Figure 4 - available via license: CC BY
Content may be subject to copyright.
Source publication
Nowadays, aircraft safety is based on different systems and four of them share the same data-link protocol: Secondary Surveillance Radar, Automatic Dependent Surveillance System, Traffic Collision Avoidance System, and Traffic Information System use the Mode S protocol to send and receive information. This protocol does not provide any kind of auth...
Context in source publication
Similar publications
Crowdsensing platforms allow sharing data, collected by devices of individuals, to achieve common objectives based on the analysis of shared information. Despite their benefits, these platforms also bring security threats that must be addressed to provide secure data and reliable services. In this context, device behavior fingerprinting becomes a k...
Citations
... Here, RFF methods could be an efficient means to protect ADS-B devices against such attacks. Thus, in recent years, researchers have started to investigate the potential of the RFF in their work using ADS-B signals collected from SDRs [29][30][31][32][33][34]. However, large-scale datasets composed of ADS-B signals collected from a large number of transmitters are needed for their implementation. ...
... In the literature, several RFF-based methods have been proposed using ADS-B signals collected by SDRs [29][30][31][32][33][34], as mentioned in the previous section. This section is devoted to discussing these methods in order to address the novelty of the work presented in this article. ...
... In [29], an RFF-based method is proposed to identify an intrusion on a Mode S channel using features, such as a carrier phase and carrier frequency features, extracted from the signals transmitted from the aircraft. The performance is evaluated via a measurement campaign where a receiver consisting of an SDR running over a Raspberry Pi equipped with a modified digital video broadcasting terrestrial (DVB-T) dongle and an omnidirectional ADS-B antenna have been used to collect around 45 million messages from 2942 aircrafts. ...
The automatic dependent surveillance broadcast (ADS-B) system is one of the key components of the next generation air transportation system (NextGen). ADS-B messages are transmitted in unencrypted plain text. This, however, causes significant security vulnerabilities, leaving the system open to various types of wireless attacks. In particular, the attacks can be intensified by simple hardware, like a software-defined radio (SDR). In order to provide high security against such attacks, radio frequency fingerprinting (RFF) approaches offer reasonable solutions. In this study, an RFF method is proposed for aircraft identification based on ADS-B transmissions. Initially, 3480 ADS-B samples were collected by an SDR from eight aircrafts. The power spectral density (PSD) features were then extracted from the filtered and normalized samples. Furthermore, the support vector machine (SVM) with three kernels (linear, polynomial, and radial basis function) was used to identify the aircraft. Moreover, the classification accuracy was demonstrated via varying channel signal-to-noise ratio (SNR) levels (10–30 dB). With a minimum accuracy of 92% achieved at lower SNR levels (10 dB), the proposed method based on SVM with a polynomial kernel offers an acceptable performance. The promising performance achieved with even a small dataset also suggests that the proposed method is implementable in real-world applications.
... The results of the transfer learning experiment show that the model trained on large-scale ADS-B datasets is more suitable for learning and training new tasks than the model trained on a small-scale dataset. In [35], the authors focused on the features of Radio Frequency (RF) to fingerprint the system. Aircraft were identified with the extracted signatures, and an intrusion detection algorithm was developed. ...
... -Memory space is required for the database. [35] To detect the difference between the real message and the message added to the system by the attacker, a fingerprint-based intrusion detection system has been proposed, and an intrusion detection algorithm has been developed. ...
This paper focuses on the vulnerabilities of ADS-B, one of the avionics systems, and the countermeasures taken against these vulnerabilities proposed in the literature. Anomaly detection methods based on machine learning and deep learning algorithms among proposed countermeasures against vulnerabilities of ADS-B are analyzed in detail. The advantages and disadvantages of using an anomaly detection system on ADS-B data are investigated. Thanks to advances in machine learning and deep learning in the last decade, it has become more appropriate to use anomaly detection systems to detect anomalies in ADS-B systems. To the best of our knowledge, this is the first survey focused on studies that use machine learning and deep learning algorithms for ADS-B security. In this context; this paper addresses research on this topic from different perspectives, and draws a road map for future research, and searches for five research questions related to machine learning and deep learning algorithms used on anomaly detection systems.
... Reference [14] explored the RFFs of aircraft based on radar signals. Moreover, references [15][16][17] explored the RFFs of airplanes, targeting the ads-b s modal signal. The traditional ads-b signal represents the ads-b s mode, which is also used in this paper. ...
