Design of A Cyber Security Framework 
for ADS-B Based Surveillance Systems
Sahar Amin
Tyler Clark
Rennix Offutt
Kate Serenko
2
Agenda
 Context Analysis
 Stakeholder Analysis
 Problem Statement & Needs Statement
 Mission Requirements
 Design Alternatives
 Design of Experiment
 Results and Recommendations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
3
Airspace Congestion
Currently, there over 150
million passengers flying
through the United States
airspace.*
9.8 million flights fly
domestic and
internationally from the US
each year (About 27,000
each day).*
By 2032, there will be over
250 million passengers
flying.*
* Bureau of Transportation Statistics
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
4
Airspace Surveillance

Surveillance in air transportation is needed to track and monitor flights.

Current  Ground-based Primary and Secondary Radars

Future Next Generation (Next Gen)
 New airspace for US to be implemented between 2012-2025
 New framework for flight tracking and monitoring
Ground/radar-based tracking system  satellite-based tracking system
 Major Component of NextGen: Automatic Dependent SurveillanceBroadcast (ADS-B)

Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
5
How ADS-B Works
DF:
Downlink
Format
AA:
ADS-B Data: Aircraft
CA:
type, Altitude,
Capabilit Individual
Aircraft Latitude, Longitude,
y
Address Airborne Velocity
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
PI: Parity
Information
(Error
Detection
Code)
6
Automatic Dependent SurveillanceBroadcast (ADS-B)
Advantages:
Disadvantages:
• Increased situational
awareness
• Coverage in areas without
radar
• Less Expensive
• Not secured
• Easily accessible
• Can decrease separation
distance
• Real time information
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
7
Decreased Separation Distance
Without ADS-B Coverage
One In, One Out
20 NM
Separation
distance
decreased to
5 NM
With ADS-B Coverage
5 NM
5 NM
5 NM
5 NM
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
8
Threats
 Spoofing – falsification of transmitted information
 False Source – creates signal that is seen as coming from an incorrect location
 False Content – content within messages are altered
 Jamming – forceful disruption of signal
 Ghost Plane Flooding – floods ARTCC radar screen with ghost airplanes
 Ground Station Flooding - removes all aircraft from ARTCC radar screen
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
9
Project Scope
 Oceanic area between two land masses covered by ARTCC
 No radar coverage – Only ADS-B surveillance
 Commercial aviation – en route flights
 Spoofing attacks only - concentrating on prevention of attacks
Any further mention of “an attack” refers to spoofing attacks
 Jamming is out of our scope

Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
10
Surveillance Coverage
Radar and
ADS-B
coverage
Only
ADS-B
coverage
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
11
Agenda
 Context Analysis
 Stakeholder Analysis
 Problem Statement & Needs Statement
 Mission Requirements
 Design Alternatives
 Design of Experiment
 Results and Recommendations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
12
Stakeholder Analysis
Congress
Primary Stakeholders
Secondary Stakeholders
Interactions
Tensions
Laws
Installation Cost
Set
Regulations
Customers
Federal Aviation
Administration
(FAA)
Salary
Increased workload
Air Route Traffic
Control Center
(ARTCC)
Aircraft
Companies
Reasonable Cost
Budget Proposal
Flight Plan
Reliable System
ADS-B
Manufacturers
Labor Unions
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Crew/Pilots
13
Agenda
 Context Analysis
 Stakeholder Analysis
 Problem Statement & Needs Statement
 Mission Requirements
 Design Alternatives
 Design of Experiment
 Results and Recommendations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
14
Problem Statement
Unencrypted communication between aircraft
and ARTCC
ADS-B signals vulnerable to cyber attacks 
Unreliable transmissions
Reduced situational awareness
Decreased airspace throughput
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
15
Gap Analysis
Estimated Number of Aircraft Over the
Gulf Handled by En Route Traffic Control
Centers
Gap Analysis
600000
500000
Gap
400000
300000
200000
100000
0
1995
2000
2005
2010
2015
2020
2025
Year
* Source: FAA Aerospace Forecast
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
2030
2035
16
Needs Statement
The system needs to prevent spoofing attacks on
ADS-B signals.
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
17
Agenda
 Context Analysis
 Stakeholder Analysis
 Problem Statement & Needs Statement
 Mission Requirements
 Design Alternatives
 Design of Experiment
 Results and Recommendations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
18
Mission Requirements
1.0 The system shall enable the decrease of separation distance to 5 nm.
1.1 The system shall not increase the time spent in flight by 1 minute.
1.2 ADS-B messages shall be resistant to spoofing attacks 75% of the time.
1.3 The system shall maintain collision rate of 22.5 per 1,000,000 flights.*
2.0 The system shall be ready to be implemented by 2020.
*Source: Collision Simulation
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
19
Agenda
 Context Analysis
 Stakeholder Analysis
 Problem Statement & Needs Statement
 Mission Requirements
 Design Alternatives
 Design of Experiment
 Results and Recommendations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
20
Design Alternatives
1. Hashing
2. Symmetric Encryption
3. Asymmetric Encryption
4. Maintain Status Quo
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
21
1. Hashing
 What Is It?
 Goal – Confirming the source of a message
 Digital Signature/Hash created by sender – aircraft
 Attached at the end of the message
 Verified by receiver - ARTCC Fusion System
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
2. Symmetric Encryption
 What Is It?
 Encryption – converting data into code
 Symmetric – each entity has one private key
 Message encrypted with key has to be decrypted with the same
key
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
23
3. Asymmetric Encryption
 What Is It?
 Two keys – Public and Private
 Longer keys – stronger security
Aircraft
A
Aircraft
B
Public Airspace
Encrypt
Private A
Decrypt
Public A
Encrypt
Public B
Decrypt
Private B
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
24
Agenda
 Context Analysis
 Stakeholder Analysis
 Problem Statement & Needs Statement
 Mission Requirements
 Design Alternatives
 Design of Experiment
 Results and Recommendations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Design of Experiment
 Goal – show how securing ADS-B signals can increase airspace
throughput and maintain current safety level under diverse or
dangerous conditions.
Value Hierarchy
Signal Security
Feasibility
WS = 0.1266
WF = 0.1899
Additional Time in
Flight
WE = 0.3038
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Collision Risk
Wc = 0.3797
Design of Experiment
 Goal – show how securing ADS-B signals can increase airspace
throughput and maintain current safety level under diverse or
dangerous conditions.
Value Hierarchy
Signal Security
Feasibility
WS = 0.1266
WF = 0.1899
Additional Time in
Flight
WE = 0.3038
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Collision Risk
Wc = 0.3797
27
Signal Security
 Determined from Research
 Reliability of Alternatives
 Hash: 50%*
 Symmetric: 85%
 Asymmetric: 99%
*Chen, et. Microsoft. Oblivious Hashing: A Stealthy Software Integrity Verification Primitive
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Feasibility Analysis
 Determines the feasibility of alternatives based on:
 Execution Time
 Availability of Technologies
 Additional Requirements
Value Hierarchy
Signal Security
Feasibility
WS = 0.1266
WF = 0.1899
Additional Time in
Flight
WE = 0.3038
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Collision Risk
Wc = 0.3797
29
Feasibility Analysis
Design
Alternative
Execution Time
Availability of
technology
Additional
Requirements
Score
Hashing
Negligible
Available
Free Additional
Bits
1
1
Symmetric
Encryption
Negligible
Available
Secure Key
Management
System
Asymmetric
Encryption
Negligible
Available
Encryption
Software
1
Maintain Status
Quo
None
N/A
None
1
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
30
Time in Flight

