UAT ADS-B Data Anomalies and the Effect of Flight Parameters on Dropout Occurrences

An analysis of the performance of automatic dependent surveillance-broadcast (ADS-B) data received from the Grand Forks, North Dakota International Airport was carried out in this study. The purpose was to understand the vulnerabilities of the universal access transceiver (UAT) ADS-B system and recognize the effects on present and future air traffic control (ATC) operation. The Federal Aviation Administration (FAA) mandated all the general aviation aircraft to be equipped with ADS-B. The aircraft flying within United States and below the transition altitude (18,000 feet) are more likely to install a UAT ADS-B. At present, unmanned aircraft systems (UAS) and autonomous air traffic control (ATC) towers are being integrated into the aviation industry and UAT ADS-B is a basic sensor for both class 1 and class 2 detect-and-avoid (DAA) systems. As a fundamental component of future surveillance systems, the anomalies and vulnerabilities of the ADS-B system need to be identified to enable a fully-utilized airspace with enhanced situational awareness. The data received was archived in GDL-90 format, which was parsed into readable data. The anomaly detection of ADS-B messages was based on the FAA ADS-B performance assessment report. The data investigation revealed ADS-B message suffered from different anomalies including dropout, missing payload, data jump, low confidence data, and altitude discrepancy. Among those studied, the most severe was dropout and 32.49% of messages suffered from this anomaly. Dropout is an incident where ADS-B failed to update within a specified rate. Considering the potential danger being imposed, an in-depth analysis was carried out to characterize message dropout. Three flight parameters were selected to investigate their effect on dropout. Statistical analysis was carried out and the Friedman Statistical Test identified that altitude affected dropout more than any other flight parameter

Analysis of the Cyber Attacks against ADS-B Perspective of Aviation Experts

Käesolev töö loob põhjaliku ülevaate lennunduses valitsevatest küberjulgeoleku ohtudest. Tsiviillennunduse lennuliiklusteenindus ja õhuseire on üleminekufaasis valmistudes kasutusele võtma uue põlvkonna tehnoloogiaid, mis tulevikus asendavad praeguse radaripõhise lennukite jälgimissüsteemi uue satelliitpõhise süsteemiga. Lennunduse sideteenuste moderniseerimine loob aluse uuetele turvalisusega seotud ohtudele, mille võimalikke negatiivseid tagajärgi ei ole suudetud veel maandada. Magistritöö eesmärk on koostada kvalitatiivne süstemaatiline analüüs võimalikest küberrünnakutest uue satelliitpõhise automaatse sõltuva seire üldsaade (Automatic dependent surveillance-broadcast –ADS-B) vastu. Analüüs ühendab teadmised küberturvalisuse ja lennunduse valdkonnast, mille koos käsitlemine on oluline turvalise tagamise sesiukohalt. Töö fokusseerub ADS-B süsteemis esinevatele kitsaskohtadele, mis küberturvalise seisukohalt võivad kätkeda ohte või häirida tõsiselt lennuliiklusteeniduse tööd. Potentsiaalsed ohud ADS- S süsteemi vastu on kirjeldatud ja liigitatud sõltuvalt ohuastmest. Analüüsi põhiosa moodustab lennundus spetsialistide seas läbiviidud küsitlus, mille põhjal on hinnatud ohu tõsidust, selle mõju lennundussüsteemile ja milliseid toiminguid on vajalik rakendada ohu esinemise korral. Töö analüüs hindab mõned käsitletud ohtudest ebaoluliseks, mis ei kujuta endast märkisväärset probleemi süsteemi operaatoritele. Sellegi poolest esineb teatava keerulisuse astmega ohustsenaariumeid, mille tagajärjel on süsteem tugevalt häiritud või millega võib kaasneda ulatuslik kahju. Läbiviidud küsitluse põhjal on esitatud meetmeid, kuidas maandada võimalikke negatiivseid mõjusid ohuolukorras. Töö tulemused on olulised pööramaks tähelepanu lennunduses esinevatele küberohtudele. Töö on kirjutatud inglise keeles ja sisaldab 58 lehekülge, 5 peatükki, 17 joonist ja 15 tabelit.The present paper has a profound literature review of the relation between cyber security, aviation and the vulnerabilities prone by the increasing use of information systems in avia-tion realm. Civil aviation is in the process of evolution of the air traffic management sys-tem through the introduction of new technologies. Therefore, the modernization of aero-nautical communications are creating network security issues in aviation that have not been mitigated yet. The purpose of this thesis is to make a systematic qualitative analysis of the cyber-attacks against Automatic Dependent Surveillance Broadcast. With this analysis, the paper combines the knowledge of two fields which are meant to deal together with the security issues in aviation. The thesis focuses on the exploitation of the vulnerabilities of ADS-B and presents an analysis taking into account the perspective of cyber security and aviation experts. The threats to ADS-B are depicted, classified and evaluated by aviation experts, making use of interviews in order to determine the possible impact, and the ac-tions that would follow in case a cyber-attack occurs. The results of the interviews show that some attacks do not really represent a real problem for the operators of the system and that other attacks may create enough confusion due to their complexity. The experience is a determinant factor for the operators of ADS-B, because based on that a set of mitiga-tions was proposed by aviation experts that can help to cope in a cyber-attack situation. This analysis can be used as a reference guide to understand the impact of cyber security threats in aviation and the need of the research and aviation communities to broaden the knowledge and to increase the level of expertise in order to face the challenges posed by network security issues. The thesis is in English and contains 58 pages of text, 5 chapters, 17 figures, 15 tables

Performance Analysis Of Automatic Dependent Surveillance-Broadcast (ADS-B) And Breakdown Of Anomalies

