On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Improved Wireless Security through Physical Layer Protocol Manipulation and Radio Frequency Fingerprinting

Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium. Traditional bit-layer defenses including encryption keys and MAC address control lists are vulnerable to extraction and identity spoofing, respectively. This dissertation explores three novel strategies to leverage the wireless physical layer to improve security in low-rate wireless personal area networks. The first, physical layer protocol manipulation, identifies true transceiver design within remote devices through analysis of replies in response to packets transmitted with modified physical layer headers. Results herein demonstrate a methodology that correctly differentiates among six IEEE 802.15.4 transceiver classes with greater than 99% accuracy, regardless of claimed bit-layer identity. The second strategy, radio frequency fingerprinting, accurately identifies the true source of every wireless transmission in a network, even among devices of the same design and manufacturer. Results suggest that even low-cost signal collection receivers can achieve greater than 90% authentication accuracy within a defense system based on radio frequency fingerprinting. The third strategy, based on received signal strength quantification, can be leveraged to rapidly locate suspicious transmission sources and to perform physical security audits of critical networks. Results herein reduce mean absolute percentage error of a widely-utilized distance estimation model 20% by examining signal strength measurements from real-world networks in a military hospital and a civilian hospital

Information reuse in dynamic spectrum access

Dynamic spectrum access (DSA), where the permission to use slices of radio spectrum is dynamically shifted (in time an in different geographical areas) across various communications services and applications, has been an area of interest from technical and public policy perspectives over the last decade. The underlying belief is that this will increase spectrum utilization, especially since many spectrum bands are relatively unused, ultimately leading to the creation of new and innovative services that exploit the increase in spectrum availability. Determining whether a slice of spectrum, allocated or licensed to a primary user, is available for use by a secondary user at a certain time and in a certain geographic area is a challenging task. This requires 'context information' which is critical to the operation of DSA. Such context information can be obtained in several ways, with different costs, and different quality/usefulness of the information. In this paper, we describe the challenges in obtaining this context information, the potential for the integration of various sources of context information, and the potential for reuse of such information for related and unrelated purposes such as localization and enforcement of spectrum sharing. Since some of the infrastructure for obtaining finegrained context information is likely to be expensive, the reuse of this infrastructure/information and integration of information from less expensive sources are likely to be essential for the economical and technological viability of DSA. © 2013 IEEE

A Comparison of RF-DNA Fingerprinting Using High/Low Value Receivers with ZigBee Devices

The ZigBee specification provides a niche capability, extending the IEEE 802.15.4 standard to provide a wireless mesh network solution. ZigBee-based devices require minimal power and provide a relatively long-distance, inexpensive, and secure means of networking. The technology is heavily utilized, providing energy management, ICS automation, and remote monitoring of Critical Infrastructure (CI) operations; it also supports application in military and civilian health care sectors. ZigBee networks lack security below the Network layer of the OSI model, leaving them vulnerable to open-source hacking tools that allow malicous attacks such as MAC spoofing or Denial of Service (DOS). A method known as RF-DNA Fingerprinting provides an additional level of security at the Physical (PHY) level, where the transmitted waveform of a device is examined, rather than its bit-level credentials which can be easily manipulated. RF-DNA fingerprinting allows a unique human-like signature for a device to be obtained and a subsequent decision made whether to grant access or deny entry to a secure network. Two NI receivers were used here to simultaneously collect RF emissions from six Atmel AT86RF230 transceivers. The time-domain response of each device was used to extract features and generate unique RF-DNA fingerprints. These fingeprints were used to perform Device Classification using two discrimination processes known as MDA/ML and GRLVQI. Each process (classifier) was used to examine both the Full-Dimensional (FD) and reduced dimensional feature-sets for the high-value PXIe and low-value USRP receivers. The reduced feature-sets were determined using DRA for both quantitative and qualitative subsets. Additionally, each classifier performed Device Classification using a hybrid interleaved set of fingerprints from both receivers

A Radio-fingerprinting-based Vehicle Classification System for Intelligent Traffic Control in Smart Cities

The measurement and provision of precise and upto-date traffic-related key performance indicators is a key element and crucial factor for intelligent traffic controls systems in upcoming smart cities. The street network is considered as a highly-dynamic Cyber Physical System (CPS) where measured information forms the foundation for dynamic control methods aiming to optimize the overall system state. Apart from global system parameters like traffic flow and density, specific data such as velocity of individual vehicles as well as vehicle type information can be leveraged for highly sophisticated traffic control methods like dynamic type-specific lane assignments. Consequently, solutions for acquiring these kinds of information are required and have to comply with strict requirements ranging from accuracy over cost-efficiency to privacy preservation. In this paper, we present a system for classifying vehicles based on their radio-fingerprint. In contrast to other approaches, the proposed system is able to provide real-time capable and precise vehicle classification as well as cost-efficient installation and maintenance, privacy preservation and weather independence. The system performance in terms of accuracy and resource-efficiency is evaluated in the field using comprehensive measurements. Using a machine learning based approach, the resulting success ratio for classifying cars and trucks is above 99%

