On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next-generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, in addition to being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, particularly with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts that have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures that have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.

[1]  Weiyi Liu,et al.  Multi-Sensor Fusion and Fault Detection using Hybrid Estimation for Air Traffic Surveillance , 2013, IEEE Transactions on Aerospace and Electronic Systems.

[2]  Srdjan Capkun,et al.  Jamming-resistant Broadcast Communication without Shared Keys , 2009, USENIX Security Symposium.

[3]  Srdjan Capkun,et al.  ID-Based Secure Distance Bounding and Localization , 2009, ESORICS.

[4]  Adrian Perrig,et al.  Challenges in Securing Vehicular Networks , 2005 .

[5]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[6]  Ivan Martinovic,et al.  Experimental Analysis of Attacks on Next Generation Air Traffic Communication , 2013, ACNS.

[7]  W. Li,et al.  Integrated aviation security for defense-in-depth of next generation air transportation system , 2011, 2011 IEEE International Conference on Technologies for Homeland Security (HST).

[8]  Jeffrey B. Carruthers,et al.  Wireless infrared communications , 2003, Proc. IEEE.

[9]  Adrian Perrig,et al.  Secure Broadcast Communication , 2003, Springer US.

[10]  Michel Barbeau,et al.  Probabilistic Localization and Tracking of Malicious Insiders Using Hyperbolic Position Bounding in Vehicular Networks , 2009, EURASIP J. Wirel. Commun. Netw..

[11]  Yi-Ming Chen,et al.  Beacon-based trust management for location privacy enhancement VANETs , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[12]  Thomas Y. C. Woo,et al.  Authentication for distributed systems , 1997, Computer.

[13]  Srdjan Capkun,et al.  Investigation of Signal and Message Manipulations on the Wireless Channel , 2011, ESORICS.

[14]  Victor C. M. Leung,et al.  Secure Location Verification for Vehicular Ad-Hoc Networks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[15]  Kenneth P. Laberteaux,et al.  STRONG VANET SECURITY ON A BUDGET , 2006 .

[16]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[17]  G. Galati,et al.  Wide area surveillance using SSR mode S multilateration: advantages and limitations , 2005, European Radar Conference, 2005. EURAD 2005..

[18]  Brandon Kovell,et al.  Comparative Analysis of ADS-B Verification Techniques , 2012 .

[19]  Radha Poovendran,et al.  Impact of Public Key Enabled Applications on the Operation and Maintenance of Commercial Airplanes , 2007 .

[20]  T. Başar,et al.  A New Approach to Linear Filtering and Prediction Problems , 2001 .

[21]  Ivan Martinovic,et al.  Short paper: reactive jamming in wireless networks: how realistic is the threat? , 2011, WiSec '11.

[22]  Bashar Nuseibeh,et al.  Securing the Skies: In Requirements We Trust , 2009, Computer.

[23]  Paul Thomas North sea helicopter ADS-B/MLat pilot project findings , 2011, 2011 Tyrrhenian International Workshop on Digital Communications - Enhanced Surveillance of Aircraft and Vehicles.

[24]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[25]  J.G. Herrero,et al.  ASDE and multilateration mode-S data fusion for location and identification on airport surface , 1999, Proceedings of the 1999 IEEE Radar Conference. Radar into the Next Millennium (Cat. No.99CH36249).

[26]  Washington Y. Ochieng,et al.  GPS Integrity and Potential Impact on Aviation Safety , 2003, Journal of Navigation.

[27]  Jens B. Schmitt,et al.  Practical Message Manipulation Attacks in IEEE 802.15.4 Wireless Networks , 2012 .

[28]  Jie Xiong,et al.  SecureAngle: improving wireless security using angle-of-arrival information , 2010, Hotnets-IX.

[29]  R. Nichols,et al.  Advanced communications networking concepts for the National Airspace System , 2005, 2005 IEEE Aerospace Conference.

[30]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[31]  Ivan Martinovic,et al.  Realities and challenges of nextgen air traffic management: the case of ADS-B , 2014, IEEE Communications Magazine.

[32]  Hai Su,et al.  Fast and scalable secret key generation exploiting channel phase randomness in wireless networks , 2011, 2011 Proceedings IEEE INFOCOM.

