OpenSky Network Blog

Sunday, 25 February 2018 17:07

Is there any working intrusion detection system for ADS-B? Featured

Written by

Tl;dr: Not that we know of. At least not deployed anywhere outside a lab. Some proposals have been floated, however.

This post was inspired by the recent report by the US Congress Government Accountability Office on ADS-B, which was discussed in many articles around the web, such as this one, for example: GAO: Pentagon, FAA Lag In Addressing ADS-B Risks

Let’s have a look at the source, these are quotes from the GOA’s actual document, citing some of the work from contributors here at OpenSky: [1]

 

While NORAD and DOD officials told us that they will benefit from information provided by ADS-B technology, NORAD, DOD, and professional organizations’ documents and officials also noted that electronic warfare-and cyber-attacks—and the potential divestment of secondary-surveillance radars as a result of reliance on ADS-B—could adversely affect current and future air operations.

For example, a 2015 Institute of Electrical and Electronics Engineers article [2] about ADS-B stated that ADS-B is vulnerable to an electronic-warfare attack—such as a jamming attack […]

Further on the vulnerabilities:

According to the article in the 2015 Institute of Electrical and Electronics Engineers publication, adversaries could use a cyber-attack to inject false ADS-B messages (that is, create “ghost” aircraft on the ground or air); delete ADS-B messages (that is,make an aircraft disappear from the air traffic controller screens); and modify messages (that is, change the reported path of the aircraft).

Finally, this is all we get to know about the solutions to the problem:

The article states that jamming attacks against ADS-B systems would be simple, and that ADS-B data do not include verification measures to filter out false messages, such as those used in spoofing attacks. FAA officials stated that the agency is aware of these possible attacks, and that it addresses such vulnerabilities by validating ADS-B data against primary- and secondary-surveillance radar tracks.

Both FAA and DOD have identified a potential solution to address this vulnerability. However, this solution has not been tested and as of November 2017, no testing has been scheduled.

So, we are not allowed to know what’s in store from the authorities’ side and how well it works. The systems security community often classes this as Security through obscurity. To be fair, this approach probably has a place somewhere in legacy critical infrastructures controlled by a few entities and vendors. It doesn’t really make me trust the system any more but I guess that’s the deal.

So, realistically, what are they talking about here?

Most likely, we are talking about cross-validation with other, partially redundant, ATC surveillance technologies. Candidates include Primary Radar (PSR), Secondary Radar (SSR, Mode A, C, S) and (Wide Area) Multilateration. The idea is that if ADS-B is actually being attacked, one could easily see this on these redundant technologies by either automatically or manually verifying ADS-B targets with them.

And yes, that works. The problem is that this wasn’t the plan. ADS-B was supposed to be the sole surveillance technology in most airspaces. The old and expensive, less accurate radar technologies were supposed to be retired. Well, no more, the FAA has stated as much just a couple of weeks ago: FAA No Longer Expected To Retire Radars

The other problem: while (in some cases much) more difficult to pull of, at least SSR and also multilateration are well within the capabilities of a typical attacker. If you verify compromised data with other compromised data, you’re just as lost as before, although the complexity has certainly risen.

At the end of the day, these are probably still the best and most realistic options, where they are available and closest to answering the question: If you properly tune your surveillance distributions systems and trackers and test them against such attacks, they at least become non-trivial.

Outside of this mitigation option, we proposed and tested several transparent approaches using the actual ADS-B messages to detect attacks, mostly based on physical layer data [3]. It’s not 100% secure, that could only be delivered by a new protocol which includes cryptography, but it’s a whole lot better than nothing. The details of these schemes shall be discussed in future blog posts on this topic. If you are interested you can also check out our Publications page.

Footnotes

[1] https://www.gao.gov/assets/690/6...

[2] Martin Strohmeier, Vincent Lenders, Ivan Martinovic. On the Security of the Automatic Dependent Surveillance-Broadcast Protocol, In IEEE Communications Surveys & Tutorials. Vol. 17. No. 2. Pages 1066 − 1087. 2015.

[3] Martin Strohmeier. Security in Next Generation Air Traffic Communication Networks, PhD Thesis, University of Oxford 2016.

Read 13608 times Last modified on Wednesday, 11 April 2018 10:04
Login to post comments

Search

Featured

This website uses cookies to offer you the best experience of our services. By using this website you agree to our privacy policy!