Haomiao Yang,Hyunsung Kim,Hongwei Li,Eunjun Yoon,Xiaofen Wang,Xuefeng Ding

DOI: https://doi.org/10.3837/tiis.2013.10.013

2013-01-01

KSII Transactions on Internet and Information Systems

Abstract:As a cornerstone of the next generation air traffic management (ATM), automatic dependent surveillance-broadcast (ADS-B) system can provide continual broadcast of aircraft position, identity, velocity and other messages over unencrypted data links to generate a common situational awareness picture for ATM. However, since ADS-B messages are unauthenticated, it is easy to insert fake aircrafts into the system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, we propose an efficient broadcast authentication scheme with batch verification for ADS-B messages which employs an identity-based signature (IBS). Security analysis indicates that our scheme can achieve integrity and authenticity of ADS-B messages, batch verification, and resilience to key leakage. Performance evaluation demonstrates that our scheme is computationally efficient for the typical avionics devices with limited resources, and it has low communication overhead well suitable for low-bandwidth ADS-B data link.

Yang Haomiao,Huang Rongshun,Wang Xiaofen,Deng Jiang,Chen Ruidong

DOI: https://doi.org/10.1016/j.cja.2014.04.028

2014-01-01

Abstract:Automatic dependent surveillance-broadcast (ADS-B) systems can broadcast satellite-based aircraft position, identification, etc., periodically, and are now on track to replace radar to become the backbone of next-generation air traffic management (ATM) systems. However, ADS-B systems suffer severe cyber-security problems due to the broadcast-type data link and the lack of designed-in security measures. Especially, since ADS-B messages are unauthenticated, it is easy to insert fake aircraft into a system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, based on identity-based signature with message recovery (IBS-MR), an efficient broadcast authentication scheme for ADS-B messages is proposed. The security analysis demonstrates that the scheme can achieve authenticity and integrity of ADS-B broadcast messages, as well as adaptive evolution of broadcasters’ private keys. The performance evaluation shows that the scheme is computationally efficient for typical avionics devices with limited resources. Furthermore, the scheme achieves low communication overhead since broadcast messages can be recovered from signatures, and thus it is suitable for low-bandwidth ADS-B data link.

Emily Cook

DOI: https://doi.org/10.1109/hpcc-css-icess.2015.201

2015-08-01

Abstract:Legacy air traffic control systems have become outdated and cannot keep up with the trending increase in airliner traffic. With the goal of modernizing the system from one of manual air traffic positioning through radar and radio communication to a network of e-enabled aircraft, the Federal Aviation Administration (FAA) is shifting to the use of Automatic Dependent Surveillance-Broadcast (ADS-B) as a surveillance technology with higher accuracy and less man-in-the-loop dependence. However, ADS-B in its current implementation lacks the security measures needed to provide authenticity and integrity, making it an easy target for spoofing attacks. This paper presents a message authentication scheme that (1) uses a Public Key Infrastructure (PKI) to verify all ADS-B signals are from FAA registered aircraft, (2) uses asymmetric cryptography to exchange a symmetric session key, and (3) uses this symmetric session key to validate data authenticity and integrity. The scheme description is followed by a discussion of its scalability and feasibility in context of the full aviation realm that it applies to, as well as the changes that would be needed in existing technologies.

Haomiao Yang,Qixian Zhou,Mingxuan Yao,Rongxing Lu,Hongwei Li,Xiaosong Zhang

DOI: https://doi.org/10.1109/jiot.2018.2882633

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:As the heart of next-generation air transportation systems, the automatic dependent surveillance-broadcast (ADS-B) is becoming a substitute for the radar, because it can enhance flight safety by requiring aircraft to regularly broadcast their precise geographic positions. Despite its promise, the lack of security mechanisms, e.g., not providing data encryption and message authentication, is a significant barrier to realistically deploy this new technology. While many methods have been proposed for ADS-B security, they can deal with either privacy or integrity unilaterally, and also need to change current ADS-B standards. In this paper, we present a new cryptographic solution to ADS-B security by first carefully exploiting some cryptographic primitives, and then adapting them to the air traffic-monitoring scenario. In contrast to previous approaches, our proposed solution is not only of high compatibility with existing protocols of ADS-B, but also lightweight for congested data links and resource-constraint avionics. Furthermore, it can also tolerate package loss and disorder that frequently occur in ADS-B wireless broadcast networks, making the proposed solution easy-to-deploy and practical. Security analysis shows that our proposal simultaneously achieves the confidentiality and authenticity of ADS-B messages. In addition, performance evaluation also demonstrates the efficiency of communication and computation for the proposal by using flight data of OpenSky-a sensor network that covers Central Europe aiming at gathering ADS-B flight data. Finally, the deployment in a real airport environment also proves the effectiveness of our solution.

