On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Machine Learning based RF Transmitter Characterization in the Presence of Adversaries

The advances in wireless technologies have led to autonomous deployments of various wireless networks. As these networks must co-exist, it is important that all transmitters and receivers are aware of their radio frequency (RF) surroundings so that they can learn and adapt their transmission and reception parameters to best suit their needs. To this end, machine learning techniques have become popular as they can learn, analyze and even predict the RF signals and associated parameters that characterize the RF environment. In this dissertation, we address some of the fundamental challenges on how to effectively apply different learning techniques in the RF domain. In the presence of adversaries, malicious activities such as jamming, and spoofing are inevitable which render most machine learning techniques ineffective. To facilitate learning in such settings, we propose an adversarial learning-based approach to detect unauthorized exploitation of RF spectrum. First, we show the applicability of existing machine learning algorithms in the RF domain. We design and implement three recurrent neural networks using different types of cell models for fingerprinting RF transmitters. Next, we focus on securing transmissions on dynamic spectrum access network where primary user emulation (PUE) attacks can pose a significant threat. We present a generative adversarial net (GAN) based solution to counter such PUE attacks. Ultimately, we propose recurrent neural network models which are able to accurately predict the primary users\u27 activities in DSA networks so that the secondary users can opportunistically access the shared spectrum. We implement the proposed learning models on testbeds consisting of Universal Software Radio Peripherals (USRPs) working as Software Defined Radios (SDRs). Results reveal significant accuracy gains in accurately characterizing RF transmitters- thereby demonstrating the potential of our models for real world deployments

Towards large-scale and collaborative spectrum monitoring systems using IoT devices

Mención Internacional en el título de doctorThe Electromagnetic (EM) spectrum is well regulated by frequency assignment authorities, national regulatory agencies and the International Communication Union (ITU). Nowadays more and more devices such as mobile phones and Internet-of-Things (IoT) sensors make use of wireless communication. Additionally we need a more efficient use and a better understanding of the EM space to allocate and manage efficiently all communications. Governments and telecommunication operators perform spectrum measurements using expensive and bulky equipments scheduling very specific and limited spectrum campaigns. However, this approach does not scale as it can not allow to widely scan and analyze the spectrum 24/7 in real time due to the high cost of the large deployment. A pervasive deployment of spectrum sensors is required to solve this problem, allowing to monitor and analyze the EM radio waves in real time, across all possible frequencies, and physical locations. This thesis presents ElectroSense, a crowdsourcing and collaborative system that enables large scale deployments using Internet-of-Things (IoT) spectrum sensors to collect EM spectrum data which is analyzed in a big data infrastructure. The ElectroSense platform seeks a more efficient, safe and reliable real-time monitoring of the EM space by improving the accessibility and the democratization of spectrum data for the scientific community, stakeholders and the general public. In this work, we first present the ElectroSense architecture, and the design challenges that must be faced to attract a large community of users and all potential stakeholders. It is envisioned that a large number of sensors deployed in ElectroSense will be at affordable cost, supported by more powerful spectrum sensors when possible. Although low-cost Radio Frequency (RF) sensors have an acceptable performance for measuring the EM spectrum, they present several drawbacks (e.g. frequency range, Analog-to-Digital Converter (ADC), maximum sampling rate, etc.) that can negatively affect the quality of collected spectrum data as well as the applications of interest for the community. In order to counteract the above-mentioned limitations, we propose to exploit the fact that a dense network of spectrum sensors will be in range of the same transmitter(s). We envision to exploit this idea to enable smart collaborative algorithms among IoT RF sensors. In this thesis we identify the main research challenges to enable smart collaborative algorithms among low-cost RF sensors. We explore different crowdsourcing and collaborative scenarios where low-cost spectrum sensors work together in a distributed manner. First, we propose a fast and precise frequency offset estimation method for lowcost spectrum receivers that makes use of Long Term Evolution (LTE) signals broadcasted by the base stations. Second, we propose a novel, fast and precise Time-of-Arrival (ToA) estimation method for aircraft signals using low-cost IoT spectrum sensors that can achieve sub-nanosecond precision. Third, we propose a collaborative time division approach among sensors for sensing the spectrum in order to reduce the network uplink bandwidth for each spectrum sensor. By last, we present a methodology to enable the signal reconstruction in the backend. By multiplexing in frequency a certain number of non-coherent low-cost spectrum sensors, we are able to cover a signal bandwidth that would not otherwise be possible using a single receiver. At the time of writing we are the first looking at the problem of collaborative signal reconstruction and decoding using In-phase & Quadrature (I/Q) data received from low-cost RF sensors. Our results reported in this thesis and obtained from the experiments made in real scenarios, suggest that it is feasible to enable collaborative spectrum monitoring strategies and signal decoding using commodity hardware as RF sensing sensors.Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Bozidar Radunovic.- Secretario: Paolo Casari.- Vocal: Fco. Javier Escribano Aparici