This thesis work analyzes the performance of Automatic Dependent Surveillance-Broadcast (ADS-B) data received from Grand Forks International Airport, detects anomalies in the data and quantifies the associated potential risk. This work also assesses severity associated anomalous data in Detect and Avoid (DAA) for Unmanned Aircraft System (UAS). The received data were raw and archived in GDL-90 format. A python module is developed to parse the raw data into readable data in a .csv file. The anomaly detection algorithm is based on Federal Aviation Administration\u27s (FAA) ADS-B performance assessment report. An extensive study is carried out on two main types of anomalies, namely dropouts and altitude deviations. A dropout is considered when the update rate exceeds three seconds. Dropouts are of different durations and have a different level of risk depending on how much time ADS-B is unavailable as the surveillance system. Altitude deviation refers to the deviation between barometric and geometric altitude. Deviation ranges from 25 feet to 600 feet have been observed. As of now, barometric altitude has been used for separation and surveillance while geometric altitude can be used in cases where barometric altitude is not available. Many UAS might not have both sensors installed on board due to size and weight constrains. There might be a chance of misinterpretation of vertical separation specially while flying in National Airspace (NAS) if the ownship UAS and intruder manned aircraft use two different altitude sources for separation standard. The characteristics and agreement between two different altitudes is investigated with a regression based approach. Multiple risk matrices are established based on the severity of the DAA well clear. ADS-B is called the Backbone of FAA Next Generation Air Transportation System, NextGen. NextGen is the series of inter-linked programs, systems, and policies that implement advanced technologies and capabilities. ADS-B utilizes the Satellite based Global Positioning System (GPS) technology to provide the pilot and the Air Traffic Control (ATC) with more information which enables an efficient navigation of aircraft in increasingly congested airspace. FAA mandated all aircraft, both manned and unmanned, be equipped with ADS-B out by the year 2020 to fly within most controlled airspace. As a fundamental component of NextGen it is crucial to understand the behavior and potential risk with ADS-B Systems

Using Ontologies to Detect Anomalies in the Sky

Ce mémoire de maîtrise présente une solution pour améliorer la sécurité des systèmes de contrôle de trafic aérien. Cette solution prend la forme d’un détecteur d’anomalies qui va déceler les manipulations malicieuses de données. Par les mêmes mécanismes, ce détecteur peut aussi détecter les situations d’urgences et les violations des lois du trafic aérien. Les systèmes de contrôle de trafic aérien sont composés de plusieurs capteurs qui envoient des données aux stations de travail des contrôleurs aérien sur un réseau IP en utilisant un protocole de partage de données en temps réel nommé Data Distribution Service. Des données malicieuses comme de fausses positions d’avions peuvent être insérées dans le trafic du réseau en compromettant une machine connectée à celui-ci ou en émettant des signaux contenant les données falsifiées qui seront captées et transmises sur le réseau par les capteurs. Actuellement, une fois que ces données sont sur le réseau, les systèmes ne disposent pas de mécanismes pour différencier les données malicieuses des vraies données et les traiteront de la même façon. La présence de données falsifiées sur le réseau peut causer de la confusion qui peut mener à des situations dangereuses incluant une sécurité aérienne réduite. Nous avons évalué l’impact des différentes attaques sur les systèmes de contrôle de trafic aérien en construisant un modèle de menaces tout en considérant les procédures d’urgence déjà en place dans le monde de l’aviation. Nous avons conclu qu’il y a plusieurs façons selon lesquelles un adversaire peut injecter des données malicieuses dans les systèmes. Il peut le faire soit en injectant les données directement dans le réseau ou en utilisant une radio logicielle pour émettre des données malicieuses sur les fréquences utilisées par les capteurs qu’ils les transmettent eux-mêmes sur le réseau. Ces données peuvent induire les contrôleurs de trafic aérien en erreur et leur faire prendre une décision dangereuse. Ce modèle de menaces a servi dans l’ébauche des méthodes de détection.----------ABSTRACT : This Master’s thesis introduces an anomaly detection solution to increase the security of Air Traffic Control Systems against malicious data manipulation threats. At the same time, this detection system can detect emergencies and air traffic rules violations. Air Traffic Control Systems are made of multiple sensors sending data to air traffic controller workstations over an IP network using a publish-subscribe protocol, Data Distribution Service. Malicious data can be inserted into this network by either compromising a machine on the network, or by tricking the sensors into emitting falsified data. Once into the network, the system currently cannot distinguish malicious data from real one and will treat it as such, potentially causing dangerous situations and general confusion that could lead to air traffic safety being compromised. We quantify the impact different attacks have on the system by building a threat model while considering existing safety procedures already in place in the aviation world. We found that there are multiple ways an attacker can inject malicious data into the system either directly by injecting false data into the network or indirectly by sending spoofed broadcasts that will be picked up by the ground equipment and in turn injected into the network. These data manipulations can induce an air traffic controller into making a wrong decision. This threat model also gives us direction on how to detect potential threats. To counter these threats, we design a detection solution using ontologies to store data and a query engine to interact with it. By using ontologies, we can add semantics to the data and facilitate the creation of detection queries in the SPARQL query language. It uses a translation table to convert Data Distribution Service data structures into ontological concepts. The detection engine runs on dedicated machines and sends alerts to the concerned computers if a query detects an anomaly. The ontological model was built using the assumptions we made about the data pieces circulating on the Air Traffic Control System’s network. Designing an ontology that is specific enough to be useful for detection, but also generic enough to easily add new detection capabilities proved to be a challenge. We found that we often needed to add new concepts to the ontology when we designed new queries