Haomiao Yang,Mingxuan Yao,Zili Xu,Baoshu Liu

DOI: https://doi.org/10.1109/glocom.2017.8254500

2017-01-01

Abstract:Automatic Dependent Surveillance - Broadcast (ADS-B), as the key component of next-generation air transportation system, becomes the replacement of secondary surveillance radar (SSR) since it will enhance air traffic control by requiring the aircraft periodically broadcast its geographical information. But the obstacle blocking the deployment of the promising ADS-B belongs to security concerns where ADS-B messages are all transmitted in the clear and can be forged and modified easily. The already proposals for ADS-B security refer to the privacy or integrity unilaterally, and all require the modification of existing ADS-B protocols. In this paper, we design ingeniously a solution for ADS-B security, by integrating carefully some recent specific crypto primitives, and then modifying properly them to adapt to ADS-B features. As opposed to previous methods, our solution is at the same time (1) lightweight for resource- constraint avionics devices and already congested data links, (2) highly-compatible to existing ADS-B protocols, (3) tolerating package loss for ADS-B broadcast data links. This makes our solution particularly practical and easy-deploying. Security analysis indicates that our solution can achieve confidentiality and integrity of ADS-B messages, and performance evaluation, based on the real-world ADS-B data, proves efficiency of our solution from cost of computation and communication. Furthermore, the deployment on a real airport environment demonstrates high compatibility of our solution.

Sher, Burhan,Ahmad, Mustafeez,Mansoor, Khwaja

DOI: https://doi.org/10.1007/s10586-024-04566-5

2024-06-10

Cluster Computing

Abstract:This article highlights the importance of Air Traffic Control in ensuring the security and efficiency of international aviation operations. Traditional RADAR systems face limitations in power consumption, coverage, and accuracy, leading to the development of innovative solutions like the Automatic Dependent Surveillance-Broadcast (ADS-B) system. However, the open nature of ADS-B's unencrypted signals poses security challenges, allowing attackers to intercept and manipulate data. To address this, the paper emphasizes the need for symmetric authentication, which uses shared secret keys through schemes like Message Authentication Codes and block cipher encryption. The choice between these methods depends on factors such as security, performance, and usability. Symmetric authentication is a practical solution, requiring robust shared keys and careful encryption algorithm selection. The research underscores the need for secure ADS-B systems and the trade-offs required in designing authentication schemes.

computer science, information systems, theory & methods

Mikaëla Ngamboé,Xiao Niu,Benoit Joly,Steven P Biegler,Paul Berthier,Rémi Benito,Greg Rice,José M Fernandez,Gabriela Nicolescu

2024-02-13

Abstract:The Automatic Dependent Surveillance-Broadcast (ADS-B) is a surveillance technology that becomes mandatory in many airspaces. It improves safety, increases efficiency and reduces air traffic congestion by broadcasting aircraft navigation data. Yet, ADS-B is vulnerable to spoofing attacks as it lacks mechanisms to ensure the integrity and authenticity of the data being supplied. None of the existing cryptographic solutions fully meet the backward compatibility and bandwidth preservation requirements of the standard. Hence, we propose the Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B (CABBA), an improved approach that integrates TESLA, phase-overlay modulation techniques and certificate-based PKI. As a result, entity authentication, data origin authentication, and data integrity are the security services that CABBA offers. To assess compliance with the standard, we designed an SDR-based implementation of CABBA and performed backward compatibility tests on commercial and general aviation (GA) ADS-B in receivers. Besides, we calculated the 1090ES band's activity factor and analyzed the channel occupancy rate according to ITU-R SM.2256-1 recommendation. Also, we performed a bit error rate analysis of CABBA messages. The results suggest that CABBA is backward compatible, does not incur significant communication overhead, and has an error rate that is acceptable for Eb/No values above 14 dB.

