Extending ADS-B for Mixed Urban Air Traffic

Automatic Dependent Surveillance Broadcast (ADS-B) has become one of the most prominent protocols in the area of Air Traffic Control (ATC) due to its accuracy compared to traditional surveillance technologies, as well as for its suitability for deployment in areas where radar operations would be financially inviable or technically unfeasible (e.g., mountain ranges, at sea, etc.). In spite of its advantages, there have been considerable criticism from security and ATC experts on a serious vulnerability of the protocol. More specifically, its messages are exchanged in clear text over the air, which makes it an easy target for many attacks. In previous work, we proposed a framework to enforce the authenticity and integrity of ADS-B messages, for the 1090 Extended Squitter (ES) version of ADS-B, in ground-to-air and air-to-air scenarios by using security metadata based on keyed-hash message authentication code (HMAC) and a proper exchange of keys, which was presented as a secure extension to the ADS-B protocol named ADS-Bsec. However, due to the complexity of ATC operations within these two scenarios and the intricate nature of air space regulations, which can have different requirements from one country to the other, the implementation of such measures requires more in-depth considerations, especially in the presence of mixed air traffic in crowded urban areas, before ADS-Bsec could be consistently deployed. In this paper, we further explore these considerations by studying the impact on the performance, safety and security of Universal Access Transceiver (UAT) in a mixed airspace with and without ADS-Bsec. Consequently, we extend the previous work by exploring the complex and dynamic interactions between these components as a cyber-physical system handling ATC operations in different scenarios, and propose solutions to the issues we encountered during this process. Our ideas are illustrated using a simulated ATC case study and discussed though an analysis of its results.