Professional Documents
Culture Documents
Integrity and Authenticity of ADS-B Broadcasts
Integrity and Authenticity of ADS-B Broadcasts
Integrity and Authenticity of ADS-B Broadcasts
Abstract-We propose a novel approach to provide presents our proposed key distribution scheme. Section 6
authenticity and integrity of Automatic Dependent describes the testbed and initial experimentation. Section 7
Surveillance-Broadcast (ADS-B) messages. We employ a key describes related work and Section 8 has our conclusions.
management schema for authentication and rely on a keyed
2. ADS-B BACKGROUND
hashed message authentication code (HMAC) for integrity.
Our approach avoids scalability and compatibility issues, as we
neither change the packet format nor its size. ADS-B is expected to replace existing standards for
communication between aircrafts and Air Traffic Control
T ABLE OF CONTENTS (ATC) towers that currently use Primary Surveillance Radar
(PSR) and Secondary Surveillance Radar (SSR)s. PSR uses
1. INTRODUCTION .•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•. 1
the time lag for a pulse to be reflected back to estimate the
2. ADS-B BACKGROUND ......................................... 1 approximate position of an aircraft. SSR communicates with
3. CATEGORIZING ADS-B ATTACKS ••••••••••••••••••••••• 2 the aircraft transceiver in order to determine its position and
4. APPROACH ••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 2 relay navigation instructions. However, the latter requires
5. KEY DISTRIBUTION •.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•. 4 collaboration from the pilot and may be subject to human
errors. ADS-B alleviates some of these shortcomings by
6. EVALUATION ••••••••••••••••••••••••••••••••••••••••••••••••••••• 4
providing a more flexible, automated, and cost-effective
7. RELATED WORK •.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•. 6 alternative. ADS-B is already used in Europe, Canada,
8. CONCLUSION ..................................................... 7 Australia and is to be implemented in the NextGen project
REFERENCES .•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•. 7 [5].
BIOGRAPHY 7
ADS-B Out and ADS-B In.
.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.•.
�
•
• Medium difficulty attacks: Contains attacks where
the attacker generates malicious data to be injected
.»
(Ce in a random or pseudo-random fashion and does
not move the transmitter radio.
Alrpj �l'f • Advanced attacks: attacker leverages advanced
flight simulator software to generate and transmit
� � �
malicious packets via a stationary radio.
• Expert attacks: ADS-B packets are generated using
a flight simulator program and a moving
transmitter (e.g., one placed in an aerial vehicle).
4. APPROACH
2
packet format with free bits such as in [ 10]. This
solution suffers from poor scalability due to the need of
transmitting more data than required.
� rllt •
4a 4b
3
� ... -
Sa 5b 5c
2 msgs/sec 0.84 1.98 0.5 Our second contribution is the key distribution. We assume
that prior to the approach, every air-vehicle approaching an
airfield obtains permissions. A simplified example is
Table 1: Jitter variation
illustrated in Figure 6, where the red circle corresponds to
The next step is to compare the simulated end-to-end delays, zone A, which is under control of ATC Tower A, while the
which is comprised of transmission delay and processing blue circle corresponds to zone B under the control of ATC
delay, when ADS-B is used without versus with security Tower B. The dotted line represents the proposed trajectory
and to compute the corresponding jitter which corresponds of the aircraft. We assume that at the time of granting
to the average variation introduced by our security scheme. permissions, the aircraft will be given a set of keys to be
This is shown in Figure 5, where Figure 5a and Figure 5b used, one for each zone on the planned flight path. Because
respectively show with and without hashing. the ATC that governs every zone is geographically well
defined, the aircraft can choose the appropriate key.
In order to determine the effect of transmission rate on jitter,
we compute the jitter while changing the transmission rate 6. EVALUATION
to be 1 ADS-B message per second or 2 ADS-B messages
We now describe the testbed, illustrated in Figure 7. The
per second. Table 1 shows the minimum, the maximum and
first component of the testbed is the Track Source, which
the mean jitter for every experiment. It shows that
periodically generates position updates from different
increasing the transmission rate decreases the jitter.
aircrafts. Once created, most of the tracks are simulated and
become persistent in a database, while a few are emulated
,."",-- - ...... .....
'" using a radio. In the latter case, there are at least three
, ----Zrnell
• the position information (altitude, longitude and latitude), as
\ ATC well as the aircraft ICAO before building the ADS-B
\ Tower I message to be sent. Similarly, we implemented message
\. I
injection attacks in which malicious ADS-B messages were
"- /
,
..... ,.