[33]  Dmitri V. Baraban,et al.  Wide Area Multilateration for Alternate Position, Navigation, and Timing (APNT) , 2012 .

[34]  Olivier Baud,et al.  Radar / ADS-B data fusion architecture for experimentation purpose , 2006, 2006 9th International Conference on Information Fusion.

[35]  Adrian Perrig,et al.  Seven cardinal properties of sensor network broadcast authentication , 2006, SASN '06.

[36]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2010, IEEE Transactions on Mobile Computing.

[37]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[38]  Michel Barbeau,et al.  Radio Frequency Fingerprinting for Intrusion Detection in Wireless Networks , 2005 .

[39]  Srdjan Capkun,et al.  Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[40]  Wade Trappe,et al.  Radio-telepathy: extracting a secret key from an unauthenticated wireless channel , 2008, MobiCom '08.

[41]  Yih-Chun Hu,et al.  Secure and precise location verification using distance bounding and simultaneous multilateration , 2009, WiSec '09.

[42]  Gongjun Yan,et al.  Providing VANET security through active position detection , 2007, VANET '07.

[43]  Prasant Mohapatra,et al.  Non-cryptographic authentication and identification in wireless networks [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[44]  Tim Leinmüller,et al.  POSITION VERIFICATION APPROACHES FOR VEHICULAR AD HOC NETWORKS , 2006, IEEE Wireless Communications.

[45]  D D Trunkey Who goes there--friend or foe? , 1979, The Journal of trauma.

[46]  Robert F. Mills,et al.  Security analysis of the ADS-B implementation in the next generation air transportation system , 2011, Int. J. Crit. Infrastructure Prot..

[47]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[48]  E. Valovage,et al.  Enhanced ADS-B Research , 2006, 2006 ieee/aiaa 25TH Digital Avionics Systems Conference.

[49]  Peng Ning,et al.  Randomized Differential DSSS: Jamming-Resistant Wireless Broadcast Communication , 2010, 2010 Proceedings IEEE INFOCOM.

[50]  Sencun Zhu,et al.  A Tree-Based μ TESLA Broadcast Authentication for Sensor Networks , 2005 .

[51]  Yongdae Kim,et al.  The Frog-Boiling Attack: Limitations of Secure Network Coordinate Systems , 2011, TSEC.

[52]  Radha Poovendran,et al.  A Framework for Securing Future e-Enabled Aircraft Navigation and Surveillance , 2009 .

[53]  Joseph M. Kahn,et al.  Wireless Infrared Communications , 1994 .

[54]  Andrei Costin,et al.  Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices , 2012 .

[55]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[56]  Ivan Martinovic,et al.  Jamming for good: a fresh approach to authentic communication in WSNs , 2009, WiSec '09.

[57]  Ning Xu,et al.  Performance assessment of Multilateration Systems - a solution to nextgen surveillance , 2010, 2010 Integrated Communications, Navigation, and Surveillance Conference Proceedings.

[58]  A. Daskalakis,et al.  A technical assessment of ADS-B and multilateration technology in the Gulf of Mexico , 2003, Proceedings of the 2003 IEEE Radar Conference (Cat. No. 03CH37474).

[59]  Srdjan Capkun,et al.  Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System , 2012, ESORICS.

[60]  Dieter Fox,et al.  Bayesian Filtering for Location Estimation , 2003, IEEE Pervasive Comput..

[61]  G. E. Tucker,et al.  Candidate requirements for multilateration and ADS-B systems to serve as alternatives to secondary radar , 2001, 20th DASC. 20th Digital Avionics Systems Conference (Cat. No.01CH37219).

[62]  Sneha Kumar Kasera,et al.  Mobility Assisted Secret Key Generation Using Wireless Link Signatures , 2010, 2010 Proceedings IEEE INFOCOM.

[63]  A. Smith,et al.  Methods to Provide System-Wide ADS-B Back-Up, Validation and Security , 2006, 2006 ieee/aiaa 25TH Digital Avionics Systems Conference.

[64]  Hussein A. Abbass,et al.  Identification of ADS-B System Vulnerabilities and Threats , 2010 .

[65]  L. Kenney,et al.  Secure ATC surveillance for military applications , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[66]  W. Lafayette,et al.  Aircraft ADS-B Data Integrity Check , 2004 .

