48
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems Sahar Amin Tyler Clark Rennix Offutt Kate Serenko
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
Sahar Amin Tyler Clark
Rennix Offutt Kate Serenko
Agenda
Context Analysis Stakeholder Analysis
Problem Statement & Needs Statement
Mission Requirements
Design Alternatives
Design of Experiment
Results and Recommendations
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
2
Airspace Congestion
3
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Currently, there over 150 million passengers flying through the United States airspace.* 9.8 million flights fly domestic and internationally from the US each year (About 27,000 each day).* By 2032, there will be over 250 million passengers flying.*
* Bureau of Transportation Statistics
Airspace Surveillance Surveillance in air transportation is needed to track and monitor flights.
Current Ground-based Primary and Secondary Radars
Future Next Generation (Next Gen) New airspace for US to be implemented between 2012-2025 New framework for flight tracking and monitoring Ground/radar-based tracking system satellite-based tracking system Major Component of NextGen: Automatic Dependent Surveillance-
Broadcast (ADS-B)
4
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
How ADS-B Works
5
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
DF: Downlink Format
CA: Capabilit
y
AA: Individual
Aircraft Address
ADS-B Data: Aircraft type, Altitude,
Latitude, Longitude, Airborne Velocity
PI: Parity Information
(Error Detection
Code)
Automatic Dependent Surveillance-Broadcast (ADS-B)
6
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Advantages: • Increased situational
awareness • Coverage in areas without
radar • Less Expensive • Can decrease separation
distance • Real time information
Disadvantages: • Not secured • Easily accessible
Decreased Separation Distance
7
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Without ADS-B Coverage
With ADS-B Coverage
20 NM
5 NM 5 NM 5 NM 5 NM
One In, One Out
Separation distance decreased to 5 NM
Threats
8
Spoofing – falsification of transmitted information False Source – creates signal that is seen as coming from an incorrect location
False Content – content within messages are altered
Jamming – forceful disruption of signal Ghost Plane Flooding – floods ARTCC radar screen with ghost airplanes
Ground Station Flooding - removes all aircraft from ARTCC radar screen
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Project Scope
Oceanic area between two land masses covered by ARTCC No radar coverage – Only ADS-B surveillance Commercial aviation – en route flights Spoofing attacks only - concentrating on prevention of attacks
Any further mention of “an attack” refers to spoofing attacks Jamming is out of our scope
9
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Surveillance Coverage
10
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Only ADS-B coverage
Radar and ADS-B coverage
Agenda
Context Analysis
Stakeholder Analysis
Problem Statement & Needs Statement
Mission Requirements
Design Alternatives
Design of Experiment
Results and Recommendations
11
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Stakeholder Analysis
12
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Aircraft Companies
Labor Unions
Federal Aviation Administration
(FAA)
ADS-B Manufacturers
Air Route Traffic Control Center
(ARTCC) Crew/Pilots
Customers
Congress
Set Regulations
Laws
Reasonable Cost
Flight Plan
Reliable System
Installation Cost
Increased workload
Budget Proposal
Salary
Primary Stakeholders
Secondary Stakeholders
Interactions Tensions
Agenda
Context Analysis
Stakeholder Analysis
Problem Statement & Needs Statement Mission Requirements
Design Alternatives
Design of Experiment
Results and Recommendations
13
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Problem Statement
14
Unencrypted communication between aircraft and ARTCC
ADS-B signals vulnerable to cyber attacks Unreliable transmissions
Reduced situational awareness
Decreased airspace throughput
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
0
100000
200000
300000
400000
500000
600000
1995 2000 2005 2010 2015 2020 2025 2030 2035
Estim
ated
Num
ber o
f Airc
raft
Ove
r the
G
ulf H
andl
ed b
y En
Rou
te T
raff
ic C
ontr
ol
Cent
ers
Year
Gap Analysis
Gap Analysis
15
* Source: FAA Aerospace Forecast
Gap
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Needs Statement
The system needs to prevent spoofing attacks on ADS-B signals.
