight modes in the Mission Planner software: Stabilize, ACRO,Altitude Hold, Auto, Guided, Loiter, Return to Home (RTL),Circle, Land, Drift, Pos Hold, Guided_NoGPS, Smart RTL, Follow Mode, Outcomes and Learnings:

1. Stabilize Mode What it does: Provides manual flight control with self-leveling. Pilot Control: You control pitch, roll, yaw, and throttle. Use Case: Great for beginners to practice manual flight. Safe because the drone auto-levels. Sensors Required: IMU (gyro + accelerometer)
2. ACRO Mode (Acrobatic) What it does: Gives full manual control with no leveling. Pilot Control: Full rate-based control of all axes. Use Case: For aerobatics, racing, or advanced pilots wanting flips, rolls, etc. Sensors Required: IMU only Note: No GPS or altitude hold.
3. Altitude Hold Mode What it does: Maintains current altitude automatically. Pilot Control: Pitch, roll, and yaw are manual; throttle stick controls climb/descent rate, not power. Use Case: Easier to fly steadily, especially for video or learning. Sensors Required: IMU + Barometer
4. Auto Mode What it does: Executes a full autonomous mission from waypoints. Pilot Control: No manual control unless overridden. Use Case: Preplanned flights for mapping, survey, inspection, etc. Sensors Required: GPS + Compass + Barometer
5. Guided Mode What it does: Semi-autonomous control via GCS or scripts. Pilot Control: Ground station can send real-time commands like “go here,” “take off,” etc. Use Case: Dynamic missions, AI integration, or GCS-controlled flight. Sensors Required: GPS + Compass + Barometer
6. Loiter Mode What it does: Holds current GPS position and altitude. Pilot Control: Stick inputs move the drone; releasing sticks returns it to position hold. Use Case: Aerial photography, hovering in place, or pause during flight. Sensors Required: GPS + Compass + Barometer
7. Return to Home (RTL) Mode What it does: Returns the drone to the takeoff or home location and lands (or hovers). Pilot Control: Fully automatic unless overridden. Use Case: Failsafe, low battery, or lost signal scenarios. Sensors Required: GPS + Compass + Barometer
8. Circle Mode What it does: Circles around a point (usually the pilot or a defined location). Pilot Control: Can change radius and speed from GCS or stick inputs. Use Case: Filming a subject, surveillance, or scenic shots. Sensors Required: GPS + Compass + Barometer
9. Land Mode What it does: Lands the drone slowly and safely. Pilot Control: None during descent unless overridden. Use Case: Auto land at mission end, after RTL, or manual trigger. Sensors Required: Barometer (GPS optional)