Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices

In this paper we investigate (in)security aspects of Automatic Dependent Surveillance-Broadcast (ADS-B) protocol. ADS-B is intended to be widely deployed in Air Traffic Management (ATM) Surveillance systems by 2020. One of the goals of ADS-B is to increase safety of air traffic. While the security of ADS-B was previously questioned, in this paper we demonstrate that attacks are both easy and practically feasible, for a moderately sophisticated attacker. Attacks range from passive attacks (eavesdropping) to active attacks (message jamming, replaying of injection). The attacks have been implemented using an Universal Software Radio Peripheral (USRP), a widely available SoftwareDefined Radio (SDR). for which we developed an ADS-B receiver/transmitter chain with GNURadio. We then present and analyze the results of the implemented attacks tested against both USRP-based and commercial-off-the-self (COTS) radio-enthusiast receivers. Subsequently, we discuss the risks associated with the described attacks and their implication on safety of air-traffic, as well as possible solutions on short and long terms. Finally, we argue that ADS-B, which is planned for long-term use, lacks the minimal and necessary security mechanism to ensure necessary security of the air traffic. Keywords-Architecture and Design Air Traffic Control, Air Traffic Management, Automatic Dependent SurveillanceBroadcast, ADS-B, message injection, message replay, wireless security, privacy.

[1]  Kang G. Shin,et al.  Design of SMS commanded-and-controlled and P2P-structured mobile botnets , 2012, WISEC '12.

[2]  Srdjan Capkun,et al.  On the requirements for successful GPS spoofing attacks , 2011, CCS '11.

[3]  Radha Poovendran,et al.  Privacy of future air traffic management broadcasts , 2009, 2009 IEEE/AIAA 28th Digital Avionics Systems Conference.

[4]  Edward Lester,et al.  Benefits and incentives for ADS-B equipage in the National Airspace System , 2007 .

[5]  Radha Poovendran,et al.  Security and privacy of future aircraft wireless communications with offboard systems , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[6]  R. Robinson,et al.  Secure wireless collection and distribution of commercial airplane health data , 2009, IEEE Aerospace and Electronic Systems Magazine.

[7]  A. C. Drumm,et al.  Validation techniques for ADS-B surveillance data , 2002, Proceedings. The 21st Digital Avionics Systems Conference.

[8]  Washington Y. Ochieng,et al.  GPS Integrity and Potential Impact on Aviation Safety , 2003, Journal of Navigation.

[9]  Radha Poovendran,et al.  Security of Future eEnabled Aircraft Ad hoc Networks , 2008 .

[10]  Mohsen Toorani,et al.  LPKI - A lightweight public key Infrastructure for the mobile environments , 2008, 2008 11th IEEE Singapore International Conference on Communication Systems.

[11]  Radha Poovendran,et al.  Future E-Enabled Aircraft Communications and Security: The Next 20 Years and Beyond , 2011, Proceedings of the IEEE.

[12]  William A. Arbaugh,et al.  Toward secure key distribution in truly ad-hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[13]  Hussein A. Abbass,et al.  Identification of ADS-B System Vulnerabilities and Threats , 2010 .

[14]  W. Lafayette,et al.  Aircraft ADS-B Data Integrity Check , 2004 .

[15]  Bashar Nuseibeh,et al.  Securing the Skies: In Requirements We Trust , 2009, Computer.

[16]  Mohammed Feham,et al.  Lightweight PKI for WSN uPKI , 2010, Int. J. Netw. Secur..

[17]  M. Sparkes Securing the skies , 2006 .

[18]  Krishna Sampigethaya,et al.  Visualization & assessment of ADS-B security for green ATM , 2010, 29th Digital Avionics Systems Conference.

[19]  Radha Poovendran,et al.  A Framework for Securing Future e-Enabled Aircraft Navigation and Surveillance , 2009 .

[20]  S Thompson,et al.  ASSESSMENT OF THE COMMUNICATIONS, NAVIGATION, SURVEILLANCE (CNS) CAPABILITIES NEEDED TO SUPPORT THE FUTURE AIR TRAFFIC MANAGEMENT SYSTEM , 2001 .

[21]  Radha Poovendran,et al.  Assessment and mitigation of cyber exploits in future aircraft surveillance , 2010, 2010 IEEE Aerospace Conference.

[22]  Radha Poovendran,et al.  Secure Operation, Control, and Maintenance of Future E-Enabled Airplanes , 2008, Proceedings of the IEEE.

[23]  Ki-Woong Park,et al.  pKASSO: Towards Seamless Authentication Providing Non-Repudiation on Resource-Constrained Devices , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[24]  R. D. Grappel,et al.  Guidance Material for Mode S-Specific Protocol Application Avionics , 2007 .

[25]  Paul Marks Air traffic system vulnerable to cyber attack , 2011 .

[26]  Binxing Fang,et al.  Andbot: Towards Advanced Mobile Botnets , 2011, USENIX Workshop on Large-Scale Exploits and Emergent Threats.

[27]  Hossein Rouhani Zeidanloo,et al.  Botnet Command and Control Mechanisms , 2009, 2009 Second International Conference on Computer and Electrical Engineering.

[28]  L. Kenney,et al.  Secure ATC surveillance for military applications , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[29]  Robert F. Mills,et al.  Security analysis of the ADS-B implementation in the next generation air transportation system , 2011, Int. J. Crit. Infrastructure Prot..