16
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Agenda
Context Analysis
Stakeholder Analysis
Problem Statement & Needs Statement
Mission Requirements
Design Alternatives
Design of Experiment
Results and Recommendations
17
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Mission Requirements
1.0 The system shall enable the decrease of separation distance to 5 nm.
1.1 The system shall not increase the time spent in flight by 1 minute.
1.2 ADS-B messages shall be resistant to spoofing attacks 75% of the time.
1.3 The system shall maintain collision rate of 22.5 per 1,000,000 flights.*
2.0 The system shall be ready to be implemented by 2020.
*Source: Collision Simulation
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
18
Agenda
Context Analysis
Stakeholder Analysis
Problem Statement & Needs Statement
Mission Requirements
Design Alternatives Design of Experiment
Results and Recommendations
19
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Design Alternatives
20
1. Hashing
2. Symmetric Encryption
3. Asymmetric Encryption
4. Maintain Status Quo Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 495 - 2014
1. Hashing
What Is It? Goal – Confirming the source of a message Digital Signature/Hash created by sender – aircraft Attached at the end of the message Verified by receiver - ARTCC Fusion System
21
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
2. Symmetric Encryption
What Is It? Encryption – converting data into code Symmetric – each entity has one private key Message encrypted with key has to be decrypted with the same
key
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
3. Asymmetric Encryption What Is It?
Two keys – Public and Private Longer keys – stronger security
23
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Aircraft A
Aircraft B Public Airspace
Encrypt Private A
Encrypt Public B
Decrypt Public A
Decrypt Private B
Agenda
Context Analysis
Stakeholder Analysis
Problem Statement & Needs Statement
Mission Requirements
Design Alternatives
Design of Experiment Results and Recommendations
24
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Design of Experiment Goal – show how securing ADS-B signals can increase airspace
throughput and maintain current safety level under diverse or dangerous conditions.
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Value Hierarchy
Signal Security WS = 0.1266
Feasibility
WF = 0.1899
Additional Time in Flight
WE = 0.3038
Collision Risk Wc = 0.3797
Design of Experiment Goal – show how securing ADS-B signals can increase airspace
throughput and maintain current safety level under diverse or dangerous conditions.
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Value Hierarchy
Signal Security WS = 0.1266
Feasibility
WF = 0.1899
Additional Time in Flight
WE = 0.3038
Collision Risk Wc = 0.3797
Signal Security Determined from Research
Reliability of Alternatives Hash: 50%* Symmetric: 85% Asymmetric: 99%
27
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
*Chen, et. Microsoft. Oblivious Hashing: A Stealthy Software Integrity Verification Primitive
Feasibility Analysis Determines the feasibility of alternatives based on:
Execution Time Availability of Technologies Additional Requirements
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Value Hierarchy
Signal Security WS = 0.1266
Feasibility
WF = 0.1899
Additional Time in Flight
WE = 0.3038
Collision Risk Wc = 0.3797
Feasibility Analysis
29
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Design Alternative
Execution Time Availability of technology
Additional Requirements Score
Hashing Negligible Available Free Additional Bits
1
