WO2020202160A1 - System and methods of securing aircraft communications for tracking and control - Google Patents
System and methods of securing aircraft communications for tracking and control Download PDFInfo
- Publication number
- WO2020202160A1 WO2020202160A1 PCT/IL2020/050403 IL2020050403W WO2020202160A1 WO 2020202160 A1 WO2020202160 A1 WO 2020202160A1 IL 2020050403 W IL2020050403 W IL 2020050403W WO 2020202160 A1 WO2020202160 A1 WO 2020202160A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- reported
- flight
- aircraft
- ads
- data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G08—SIGNALLING
- G08G—TRAFFIC CONTROL SYSTEMS
- G08G5/00—Traffic control systems for aircraft, e.g. air-traffic control [ATC]
- G08G5/0004—Transmission of traffic-related information to or from an aircraft
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/01—Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
Definitions
- the invention generally relates to communications security and in particular security for aviation communications.
- Aircraft communications standards for air traffic control are currently undergoing a major transformation, with aircraft around the world being modified to conform to the new Automatic Dependent Surveillance, Broadcast (ADS-B) communications protocols.
- ADS-B will play a major role in air navigation and Air Traffic Control (ATC) in coming years, as the technology will be mandatory for civil aviation airplanes in many regions starting in the year 2020.
- ADS-B is a cooperative surveillance technique used for air traffic control applications, both for ground-based (ATC centers and airport) control and for airborne reception (between planes).
- ATC air traffic controllers
- ATC air traffic controllers
- ADS-B transceivers that are part of the ADS-B network (ground-based air traffic control stations and other aircraft) use the broadcast information, to provide traffic controllers and other users with a depiction of real time aviation traffic, both in the air and on the ground.
- Embodiments of the present invention provide a system and methods for securing aircraft transmissions for air traffic control.
- aircraft transmissions for air traffic control is also referred to herein as "ADS-B/Mode-S" communications, or simply as “ADS-B communications,” meaning transmissions according to ADS-B standards, as well as to transmissions by Mode-S transponder, whether or not the latter is ADS-B compliant.
- a system including one or more radio frequency (RF) receivers configured to receive aircraft transmissions for air traffic control.
- RF radio frequency
- Each of the one or more RF receivers may be configured to receive the aircraft transmissions from multiple spatial segments surrounding the RF receiver.
- the system also includes one or more processors and memory storage, the memory storage including instructions that when executed by the one or more processors implement a process including: extracting flight data from the transmissions, wherein the flight data include one or more of a reported position, a reported speed, and a reported flight vector; determining a first correlation factor between the reported position and a detected position of the transmissions; determining a second correlation factor between a learned flight behavior and one of the reported position, the reported flight vector, and the reported speed; and responsively to at least one of the first and the second correlation factors being below a predefined correlation threshold, issuing an alert indicating a false transmission.
- One or more of the RF receivers may include multiple directional RF receiver elements oriented to receive the aircraft transmissions, respectively from the multiple spatial segments.
- one or more RF receivers may include a rotating RF receiver configured to rotate to receive the aircraft transmissions from the multiple spatial segments.
- the multiple spatial segments may be four quadrants.
- Frequencies of the aircraft transmissions may be one or both of 1090 MHz and 1030 MHz
- the system may further include determining, by measuring signal power of the transmissions, a detected distance to a source of the transmissions, and, from the detected distance and by comparing signal power in each of the multiple segments, calculating the detected position of the source of the transmissions.
- the system may further include receiving from an external device the detected position of the source of the transmissions.
- the system may further include correlating the reported position with a previously reported position and responsively issuing the alert.
- Issuing the alert may include issuing an alert of a possible cyberattack.
- the system may further include issuing the alert when a deviation between the reported flight vector and the learned flight behavior is greater than a pre-defined deviation value.
- the pre defined deviation value may be, for example, 70 percent.
- the system may further include issuing the alert when a deviation between multiple reported flight vectors and learned flight behavior is greater than a pre-defined deviation value and not more than a pre-defined number of other aircraft in a given geographic region also have a deviation of greater than the pre-defined deviation value.