Electromagnetic Interference to Flight Navigation and Communication Systems: New Strategies in the Age of Wireless

Electromagnetic interference (EMI) promises to be an ever-evolving concern for flight electronic systems. This paper introduces EMI and identifies its impact upon civil aviation radio systems. New wireless services, like mobile phones, text messaging, email, web browsing, radio frequency identification (RFID), and mobile audio/video services are now being introduced into passenger airplanes. FCC and FAA rules governing the use of mobile phones and other portable electronic devices (PEDs) on board airplanes are presented along with a perspective of how these rules are now being rewritten to better facilitate in-flight wireless services. This paper provides a comprehensive overview of NASA cooperative research with the FAA, RTCA, airlines and universities to obtain laboratory radiated emission data for numerous PED types, aircraft radio frequency (RF) coupling measurements, estimated aircraft radio interference thresholds, and direct-effects EMI testing. These elements are combined together to provide high-confidence answers regarding the EMI potential of new wireless products being used on passenger airplanes. This paper presents a vision for harmonizing new wireless services with aeronautical radio services by detecting, assessing, controlling and mitigating the effects of EMI

Using Ontologies to Detect Anomalies in the Sky

Ce mémoire de maîtrise présente une solution pour améliorer la sécurité des systèmes de contrôle de trafic aérien. Cette solution prend la forme d’un détecteur d’anomalies qui va déceler les manipulations malicieuses de données. Par les mêmes mécanismes, ce détecteur peut aussi détecter les situations d’urgences et les violations des lois du trafic aérien. Les systèmes de contrôle de trafic aérien sont composés de plusieurs capteurs qui envoient des données aux stations de travail des contrôleurs aérien sur un réseau IP en utilisant un protocole de partage de données en temps réel nommé Data Distribution Service. Des données malicieuses comme de fausses positions d’avions peuvent être insérées dans le trafic du réseau en compromettant une machine connectée à celui-ci ou en émettant des signaux contenant les données falsifiées qui seront captées et transmises sur le réseau par les capteurs. Actuellement, une fois que ces données sont sur le réseau, les systèmes ne disposent pas de mécanismes pour différencier les données malicieuses des vraies données et les traiteront de la même façon. La présence de données falsifiées sur le réseau peut causer de la confusion qui peut mener à des situations dangereuses incluant une sécurité aérienne réduite. Nous avons évalué l’impact des différentes attaques sur les systèmes de contrôle de trafic aérien en construisant un modèle de menaces tout en considérant les procédures d’urgence déjà en place dans le monde de l’aviation. Nous avons conclu qu’il y a plusieurs façons selon lesquelles un adversaire peut injecter des données malicieuses dans les systèmes. Il peut le faire soit en injectant les données directement dans le réseau ou en utilisant une radio logicielle pour émettre des données malicieuses sur les fréquences utilisées par les capteurs qu’ils les transmettent eux-mêmes sur le réseau. Ces données peuvent induire les contrôleurs de trafic aérien en erreur et leur faire prendre une décision dangereuse. Ce modèle de menaces a servi dans l’ébauche des méthodes de détection.----------ABSTRACT : This Master’s thesis introduces an anomaly detection solution to increase the security of Air Traffic Control Systems against malicious data manipulation threats. At the same time, this detection system can detect emergencies and air traffic rules violations. Air Traffic Control Systems are made of multiple sensors sending data to air traffic controller workstations over an IP network using a publish-subscribe protocol, Data Distribution Service. Malicious data can be inserted into this network by either compromising a machine on the network, or by tricking the sensors into emitting falsified data. Once into the network, the system currently cannot distinguish malicious data from real one and will treat it as such, potentially causing dangerous situations and general confusion that could lead to air traffic safety being compromised. We quantify the impact different attacks have on the system by building a threat model while considering existing safety procedures already in place in the aviation world. We found that there are multiple ways an attacker can inject malicious data into the system either directly by injecting false data into the network or indirectly by sending spoofed broadcasts that will be picked up by the ground equipment and in turn injected into the network. These data manipulations can induce an air traffic controller into making a wrong decision. This threat model also gives us direction on how to detect potential threats. To counter these threats, we design a detection solution using ontologies to store data and a query engine to interact with it. By using ontologies, we can add semantics to the data and facilitate the creation of detection queries in the SPARQL query language. It uses a translation table to convert Data Distribution Service data structures into ontological concepts. The detection engine runs on dedicated machines and sends alerts to the concerned computers if a query detects an anomaly. The ontological model was built using the assumptions we made about the data pieces circulating on the Air Traffic Control System’s network. Designing an ontology that is specific enough to be useful for detection, but also generic enough to easily add new detection capabilities proved to be a challenge. We found that we often needed to add new concepts to the ontology when we designed new queries