Symmetric Encryption Negligible Available
Secure Key Management
System 1
Asymmetric Encryption Negligible Available Encryption
Software 1
Maintain Status Quo None N/A None 1
Time in Flight Derived average time in flight from Airspace Throughput Simulation
Purpose: Calculate the difference in flight times for each alternative
30
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Value Hierarchy
Signal Security WS = 0.1266
Feasibility
WF = 0.1899
Additional Time in Flight
WE = 0.3038
Collision Risk Wc = 0.3797
Airspace Throughput Simulation
31
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
• Aircraft departure distributions derived from real world data for 5 days • Velocities • Attack locations • Mitigation techniques • Separation Distances
Inputs
• Number of violations cells going over capacity • Time spent in flight for each route • Excess fuel burn • Number of aircraft flying per day • Number of aircraft in cell at any time t
Outputs
Conceptual Model
32
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Model Assumptions The altitudes of aircraft are constant and are regulated by
ARTCC outside the scope of the simulation
The capacity of a cell accounts for 12 flight levels with 1000 ft vertical separation
Alternatives are evaluated as follows: Hashing – attack location is determined and aircraft avoids
attacked areas Symmetric & Asymmetric Encryption – attacks are prevented
attacks are always mitigated
33
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Airspace Throughput Simulation Diagram
34
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Clock
Start t = 0
Plane Generator
Next Cell Decision
Capacity Resolution Reroute
End when
t = 1440
No Conflicts Conflicts
Formulas :
Dot Product :
𝐷𝐷𝐷𝑝𝑝𝑝𝑝 = 𝑉𝑐→𝑡 ∙ 𝑉𝑝→𝑡
Time to Cross One Cell:
𝑇 = 𝐷𝑐𝑐𝑐𝑐𝑉
Airspace Capacity in Adverse Conditions
35
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Throughput with Encryption Throughput with Hashing
Legend:
=0 <100 <300 >300
Flight Times for Encryption vs Hashing
36
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
-3-2-101234567
19 -
481
19 -
561
19 -
583
19 -
585
19 -
600
121
- 80
121
- 120
121
- 200
121
- 240
121
- 380
121
- 560
121
- 587
121
- 591
121
- 593
341
- 587
341
- 593
400
- 140
0 - 4
140
0 - 2
4140
0 - 4
2140
0 - 5
0140
0 - 5
8440
0 - 5
8758
5 - 1
585
- 19
585
- 41
585
- 121
585
- 341
585
- 401
585
- 560
587
- 121
587
- 401
593
- 19
593
- 101
593
- 341
593
- 400
593
- 501
Tim
e Di
ffer
ence
(min
utes
)
Flight Routes
Differences in Flight Times of Encryption and Hashing for 2014, at 20 NM Separation Distance
-2-1012345678
19 -
481
19 -
561
19 -
584
19 -
600
121
- 60
121
- 120
121
- 200
121
- 240
121
- 380
121
- 560
121
- 587
121
- 591
121
- 593
341
- 585
341
- 592
400
- 1
400
- 101
400
- 241
400
- 421
400
- 501
400
- 583
400
- 586
400
- 592
585
- 4
585
- 41
585
- 121
585
- 341
585
- 401
585
- 560
587
- 121
587
- 401
593
- 19
593
- 101
593
- 341
593
- 400
593
- 501
Tim
e Di
ffer
ence
(min
utes
)
Flight Routes
Differences in Flight Times for Encryption and Hashing for 2032, at 5 NM Separation Distance
Design Alternative Average Time in Flight, 2014 Average Time in Flight, 2032
Hashing 58.891+3.988 56.844+3.824
Symmetric Encryption 52.683+3.668 52.161+3.547
Asymmetric Encryption 52.683+3.668 52.161+3.547
Maintain Status Quo 52.683+3.668 52.161+3.547
Collision Simulation Random flights with no situational awareness cells under attack
Evaluating locations at time t If distance between two flights is significantly small (~<102ft), record
collision between two aircrafts
37
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Value Hierarchy
Signal Security WS = 0.1266
Feasibility