Cryptography and Security

Hao Shen,Keren Liu,Yuxuan Yao,Jun Wang

DOI: https://doi.org/10.1109/icsidp47821.2019.9173139

2019-01-01

Abstract:The ADS-B signal is not encrypted in any form, and traditional receivers cannot verify the authenticity of the ADS-B signal, which poses a potential risk to aviation safety. Considering the insecurity of ADS-B, this paper proposes a four-station passive multilateration ADS-B anti-counterfeiting system based on TDOA. A reference station is used to synchronize the clock of each station, and the Chan Algorithm is used for solving TDOA equations. We have built the system and tested it in the real-world with several flights near Beijing Capital International Airport. The system can track the plane route in real time and compare it with the positions claimed by ADS-B messages to achieve the purpose of ADS-B anti-counterfeiting and pseudo signals localization.

Kui Ren,Kai Zeng,Wenjing Lou,Patrick J. Moran

DOI: https://doi.org/10.1109/twc.2007.060255

IF: 10.4

2007-01-01

IEEE Transactions on Wireless Communications

Abstract:Broadcast authentication is a critical security service in wireless sensor networks (WSNs), since it enables users to broadcast the WSN in an authenticated way. Symmetric key based schemes such as muTESLA and multilevel muTESLA have been proposed to provide such services for WSNs; however, these schemes all suffer from serious DoS attacks due to the delay in message authentication. This paper presents several effective public key based schemes to achieve immediate broadcast authentication and thus overcome the vulnerability presented in the muTESLA-like schemes. Several cryptographic techniques, including Merkle hash tree and identity-based signature scheme, are adopted to minimize the scheme overhead regarding the costs on both computation and communication. A quantitative energy consumption analysis of the proposed schemes is given in detail. We believe that this paper can serve as the start point towards fully solving the important multisender broadcast authentication problem in WSNs.

Pavana Prakash,Ahmed Abdelhadi,Miao Pan

DOI: https://doi.org/10.48550/arXiv.1907.04909

2019-07-11

Abstract:Automatic Dependent Surveillance-Broadcast(ADSB), is the next generation Air Traffic management system to monitor the airspace for air traffic communication and traffic information. While the ADS-B empowers aircraft to broadcast their location information automatically and provide situational awareness, it is susceptible to attacks and security issues. In this paper, we introduce a method to secure the ADS-B protocol in aircraft communication using Retroactive Key Publication where senders publish their keys retroactively, which is different from the traditional asymmetric cryptography. The deduced solution does not rely on a connection or two-way packets exchange to establish security. It compensates for the loss of packets owing to huge air traffic, yet preserving the open and broadcast nature of ADS-B. Our proposed protocol uses the existing ADS-B system and same hardware with no modifications but still adds security. Our secure system has low impact on current operations and retains the operational efficiency of the current aircraft system.

Signal Processing,Systems and Control

Yongxin Liu,Jian Wang,Yingjie Chen,Shuteng Niu,Zhihan Lv,Lei Wu,Dahai Liu,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2110.08883

2021-10-18

Abstract:The integration of air and ground smart vehicles is becoming a new paradigm of future transportation. A decent number of smart unmanned vehicles or UAS will be sharing the national airspace for various purposes, such as express delivery, surveillance, etc. However, the proliferation of UAS also brings challenges considering the safe integration of them into the current Air Traffic Management (ATM) systems. Especially when the current Automatic Dependent Surveillance Broadcasting (ADS-B) systems do not have message authentication mechanisms, it can not distinguish whether an authorized UAS is using the corresponding airspace. In this paper, we aim to address these practical challenges in two folds. We first use blockchain to provide a secure authentication platform for flight plan approval and sharing between the existing ATM facilities. We then use the fountain code to encode the authentication payloads and adapt them into the de facto communication protocol of ATM. This maintains backward compatibility and ensures the verification success rate under the noisy broadcasting channel. We simulate the realistic wireless communication scenarios and theoretically prove that our proposed authentication framework is with low latency and highly compatible with existing ATM communication protocols.