/ broadcasted from the attacker to the ADS-B Server.
weA
4
The ADS-B server node receives ADS-B messages using of the bit number 22 in the ADS-B data, i.e. the "F flag"
the Gr-Air-Modes [ 13] module developed by Nick Foster, shown in Figure 2. In other words, for every HMAC digest
and stores them in the database. Finally, we developed a we need three transmissions consisting of two ADS-B
script that queries the database periodically for the recent messages each. Therefore, we use 2 bits to give every
location updates before plotting them in Google Earth in packet the value of 1, 2 or 3 in binary while using whether
order to create real-time radar coverage like display. the packet is even or odd to uniquely identify the position of
the fragment in the digest. Figure 9 illustrates this scheme,
Now we describe how we emulate our approach on this which includes the assumption that the even message
testbed. We start by the sender side before describing the always precedes the odd message in the six-message
receiving side. sequence used to generate the HMAC.
As shown in Figure 8, we take the position updates The last component of the testbed is the sending node that
generated from the track source and we feed them to two builds and transmits hashed packets. During this phase, we
replicas queues queueJ and queue2 respectively. The first extract the six HMAC fragments, which are numerically
queue is used to assemble the payloads of the different ordered. These were already created so we now extract the
ADS-B packets that are fed to generate the HMAC. The corresponding six ADS-B payloads from queue2. Then, we
second queue is used to get the original payloads of the send these messages, in sequence, with even and odd
ADS-B packets to be sent after the HMAC components are alternations. We modified the Gr-Air-Modes module, to
computed and appended. assemble every three transmissions from the same sender
while considering the timing constraints.
Next, Generate HMAC phase takes 6 packets at a time, 3
even and 3 odd, concatenate them as one packet and When the ADS-B packets arrive to the receiver, we first
compute the HMAC. Then, Split HMAC into 6 portions check the identity of the aircraft by retrieving the ICAO.
while adding the numbering. This is illustrated in Figure 9 Based on that infonnation, we store the packet in a
where every fragment of the HMAC is 24 bit-long because HasbMap [ 14] where the keys are the ICAOs and the
it substitutes the CRC in the ADS-B packet. mapped value is a queue containing the ADS-B packets in
the order of their arrival. New keys in the HasbMap are
A straightforward computation would yield a digest of 128 created on a need basis, i.e. when it is the first time to
bits; where each portion has 24 bits, making the total receive packets from a certain aircraft. Afterwards, every
available space 144 bits. However, adding 6 numbers to sixth element of each queue is extracted and the payload is
identify the order of the fragment requires 18 bits in total (3 separated from the HMAC. As shown in Figure 10, different
bits each) whereas the remaining space is only 16 bits. fragments of the HMAC are assembled according to their
order while computing the HMAC digest from the
Therefore, with this design we can either have a proper
assembled payloads as well thus creating another HMAC
numbering mechanism or lose 2 bits from the HMAC.
digest. Finally, we compare the two values and if they
match, we continue the processing of the messages;
We solved this problem by using the ADS-B property that
otherwise, we discard the packets in question.
classifies every packet as even or odd according to the value
I ri-=r IIIIII
qtef2
8
Hehcoptertsl AD�B5eMr
TooSclm
I SMA Cable
I
I
1% IIIIII
Ql fJ
5
HMAC Fragment
to avoid excessive growth of the size of the HMAC which that ATC related operations should not solely rely on ADS
may affect the search efficiency. B data, and must be complemented by appropriate security
checks.
Finally, we benchmarked our application in order to collect
the end-to-end delay of ADS-B message at the sender side. Similarly, McCallie [7] presented a taxonomy of attacks and
This is shown inn Figure 1 1 which shows spikes at times discussed their difficulty of implementation versus their
mUltiple of 3 while it is negligible for the rest. This could be impact. However, the authors presented general guidelines
understood because most of the heavy computation, that should be taken into considerations instead of proposing
including collecting payloads, computing HMAC digest and concrete solutions to prevent these attacks.
splitting it, is done once every three messages as explained
in previous sections to obtain a 128 bit HMAC digest. Pan et al. [ 10] presented a PKI-based system that leverages
Elliptic Curve Cipher (ECC) and X.509 certificate to thwart
7. RELATED WORK replay-like attacks. This work has been realized on VAT
instead of 1090 Extended Squitter (ES) because of its longer
In [ 15], Sampigethaya et al. proposed a framework to secure message size.
ATC related operations using ADS-B. This work discusses
a clear threat model and several possible solutions to In addition, ADS-B data along with timestamp are used to
address those threats. However, no experimental support is
provided.
6
craft an ECC digital signature. However, this approach 78-87, Aug. 20 1 1.
defines a new type of UAT messages while suggesting to [8] T. Kacem, D. Wijesekera, P. Costa, and A. Barreto,
use of DF24 if 1090 ES is used. That would require 5 extra "Security Requirements Analysis in ADS-B
messages for every ADS-B message in order to split and Networks," to appear soon at the Semantic
assemble the signature data. While the first alternative raises Technologies for Intelligence, Defense, and Security,
the issue of incompatibility because of the use of a new Fairfax, VA.
packet format, the second affects the scalability because it [9] H. Krawczyk, R. Canetti, and M. Bellare, "HMAC:
increases the volume of sent data by a factor of five. Keyed-Hashing for Message Authentication."