Derived average time in flight from Airspace Throughput Simulation

Purpose: Calculate the difference in flight times for each alternative
Value Hierarchy
Signal Security
Feasibility
WS = 0.1266
WF = 0.1899
Additional Time in
Flight
WE = 0.3038
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Collision Risk
Wc = 0.3797
31
Airspace Throughput Simulation
Inputs
•
•
•
•
•
Aircraft departure distributions  derived from real world data for 5 days
Velocities
Attack locations
Mitigation techniques
Separation Distances
Outputs
•
•
•
•
•
Number of violations cells going over capacity
Time spent in flight for each route
Excess fuel burn
Number of aircraft flying per day
Number of aircraft in cell at any time t
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
32
Conceptual Model
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
33
Model Assumptions
 The altitudes of aircraft are constant and are regulated by
ARTCC outside the scope of the simulation
 The capacity of a cell accounts for 12 flight levels with 1000 ft
vertical separation
 Alternatives are evaluated as follows:
 Hashing – attack location is determined and aircraft avoids
attacked areas
 Symmetric & Asymmetric Encryption – attacks are prevented 
attacks are always mitigated
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
34
Airspace Throughput Simulation Diagram
Formulas :
Start
t=0
Cloc
k
End
when
t = 1440
Plane
Generator
𝐷𝐷𝐷𝑝𝑝𝑝𝑝 = 𝑉𝑐→𝑡 ∙ 𝑉𝑝→𝑡
Time to Cross One Cell:
Next Cell
Decision
Capacity
Resolution
No Conflicts
Dot Product :
Reroute
𝑇=
𝐷𝑐𝑐𝑐𝑐
𝑉
Conflicts
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
35
Airspace Capacity in Adverse Conditions
Throughput with Encryption
Throughput with Hashing
Legend:
=0
<100
<300
>300
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Time Difference (minutes)
7
6
5
4
3
2
1
0
-1
-2
-3
Flight Routes
Time Difference (minutes)
593 - 501
593 - 400
593 - 341
593 - 101
593 - 19
587 - 401
587 - 121
585 - 560
585 - 401
585 - 341
585 - 121
585 - 41
585 - 19
585 - 1
400 - 587
400 - 584
400 - 501
400 - 421
400 - 241
400 - 41
400 - 1
341 - 593
341 - 587
121 - 593
121 - 591
121 - 587
121 - 560
121 - 380
121 - 240
121 - 200
121 - 120
121 - 80
19 - 600
19 - 585
19 - 583
19 - 561
19 - 481
8
7
6
5
4
3
2
1
0
-1
-2
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Design Alternative
Average Time in Flight, 2014
Average Time in Flight, 2032
Hashing
58.891+3.988
56.844+3.824
Symmetric Encryption
52.683+3.668
52.161+3.547
Asymmetric Encryption
52.683+3.668
52.161+3.547
Maintain Status Quo
52.683+3.668
52.161+3.547
Flight Routes
593 - 501
593 - 400
593 - 341
593 - 101
593 - 19
587 - 401
587 - 121
585 - 560
585 - 401
585 - 341
585 - 121
585 - 41
585 - 4
400 - 592
400 - 586
400 - 583
400 - 501
400 - 421
400 - 241
400 - 101
400 - 1
341 - 592
341 - 585
121 - 593
121 - 591
121 - 587
121 - 560
121 - 380
121 - 240
121 - 200
121 - 120
121 - 60
19 - 600
19 - 584
19 - 561
Differences in Flight Times of Encryption and Hashing for
2014, at 20 NM Separation Distance
19 - 481
36
Flight Times for Encryption vs Hashing
Differences in Flight Times for Encryption and Hashing for
2032, at 5 NM Separation Distance
37
Collision Simulation

