On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

MAG-PUFs:Authenticating IoT devices via electromagnetic physical unclonable functions and deep learning

The challenge of authenticating Internet of Things (IoT) devices, particularly in low-cost deployments with constrained nodes that struggle with dynamic re-keying solutions, renders these devices susceptible to various attacks. This paper introduces a robust alternative mitigation strategy based on Physical-Layer Authentication (PLA), which leverages the intrinsic physical layer characteristics of IoT devices. These unique imperfections, stemming from the manufacturing process of IoT electronic integrated circuits (ICs), are difficult to replicate or falsify and vary with each function executed by the IoT device. We propose a novel lightweight authentication scheme, MAG-PUFs, that uses the unintentional Electromagnetic (EM) emissions from IoT devices as Physical Unclonable Functions (PUFs). MAG-PUFs operate by collecting these unintentional EM emissions during the execution of pre-defined reference functions by the IoT devices. The authentication is achieved by matching these emissions with profiles recorded at the time of enrollment, using state-of-the-art Deep Learning (DL) approaches such as Neural Networks (NN) and Autoencoders. Notably, MAG-PUFs offer compelling advantages: (i) it preserves privacy, as it does not require direct access to the IoT devices; and, (ii) it provides unique flexibility, permitting the selection of numerous and varied reference functions. We rigorously evaluated MAG-PUFs using 25 Arduino devices and a diverse set of 325 reference function classes. Employing a DL framework, we achieved a minimum authentication F1-Score of 0.99. Furthermore, the scheme's efficacy in detecting impostor EM emissions was also affirmed, achieving a minimum F1-Score of 0.99. We also compared our solution to other solutions in the literature, showing its remarkable performance. Finally, we discussed code obfuscation techniques and the impact of Radio Frequency (RF) interference on the IoT authentication process.</p

MAG-PUFs:Authenticating IoT devices via electromagnetic physical unclonable functions and deep learning

The challenge of authenticating Internet of Things (IoT) devices, particularly in low-cost deployments with constrained nodes that struggle with dynamic re-keying solutions, renders these devices susceptible to various attacks. This paper introduces a robust alternative mitigation strategy based on Physical-Layer Authentication (PLA), which leverages the intrinsic physical layer characteristics of IoT devices. These unique imperfections, stemming from the manufacturing process of IoT electronic integrated circuits (ICs), are difficult to replicate or falsify and vary with each function executed by the IoT device. We propose a novel lightweight authentication scheme, MAG-PUFs, that uses the unintentional Electromagnetic (EM) emissions from IoT devices as Physical Unclonable Functions (PUFs). MAG-PUFs operate by collecting these unintentional EM emissions during the execution of pre-defined reference functions by the IoT devices. The authentication is achieved by matching these emissions with profiles recorded at the time of enrollment, using state-of-the-art Deep Learning (DL) approaches such as Neural Networks (NN) and Autoencoders. Notably, MAG-PUFs offer compelling advantages: (i) it preserves privacy, as it does not require direct access to the IoT devices; and, (ii) it provides unique flexibility, permitting the selection of numerous and varied reference functions. We rigorously evaluated MAG-PUFs using 25 Arduino devices and a diverse set of 325 reference function classes. Employing a DL framework, we achieved a minimum authentication F1-Score of 0.99. Furthermore, the scheme's efficacy in detecting impostor EM emissions was also affirmed, achieving a minimum F1-Score of 0.99. We also compared our solution to other solutions in the literature, showing its remarkable performance. Finally, we discussed code obfuscation techniques and the impact of Radio Frequency (RF) interference on the IoT authentication process.</p

RF Fingerprinting Unmanned Aerial Vehicles

As unmanned aerial vehicles (UAVs) continue to become more readily available, their use in civil, military, and commercial applications is growing significantly. From aerial surveillance to search-and-rescue to package delivery the use cases of UAVs are accelerating. This accelerating popularity gives rise to numerous attack possibilities for example impersonation attacks in drone-based delivery, in a UAV swarm, etc. In order to ensure drone security, in this project we propose an authentication system based on RF fingerprinting. Specifically, we extract and use the device-specific hardware impairments embedded in the transmitted RF signal to separate the identity of each UAV. To achieve this goal, AlexNet with the data augmentation technique was employed