... We screened ads-b signals from them and labeled them using the airplane's International Civil Aviation Organization (ICAO) address. ICAO serves as the only global identifier [15,16], and can be obtained by decoding through our Simulink codes. Wi-Fi signals were obtained from a public dataset. ...
... Wi-Fi signals were obtained from a public dataset. The use of ads-b and Wi-Fi signals has been observed in previous SEI references [15,16,21,27]. Communication reply signals-rm1 and rm2-are two modal communication signals that use pulse position modulation (PPM). ...
To improve communication stability, more wireless devices transmit multi-modal signals while operating. The term ‘modal’ refers to signal waveforms or signal types. This poses challenges to traditional specific emitter identification (SEI) systems, e.g., unknown modal signals require extra open-set mode identification; different modes require different radio frequency fingerprint (RFF) extractors and SEI classifiers; and it is hard to collect and label all signals. To address these issues, we propose an enhanced SEI system consisting of a universal RFF extractor, denoted as multiple synchrosqueezed wavelet transformation of energy unified (MSWTEu), and a new generative adversarial network for feature transferring (FTGAN). MSWTEu extracts uniform RFF features for different modal signals, FTGAN transfers different modal features to a recognized distribution in an unsupervised manner, and a novel training strategy is proposed to achieve emitter identification across multi-modal signals using a single clustering method. To evaluate the system, we built a hybrid dataset, which consists of multi-modal signals transmitted by various emitters, and built a complete civil air traffic control radar beacon system (ATCRBS) dataset for airplanes. The experiments show that our enhanced SEI system can resolve the SEI problems associated with crossing signal modes. It directly achieves 86% accuracy in cross-modal emitter identification using an unsupervised classifier, and simultaneously obtains 99% accuracy in open-set recognition of signal mode.
... Feature Extraction Algorithm (FEA) is essentially the transformation of data [69], which can be further classified as linear analysis methods such as PCA [44,49,[70][71][72] and LDA [49], as well as nonlinear analysis methods such as t-SNE [73]. It should be noted that since t-SNE does not learn a specific function from the original space to the new dimensional space, it is generally used for visualization rather than in classification models. ...
... TML-based open set RFF identification mainly relies on threshold setting to detect unknown devices, which is often a one-vs-one verification process, i.e., a binary classification is completed for each device to be identified. Popular machine learning classifiers include MDA/ML [16,46,68,90], KNN [70,72], SVM [49,91], SVDD [92], RndF [16,93], etc. These machine learning methods either have special variants (e.g., one-class SVM, isolation forest) or rely on clustering (e.g., KNN) to adapt to the requirements of unknown device detection. ...
Radio frequency fingerprint (RFF) identification is a promising technique for identifying Internet of Things (IoT) devices. This paper presents a comprehensive survey on RFF identification, which covers various aspects ranging from related definitions to details of each stage in the identification process, namely signal preprocessing, RFF feature extraction, further processing and RFF identification. Specifically, three main steps of preprocessing are summarized, including carrier frequency offset estimation, noise elimination and channel cancellation. Besides, three kinds of RFFs are categorized, comprising I/Q signal-based, parameter-based and transformation-based features. Meanwhile, feature fusion and feature dimension reduction are elaborated as two main further processing methods. Furthermore, a novel framework is established from the perspective of closed set and open set problems, and the related state-of-the-art methodologies are investigated, including approaches based on traditional machine learning, deep learning and generative models. Additionally, we highlight the challenges faced by RFF identification and point out future research trends in this field.
... At a first glance, with a multitude of common security measures available for all layers, one may assume this to be a very rare circumstance. Still, attacking such system has been multiply demonstrated, e.g., in [6,9,[12][13][14][15]28,38,57,63,92,127,191,[193][194][195][196]. The question that remains unanswered is: Table 7 Aeronautical communication services: Summary of existence of security properties as specified in requirements, specification or scientific literature. ...
... ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] TCAS ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [193] ✘ [193] ✘ [193] ✘ [193] ✘ [193] ✘ [193] ✘ [193] A main reason is the high cost to replace or update widely deployed legacy systems, such as analogue VHF, ACARS, CPDLC via ACARS via VDLm2 that make use of years-old radio hardware of an aircraft. For example, AMS exists since 2007, but ANSPs charge extra for that service [127] which makes it not very widely adopted. ...
... ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] ✘ [52,154] TCAS ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] ✘ [163,192] [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [189,190] ✘ [193] ✘ [193] ✘ [193] ✘ [193] ✘ [193] ✘ [193] ✘ [193] A main reason is the high cost to replace or update widely deployed legacy systems, such as analogue VHF, ACARS, CPDLC via ACARS via VDLm2 that make use of years-old radio hardware of an aircraft. For example, AMS exists since 2007, but ANSPs charge extra for that service [127] which makes it not very widely adopted. ...
Aeronautical communications still heavily depend on analog radio systems, despite the fact that digital communication has been introduced to aviation in the 1990’s. Since then, the digitization of civil aviation has been continued, as considerable pressure to rationalize the aeronautical spectrum has built up. In any modern digital communications system, the threat of digital attacks needs to be considered carefully. This is especially true for safety-critical infrastructure, which aviation’s operational communication services clearly are. In this article, we reverse the traditional approach in the aeronautical industry of looking at a system from the safety perspective and assume a security-oriented point of view. We use the lens of security properties to review the requirements and specifications of aeronautical communications infrastructure as of 2021 and observe that most standards lack cybersecurity as a key requirement. Furthermore, we review the academic literature to identify possible solutions for the lack of cybersecurity measures in aeronautical communications system. We observe that most systems have been thoroughly analyzed within the academic security community, some for decades even, with many papers proposing concrete solutions to missing cybersecurity features. We conclude that there is a systematic problem in the design process of aeronautical communication systems. We provide a list of eight key findings and recommendations to improve the process of specifying such systems in a secure manner.
... При цьому можливо стверджувати, що найбільш вразливим місцем у інформаційних системах, що розглядаються є літаковий відповідач [24][25][26][27]. Так, побудова літакового відповідача за принципом одноканальної відкритої системи масового обслуговування з відмовами призводить до повної паралізації останнього при постановці потоків внутрісистемних і навмисних корельованих завад в каналі запиту потрібної інтенсивності. ...
This paper presents the conducted assessment of noise immunity of the request signal transmission channel and response channel for flight information of secondary radar systems as part of aircraft responders. The considered system is an open single-channel queuing system with refusing due to the action in the request channel of intentional and unintentional correlated and uncorrelated (intra-system) interference and ground-based receivers that receive, process and decode flight information in the presence of fluctuation and intra-system interference in the receiving channel. The results of assessing the noise immunity of the aircraft responder in the form of the aircraft responder’s readiness factor under the action of internal and deliberate interference are given. It is shown that the principle of constructing an aircraft responder and the principle of servicing request signals and transmitting flight information do not allow ensuring acceptable probabilities of obtaining flight data at ground control points.
... 27 Various countermeasures have been proposed so far, which 28 have been categorized into positional veification 1 and broad-29 cast authentication [13], [14], [15]. Among them, a promising 30 candidate for air navigation service providers is positional 31 vereification that uses time difference of arrival (TDOA) [16], 32 The associate editor coordinating the review of this manuscript and approving it for publication was Tariq Umer . 1 [17], [18], [19], [20], [21]. The receivers measure the TDOA 33 of the ADS-B signal and use it for verifying the positional 34 information inside the signal. ...
... 36 1) Compared to broadcast authentication [22], [23], [24], 37 [25], [26], [27], the TDOA-based method eliminates 38 the need for avionics upgrade and standardization 39 process. 40 2) Intrusion detection using a transponder finger-41 print [28], [29], [30], [31] can detect a transmission 42 by an adversary but may overlook a false position due 43 to avionics failure, which is transmitted by an aircraft. 44 The TDOA-based method can detect the both cases as 45 lomg as the reported position deviates from the true 46 position. ...
Automatic Dependent Surveillance—Broadcast (ADS-B) is an emerging means of aeronautical surveillance for air traffic control. Aircraft periodically broadcast positional updates to ground stations. Although ADS-B outperforms traditional radars in terms of accuracy and update rate, positional verification—a technique used to check the validity of the position report—is necessary to counter anomalies. In this study, two different methods were compared when the ground stations measure time difference of arrival (TDOA). One is direct; the test statistic is essentially the difference between the measurement and a prediction calculated from the position report. Another method is multilateration (MLAT)-based and two-step; the emitter position is firstly estimated, whereupon the difference between the estimated and reported positions constitutes the test statistic. As a result of the comparison, a performance difference, which depending on the number of receivers, was revealed. This is an useful suggestion for implementing ADS-B when the existing multilateration infrastructure is exploited.