Cryptography and Security,Networking and Internet Architecture

Xiaoyu Ji,Chaohao Li,Xinyan Zhou,Juchuan Zhang,Yanmiao Zhang,Wenyuan Xu

DOI: https://doi.org/10.1145/3399432

2020-01-01

ACM Transactions on Internet of Things

Abstract:Nowadays, most Internet of Things devices in smart homes rely on radio frequency channels for communication, making them exposed to various attacks such as spoofing and eavesdropping attacks. Existing methods using encryption keys may be inapplicable on these resource-constrained devices that cannot afford the computationally expensive encryption operations. Thus, in this article, we design a key-free communication method for such devices in a smart home. In particular, we introduce the Home-limited Channel (HLC) that can be accessed only within a house yet inaccessible for outside-house attackers. Utilizing HLCs, we propose HlcAuth, a challenge-response mechanism to authenticate the communications between smart devices without keys. The advantages of HlcAuth are low cost, lightweight as well as key-free, and requiring no human intervention. According to the security analysis, HlcAuth can defeat replay attacks, message-forgery attacks, and man-in-the-middle (MiTM) attacks, among others. We further evaluate HlcAuth in four different physical scenarios, and results show that HlcAuth achieves 100% true positive rate (TPR) within 4.2m for in-house devices while 0% false positive rate (FPR) for outside attackers, i.e., guaranteeing a high-level usability and security for in-house communications. Finally, we implement HlcAuth in both single-room and multi-room scenarios.

Yixin Jiang,Minghui Shi,Xuemin (Sherman) Shen,Chuang Lin,Xiaowen Chu

DOI: https://doi.org/10.1201/9781420068405.ch21

2009-01-01

Abstract:In this chapter, a novel authentication protocol is proposed, which satisfies both security and reliability requirements for group communications in ad hoc networks. The security features include identity anonymity and intracability, one-way session key/identity refreshment, and data privacy. The reliability features include efficient denial-of-service (DoS) tolerance for forged refreshment messages and fault tolerance for lost messages recovery. The theoretical and the simulative results demonstrate that the proposed protocol is robust and efficient under severe DoS attack and poor wireless channel quality.

Jian Wang,Yongxin Liu,Alfaidi Amal,Houbing Song,Richard S. Stansbury,Jiawei Yuan,Tianyu Yang

DOI: https://doi.org/10.1109/PCCC.2018.8711001

2018-01-01

Abstract:Automatic Dependence Surveillance-Broadcast (ADS-B) is transforming all aspects of aviation, including commercial aircraft and unmanned aerial systems (UAS). ADS-B service broadcasts traffic information and flight information to improve aviation safety and efficiency in the air and on runways, reduce costs, and lessen harmful effects on the environment. However, due to its broadcast nature, on one hand, ADS-B is vulnerable to malicious cybersecurity attacks relevant to broadcasting; on the other hand, broadcasting could be leveraged to further improve the safety of aviation. The objective of this paper is to investigate how to enhance aviation security and safety by leveraging the inherent broadcast property of ADS-B. To be specific, we propose two novel schemes for enhancing aviation cybersecurity and safety, respectively. The first scheme, motivated by the fact that fountain codes have been successfully applied in various broadcasting scenarios for ensuring the reliability, we propose to leverage Fountain Code to enhance the security of ADS-B. The second scheme, which is based on information integration, to detect collaboratively the comprehensive weather information to enhance the safety of aviation. The performance evaluation results demonstrate the feasibility of integrating fountain codes with ADS-B for encryption and the feasibility of collaborative detection to bypass turbulent weather conditions. To our knowledge, our work is the first attempt to apply fountain code to enhance aviation security and safety.

Kui Ren,Wenjing Lou,Yanchao Zhang

DOI: https://doi.org/10.1142/9789812833495_0015

2009-01-01

Abstract:Broadcast authentication is a critical security service in wireless sensor networks (WSNs), as it allows the mobile users of WSNs to broadcast messages to multiple sensor nodes in a secure way. Previous solutions on broadcast authentication are mostly symmetric-key-based solutions such as μTESLA and multilevel μTESLA. These schemes are usually efficient; however, they all suffer from severe energy-depletion attacks resulted from the nature of delayed message authentication. Being aware of the security vulnerability inherent to existing solutions, we present several efficient public-key-based schemes in this chapter to achieve immediate broadcast authentication with significantly improved security strength. Our schemes are built upon the unique integration of several cryptographic techniques, including the Bloom filter, the partial message recovery signature scheme and the Merkle hash tree. We prove the effectiveness and efficiency of the proposed schemes by a comprehensive quantitative analysis of their energy consumption regarding both computation and communication. Index: Security, Wireless Sensor Networks, Broadcast Authentication, Multi-user Encyclopedia on Ad Hoc and Ubiquitous Computing, edited by Dharma Agrawal and Bin Xie, World Scientific, 2009