Challenges of Implementing Automatic Dependent Surveillance Broadcast in the Nextgen Air Traffic Management System

The Federal Aviation Administration is in the process of replacing the current Air Traffic Management (ATM) system with a new system known as NextGen. Automatic Dependent Surveillance-Broadcast (ADS-B) is the aircraft surveillance protocol currently being introduced as a part of the NextGen system deployment. The evolution of ADS-B spans more than two decades, with development focused primarily on increasing the capacity of the Air Traffic Control (ATC) system and reducing operational costs. Security of the ADS-B communications network has not been a high priority, and the inherent lack of security measures in the ADS-B protocol has come under increasing scrutiny as the NextGen ADS-B implementation deadline draws near. The research conducted in this thesis summarizes the ADS-B security vulnerabilities that have been under recent study. Thereafter, we survey both the theoretical and practical efforts which have been conducted concerning these issues, and review possible security solutions. We create a classification of the ADS-B security solutions considered and provide a ranking of the potential solutions. Finally, we discuss the most compatible approaches available, given the constraints of the current ADS-B communications system and protocol

Deployment and Implementation Aspects of Radio Frequency Fingerprinting in Cybersecurity of Smart Grids

Smart grids incorporate diverse power equipment used for energy optimization in intelligent cities. This equipment may use Internet of Things (IoT) devices and services in the future. To ensure stable operation of smart grids, cybersecurity of IoT is paramount. To this end, use of cryptographic security methods is prevalent in existing IoT. Non-cryptographic methods such as radio frequency fingerprinting (RFF) have been on the horizon for a few decades but are limited to academic research or military interest. RFF is a physical layer security feature that leverages hardware impairments in radios of IoT devices for classification and rogue device detection. The article discusses the potential of RFF in wireless communication of IoT devices to augment the cybersecurity of smart grids. The characteristics of a deep learning (DL)-aided RFF system are presented. Subsequently, a deployment framework of RFF for smart grids is presented with implementation and regulatory aspects. The article culminates with a discussion of existing challenges and potential research directions for maturation of RFF.publishedVersio

Detecting Impersonation Attacks in a Static WSN

The current state of security found in the IoT domain is highly flawed, a major problem being that the cryptographic keys used for authentication can be easily extracted and thus enable a myriad of impersonation attacks. In this MSc thesis a study is done of an authentication mechanism called device fingerprinting. It is a mechanism which can derive the identity of a device without relying on device identity credentials and thus detect credential-based impersonation attacks. A proof of concept has been produced to showcase how a fingerprinting system can be designed to function in a resource constrained IoT environment. A novel approach has been taken where several fingerprinting techniques have been combined through machine learning to improve the system’s ability to deduce the identity of a device. The proof of concept yields high performant results, indicating that fingerprinting techniques are a viable approach to achieve security in an IoT system

Practical Experiences of a Smart Livestock Location Monitoring System leveraging GNSS, LoRaWAN and Cloud Services.

Livestock farming is, in most cases in Europe, unsupervised, thus making it difficult to ensure adequate control of the position of the animals for the improvement of animal welfare. In addition, the geographical areas involved in livestock grazing usually have difficult access with harsh orography and lack of communications infrastructure, thus the need to provide a low-power livestock localization and monitoring system is of paramount importance, which is crucial not for a sustainable agriculture, but also for the protection of native breeds and meats thanks to their controlled supervision. In this context, this work presents an Internet of things (IoT)-based system integrating low-power wide area (LPWA) technology, cloud and virtualization services to provide real-time livestock location monitoring. Taking into account the constraints coming from the environment in terms of energy supply and network connectivity, our proposed system is based on a wearable device equipped with inertial sensors, Global Positioning System (GPS) receiver and LoRaWAN transceiver, which can provide a satisfactory compromise between performance, cost and energy consumption. At first, this article provides the state-of-the-art localization techniques and technologies applied to smart livestock. Then, we proceed to provide the hardware and firmware co-design to achieve very low energy consumption, thus providing a significant positive impact to the battery life. The proposed platform has been evaluated in a pilot test in the Northern part of Italy, evaluating different configurations in terms of sampling period, experimental duration and number of devices. The results are analyzed and discussed for packe delivery ratio, energy consumption, localization accuracy, battery discharge measurement and delay