Available: https:lltools.ietf.org/html/rfc2 104.
Strohmeier et al. [ 16] presented a survey of possible ADS-B [ 10] W.-J. Pan, Z.-L. Feng, and Y. Wang, "ADS-B Data
attacks and eventual solutions. The paper discusses several Authentication Based on ECC and X.509 Certificate."
alternatives in details to secure ADS-B based on work that [ 1 1] GNU Radio. Available: www.gnuradio.org.
has been realized. These alternatives are grouped by type [ 12] "Ettus Research - Product Category," Available:
and range from hardware/software-based fingerprinting to https://www.ettus.com/product/category/USRP
frequency hopping and public key cryptography systems. Networked-Series.
The authors discuss the pros and cons while evaluating the [ 13] N. Foster, "Gr-air-modes," 24-0ct-2014. Available:
difficulty, cost and scalability of every approach. This is an https://github.com/bistromath/gr-air-modes.
important reference work for the ADS-B security [ 14] "Hash table." Available:
community because it provides an outstanding literature http: //en.wikipedia.org/w/index.php?title=Hash_table
review of the existing efforts. &0Idid=63096778 5.
[ 15] K. Sampigethaya, R. Poovendran, and L. Bushnell,
8. CONCLUSION "A Framework for Securing Future eEnabled Aircraft
Navigation and Surveillance," in AIAA
We proposed a novel approach using HMAC to ensure the
Infotech@Aerospace Conference, American Institute
integrity of ADS-B operations. We also described the design
of Aeronautics and Astronautics, 20 14.
and implementation of an example of this approach on a
[ 16] M. Strohmeier, V. Lenders, and I. Martinovic, "On
testbed that we set up in order to send and receive ADS-B
the Security of the Automatic Dependent
packets.
Surveillance-Broadcast Protocol," arXiv: 1307.3664
ACKNOWLEDGMENT
[cs}, Jul. 20 13.
This work was supported in part by grant number 20 12-ST- BIOGRAPHY
104-000047 from the Department of Homeland Security.
Thabet Kacem is a PhD student in
Information Technology at George
REFERENCES
Mason University. He obtained his
[ 1] ICAO, "ADS-B implementation and operations Master degree in Computer Science
guidance document." Sep-20 1 1. at the University of the District of
[2] A. Costin and A. Francillon, "Ghost in the Columbia in 2010 after receiving his
Air(Traffic): On insecurity of ADS-B protocol and Bachelor degree in Computer
practical attacks on ADS-B devices," presented at the Science at the National School of
BlackHat 20 12. Computer Science at the University of Manouba in
[3] "Hackers, FAA Disagree Over ADS-B Tunisia in 2007. His research interests are cybersecurity
Vulnerability," Aviation International News. and security protocols.
Available: http://www.ainonline.com/aviation-
news/ainalerts/20 12-08-2 1Ihackers-faa-disagree-over
ads-b-vulnerability. Duminda Wijesekera is professor of
[4] M. Schafer, V. Lenders, and I. Martinovic, Computer Science and a Co-director
"Experimental Analysis of Attacks on Next of the Center for Assurance Research
Generation Air Traffic Communication," in Applied and Engineering at George Mason
Cryptography and Network Security, Springer Berlin University, Fairfax, Virginia. During
Heidelberg, 20 13, pp. 253-271. various times, he has contributed to
[5] "NASA NextGen.". Available: research in security, multimedia,
http: //www.hq.nasa.govIofficelaero/asp/airspace/inde networks, systems, avionics, missile
x.htm. defense, command & control systems and theoretical
[6] A. Marshall, "ADS-B 1090 MOPS, Revision B.". computer science. He is a visiting research scientist at the
[7] D. McCallie, 1. Butts, and R. Mills, "Security analysis National Institute of Standards and Technology (NIST),
of the ADS-B implementation in the next generation was a visiting associate professor at the Naval
air transportation system," International Journal of Postgraduate School and a fellow at the Potomac
Critical Infrastructure Protection, vol. 4, no. 2, pp. Institute of Policy Studies in Arlington, VA.
7
Paulo Costa (SM13) is Associate
Professor at George Mason
University. His teaching and
research interests comprise the
areas of probabilistic ontologies,
multi-sensor information fusion,
systems design and integration,
Bayesian reasoning, predictive
analysis, and Decision Theory. He
has extensive experience in tactical and operational
planning, and is an expert in requirements engineering
for complex systems. He has been an active member of
engineering societies such as IEEE, ISIF and the
International Council of Systems Engineering