Downloads: Ghost in the Air(Traffic):practical attacks ADS-B

Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices

Abstract—In this paper we investigate (in)security aspects ofAutomatic Dependent Surveillance-Broadcast (ADS-B) proto-col. ADS-B is intended to be widely deployed in Air TrafficManagement (ATM) Surveillance systems by 2020.

One of thegoals of ADS-B is to increase safety of air traffic. While thesecurity of ADS-B was previously questioned, in this paperwe demonstrate that attacks are both easy and practicallyfeasible, for a moderately sophisticated attacker.

Attacks rangefrom passive attacks (eavesdropping) to active attacks (messagejamming, replaying of injection).The attacks have been implemented using an Universal Soft-ware Radio Peripheral (USRP), a widely available Software-Defined Radio (SDR). for which we developed an ADS-Breceiver/transmitter chain with GNURadio. We then presentand analyze the results of the implemented attacks testedagainst both USRP-based and commercial-off-the-self (COTS)radio-enthusiast receivers. Subsequently, we discuss the risksassociated with the described attacks and their implication onsafety of air-traffic, as well as possible solutions on short andlong terms. Finally, we argue that ADS-B, which is plannedfor long-term use, lacks the minimal and necessary securitymechanism to ensure necessary security of the air traffic.

Keywords-Architecture and Design Air Traffic Control,Air Traffic Management, Automatic Dependent Surveillance-Broadcast, ADS-B, message injection, message replay, wirelesssecurity, privacy.

Код:

% pulsewidth
pw = 0.5;
% d is data
% 0.5 to (avoid pulse overlap)
d = [ 0 0 1 0 1 0 ]*0.5;
% sampling frequency
fs = 1e6;
[p, t] = modulate(d, 1000, fs, ’ppm’, pw);
t = 0: 1/fs : 1/fs*(length(p)-1);
plot(t, p)