- the pre-defined deviation value may be 15% and the pre-defined number may be ten.
- the learned flight behavior may be modeled by a machine learning system.
- the learned flight behavior may be corrected during run-time operation by manually determining that a given flight behavior that is not anomalous is defined by the machine learning system as anomalous and by correcting the definition of the given flight behavior.
- the learned flight plans may be flight plans deposited in the global ATC network prior to flights.
- the system may be installed in one or more of a ground based system and an airborne system.
- Further embodiments of the present invention include a computer-based method for securing aircraft transmissions for air traffic control including the steps of: extracting flight data from the transmissions, wherein the flight data include one or more of a reported position, a reported speed, and a reported flight vector; determining a first correlation factor between the reported position and a detected position of the transmissions; determining a second correlation factor between a learned flight behavior and one of the reported position, the reported flight vector, and the reported speed; and responsively to at least one of the first and the second correlation factors being below a predefined correlation threshold, issuing an alert indicating a false transmission.
- FIG. 1 is a schematic illustration of a system for secure aircraft transmissions for air traffic control, according to some embodiments of the present invention
- FIGs. 2-4 are schematic block diagrams of a network system for secure aircraft transmissions for air traffic control, according to some embodiments of the present invention.
- Figs. 5 and 6 are flow diagrams of methods for secure aircraft transmissions for air traffic control, according to some embodiments of the present invention.
- Air control communications protocols such as ADS-B, TCAS, and ACARS, lack secure authentication mechanisms.
- Embodiments of the present invention provide a system and methods based on cyber security technologies that are specifically tailored to the aviation domain to reduce the risks and cost of cyber-attacks.
- the system and methods detect cyber attacks against the aviation networks that link ground Air Traffic Control (ATC) and airline operation centers with aircraft flight decks.
- ATC Air Traffic Control
- the system and methods disclosed herein may be used for prevention, detection, response and mitigation of combined physical and cyber threats, i.e. threats to ATC (Air Traffic Control) infrastructure, as well as to aircraft.
- Embodiments include securing communications by analyzing all received transmission data and identifying anomalies and fake data, based on factors including: 1) a machine-learning modeling of aircraft behavior; and 2) analysis of received flight data on ground and airborne antennas of the system, which is correlated against received signals from the RF source. That is, the VHF received signals are compared to flight data contained in the signals. For example, the transmitted data typically indicates the airplane location, while the received VHF signal processing provides independent indication of signal strength indicative of distance. The directional antenna at the VHF receiving device may provide airplane direction, which is compared to the direction indication in the received data. Extracting all relevant features from the received network data and comparing them to the processed VHF signal provides an indication as to the level of authenticity of the received signal. Based on the authentication analysis, an authenticity grade may be assigned to each ADS-B/Mode-S transmission, supporting the process of determining that the data element is authentic and reliable.
- a parallel process further analyzes the overall air traffic view.
- the process "learns" the normal behavior of the air traffic view, extracting and keeping the features of normal traffic behavior of specific regions and specific flights.
- the process stores the features of the normal network behavior in routine operation, over different time of day and different days (weekends, etc.).
- the process examines any incoming traffic and determines anomalies in the overall air traffic, compared to a previously learned behavior model.
- the process of analysis provides an authentication service for air traffic controllers on the ground, as well as for pilots in the cockpit during flight.
- the system and methods utilize the combined analysis of flight data included in ADS-B/Mode-S transmissions (such as aircraft ID, position, speed, flight vector, etc.) and parameters of the received RF (or VHF) signal in which the flight data (also referred to as messages) where transmitted, which provides an additional data source for correlation and authentication.
- ADS-B/Mode-S data that is, flight data from any ADS-B and/or Mode-S transmissions, including those by SATCOM communications links
- parameters extracted from the RF signal are referred to as "detected" data.
- Reported data may include one or more of a reported position (inertial and/or GPS-based and/or any combination of both, including a reported altitude), a reported speed (i.e., velocity), a reported flight vector, and/or any other relevant transmitted data.
