Security risk analysis of the data communications network proposed in the NextGen air traffic control system

Scope and Method of Study: Aerospace Security Stakeholder Qualitative Interviews.Interests internal and external to the United States could wreak havoc by manipulating, impairing, or data mining the digital information being exchanged by aircraft and controllers in the proposed NextGen air traffic control system.The purpose of this study is the analyze potential security risks imposed by implementing the active network technologies utilized by ADS-B in NextGen, and more specifically the air-to-air, air-to-ground, and satellite-to-air links used. The purpose of this study was to provide a risk analysis of the NextGen active network compared to industry standards and best practices for information systems security. Data obtained through interviews was used to determine the effective security categorization and provide a risk analysis of the ADS-B portion of the proposed NextGen active network.Findings and Conclusions: Based on this research, there are both significant similarities and differences between the NextGen Active Network and industry standard computer networks. Both the ADS-B and computer networks operate in a wireless environment. Both are designed to move information between local devices, though the ADS-B devices may cover 200-300 miles at altitude where the computer networks are designed to cover a range of 200- 300 feet. Both have methods of insuring a high level of data integrity using FEC, CRC, 24-bit parity, or MAC codes. It is at this point that the similarities diverge, as the missions of the two networks are markedly different. Specific conclusions and recommendations cover the differences between the designed mission requirements of NextGen and existing computer security standards focusing on the security objectives within the Federal Information Security Management Act of 2002 and other pertinent government standards and industry best practices

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Survey of Federal, National, and International standards applicable to the NASA applications data services

An applications data service (ADS) was developed to meet the challenges in the data access and integration. The ADS provides a common service to locate and access applications data electronically and integrate the cross correlative data sets required by multiple users. Its catalog and network services increase data visibility as well as provide the data in a more rapid manner and a usable form

An exploratory study to design an adaptive hypermedia system for online-advertisement

The revolutionary world of the World Wide Web has created an open space for a multitude of fields to develop and propagate. One of these major fields is advertisement. Online advertisement has become one of the main activities conducted on the web, heavily supported by the industry. Importantly, it is one of the main contributors to any businesses’ income. However, consumers usually ignore the great majority of adverts online. This research paper studies the field of online advertisement, by conducting an exploratory study to understand end users’ needs for targeted online advertisement using adaptive hypermedia techniques. Additionally, we explore social networks, one of the booming phenomena of the web, to enhance the appropriateness of the advertising to the users. The main current outcome of this research is that end users are interested in personalised advertisement that tackles their needs and that they believe that the use of social networks and social actions help in the contextualisation of advertisement

Advancing the Standards for Unmanned Air System Communications, Navigation and Surveillance

Under NASA program NNA16BD84C, new architectures were identified and developed for supporting reliable and secure Communications, Navigation and Surveillance (CNS) needs for Unmanned Air Systems (UAS) operating in both controlled and uncontrolled airspace. An analysis of architectures for the two categories of airspace and an implementation technology readiness analysis were performed. These studies produced NASA reports that have been made available in the public domain and have been briefed in previous conferences. We now consider how the products of the study are influencing emerging directions in the aviation standards communities. The International Civil Aviation Organization (ICAO) Communications Panel (CP), Working Group I (WG-I) is currently developing a communications network architecture known as the Aeronautical Telecommunications Network with Internet Protocol Services (ATN/IPS). The target use case for this service is secure and reliable Air Traffic Management (ATM) for manned aircraft operating in controlled airspace. However, the work is more and more also considering the emerging class of airspace users known as Remotely Piloted Aircraft Systems (RPAS), which refers to certain UAS classes. In addition, two Special Committees (SCs) in the Radio Technical Commission for Aeronautics (RTCA) are developing Minimum Aviation System Performance Standards (MASPS) and Minimum Operational Performance Standards (MOPS) for UAS. RTCA SC-223 is investigating an Internet Protocol Suite (IPS) and AeroMACS aviation data link for interoperable (INTEROP) UAS communications. Meanwhile, RTCA SC-228 is working to develop Detect And Avoid (DAA) equipment and a Command and Control (C2) Data Link MOPS establishing LBand and C-Band solutions. These RTCA Special Committees along with ICAO CP WG/I are therefore overlapping in terms of the Communication, Navigation and Surveillance (CNS) alternatives they are seeking to provide for an integrated manned- and unmanned air traffic management service as well as remote pilot command and control. This paper presents UAS CNS architecture concepts developed under the NASA program that apply to all three of the aforementioned committees. It discusses the similarities and differences in the problem spaces under consideration in each committee, and considers the application of a common set of CNS alternatives that can be widely applied. As the works of these committees progress, it is clear that the overlap will need to be addressed to ensure a consistent and safe framework for worldwide aviation. In this study, we discuss similarities and differences in the various operational models and show how the CNS architectures developed under the NASA program apply

Online advertising: analysis of privacy threats and protection approaches

Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft

FraudDroid: Automated Ad Fraud Detection for Android Apps

Although mobile ad frauds have been widespread, state-of-the-art approaches in the literature have mainly focused on detecting the so-called static placement frauds, where only a single UI state is involved and can be identified based on static information such as the size or location of ad views. Other types of fraud exist that involve multiple UI states and are performed dynamically while users interact with the app. Such dynamic interaction frauds, although now widely spread in apps, have not yet been explored nor addressed in the literature. In this work, we investigate a wide range of mobile ad frauds to provide a comprehensive taxonomy to the research community. We then propose, FraudDroid, a novel hybrid approach to detect ad frauds in mobile Android apps. FraudDroid analyses apps dynamically to build UI state transition graphs and collects their associated runtime network traffics, which are then leveraged to check against a set of heuristic-based rules for identifying ad fraudulent behaviours. We show empirically that FraudDroid detects ad frauds with a high precision (93%) and recall (92%). Experimental results further show that FraudDroid is capable of detecting ad frauds across the spectrum of fraud types. By analysing 12,000 ad-supported Android apps, FraudDroid identified 335 cases of fraud associated with 20 ad networks that are further confirmed to be true positive results and are shared with our fellow researchers to promote advanced ad fraud detectionComment: 12 pages, 10 figure