Analysis of vulnerabilities, attacks, countermeasures and overall risk of the Automatic Dependent Surveillance-Broadcast (ADS-B) system

Abstract The U.S. Federal Aviation Administration has mandated the use of the Automatic Dependent Surveillance-Broadcast (ADS-B) system by January 2020 as a key component of the NextGen Project, which is intended to upgrade the air traffic control infrastructure and operations. The ADS-B system seeks to replace legacy approaches such as primary and secondary radars by employing global satellite navigation systems to generate precise air pictures for air traffic management. The security of ADS-B is a major concern because the system broadcasts detailed information about aircraft, their positions, velocities and other data over unencrypted data links, making it easy to launch eavesdropping, jamming and message modification attacks on aircraft in flight. This paper discusses ADS-B vulnerabilities and attacks that leverage the ADS-B protocol stack. The paper also presents the security requirements, state-of-the-art attack detection techniques and countermeasures, along with an overall risk analysis of the ADS-B system.

[1]  Greg Welch,et al.  Welch & Bishop , An Introduction to the Kalman Filter 2 1 The Discrete Kalman Filter In 1960 , 1994 .

[2]  Naima Kaabouch,et al.  Improving the Reliability of Unmanned Aircraft System Wireless Communications through Cognitive Radio Technology , 2013 .

[3]  Robert F. Mills,et al.  Security analysis of the ADS-B implementation in the next generation air transportation system , 2011, Int. J. Crit. Infrastructure Prot..

[4]  Peng Ning,et al.  Randomized Differential DSSS: Jamming-Resistant Wireless Broadcast Communication , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Srdjan Capkun,et al.  Jamming-resistant Broadcast Communication without Shared Keys , 2009, USENIX Security Symposium.

[6]  Srdjan Capkun,et al.  ID-Based Secure Distance Bounding and Localization , 2009, ESORICS.

[7]  Srdjan Capkun,et al.  Attacks on physical-layer identification , 2010, WiSec '10.

[8]  Tang Yong,et al.  ADS-B and SSR data fusion and application , 2012, 2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE).

[9]  Muhammad Khurram Khan,et al.  Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem , 2010, Sensors.

[10]  J.G. Herrero,et al.  ASDE and multilateration mode-S data fusion for location and identification on airport surface , 1999, Proceedings of the 1999 IEEE Radar Conference. Radar into the Next Millennium (Cat. No.99CH36249).

[11]  Wendi Heinzelman,et al.  A general data fusion architecture , 2003, Sixth International Conference of Information Fusion, 2003. Proceedings of the.

[12]  Dirk Schulz,et al.  Bayesian Filters for Location Estimation , 2003 .

[13]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[15]  J. Johnson,et al.  Wide area multilateration and ADS-B proves resilient in Afghanistan , 2012, 2012 Integrated Communications, Navigation and Surveillance Conference.

[16]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Srdjan Capkun,et al.  Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[18]  Yih-Chun Hu,et al.  Secure and precise location verification using distance bounding and simultaneous multilateration , 2009, WiSec '09.

[19]  Nick Demidovich,et al.  Dual frequency ADS-B payload flight experiment on stratospheric balloon , 2014, 2014 Integrated Communications, Navigation and Surveillance Conference (ICNS) Conference Proceedings.

[20]  Todd E. Humphreys,et al.  Can Cryptography Secure Next Generation Air Traffic Surveillance? , 2014 .

[21]  Radha Poovendran,et al.  A Framework for Securing Future e-Enabled Aircraft Navigation and Surveillance , 2009 .

[22]  Radha Poovendran,et al.  Security and privacy of future aircraft wireless communications with offboard systems , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[23]  Naima Kaabouch,et al.  A cognitive radio system for improving the reliability and security of UAS/UAV networks , 2015, 2015 IEEE Aerospace Conference.

[24]  P. Noschese,et al.  ADS-B via Iridium NEXT satellites , 2011, 2011 Tyrrhenian International Workshop on Digital Communications - Enhanced Surveillance of Aircraft and Vehicles.

[25]  Mani B. Srivastava,et al.  The bits and flops of the n-hop multilateration primitive for node localization problems , 2002, WSNA '02.

[26]  J Carl,et al.  Challenges of Implementing Automatic Dependent Surveillance Broadcast in the Nextgen Air Traffic Management System , 2015 .

[27]  Rosdiadee Nordin,et al.  Recent Advances in Wireless Indoor Localization Techniques and System , 2013, J. Comput. Networks Commun..

[28]  Ivan Martinovic,et al.  On the Security of the Automatic Dependent Surveillance-Broadcast Protocol , 2013, IEEE Communications Surveys & Tutorials.