[67]  Christian Steffes,et al.  Wide area multilateration using ADS-B transponder signals , 2012, 2012 15th International Conference on Information Fusion.

[68]  Muhammad Khurram Khan,et al.  Broadcast Authentication for Wireless Sensor Networks Using Nested Hashing and the Chinese Remainder Theorem , 2010, Sensors.

[69]  Srdjan Capkun,et al.  Attacks on physical-layer identification , 2010, WiSec '10.

[70]  Mani B. Srivastava,et al.  The bits and flops of the n-hop multilateration primitive for node localization problems , 2002, WSNA '02.

[71]  Maxim Raya,et al.  The security of vehicular ad hoc networks , 2005, SASN '05.

[72]  Michel Barbeau,et al.  Enhancing intrusion detection in wireless networks using radio frequency fingerprinting , 2004, Communications, Internet, and Information Technology.

[73]  Yih-Chun Hu,et al.  Real-World VANET Security Protocol Performance , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[74]  FENG Ziliang,et al.  A DATA AUTHENTICATION SOLUTION OF ADS-B SYSTEM BASED ON X.509 CERTIFICATE , 2010 .

[75]  Greg Welch,et al.  An Introduction to Kalman Filter , 1995, SIGGRAPH 2001.

[76]  Vijay Varadharajan,et al.  Wireless sensor network key management survey and taxonomy , 2010, J. Netw. Comput. Appl..

[77]  Per Enge,et al.  Physical Pseudo Random Function in Radio Frequency Sources for Security , 2009 .

[78]  Ivan Martinovic,et al.  Bringing up OpenSky: A large-scale ADS-B sensor network for research , 2014, IPSN-14 Proceedings of the 13th International Symposium on Information Processing in Sensor Networks.

[79]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[80]  M. Sparkes Securing the skies , 2006 .

[81]  Zhiyi Fang,et al.  Securing Vehicular Ad Hoc Networks , 2007, 2007 2nd International Conference on Pervasive Computing and Applications.

[82]  Paul Marks Air traffic system vulnerable to cyber attack , 2011 .

[83]  Bin Xiao,et al.  Detection and localization of sybil nodes in VANETs , 2006, DIWANS '06.

[84]  Robert F. Mills,et al.  Enhancing the security of aircraft surveillance in the next generation air traffic control system , 2013, Int. J. Crit. Infrastructure Prot..

[85]  A.H. Sayed,et al.  Network-based wireless location: challenges faced in developing techniques for accurate wireless location information , 2005, IEEE Signal Processing Magazine.

[86]  Xinping Guan,et al.  Connectivity of Aeronautical Ad hoc Networks , 2010, 2010 IEEE Globecom Workshops.

[87]  C. Rekkas,et al.  Towards ADS-B implementation in Europe , 2008, 2008 Tyrrhenian International Workshop on Digital Communications - Enhanced Surveillance of Aircraft and Vehicles.

[88]  Todd E. Humphreys,et al.  Can Cryptography Secure Next Generation Air Traffic Surveillance? , 2014 .

[89]  Radha Poovendran,et al.  Security and privacy of future aircraft wireless communications with offboard systems , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[90]  David L Adamy,et al.  Ew 101: A First Course in Electronic Warfare , 2001 .

[91]  Michel Barbeau,et al.  Insider attack attribution using signal strength-based hyperbolic location estimation , 2008, Secur. Commun. Networks.

[92]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[93]  J. Johnson,et al.  Wide area multilateration and ADS-B proves resilient in Afghanistan , 2012, 2012 Integrated Communications, Navigation and Surveillance Conference.

[94]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[95]  Dirk Schulz,et al.  Bayesian Filters for Location Estimation , 2003 .

[96]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.

[97]  Adrie Stander,et al.  Cyber security in civil aviation , 2016 .

[98]  Busyairah Syd Ali,et al.  Automatic Dependent Surveillance Broadcast (ADS-B) , 2017 .

[99]  Jihyuk Choi,et al.  Secure Location Verification Using Simultaneous Multilateration , 2012, IEEE Transactions on Wireless Communications.

[100]  Adrian Perrig,et al.  Secure broadcast communication in wired and wireless networks , 2002 .

[101]  J. L. Roux An Introduction to the Kalman Filter , 2003 .

[102]  Sushil Jajodia,et al.  Practical broadcast authentication in sensor networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.