Automatic Emergency Recovery System
Drones in the News
Small civil drones, like multicopters, recently have made more appearances in press and media, such as "the parcelcopter", which transports urgent good such as medication to the German island of Juist , but increasingly also in bad contexts, such as in the case of the injured Australian triathlete or in the almost-crash with a Lufthansa flight near Warshaw this year.
The threat is real
The threat is not a negligible one, unlike one might think. Everyone can buy these drones and operate them, often without understanding how they work, or even what damage then can do. As of this year, we estimate that there are at least 1.6million of such small drones active in Europe, which is quadruple the amount of general aviation.
Lack of analysis and certification
However, in contrast to the certified and approved design of their "big cousins", the systems architecture of small drones is not driven by safety concerns: They are consumer products which are tightly integrated, under rapid development, and can only deliver a reasonable operational time, when they are designed as efficient as possible. Applying the proven development processes of their big cousins would make these vehicles not only very expensive, but also reduce their efficiency and thus shut down a number of interesting use cases, such as parcel delivery, power line inspection or traffic monitoring.
Authorities "work around" Drones
Currently, public authorities are work around that problem by setting regulations that simply "separate" these small drones from urban areas and the remaining air traffic. But looking at the rising number of use cases, there is more and more pressure towards a proper integration of those vehicles into the civil airspace.
Our Solution: An Emergency Recovery System
Our first step towards improving this situation, was the development of a parachute-based emergency recovery system for the ubiquitous multicopters. This is a plug-and-play extension for all electric multicopters, which automatically deploys a parachute in case of drone failure, such as loss of propeller, failing battery or the quiet common software errors in the autopilot. Additionally, it can be triggered manually ,whenever the pilot feels he lost control over the vehicle.
Formal Methods for Actual Safety
This system works independently of the possibly unknown or hard-to-analyze internals of the drone, and still can give certain guarantees: We applied formal verification methods to show that the system actually increases the overall level of safety, instead of just complicating the drone further. It is currently the lightest solution on the market, and has almost no impact on the flight performance. Since the development of the Emergency Recovery System was completed, it became integral part of all our multicopter flights, and on several occasions avoided a loss of control.
|dimension||50x50x150mm (parachute, folded) + 48x41x10mm (PCBs)|
|input voltage||5...25.2V (2...6 LiPo cells)|
|power consumption||<3W, depends on propulsion state|
|worst-case trigger time||<= 140ms|
|terminal speed||4.5m/s (can be changed by parachute sizing)|
|min. safe altitude||10m|
For further questions contact Martin Becker or refer to the following publication:
- Approaches for Software Verification of an Emergency Recovery System for Micro Air Vehicles, M. Becker, M. Neumair, A. Söhn, S. Chakraborty, In 34th International Conference on Computer Safety, Reliability and Security (SAFECOMP) Companion, Delft, NL. [Preprint PDF]