[29]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[30]  Naima Kaabouch,et al.  Flight Testing of a Right-of-Way Compliant ADS-B-based Miniature Sense and Avoid System , 2012, Infotech@Aerospace.

[31]  Domenic Magazu Exploiting the Automatic Dependent Surveillance-Broadcast System via False Target Injection , 2012 .

[32]  W. Li,et al.  Integrated aviation security for defense-in-depth of next generation air transportation system , 2011, 2011 IEEE International Conference on Technologies for Homeland Security (HST).

[33]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[34]  Srdjan Capkun,et al.  Investigation of Signal and Message Manipulations on the Wireless Channel , 2011, ESORICS.

[35]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[36]  T. Başar,et al.  A New Approach to Linear Filtering and Prediction Problems , 2001 .

[37]  Naima Kaabouch,et al.  A terrain avoidance algorithm based on the requirements of terrain awareness and warning systems , 2015, 2015 IEEE Aerospace Conference.

[38]  Bin Xiao,et al.  Detection and localization of sybil nodes in VANETs , 2006, DIWANS '06.

[39]  Robert F. Mills,et al.  Enhancing the security of aircraft surveillance in the next generation air traffic control system , 2013, Int. J. Crit. Infrastructure Prot..

[40]  Andrei Costin,et al.  Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices , 2012 .

[41]  Hussein A. Abbass,et al.  Identification of ADS-B System Vulnerabilities and Threats , 2010 .

[42]  W. Lafayette,et al.  Aircraft ADS-B Data Integrity Check , 2004 .

[43]  Yih-Chun Hu,et al.  Real-World VANET Security Protocol Performance , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[44]  Yi-Ming Chen,et al.  Beacon-based trust management for location privacy enhancement VANETs , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[45]  Brandon Kovell,et al.  Comparative Analysis of ADS-B Verification Techniques , 2012 .

[46]  Dieter Fox,et al.  Bayesian Filtering for Location Estimation , 2003, IEEE Pervasive Comput..

[47]  A. Smith,et al.  Methods to Provide System-Wide ADS-B Back-Up, Validation and Security , 2006, 2006 ieee/aiaa 25TH Digital Avionics Systems Conference.

[48]  Christian Steffes,et al.  Wide area multilateration using ADS-B transponder signals , 2012, 2012 15th International Conference on Information Fusion.

[49]  Naima Kaabouch,et al.  Dynamic Separation Thresholds for a Small Airborne Sense and Avoid System , 2013 .

[50]  Paul Thomas North sea helicopter ADS-B/MLat pilot project findings , 2011, 2011 Tyrrhenian International Workshop on Digital Communications - Enhanced Surveillance of Aircraft and Vehicles.

[51]  Ivan Martinovic,et al.  Realities and challenges of nextgen air traffic management: the case of ADS-B , 2014, IEEE Communications Magazine.

[52]  Olivier Baud,et al.  Radar / ADS-B data fusion architecture for experimentation purpose , 2006, 2006 9th International Conference on Information Fusion.

[53]  Prasant Mohapatra,et al.  Non-cryptographic authentication and identification in wireless networks [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[54]  François Gagnon,et al.  Adaptive Air-to-Ground Secure Communication System Based on ADS-B and Wide-Area Multilateration , 2016, IEEE Transactions on Vehicular Technology.

[55]  Jens B. Schmitt,et al.  Practical Message Manipulation Attacks in IEEE 802.15.4 Wireless Networks , 2012 .

[56]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[57]  Weiyi Liu,et al.  Multi-Sensor Fusion and Fault Detection using Hybrid Estimation for Air Traffic Surveillance , 2013, IEEE Transactions on Aerospace and Electronic Systems.

[58]  Ivan Martinovic,et al.  Experimental Analysis of Attacks on Next Generation Air Traffic Communication , 2013, ACNS.

[59]  Victor C. M. Leung,et al.  Secure Location Verification for Vehicular Ad-Hoc Networks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[60]  Naima Kaabouch,et al.  Incorporating Terrain Avoidance into a Small UAS Sense and Avoid System , 2012, Infotech@Aerospace.

[61]  Ning Xu,et al.  Performance assessment of Multilateration Systems - a solution to nextgen surveillance , 2010, 2010 Integrated Communications, Navigation, and Surveillance Conference Proceedings.

[62]  Srdjan Capkun,et al.  Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System , 2012, ESORICS.

[63]  Vijay Varadharajan,et al.  Wireless sensor network key management survey and taxonomy , 2010, J. Netw. Comput. Appl..