Radio Frequency Based Programmable Logic Controller Anomaly Detection

The research goal involved developing improved methods for securing Programmable Logic Controller (PLC) devices against unauthorized entry and mitigating the risk of Supervisory Control and Data Acquisition (SCADA) attack by detecting malicious software and/or trojan hardware. A Correlation Based Anomaly Detection (CBAD) process was developed to enable 1) software anomaly detection discriminating between various operating conditions to detect malfunctioning or malicious software, firmware, etc., and 2) hardware component discrimination discriminating between various hardware components to detect malfunctioning or counterfeit, trojan, etc., components

Discrete Moving Target Defense Application and Benchmarking in Software-Defined Networking

Moving Target Defense is a technique focused on disrupting certain phases of a cyber-attack. The static nature of the existing networks gives the adversaries an adequate amount of time to gather enough data concerning the target and succeed in mounting an attack. The random host address mutation is a well-known MTD technique that hides the actual IP address from external scanners. When the host establishes a session of transmitting or receiving data, due to mutation interval, the session is interrupted, leading to the host’s unavailability. Moving the network configuration creates overhead on the controller and additional switching costs resulting in latency, poor performance, packet loss, and jitter. In this dissertation, we proposed a novel discrete MTD technique in software-defined networking (SDN) to individualize the mutation interval for each host. The host IP address is changed at different intervals to avoid the termination of the existing sessions and to increase complexity in understanding mutation intervals for the attacker. We use the flow statistics of each host to determine if the host is in a session of transmitting or receiving data. Individualizing the mutation interval of each host enhances the defender game strategy making it complex in determining the pattern of mutation interval. Since the mutation of the host address is achieved using a pool of virtual (temporary) host addresses, a subnet game strategy is introduced to increase complexity in determining the network topology. A benchmarking framework is developed to measure the performance, scalability, and reliability of the MTD network with the traditional network. The analysis shows the discrete MTD network outperforms the random MTD network in all tests

Exploitation of Unintentional Ethernet Cable Emissions Using Constellation Based-Distinct Native Attribute (CB-DNA) Fingerprints to Enhance Network Security

This research contributed to the AFIT\u27s Radio Frequency Intelligence (RFINT) program by developing a new device discrimination technique called Constellation-Based Distinct Native Attribute (CB-DNA) Fingerprinting. This is of great interest to the Air Force Research Lab (AFRL), Sensor Directorate, who supported the research and now have new method for improving network security. CB-DNA fingerprints are used to authenticate wired network device identities, thwart unauthorized access, and augment traditional bit-level security measures that area easily bypassed by skilled hackers. Similar to human fingerprint features that uniquely identify individuals, CB-DNA uniquely identifies communication devices and improves the rate at which unauthorized rogue devices are granted network access

Radio Frequency Fingerprinting Techniques through Preamble Modification in IEEE 802.11b

Wireless local area networks are particularly vulnerable to cyber attacks due to their contested transmission medium. Access point spoofing, route poisoning, and cryptographic attacks are some of the many mature threats faced by wireless networks. Recent work investigates physical-layer features such as received signal strength or radio frequency fingerprinting to identify and localize malicious devices. This thesis demonstrates a novel and complementary approach to exploiting physical-layer differences among wireless devices that is more energy efficient and invariant with respect to the environment than traditional fingerprinting techniques. Specifically, this methodology exploits subtle design differences among different transceiver hardware types. A software defined radio captures packets with standard-length IEEE 802.11b preambles, manipulates the recorded preambles by shortening their length, then replays the altered packets toward the transceivers under test. Wireless transceivers vary in their ability to receive packets with preambles shorter than the standard. By analyzing differences in packet reception with respect to preamble length, this methodology distinguishes amongst eight transceiver types from three manufacturers. All tests to successfully enumerate the transceivers achieve accuracy rates greater than 99%, while transmitting less than 60 test packets. This research extends previous work illustrating RF fingerprinting techniques through IEEE 802.15.4 wireless protocols. The results demonstrate that preamble manipulation is effective for multi-factor device authentication, network intrusion detection, and remote transceiver type fingerprinting in IEEE 802.11b