What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

NextGen Security Research

First, I'm a big computer programmer/security kind of guy -- it's what I do for a living.

A 'hacker' is not a bad person, but a person who likes to (as the article states) figure out how things work. The bad guys are called 'black hats' or 'crackers' because they like getting access to systems they are not authorized to use.

When I first heard about NextGen and it's implementation I was floored. We in the security world have been scratching our heads over it for a while.

I could not believe that they spec'd out a standard and spent billions on it without any sort of cryptographic signing of the messages. None. It would actually take a decent EE no time at all to spoof ADS-B messages. This is a failure of the FAA and the associated companies. I still can't believe they did it.

I would love to know *why* they didn't do it. The standards that would allow them to do it are open, published and incredibly secure. My assumption is that the messages aren't signed because of the procedures involved with maintaining a database of public keys or certs of each ADS-B transponder, etc. It would actually be quite trivial to implement an X.509 certificate chain from the FAA->Avionics Shop->Transponder so that other ADS-B transponders and the FAA would know that the message was valid. The plus side (from the FAA's perspective) would be that they could have the certificates expire automatically so they would know when transponders are out of certification.

And I guess on top of all that there's the problem of what to do if a spoofed message is detected in the first place. If a spoofed message says an aircraft is on a collision course with a known good aircraft -- does the controller just ignore the unauthenticated aircraft? Nope.
 
Jamie said:
First, I'm a big computer programmer/security kind of guy -- it's what I do for a living.
Click to expand...

Same here - my background is systems engineering and software engineering for security and embedded control systems. And I have had the same reaction to ADS-B. I can't believe it's still a viable plan going forward - RADAR will always be a part of ATC in a post-9/11 world and given that, I'm not at all convinced that the benefits provided by ADS-B outweigh the costs and risks it poses.

Plan accordingly, I suppose...
 
I have had similar thoughts on the security of CPDLC.

Oh, and good luck with redefining the term 'hacker'. TV, books, newspapers, magazines, comic books, and movies beginning in the early eighties to now are not helping your cause. :D
 
Last edited:
I guess my naive question would be: what does a cracker/hacker have to gain from the effort involved? Seems a bit like the increasingly irrelevant argument about why there were few viruses targeted at Macs: the number of PCs was simply much larger = larger audience/impact.
 
Jamie said:
First, I'm a big computer programmer/security kind of guy -- it's what I do for a living.

[snip]

I could not believe that they spec'd out a standard and spent billions on it without any sort of cryptographic signing of the messages. None. It would actually take a decent EE no time at all to spoof ADS-B messages. This is a failure of the FAA and the associated companies. I still can't believe they did it.

[snip]

I would love to know *why* they didn't do it.
Click to expand...

I have been a Unix/Venix/Xenix/Linux developer since the PDP-8 days back in the late 60's (retired now). The only thing that makes any sense to me is NextGen wasn't designed to replace the current system; it was designed to quietly put in place a method where all aircraft operations could be tracked and documented. Once the master aircraft operations data base is implemented it is then a simple task to automatically debit a credit card for all "USER FEE" operations as they occur. All violations can also easily be targeted and used as the basis of a new revenue stream from the associated fines.

I am usually not an alarmist but this really scares me. The free weather and traffic, that is just the candy to deflect your attention from the real purpose.

Jamie, I still owe you that gold cleco, will get it to you before the snow flies. Are you going to Petit Jean or the Bad Lands this year?
 
Last edited:
What Newtech says struck me like a thunderbolt! It wouldn't surprise me in the least that you just hit the nail smack on the head with a sledge hammer!

I'm not a computer guy, but it would seem that ADS-B transceivers need to be designed from the ground up with encryption capability and a way to update their software. Since that hasn't been done, would that make all the current hardware on the market useless if data security does become "required"?

What's in it for the "hackers"... because they can. The world is full of devilish thinkers. I heard this issue on NPR yesterday, I couldn't believe the FAA/FCC would impliment a critical use data stream system without security.... but they have. They are either idiots or as cleaver as Newtech says. I vote for some of the first and most of the later. I fear we're being had by the government, surprise anyone?

Honestly, it's one of the reasons I'm not buying into ADS-B until the last shoe drops.
 
from what i've heard, it can pretty much filter out any "spoofed" target before a controller ever sees it. certainly hope so :eek:
 
Surprised? not really

...all this from the same gummint agencies that allowed LightSquared to proceed to the 11th hour with their cel network plans....until WE ( the collective) told them it was a bad idea.

hmmm, what IS happening with that anyway???
 
