Few Answers for ADS-B Security Concerns

 - February 14, 2018, 4:48 AM

Aircraft owners and operators flying in the U.S. and Europe are less than two years away from being required to equip their aircraft with ADS-B Out technology. Some countries in the Asia-Pacific region already require ADS-B Out, such as Australia, with others mandating the equipment to fly at altitudes above 29,000 feet. 

Since the introduction of the 2020 mandate in 2010, the FAA has addressed pricing, availability of technology, the amount of paperwork required, and a variety of other concerns with the 2020 ADS-B mandate. It has yet to comprehensively address, however, cybersecurity issues with ADS-B technology. ADS-B (automatic dependent surveillance-broadcast) uses onboard GPS sensors combined with ADS-B transceivers to broadcast aircraft position, velocity, and identification information to other aircraft and ground receivers, including air traffic control facilities.

NBAA began raising questions about blocking aircraft identifying information in ADS-B messages and ADS-B’s encryption and authentication standards in 2013. The FAA’s ADS-B working group, Equip 2020, has done little to address these concerns in the last five years.  

The central concern for most business aviation operators is the lack of provisions for blocking aircraft from being identified via online tracking websites. ADS-B does not have any mechanism in place to prevent people with ADS-B receivers from identifying aircraft. This means anyone can purchase a receiver (often for less than $100) and then begin seeing information including aircraft ID, altitude, latitude, longitude, bearing, and speed. This has long been the case with mode-S transponders, although the information transmitted by mode-S transponders is limited to the 24-bit address code tied to the aircraft’s registration number.

Organizations can request an Aircraft Situation Display to Industry (ASDI) block to prevent both ADS-B and mode-S data from appearing on radar data feeds provided by the FAA. Some flight-tracking websites—including Flightradar24 and FlightAware—also honor these blocks.

Other crowd-sourced websites do not honor the FAA’s block list and continue to share aircraft tracking information. For example, ADS-B Exchange—a flight tracking website that gains its data from hobbyist-owned ADS-B, mode-S, and MLAT feeds. (MLAT is a technique that uses transponder signals to pinpoint aircraft position.) ADS-B Exchange states on its website that blocking is “security theater” and it does not believe the data should be blocked because it is accessible to anyone with a receiver. It claims to be providing a public service by displaying the information in an easily accessible manner.

Organizations such as ADS- Exchange and others that oppose the blocking of ADS-B data and other flight information believe it is unlikely that a terrorist will exploit the information. However, the main threat from the exposure of the flight data comes from competitors, not terrorists.  

Flight data such as location, heading, and aircraft ID that links an airplane to a specific owner or company can provide an abundance of information about ongoing operations or impending deals. Companies can use this information to gain a competitive advantage or potentially impact stock prices.  

The leading idea for addressing blocking concerns is to change the aircraft ID transmitted by ADS-B so that it does not correspond to the airplane’s registration information. This solution preserves the benefits of ADS-B while resolving at least part of the aircraft identification concerns. There is no word on whether the FAA will approve this change. There is therefore no current method to block sensitive ADS-B data that is automatically transmitted from aircraft.

Unencrypted Data

The configuration of ADS-B raises additional data security questions. ADS-B receivers in each aircraft receive location information from onboard GPS sensors that receive signals from GPS satellites. This information is then transmitted with data from other avionics to ADS-B receivers on the ground or on other aircraft in the vicinity. The data received by the ground stations is then transmitted to air traffic control. Aircraft equipped with ADS-B In receivers can also receive the information for use in traffic detection and take advantage of new capabilities that ADS-B In enables such as free weather information.

No data is encrypted at any point in this process. This means anyone with a receiver can view the transmitted data. And no authentication is required. These issues expose aircraft to a variety of cyber attacks

The most well-known cyber attack against ADS-B systems is spoofing of either ADS-B or GPS data. Spoofing is a tactic wherein a hacker can insert false data into the standard communication pathways. This can be used to make it seem like there are airplanes where there are none or to make airplanes look like they are in a different location than they actually are.

Security researcher Brad Haines publicly demonstrated this type of attack in 2012 at the DEF CON20 security conference. He successfully inserted a fake aircraft into a simulation of San Francisco’s airspace. In a 2012 technical report, “Ghost in the Air (Traffic): On Insecurity of ADS-B Protocol and Practical Attacks on ADS-B Devices,” researchers Andrei Costin and Aurelien Francillon confirmed that this type of attack is not only possible, but also “easy and practically feasible, for a moderately sophisticated attacker.”

In her 2016 research study, "Analysis of the Cyber Attacks against ADS-B Perspective of Aviation Experts," master's candidate Camilo Pantoja Viveros addressed spoofing and other types of cyber attacks that exploit ADS-B’s lack of encryption and authentication. According to aviation experts she interviewed, cyber attacks that make an aircraft disappear from the ADS-B system and attacks that prevent an ADS-B ground station from receiving information are the most likely to adversely affect operations.

Aviation experts and other stakeholders have proposed several encryption schemas to address both the encryption and authentication issues with ADS-B. An Institute of Electrical and Electronics Engineers 2014 paper, “Can Cryptography Secure Next Generation Air Traffic Surveillance?” discovered that traditional encryption methods are impractical because they are burdensome to implement and vulnerable to interference.

U.S. Air Force Second Lieutenant Richard Agbeyibor proposed the use of format-preserving encryption as a solution in his 2014 master's thesis. This is the primary encryption method being explored because it can handle the larger ADS-B data packets without facing the interference issues seen with traditional encryption methods.

There is no indication that the FAA will implement encryption for ADS-B before the 2020 mandate. In the absence of encryption, many possible cyber attacks can be mitigated by cross-referencing ADS-B data with traditional radar information. This protection will last only until the older systems are phased out although that is not planned anytime soon. Equip 2020 is working with the NBAA and other industry stakeholders to address these concerns.