16 Jan 2017

The Security of ADS-B Transmissions

Author: TCC  /  Categories: Blogs, General security

This is the first part of a series dedicated to the importance of securing ADS-B transmissions.  Current air traffic control (ATC) relies on a combination of primary surveillance radar (PSR) based on conventional reflected radio waves and secondary surveillance radar (SSR) that uses an interrogation signal sent to an on-board transponder (Mode-S).  The replies from the aircraft are independent of the primary radar return and provide additional information (i.e., altitude and identity).  Not all aircraft have the Mode-S transponders.  The combined PSR-SSR gives an aircraft location accuracy of 1-2 nmi (nautical miles) with updates every 5-10 seconds, which leads to 3 nmi or greater separation requirement between aircraft.  To achieve the much higher aircraft densities that are forecasted for the years to come and to eliminate the high cost of operation of the PSR-SSR system, the Automatic Dependent Surveillance Broadcast (ADS-B) was introduced as an extension of the Mode-S beaconing system.  Its position accuracy is 0.05 nmi (92.6 m) and the velocity accuracy is 19.4 nmi/h (10 m/s), which means a much smaller separation between aircraft.  Being a satellite-based technology, the benefits of the ADS-B system include increased situational awareness, extended surveillance coverage, enhanced conflict detection, reduced operational costs, and improved routing efficiency.

With the evolving threats that target Global Positioning System (GPS) and Global Navigation Satellite System (GNSS) from which ADS-B derives its surveillance data, attacks like denial-of-service (DoS), jamming and spoofing are easier to mount.  If hundreds of bogus positions were to be reported all of a sudden around an airport, some of them very close to actual aircraft coordinates, it would be almost impossible to distinguish them using multilateration, angle-of-arrival and radar scans in very short time.  Therefore, cryptographic solutions for ADS-B are required.  There are two main categories of cryptographic mechanisms for securing the ADS-B transmissions: Symmetric-key encryption & message authentication codes (MAC) vs. Asymmetric-key encryption & digital signatures.  Either solution has to take into account that ADS-B is very much bandwidth and interference constrained.

Symmetric-key techniques are computationally efficient, and without knowledge of the shared secret key, the encrypted messages and the MAC are computationally infeasible to forge or predict.  In addition, the secret key cannot be derived from the encrypted messages.  Encrypting ADS-B messages via symmetric-key ensures confidentiality.  We need a symmetric key protocol that preserves format and does not expand the plaintext ADS-B message (i.e., plaintext and ciphertext have the same length).  MACs are short messages derived from a longer message based on specific MAC-generating algorithms (e.g., keyed-hash message authentication code).  They are appended to the longer message, to provide integrity and authenticity; they do not provide confidentiality.  The downside is that a MAC increases the message length and thus the chance of message interference by overlapping another message during broadcast.

In an asymmetric-key/public-key (PK) encryption system, users encrypt the message with the recipient’s PK according to some specific technique (e.g., elliptic curve cryptography – ECC).  The recipient decrypts with his/her own private key and recovers the message.  In this case, confidentiality is achieved because only the intended recipient can decrypt the transmission.  Nevertheless, data origin authentication and data integrity are not achieved because anybody could have used the public key of the recipient to generate the message.  Hence, we use digital signatures appended (like MACs) to the original plaintext ADS-B messages.  The user’s private key signs the message while the unique digital signature is verified and authenticated at the receiver by applying the sender’s public key.  PK crypto mechanisms have significant drawbacks: The encryption/decryption process is much slower than the one for symmetric key systems, ciphers increase the transmitted ADS-B message length (e.g., ElGamal encryption), and unique encrypted ADS-B messages are required for each recipient, which eliminates the real-time broadcast characteristic of the message.

One very important aspect of the design of any cryptographic system is Key Management. Symmetric-key systems have a serious problem. Anyone in the possession of the secret key can generate a message that decrypts correctly at the other end. Thus, losing the single secret key compromises the entire system (i.e., encryption/decryption operations as well as MAC generation and validation). On the other hand, public keys are easy to distribute and only the private keys must remain secret, to protect the system. Nevertheless, the more airplanes in an area, the more public keys are required to be stored, which makes the system almost impossible to deploy.

This first part briefly introduced the next generation type of communications in the world of aeronautics, and made the case for strong security mechanisms to protect them. Stay tuned for part two of this series of articles in which we provide more information about the types of ADS-B messages and their internal structure (i.e., number of fields and bits) that ties to requirements for efficient cryptographic schemes.


Number of views (558)      Comments (0)


Please login or register to post comments.

Cipher One

CipherONE® Optimized Network Encryption

Our solutions meet TCC's CipherONE Optimized Network Encryption best-in-class criteria for maximum cryptographic strength, and are optimized for performance and ease of use for our customers.

Read More