19,266 research outputs found
On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Automatic dependent surveillance-broadcast (ADS-B) is the communications
protocol currently being rolled out as part of next generation air
transportation systems. As the heart of modern air traffic control, it will
play an essential role in the protection of two billion passengers per year,
besides being crucial to many other interest groups in aviation. The inherent
lack of security measures in the ADS-B protocol has long been a topic in both
the aviation circles and in the academic community. Due to recently published
proof-of-concept attacks, the topic is becoming ever more pressing, especially
with the deadline for mandatory implementation in most airspaces fast
approaching.
This survey first summarizes the attacks and problems that have been reported
in relation to ADS-B security. Thereafter, it surveys both the theoretical and
practical efforts which have been previously conducted concerning these issues,
including possible countermeasures. In addition, the survey seeks to go beyond
the current state of the art and gives a detailed assessment of security
measures which have been developed more generally for related wireless networks
such as sensor networks and vehicular ad hoc networks, including a taxonomy of
all considered approaches.Comment: Survey, 22 Pages, 21 Figure
Internet authentication based on personal history - a feasibility test
On the Internet, there is an uneasy tension between the security and usability of authentication mechanisms. An easy three-part classification is: 'something you know' (e.g. password); 'something you hold' (e.g. device holding digital certificate), and 'who you are' (e.g. biometric assessment) [9]. Each of these has well-known problems; passwords are written down, guessable, or forgotten; devices are lost or stolen, and biometric assays alienate users. We have investigated a novel strategy of querying the user based on their personal history (a 'Rip van Winkle' approach.) The sum of this information is large and well-known only to the individual. The volume is too large for impostors to learn; our observation is that, in the emerging environment, it is possible to collate and automatically query such information as an authentication test. We report a proof of concept study based on the automatic generation of questions from electronic 'calendar' information. While users were, surprisingly, unable to answer randomly generated questions any better than impostors, if questions are categorized according to appropriate psychological parameters then significant results can be obtained. We thus demonstrate the potential viability of this concept
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Recommended from our members
A Testbed for Developing and Evaluating GNSS Signal Authentication Techniques
An experimental testbed has been created for developing
and evaluating Global Navigation Satellite System (GNSS)
signal authentication techniques. The testbed advances the state
of the art in GNSS signal authentication by subjecting candidate
techniques to the strongest publicly-acknowledged GNSS spoofing
attacks. The testbed consists of a real-time phase-coherent GNSS
signal simulator that acts as spoofer, a real-time softwaredefined
GNSS receiver that plays the role of defender, and
post-processing versions of both the spoofer and defender. Two
recently-proposed authentication techniques are analytically and
experimentally evaluated: (1) a defense based on anomalous
received power in a GNSS band, and (2) a cryptographic
defense against estimation-and-replay-type spoofing attacks. The
evaluation reveals weaknesses in both techniques; nonetheless,
both significantly complicate a successful GNSS spoofing attackAerospace Engineering and Engineering Mechanic
Detecting ADS-B Spoofing Attacks using Deep Neural Networks
The Automatic Dependent Surveillance-Broadcast (ADS-B) system is a key
component of the Next Generation Air Transportation System (NextGen) that
manages the increasingly congested airspace. It provides accurate aircraft
localization and efficient air traffic management and also improves the safety
of billions of current and future passengers. While the benefits of ADS-B are
well known, the lack of basic security measures like encryption and
authentication introduces various exploitable security vulnerabilities. One
practical threat is the ADS-B spoofing attack that targets the ADS-B ground
station, in which the ground-based or aircraft-based attacker manipulates the
International Civil Aviation Organization (ICAO) address (a unique identifier
for each aircraft) in the ADS-B messages to fake the appearance of non-existent
aircraft or masquerade as a trusted aircraft. As a result, this attack can
confuse the pilots or the air traffic control personnel and cause dangerous
maneuvers. In this paper, we introduce SODA - a two-stage Deep Neural Network
(DNN)-based spoofing detector for ADS-B that consists of a message classifier
and an aircraft classifier. It allows a ground station to examine each incoming
message based on the PHY-layer features (e.g., IQ samples and phases) and flag
suspicious messages. Our experimental results show that SODA detects
ground-based spoofing attacks with a probability of 99.34%, while having a very
small false alarm rate (i.e., 0.43%). It outperforms other machine learning
techniques such as XGBoost, Logistic Regression, and Support Vector Machine. It
further identifies individual aircraft with an average F-score of 96.68% and an
accuracy of 96.66%, with a significant improvement over the state-of-the-art
detector.Comment: Accepted to IEEE CNS 201
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
- âŠ