NBAA Convention News

Unencrypted ADS-B OUT Confounds Aircraft Blocking

 - November 14, 2015, 10:15 AM
Donald Trump’s Boeing 757 is clearly viewable on this screenshot from the Plane Finder website, even though the U.S. presidential candidate has requested blocking.

The business aviation industry has an important concern; the lack of any way to de-identify a particular aircraft that is broadcasting an ADS-B OUT signal. With the 2020 U.S. and European mandates for ADS-B OUT rapidly approaching, there is as yet no way to prevent any simple ADS-B receiver from viewing information broadcast by aircraft equipped for ADS-B OUT. Although the Block Aircraft Registration Request (BARR) program is no longer available, the FAA and flight tracking companies have an agreement whereby the flight trackers agree to de-identify an aircraft if requested by the aircraft’s owner/operator. This is now called “blocking display of aircraft situation display to industry data,” and it is administered by the FAA. But this does not prevent ground-based ADS-B receivers operated by hobbyists all over the world from being able to see even a blocked aircraft’s ADS-B OUT information.

In an address to the Equip 2020 industry group last summer, NBAA president and CEO Ed Bolen said, “As the BARR experience demonstrated, the need to protect the privacy and security of one’s real-time movements is well understood by the business aviation industry, American Civil Liberties Union and more.” A few weeks later Jens Hennig, the group’s privacy ad hoc leader and v-p of operations at the General Aviation Manufacturers Association (GAMA), issued a white paper that describes the privacy problems of ADS-B and establishes the pursuit of a solution by the group as “Action Item 21.”

The issue is a straightforward one. ADS-B OUT operating on 1090 MHz transmits an unencrypted, real-time signal that includes the aircraft’s Mode S transponder code, its call sign, aircraft type and position and speed as determined by the aircraft’s own GPS-based avionics. “Anyone with the right equipment can capture that real-time data and potentially use it for nefarious purposes,” said Bolen.

For example, the mobile app Plane Finder AR allows a user to aim a smartphone at a passing aircraft, and the application queries the Plane Finder database for flight information, including call sign, altitude, current heading, origin/destination and relative distance from the user’s current position. Plane Finder’s data seems to include aircraft that have requested blocking. For example, the position of Donald Trump’s Boeing 757, N757AF, is viewable on the Plane Finder website, even though the Trump organization has requested blocking.

“We need to safeguard an aircraft operator’s privacy, security and business competitiveness, and we want to ensure that concern is addressed as ADS-B moves toward implementation,” concluded Bolen.

Business aviation is not alone in its concerns. The Department of Defense has asked for the development of encryption and jam/spoof-proofing mechanisms to protect the confidentiality and availability of information being transmitted and received by its aircraft, as well. The goal is similar to business aviation’s desire to keep certain operations confidential.

Currently, to alleviate the threat of spoofing, which means inserting fake ADS-B traffic targets into the system, 1090ES ADS-B broadcasts are authenticated with radar. But that is the very technology that ADS-B was designed to replace. Keeping radar as a backup to ADS-B and as a security authenticator for ADS-B targets raises the cost of the NextGen system and lengthens its payback time. There has to be another way to ensure the security of ADS-B and the privacy of its users.

For aircraft that fly lower than 18,000 feet, an alternative ADS-B frequency–978 MHz (978UAT)–is available. “A UAT has an anonymity broadcast mode that can be programmed to function when the airplane is squawking 1200,” said GAMA’s Hennig. “It will block the N-number transmission from being seen by anyone who cannot uncode the encryption. Such an encrypted anonymity mode could be programmed into 1090ES,” he explained. “It wasn’t done under [the applicable RTCA] DO-260 standards ostensibly because the Europeans did not want that function and negotiated to keep it out.”

One solution would be encryption of the 1090ES message, however, the signal broadcast by 1090ES ADS-B is a 112-bit message that is not suitable for encryption with traditional algorithms. Findings from research at the Wright-Patterson Air Force Institute of Technology on more than one million ADS-B transmissions found that a format-preserving encryption cryptographic engine could be a low-cost method to encrypt ADS-B communications.

The Equip 2020 group isn’t thinking about encryption now, according to Ric Peri, v-p of government and industry affairs for the Aircraft Electronics Association (AEA), and one of its representatives on Equip 2020. “The group wants the FAA to establish a privacy office to administer assignment of random 24-bit ICAO addresses as anonymous flight IDs, rolling every 30 days or so,” explained Peri. But as ADS-B technology matures, encrypting the ADS-B broadcasts will probably be the way we solve both the security and the privacy issues.”

For the moment Equip 2020 has tasked the NextGen Advisory Committee to ask RTCA to conduct a technical feasibility study. According to the white paper, with just four years to go before ADS-B mandates go into effect in the U.S. and Europe, it is unlikely that any anonymity function will be available in advance of the mandates.