WF = 0.1899
Additional Time in Flight
WE = 0.3038
Collision Risk Wc = 0.3797
Conceptual Model
38
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
12 levels Each level – 20NM by 20 NM, with 1000 ft. depth
1000 ft
Collision
12 levels
*Not to scale
Collision Simulation
39
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
• Number of Aircraft in Cell at Each Time t • Aircraft Altitude • Aircraft Speed
Inputs
• Number of iterations with collision per 1,000,000 iterations
Outputs
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Collision Simulation Diagram
40
Start i = 0
Start Point
End Point
Random Velocity
Plane Generator
Clock Next
Coordinate Calculation
Collision Check
Increase Collision
Count
No Collisions
Collision
End i =
1,000,000
Formulas: Distance at time t: 𝑥𝑐𝑐𝑝𝑝𝑐𝑐𝑡 = 𝑣
1+𝑚2 + 𝑥𝑝𝑝𝑐𝑣𝑝𝑝𝑐𝑝 Current Y Coordinate: 𝑦𝑐𝑐𝑝 = 𝑚 𝑥𝑐𝑐𝑝 − 𝑥𝑝𝑝𝑐𝑣 +𝑦𝑝𝑝𝑐𝑣 Distance Between Two Points: 𝐷 = 𝑥1 − 𝑥2 2 + 𝑦1 − 𝑦2 2 Collision Risk: 𝐶𝐶 = Σ 𝑃 𝑐𝐷𝑐𝑐𝑐𝑐𝑐𝐷𝑐 ∗ 𝑁𝑐𝑐𝑐𝑐
Collision Simulation Results
41
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
0
10
20
30
40
0 2 4 6 8
Num
ber o
f Col
lisio
ns
Number of Flights
Number of Collisions in 1,000,000 iterations
Design Alternative
Collision Risk Under Attack,
2014
Collision Risk Under Attack,
2032
Hashing 0.000677 0.000707
Symmetric Encryption 0 0
Asymmetric Encryption 0 0
Maintain Status Quo 0.00511 0.0082663
Agenda
Context Analysis
Stakeholder Analysis
Problem Statement & Needs Statement
Mission Requirements
Design Alternatives
Design of Experiment
Results and Recommendations
42
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Utility vs Cost
AlternativeAsymmetric EncryptionSymmetric EncryptionHashingStatus Quo
Utility 0.832 0.814 0.744 0.327
Collision riskSecurity Strength
Time in FLight Feasibility
43
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
$0.00 $500,000.00 $1,000,000.00$1,500,000.00$2,000,000.00$2,500,000.00$3,000,000.00$3,500,000.00$4,000,000.00$4,500,000.00$5,000,000.00
Util
ity
Cost
Utility vs Cost
Hashing Alternative
Symmetric Encryption Alternative
Asymmetric Encryption Alternative
Status Quo
Fuel Burn
44
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Calendar Year 2012
Direct Aircraft Operating
Cost per Block Minute
Fuel $39.26 Crew - Pilots/Flight Attendants
16.26
Maintenance 12.02
Aircraft Ownership 7.92
Other 2.71 Total DOCs $78.17
Source: Airlines for America
Status Quo – Fuel Spent per Year
Encryption (Symmetric & Asymmetric) - Additional Fuel Spending
Hashing - Additional Fuel Spending
2014 $1,409,950,237 +0 +$44,834,140-$287,488,121
2032 $1,982,344,674 +0 +$12,124,185-$343,841,991
Recommendations
Asymmetric encryption is preferred method of signal security Signal security will allow for better situational awareness
Prepares airspace for any increases in throughput by allowing decreased separation distances (20 NM 5 NM)
45
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Gap Analysis Revisited
46
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
0
100000
200000
300000
400000
500000
600000
1995 2000 2005 2010 2015 2020 2025 2030 2035
Estim
ated
Num
ber o
f Airc
raft
Ove
r the
G
ulf H
andl
ed b
y En
Rou
te T
raff
ic C
ontr
ol
Cent
ers
Year
Gap Analysis
* Source: FAA Aerospace Forecast
Future Research
• Improvement in analysis on security strength of alternatives
Security Strength
• Further research required on available algorithms • Secure ADS-B Authentication System and Method was developed and
patented in 2010
Implementation
• Cost of securing signals needs in-depth research
Cost
47
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Questions?
48
Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
