Aerospace and Electronic Systems Magazine November 2017 - 54

ADS-B Vulnerabilities and a Security Solution with a Timestamp

Figure 2.

Current ADS-B message format.

Even without attacks, ADS-B lacks a secondary mechanism that
can confirm the location in case of a transmitter malfunction. There
have been a number of device malfunctions reported in ACAS and/
or other avionics systems that have led to dangerous situations [11],
[12]. Such unverified ADS-B data can cause a significant hazard in
air transportation or inefficiency in ATC. Now, with the proliferation of the unmanned aircraft system (UAS) and their integration
to the National Airspace System, the role of ADS-B is becoming
increasingly important as a growing number of UAS will employ
ADS-B [13], [14]. The ADS-B devices in UAS pose a special challenge as they may use lower quality electronics, suffer from less
rigorous maintenance, and malfunctions can be overlooked. This
could cause wrong ADS-B data to be transmitted inadvertently.
Without a mechanism to correct these problems, the unverified
ADS-B data could cause a significant hazard to air transportation. It
is important to correct these shortcomings as the number of ADS-B
units will grow continuously due to Federal Aviation Administration (FAA) installation requirements for ADS-B.

CHALLENGES FOR DEVELOPING ADS-B SECURITY
METHODS
First, the ADS-B frequency space is already crowded with not only
ADS-B but also with Mode-S radars and transponders. Due to the
limited bandwidth capacity, increasing the ADS-B packet size with
any kind of security data is very difficult. Second, a protocol standard change in ADS-B will require retrofitting the existing devices,
including onboard ADS-B devices, ACAS with embedded ADS-B,
ADS-B ground stations, and the radar systems. This will require significant investment of money and time, making it impractical. Third,
the solutions that do not require a protocol standard change tend to
be bulky and expensive, making it less suitable for on-board use.

SOLUTIONS FOR ADS-B SECURITY
A number of security methods on ADS-B have been studied,
but it has been challenging to apply them to a practical use due
to various shortcomings. In achieving ADS-B security, there are
two groups of approaches, i.e., secure broadcast authentication and
secure location verification [15]. Secure broadcast authentication
54

can protect the communication and prevent the attacks in a broadcast network. It includes noncryptographic schemes on the physical layer and cryptographic methods. Secure location verification
authenticates the claimed location using the data from the senders
and other ADS-B participants.

SECURE BROADCAST AUTHENTICATION WITH
CRYPTOGRAPHY
Cryptography is one of the common methods to secure communications in wireless networks, which requires distribution of encryption keys to the participants of ADS-B systems. One of the
proposed methods is the use of public key cryptography with a
challenge/response format [16]. Retroactive key publication is a
variation of public key cryptography, which sends a partial public
key with every message [17]. The receivers can buffer all the messages and decrypt them using the collected public key. A recent
study suggests the use of Staged Identity-Based Encryption, which
uses receiving parties' identities as public keys for encryption [15].
However, cryptographic methods generally require a large space
within the ADS-B message frame to store the encrypted data or
hash values, making them rather impractical.

SECURE BROADCAST AUTHENTICATION WITH
NONCRYPTOGRAPHY
Noncryptographic schemes are used to identify suspicious activities. Fingerprinting identifies what they are based on the unique
characteristics of devices such as the operating system, drivers,
clocks, and radio circuit [18]. There are three possible techniques
that may be employed in ADS-B, namely software-based fingerprinting, hardware-based fingerprinting, and channel/locationbased fingerprinting [19]. Software-based fingerprinting uses
distinctly different patterns or behavior of software operating on
equipment. Hardware-based fingerprinting is to identify devices
based on unique hardware differences such as differences in turnon/off transient, modulation of a radio signal, and clock skew.
Channel/location-based fingerprinting is based on received signal
strength, channel impulse response, or the carrier phase. However,

IEEE A&E SYSTEMS MAGAZINE

NOVEMBER 2017

Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine November 2017