Paul Berthier,José M. Fernandez,Jean-Marc Robert,Jose M. Fernandez

DOI: https://doi.org/10.1109/dasc.2017.8102003

2017-09-01

Abstract:Automated Dependent Surveillance - Broadcast (ADS-B) is an aircraft surveillance technology introduced as part of the US Next-Generation Air Transportation System (NextGen) initiative, in which aircraft broadcast their position based on satellite navigation (e.g. GPS). This information can then be used by other aircraft for traffic awareness and collision avoidance (TCAS), and by ground personnel to provide air traffic control (ATC) services. Unfortunately, ADS-B presents important security problems, since there are no integral mechanisms for message authentication nor message integrity verification. In this paper, we propose SAT, a secure, backward-compatible replacement for ADS-B. SAT uses the TESLA broadcast authentication protocol, a hybrid solution that combines the advantages of symmetric cryptography (low use of bandwidth) with those of asymmetric cryptography (no shared keys). Our proposal adapts the TESLA constructs in order to make it suitable for use in ATC and collision avoidance. In particular, we replace the synchronization mechanism of TESLA with the use of satellite time, thus making the implementation more lightweight. We also use a public key infrastructure based on the air traffic control hierarchy (including national civil aviation authorities and potentially ICAO), in order to allow for SAT to be used not only for aircraft authentication but also for aircraft flight authorization. We implemented the SAT protocol on SDR and performed laboratory experiments in order to measure computation and transmission overheads, and to determine the shortest authentication delay we could achieve. In particular, we explored the trade-off between interval duration and bandwidth use. Finally, we tested our new protocol on SDR.

WANG Jian,ZHANG Zi-jian,YUAN Jian

DOI: https://doi.org/10.13190/j.jbupt.2015.04.006

2015-01-01

Abstract:The development of vehicular Ad hoc networks ( VANETs) require a secure in-vehicle net-work. Controller area network (CAN) is a popular protocol applied in in-vehicle network. In order to en-hance CAN bus security, abroadcast authentication algorithm, which establishesthe samemessage authen-tication code( MAC) list among all the electronic control unit ( ECUs) with stream ciphers, was pro-posed. The senderjust needs to attach a MAC sequence to the data frame and the receiver compares the received MAC sequence with the corresponding one in the established list. This algorithm can be adapt to the characteristic ofthe CAN bus communication. The structure of the authentication system was described in detail. Finally,the security and delay performance was analyzed. The probability of miss and the bus overhead was provided.

Yongsheng Liu,Jie Li,Minyi Guo

DOI: https://doi.org/10.1109/VETECS.2012.6240214

2012-01-01

Abstract:In the resource constrained Wireless Sensor Networks (WSNs), the broadcast authentication is widely fulfilled by the emerging delayed authentication technique. The one level backward one-way key chain in the delayed authentication technique limits heavily the duration of the broadcast authentication. In this paper, we propose a long duration broadcast authentication scheme for WSNs. The proposed scheme uses a novel hierarchical key chain to extend the duration of broadcast authentication to be as long as the whole lifetime of WSNs. Moreover, the overhead of the proposed scheme is significantly reduced compared to that with one level key chain. Extensive experimental results show that the novel hierarchical key chain fully outperforms the one level key chain in terms of memory and computation.

Na Ruan,Mengyuan Li,Jie Li

DOI: https://doi.org/10.1007/s12083-016-0493-9

IF: 3.488

2016-01-01

Peer-to-Peer Networking and Applications

Abstract:Internet of Vehicles (IoVs) is coming and will grow in next few years, VANETs (Vehicular Ad Hoc Networks) is evolving into the era of IoVs. Inevitably, VANETs need to communicate with WSNs (Wireless Sensor Networks). Real-time data transmission between vehicles and road-side sensor nodes has many application scenarios. However, due to different characteristics of VANETs and WSNs, real-time traffic data transmission is too complicated and slow when emergencies occurred in many RSUs-sparse (Road Side Units) areas. In this paper, we propose a broadcast authentication protocol, namely Paralleling Broadcast Authentication Protocol (PBAP), aiming at enhancing energy efficiency and providing network security in the direct communication between vehicles and WSNs. The simulation results demonstrate that the protocol can effectively extend lifetime of WSNs by improving the utilization rate of the keys and show nice properties in different channel loss ratio and different degrees of DoS attacks. The protocol can work well even in the area without RSUs.