flytOS authentication and security


#1

Hello,

From this diagram:

It seems there is some way to add authentication / security to the REST APIs that are available from the drone.

Clearly we don’t want anyone with a computer to be able to control our drone.

Can you give me some documentation or advice on how to activate this on FlytOS Commercial Edition?
(I assume it should be available).

Something like add a username / password to FlytConsole, maybe HTTPS for rest APIs, if not then some required headers, things like that.

Thank you,
Alex.


#2

Hi @aluca,

The authentication & security layer exists when trying to control the drone via FlytCloud.

Even though the diagram suggests, the same layer does not exist, in case of local network REST commands. We had developed the auth layer with username and password based authentication to an extent, but it has not been released yet into the production release. We never got a strong push from our customers for this feature.

Well, they won’t be able to unless you give them access to your local network.


#3

If the drone is connected to the internet, then anyone will be able to control it, right?

Is the auth layer working / is there a chance you will release it sometime?

Thanks.


#4

If this is not possible, is there a way to make an onboard app to start together with the flytOS?
(I assume by using basic Linux tools).

I’m asking if there is a feature for that.

But in my opinion on flytOS Commercial Edition there should be some basic security features…


#5

I may be missing something obvious. Can you please elaborate.

Currently, that module is on a back burner, with no clear release plan. As I said, we never received any serious requests from our customers on this before.

Let me coordinate with my team on this, and we will get back to you.


#6

If drone has a 3G stick attached, and a public IP, let’s say 8.8.8.8.

Anyone with a HTTP Client - basically a browser, can run a request to http://8.8.8.8/ros/flytos/navigation/disarm , and crash the drone.

If there is no security - or just tell it to land, go somewhere else, anything.


#7

yes. theoretically, you are correct.

As I said, I am coordinating with my team on this.
Hopefully, we should have an update soon.


#8

can you give us a brief on your requirement for this feature.

  • Do you need a separate user management feature as well? Or will just one admin user will do.
  • It would be great if you could divide your requirements into two sections:
    • Must have feature
    • Nice to have feature

#9

Something like a username / password or OAuth2 Token. :grinning:


#10

Hi @chen_log,

Thanks for the input.
For API authentication, we have chosen to implement ‘Basic Authentication’. Unfortunately, the release is still not ready yet. We will update this thread when it does.