Random flights with no situational awareness  cells under attack

Evaluating locations at time t
 If distance between two flights is significantly small (~<102ft), record
collision between two aircrafts
Value Hierarchy
Signal Security
Feasibility
WS = 0.1266
WF = 0.1899
Additional Time in
Flight
WE = 0.3038
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
Collision Risk
Wc = 0.3797
38
Conceptual Model
12 levels
Each level – 20NM by 20 NM, with 1000 ft. depth
12 levels
1000 ft
Collision
*Not to scale
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
39
Collision Simulation
Inputs
• Number of Aircraft in Cell at Each Time t
• Aircraft Altitude
• Aircraft Speed
Outputs
• Number of iterations with collision per 1,000,000 iterations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
40
Collision Simulation Diagram
End
i=
1,000,000
Plane Generator
Start
Point
Start
i=0
Clock
End
Point
Random
Velocity
Next
Coordinate
Calculation
Collision
Check
Collision
Distance at time t:
𝑣
𝑥𝑐𝑐𝑐𝑐𝑐𝑐𝑐 =
+ 𝑥𝑝𝑝𝑝𝑝𝑝𝑝𝑝𝑝
2
1+𝑚
Current Y Coordinate:
𝑦𝑐𝑐𝑐 = 𝑚 𝑥𝑐𝑢𝑢 − 𝑥𝑝𝑝𝑝𝑝 +
𝑦𝑝𝑝𝑝𝑝
Distance Between Two Points:
𝐷 = 𝑥1 − 𝑥2 2 + 𝑦1 − 𝑦2 2
No
Collisions
Increase
Collision
Count
Formulas:
Collision Risk:
𝐶𝐶 = Σ 𝑃 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 ∗ 𝑁𝑐𝑐𝑐𝑐
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
41
Collision Simulation Results
Number of Collisions
Number of Collisions in
1,000,000 iterations
40
30
20
10
0
0
2
4
6
Number of Flights
8
Design
Alternative
Collision Risk
Under Attack,
2014
Collision Risk
Under Attack,
2032
Hashing
0.000677
0.000707
Symmetric
Encryption
0
0
Asymmetric
Encryption
0
0
Maintain
Status Quo
0.00511
0.0082663
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
42
Agenda
 Context Analysis
 Stakeholder Analysis
 Problem Statement & Needs Statement
 Mission Requirements
 Design Alternatives
 Design of Experiment
 Results and Recommendations
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
43
Utility vs Cost
Alternative
Utility
Asymmetric Encryption
Symmetric Encryption
Hashing
Status Quo
0.832
0.814
0.744
0.327
Time in FLight
Collision risk
Security Strength
Utility vs Cost
Feasibility
1
0.9
0.8
Utility
0.7
0.6
Hashing Alternative
0.5
Symmetric Encryption Alternative
0.4
Asymmetric Encryption Alternative
0.3
Status Quo
0.2
0.1
0
$0.00
$500,000.00 $1,000,000.00$1,500,000.00$2,000,000.00$2,500,000.00$3,000,000.00$3,500,000.00$4,000,000.00$4,500,000.00$5,000,000.00
Cost
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
44
Fuel Burn
Calendar Year
2012
Status Quo – Fuel
Spent per Year
2014 $1,409,950,237
2032 $1,982,344,674
Encryption (Symmetric
& Asymmetric) Additional Fuel
Spending
Hashing - Additional
Fuel Spending
+0
+$44,834,140$287,488,121
+0
+$12,124,185$343,841,991
Fuel
Direct Aircraft
Operating
Cost per Block
Minute
$39.26
Crew Pilots/Flight
Attendants
16.26
Maintenance
12.02
Aircraft
Ownership
Other
Total DOCs
Source: Airlines for America
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
7.92
2.71
$78.17
45
Recommendations
 Asymmetric encryption is preferred method of signal security
 Signal security will allow for better situational awareness
 Prepares airspace for any increases in throughput by allowing
decreased separation distances (20 NM  5 NM)
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
46
Gap Analysis Revisited
Estimated Number of Aircraft Over the
Gulf Handled by En Route Traffic Control
Centers
Gap Analysis
600000
500000
400000
300000
200000
100000
0
1995
2000
2005
2010
2015
2020
2025
Year
* Source: FAA Aerospace Forecast
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
2030
2035
47
Future Research
Security Strength
• Improvement in analysis on security strength of alternatives
Implementation
• Further research required on available algorithms
• Secure ADS-B Authentication System and Method was developed and
patented in 2010
Cost
• Cost of securing signals needs in-depth research
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014
48
Questions?
Department of Systems Engineering and Operations Research
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems
SYST 495 - 2014