Exploiting Structural Signal Information in Passive Emitter Localization

The operational use of systems for passive geolocation of radio frequency emitters poses various challenges to single sensor systems or sensor networks depending on the measurement methods. Position estimation by means of direction finding systems often requires complex receiver and antenna technique. Time (Difference) of Arrival methods (TDOA, TOA) are based on measurements regarding the signal propagation duration and generally require broadband communication links to transmit raw signal data between spatially separated receivers of a sensor network. Such bandwidth requirements are particularly challenging for applications with moving sensor nodes. This issue is addressed in this thesis and techniques that use signal structure information of the considered signals are presented which allow a drastic reduction of the communication requirements. The advantages of using knowledge of the signal structure for TDOA based emitter localization are shown using two exemplary applications. The first case example deals with the passive surveillance of the civil airspace (Air Traffic Management, ATM) using a stationary sensor network. State of the art airspace surveillance is mainly based on active radar systems (Primary Surveillance Radar, PSR), cooperative secondary radar systems (Secondary Surveillance Radar, SSR) and automatic position reports from the aircraft itself (Automatic Dependent Surveillance-Broadcast, ADS-B). SSR as well as ADS-B relies on aircrafts sending transponder signals at a center frequency of 1090 MHz. The reliability and accuracy of the position reports sent by aircrafts using ADS-B are limited and not sufficient to ensure safe airspace separation for example of two aircrafts landing on parallel runways. In the worst case, the data may even be altered with malicious intent. Using passive emitter localization and tracking based on multilateration (TDOA/hyperbolic localization), a precise situational awareness can be given which is independent of the content of the emitted transponder signals. The high concentration of sending targets and the high number of signals require special signal processing and information fusion techniques to overcome the huge amount of data. It will be shown that a multilateration network that employs those techniques can be used to improve airspace security at reasonable costs. For the second case, a concept is introduced which allows TDOA based emitter localization with only one moving observer platform. Conventional TDOA measurements are obtained using spatially distributed sensor nodes which capture an emitted signal at the same time. From those signals, the time difference of arrival is estimated. Under certain conditions, the exploitation of signal structure information allows to transfer the otherwise only spatial into a spatial and temporal measurement problem. This way, it is possible to obtain TDOA estimates over multiple measurement time steps using a single moving observer and to thus localize the emitter of the signals. The concept of direct position determination is applied to the single sensor signal structure TDOA scheme and techniques for direct single sensor TDOA are introduced. The validity and performance of the presented methods is shown in theoretical analysis in terms of Cramér-Rao Lower Bounds, Monte-Carlo simulations and by evaluation of real data gained during field experiments

How Physicality Enables Trust: A New Era of Trust-Centered Cyberphysical Systems

Multi-agent cyberphysical systems enable new capabilities in efficiency, resilience, and security. The unique characteristics of these systems prompt a reevaluation of their security concepts, including their vulnerabilities, and mechanisms to mitigate these vulnerabilities. This survey paper examines how advancement in wireless networking, coupled with the sensing and computing in cyberphysical systems, can foster novel security capabilities. This study delves into three main themes related to securing multi-agent cyberphysical systems. First, we discuss the threats that are particularly relevant to multi-agent cyberphysical systems given the potential lack of trust between agents. Second, we present prospects for sensing, contextual awareness, and authentication, enabling the inference and measurement of ``inter-agent trust" for these systems. Third, we elaborate on the application of quantifiable trust notions to enable ``resilient coordination," where ``resilient" signifies sustained functionality amid attacks on multiagent cyberphysical systems. We refer to the capability of cyberphysical systems to self-organize, and coordinate to achieve a task as autonomy. This survey unveils the cyberphysical character of future interconnected systems as a pivotal catalyst for realizing robust, trust-centered autonomy in tomorrow's world

Threat vector analysis in autonomous driving

Σημείωση: διατίθεται συμπληρωματικό υλικό σε ξεχωριστό αρχείο