Configuring user keys on the Secure Element
ANAFI Ai users have access to a dedicated operator account of the drone's Secure Element. This
account is used to configure keys specific to the user. Users can configure into the Secure Element
the public keys of the flight mission providers they choose to trust. ANAFI Ai will only run flight
missions which are digitally signed with these keys. This process prevents an attacker from running
malicious flight missions on the drone.
Digitally signed pictures
ANAFI Ai's Secure Element can digitally sign the pictures taken by the drone. This signature
provides a proof that:
•
said signed picture has been taken by said drone
•
neither the picture itself nor its metadata have been tempered with (voluntarily or not) –
metadata, also known as EXIF and XMP, contain information about the date, time, and
location of the picture
In other words, the digital signature secures all data relevant to a picture, including the place where
and the time when it was taken, and by which ANAFI Ai drone.
Users as well as partners proposing software solutions exploiting drone photographs can verify the
digital signature of ANAFI Ai photos, either using the drone's certificate, or through a public key
directory, provided by Parrot.
Transparency and Bug bounty continuous security check
Whenever possible, Parrot uses standard protocol and file formats. There is no obfuscated code,
nor hidden features. It allows the user to understand how Parrot products works and check their
security. In addition, OpenFlight - the software used to control the drone - is Open Source: then, the
users benefit from full control.
Back in April 2021, Parrot has launched a "Bug Bounty" program together with
first European crowdsourced security platform. Through this partnership, Parrot benefits from
YesWeHack's vast community of cybersecurity researchers to identify potential vulnerabilities in its
drones, mobile applications and WebServices.
ANAFI Ai – © Parrot 2021
YesWeHack,
the
77