... FLARM uses technologies related to radio communication and satellite positioning. In addition to technologies related to radiolocation [14][15][16][17], also optical rangefinders [18], vision systems [19,20], and even audio detection systems [21][22][23] can be used to detect intruders and thereby avoid midair collisions. Two main type of "sense and avoid" vision systems can be distinguished: infrared camera systems and daylight camera systems [24]. ...
In the near future, the integration of manned and unmanned aerial vehicles into the common airspace will proceed. The changes taking place mean that the safety of light aircraft, ultralight aircraft and unmanned air vehicles (UAV) will become an increasing problem. The IDAAS project (Intruder Detection And collision Avoidance System) meets the new challenges as it aims to produce technically advanced detection and collision avoidance systems for light and unmanned aerial vehicles. The work discusses selected elements of research and practical tests of the intruder detection vision system, which is part the of IDAAS project. At the outset, the current formal requirements related to the necessity of installing anticollision systems on aircraft are presented. The concept of the IDAAS system and the structure of algorithms related to image processing are also discussed. The main part of the work presents the methodology developed for the needs of dedicated flight tests, its implementation and the results obtained. The initial tests of the IDAAS system carried out on an ultralight aircraft generally indicate the possibility of the effective detection of intruders in the airspace with the use of vision methods, although they also indicated the existence of conditions in which this detection may prove difficult or even impossible.
... Encryption and authentication on the ADS-B protocol were proposed to overcome eavesdropping and message injection, like in [5][6][7][8], but they need a protocol modification. Authentication by RF and Low Level fingerprinting, without protocol modification, are proposed in [9][10][11][12][13]. In [14], the authors also propose a method to improve the ADS-B system security by introducing a physical layer protocol evolution for the introduction of an authentication scheme fully compliant with the current standard and exploiting the phase modulation of the signals. ...
Automatic Dependent Surveillance-Broadcast is an Air Traffic Control system in which aircraft transmit their own information (identity, position, velocity, etc.) to ground sensors for surveillance purposes. This system has many advantages compared to the classical surveillance radars: easy and low-cost implementation, high accuracy of data, and low renewal time, but also limitations: dependency on the Global Navigation Satellite System, a simple unencrypted and unauthenticated protocol. For these reasons, the system is exposed to attacks like jamming/spoofing of the on-board GNSS receiver or false ADS-B messages’ injection. After a mathematical model derivation of different types of attacks, we propose the use of a crowd sensor network capable of estimating the Time Difference Of Arrival of the ADS-B messages together with a two-step Kalman filter to detect these attacks (on-board GNSS/ADS-B tampering, false ADS-B message injection, GNSS Spoofing/Jamming). Tests with real data and simulations showed that the algorithm can detect all these attacks with a very high probability of detection and low probability of false alarm.
... Hereinafter, we focus our attention on false information, since the computation of localization information highly depends on accurate inputs from all involved agents. Some TCP/IP protocols do not provide authenticating mechanisms and are thus vulnerable to spoofing attacks (see, for example, [27]); a spoofing attack in our context makes an agent conclude it is located somewhere other than its actual location which falls into the problem in hand as well. ...
... Their conditions cannot be met exactly; thus, the researchers quantify the compatibility of the observation, to evaluate the goodness of the fit. Leonardi and Gerardi [27] use airplane/transmitter RF-level features to detect false massages. They compare newly coming massages to an estimated signature of a legitimate message by using Kolmogorov-Smirnov test, which we apply here as well in a somewhat different manner. ...
Many tasks performed by swarms of unmanned aerial vehicles require localization. In many cases, the sensors that take part in the localization process suffer from inherent measurement errors. This problem is amplified when disruptions are added, either endogenously through Byzantine failures of agents within the swarm, or exogenously by some external source, such as a GNSS jammer. In this paper, we first introduce an improved localization method based on distance observation. Then, we devise schemes for detecting Byzantine agents, in scenarios of endogenous disruptions, and for detecting a disrupted area, in case the source of the problem is exogenous. Finally, we apply pool testing techniques to reduce the communication traffic and the computation time of our schemes. The optimal pool size should be chosen carefully, as very small or very large pools may impair the ability to identify the source/s of disruption. A set of simulated experiments demonstrates the effectiveness of our proposed methods, which enable reliable error estimation even amid disruptions. This work is the first, to the best of our knowledge, that embeds identification of endogenous and exogenous disruptions into the localization process.
