Enhancing Privacy and Security of Autonomous UAV Navigation

TL;DR

The paper addresses secure autonomous UAV navigation in adversarial settings by integrating Reinforcement Learning with Fully Homomorphic Encryption ($FHE$) to enable end-to-end encrypted inference on visual inputs. It trains an Actor-Critic PPO policy in the plaintext domain and deploys encrypted inference by adapting input processing, convolution, flattening, fully connected layers, and activations to the encrypted domain, including a spectral-domain convolution via $HFT$ and polynomial approximations for $ReLU$ and $Tanh$. A surrogate OpenAI Gym interface is also replicated in the encrypted setting to map features to actions. Experimental results demonstrate negligible accuracy loss (end-to-end $R^2=0.9631$, low MAE) but highlight substantial inference-time costs inherent to $FHE$, illustrating the trade-off between privacy and real-time UAV navigation in sensitive applications.

Abstract

Autonomous Unmanned Aerial Vehicles (UAVs) have become essential tools in defense, law enforcement, disaster response, and product delivery. These autonomous navigation systems require a wireless communication network, and of late are deep learning based. In critical scenarios such as border protection or disaster response, ensuring the secure navigation of autonomous UAVs is paramount. But, these autonomous UAVs are susceptible to adversarial attacks through the communication network or the deep learning models - eavesdropping / man-in-the-middle / membership inference / reconstruction. To address this susceptibility, we propose an innovative approach that combines Reinforcement Learning (RL) and Fully Homomorphic Encryption (FHE) for secure autonomous UAV navigation. This end-to-end secure framework is designed for real-time video feeds captured by UAV cameras and utilizes FHE to perform inference on encrypted input images. While FHE allows computations on encrypted data, certain computational operators are yet to be implemented. Convolutional neural networks, fully connected neural networks, activation functions and OpenAI Gym Library are meticulously adapted to the FHE domain to enable encrypted data processing. We demonstrate the efficacy of our proposed approach through extensive experimentation. Our proposed approach ensures security and privacy in autonomous UAV navigation with negligible loss in performance.

Figures (8)

• Figure 1: Overview: In an ordinary scenario the UAV is vulnerable to snooping attacks, as the attacker can directly steal the information. Or, query the model to infer target information, launching a model inversion attack. In our approach, the input is encrypted and the inference happens in the encrypted domain. Hence, the attacker is unable to exploit any meaningful information from the system.
• Figure 2: Architecture Overview of our Deep Learning framework implementing the Actor-Critic algorithm.
• Figure 3: Feature Extractor segment of our Deep Learning framework.
• Figure 4: Fully Connected Network segment of our Deep Learning framework.
• Figure 5: 2D Convolution in FHE Domain. Different stride-based convolutions can be extracted by multiplying appropriate vectors. The ciphertext (representative of a row of the input image) is subjected to Homomorphic Fourier Transform (HFT) because it operates in the encrypted domain. On the other hand, the convolution filter is subjected to Fast Fourier Transform because it is in the plaintext domain.