"Security through obscurity" is not security at all. Then they followed it up with the 'ol "trust us" routine (that train is never late).

Real security is peer reviewed and open, not some obtuse two-sentence response written by some guy in the PR department.
 
Astonishing, but perhaps not surprising.

As I understand ADS-B's current implementation, there is very little that can be done to verify that a ADS-B position report is coming from where it says it is. IIRC, UAT/978MHz signals are only served by omnidirectional antennas, so you would have to get some kind of signal strength from each receiver for each position report and compare them to attempt triangulation. I'm guessing this isn't done now, and isn't going to be done for quite a while because of the cost. It would be difficult to automate well, but not impossible.

It might be a bit different for 1090ES. You could try and get directional data by changing the secondary radar receiver system, but this would take work, and since secondary radar isn't going away soon - remember that the Mode C requirement doesn't go away when ADS-B becomes mandatory in 2020, so expect Mode C to be with us until at least 2025.

I suspect that the FAA is comparing ADS-B data with primary and secondary radar returns. That's great and all that, but that means you need to have coverage, which isn't universal.

But a better question is what happens if a ADS-B report gets flagged by these mystery algorithms? A request to discontinue ADS-B service? Do the controllers give you the Skywest 5912 "That's BS" treatment? Nastygram letter from the FAA? The John and Martha King felony stop treatment when you land? Nothing?

ADS-B appears to be as secure as WEP wireless, which is to say not really at all. People who say "trust us, its secure" don't understand security. As others here have mentioned, security comes not from obscurity, but from public scrutiny. If you want us to believe it is secure, show us. We know how secure, say, AES crypto is because the details are public. The same cannot be said of ADS-B.

ADS-B is a great idea. The FAA's implementation of it appears to have some serious safety and security concerns for GA as well as commercial ops. However, it's hard to know without details, and I'm not holding my breath for those.

TODR
 
the_other_dougreeves said:
Astonishing, but perhaps not surprising.

As I understand ADS-B's current implementation, there is very little that can be done to verify that a ADS-B position report is coming from where it says it is. IIRC, UAT/978MHz signals are only served by omnidirectional antennas, so you would have to get some kind of signal strength from each receiver for each position report and compare them to attempt triangulation. I'm guessing this isn't done now, and isn't going to be done for quite a while because of the cost. It would be difficult to automate well, but not impossible.

TODR
Click to expand...

Google multilateration. They use time difference of arrival to do the triangulation. The funny thing is that multilateration could give them the improved terminal accuracy and remote radar like coverage without the need for us to buy new equipment.

Ads-b's unique capability is that aircraft could deconflict without the aid of ground stations (if they didn't implement the dual band methodology). That's really useful in Alaska and the gulf of Mexico, necessary for a "free flight" concept, a potential solution to the UAV see and avoid problem, and nice if you are worried about the FAA's computers getting hacked.

The automated billing that someone else mentioned could be implemented with Mode-S alone.

Paige
 
Last edited:
problem with multilateration, especially when too many transmitters from several systems / areas are overlapping at a high update rate is frequency/transponder saturation.
a new problem that is only about to be understood while these systems are rolled out.

mlat works fine on airport surface movement surveillance systems.
mlat works in some low-density areas like the north sea (wide-area mlat).
cross-checking all ads-b tracks for validity in busy areas, well, ... possibly wishful thinking? there's as many question marks on safety and security...

as to ads-b, the whole thing was drafted pre-9/11 which may explain some of the weaknesses but not all.
amazing that it took so long for security experts to break the glitzy surface as the basic concept is really dated and defined for a long time already...
spoofing (pretending to be a different station or at a different location) is quite simple and doesn't even need special equipment...

radar is going to stick around for much longer than some managers want to realize. also, at some point, the perceived savings from getting rid of the radars will largely be offset by all the mitigation efforts.

just my 5cts,
bernie
 
I agree. The FAA's ADS-B implementation is focused on the airlines and not on GA - its designed for high altitude operation. Low altitude is different - How can you have multilateration when you don't have enough ground stations? It might work in the terminal area, for sure. But its probably not that hard to hack ... directional antennas, time synced transmitters.... And the issue remains, what happens when your squawk is flagged as bogus?

The issue of ADS-B being designed "pre 9/11" is bogus. The major change has been how the government treats its citizens (and non-citizens), not the threats and risks. Clear text APRS reports are not a good idea IMHO (one of the reasons I don't run APRS); 9/11 has nothing to do with that.

TODR
 
You must log in or register to reply here.
Back
Top