by Peter Kieseberg (St. Pölten UAS), Christoph Kaltenriner (Dataphone GmbH), and Peter Gallistl (Dataphone GmbH)
Drones promise significant benefits for small-and-medium-sized enterprises (SMEs) in warehouse logistics, but integrating them securely into existing systems is a complex challenge. This article explores how SMEs can overcome security risks – including man-at-the-end (MATE) attacks – and operational hurdles to effectively adopt drone technology.
Drones offer a lot of benefits when used for mundane tasks in warehouses, especially with respect to inventorisation. Thus, companies running large warehouses have dived deep into automatisation, optimising their warehouses accordingly with specially designed solutions. This not only includes the integration of robotic hardware, be it ground-based solutions or even drones, but especially rebuilding the warehouse with intelligent shelving systems that communicate with the infrastructure and potentially the mechanical actors. Security is very important in these solutions [1], with a lot of thought put into the respective aspects of the system architecture, including focus on MATE attacks. While these solutions are certainly very promising for large cooperations being able to build large custom-made warehouses, it is infeasible for the standard SME, both, from a cost side, as well as from the fact that SMEs typically cannot shut down their facilities for long in order to update them to this level.
Thus, intelligent warehouse logistics using drones needs to be able to securely integrate with a lot of legacy equipment, ranging from the very shelves to the software components controlling the warehouse, in order to allow for secure integration. This especially poses problems for current state-of-the-art drone solutions, as these environments are not able to support the drones through communication and shelf-side automation features. Furthermore, the high degree of automation as is pushed forward by big cooperations is not feasible for SMEs, still requiring human workers to fulfil a multitude of tasks. This further complicates the task of drone integration, as human workers might leave goods on the floor, or might not stack shelves exactly enough in order for the drones to follow their flight paths without bumping into them. While this could theoretically be solved using AI methods, recent research has shown that drones have severe problems in similar complex environments [2].
Given the side parameters outlined above, security becomes a major concern, especially considering MATE attacks when comparing the environments to highly professional automated logistic warehouses:
- The drone control system needs to interact with a multitude of different backend software systems, often of questionable security.
- Configuration of and interaction with the system needs to be done on a regular basis by a lot of involved persons due to layout changes in the warehouses and the absence of communication with the shelving systems. This stands in stark contrast to modern warehouses of large companies that are highly optimised for automation.
- In addition, the typical shelving system prevailing in SMEs has no means of detecting mis-stacking or other errors in the stacking process, thus requiring the drone and its control system to take care of such matters. This adds a layer of complexity that is either ignored and put into the hands of the human workers, or can cause problems for the drones, e.g. through crates invading the drones’ designated flight paths. Drones with the necessary sensors on board for dealing with these kinds of problems are currently prohibitively expensive for most SMEs.
- In addition, warehouses in the SME sector are in general not fully automated, i.e. human workers need to work there too. While side-by-side work with drones is currently out of the question in this price class for safety reasons, so-called mixed environments can be set up by separating the drones from the human workers through shifts, e.g. having the human workers work by day and the drones doing their tasks like inventorisation at night. This, of course, also opens a lot of chances of interference of workers with the drones, either due to carelessness or malicious intent.
In addition, contrary to many other environments, small disturbances can wreak havoc on a company, especially when dealing with Just-in-Time (JIT) logistics. Another MATE-related problem lies in the fact that both logistics software, as well as software controlling the drones, are typically closed source. While the former is often quite old and undocumented, current developments in AI also allow drone control software to evolve very quickly, which makes security testing complex and costly. Furthermore, procurement of systems containing AI components is far from trivial from a security perspective, as shown in [3]. While typical logistics does not fall under the high-risk level of the AI-Act, except of course where critical infrastructure is involved, they might need to follow the NIS and NIS2 regulations, where a lot of legal work needs to be done with respect to training of AI systems and AI risk management.
In summary, drones in SME warehouses offer great opportunities in becoming more competitive and cutting costs for many tasks like inventorisation, yet there are still open challenges with respect to system hardening, especially against MATE attacks.
References:
[1] A. Rejeb, et al., “Drones for supply chain management and logistics: a review and research agenda,” Int. J. of Logistics Research and Applications, pp.1–24, 2021.
[2] A. Buchelt, et al., “Exploring artificial intelligence for applications of drones in forest ecology and management,” Forest Ecology and Management, vol. 551, p.121530, 2024.
[3] P. Kieseberg, et al., “Security considerations for the procurement and acquisition of Artificial Intelligence (AI) systems,” in 2022 IEEE Int. Conf. on Fuzzy Systems (FUZZ-IEEE), pp. 1–7.
Please contact:
Peter Kieseberg, St. Pölten University of Applied Sciences, Austria