- Fake transmissions that are transmitted by an attacker are thus analyzed by a multi-layer analysis the compares physical and electronic behavior of the system to previously learned behavior (i.e. models), with RF signal processing providing an additional correlation between the received signals and the data in the transmission (i.e., the flight data).
- Methods of the present invention may also be applied to other aircraft control communications protocols.
- a multi-layer neural network may be incorporated to detect anomalies with respect to reported flight data contained in ADS-B transmission, based on aeronautics and physical knowledge, to verify reasonableness of data, such as airplane performance over time, thereby assuring that the network reflected performance is applicable to a physical airplane and not just a manipulation previously recorded data.
- Such analysis may monitor and detect phenomena such as unreasonable speed and maneuvering, and sudden appearance of an aircraft.
- the system may also provide remediation of any anomaly detection by steps such as: alerting an operator (either air traffic controller or pilot); flagging a suspected airplane (i.e., an airplane signal suspected as being fake, that is, from a non-existent airplane); and blocking retransmission over the ADS-B network of data that appears fake. Remediation steps may be configured to require operator authorization.
- Fig. 1 is a schematic illustration of a system 20 for secure transmissions for air traffic control, according to some embodiments of the present invention.
- One or more ADS-B receivers are configured with Internet of Things (IoT) communication capabilities, as IoT devices 22, and are distributed and located as required for the reception of ADS-B or similar RF data signals from aircraft, such as aircraft 24.
- IoT Internet of Things
- the aircraft 24 typically receive GPS signals from GPS satellites 26.
- the IoT devices receive the RF signals, digitize the signals, and transfer the digitized and processed signals, typically in digital format, to one or more control workstations 30, which perform network anomaly detection and correlation processes.
- the IoT devices may be located at multiple locations, especially at air traffic control centers in airports, where it is most probable for an attacker to transmit fake ADS-B transmissions.
- IoT devices may also be mounted onboard airplanes, such as airplane 28, using existing antennas, and may perform additional VHF signal processing and transmission features extraction, as an input to the network level anomalies detection process.
- the IoT devices include directional RF receiver elements, as described further herein below.
- FIG. 2 is a block diagram of a network system 40 for secure ADS-B and/or Mode- S communications, according to some embodiments of the present invention.
- IoT device 22 performs dedicated RF signal handling, having a directional set of ADS-B (or other RF) antennas, that will support the reception of ADS-B RF signals 42 from aircraft.
- the IoT sensor typically creates two data streams from the received RF signals.
- One data stream is the extracted ADS-B data stream 44, as defined by ADS-B standards (an overview is provided in the Appendix herein).
- the second data stream includes received RF signal parameters 46, such as directional parameters.
- the antenna of the IoT device 22 may be a directional antenna, each element of which receives a signal having a different power intensity, such that an approximate direction of a source of transmission may be estimated.
- the direction of orientation determines a spatial segment of optimal signal reception.
- a segment may be a quadrant (that is, a 90 degree range) or any other sized sector of the space around the device.
- the IoT device 22 may be a rotating directional receiver, receiving transmissions throughout a 360 degree rotation, such that during rotation the transmission is received from multiple spatial segments. Whether the IoT devices including multiple fixed, directional receiver elements or a rotating directional receiver, direction estimation is supported by an algorithm that correlates estimation of direction with a position specified in the ADS-B data received.
- the data streams generated by the IoT sensor are received by an ADS-B correlation server 50, which may be included in the control workstations 30, or may be connected locally or remotely to the control workstations.
- An ADS-B correlator 52 and an Actual vs. Planned correlator 54 perform pre processing of the data streams from the IoT sensor and also may provide an initial authenticity grading of each received transmission (associated with each specific airplane).
- the IoT sensor may also provide the streams packed together with a block-chain "stamp", to make sure that the system transmission, which is all digital (typically over Ethernet protocols), is confirmed to be authentic. "Stamping" of transmissions improves security, as transmissions cannot easily be altered. This makes the system more robust and difficult to penetrate.
- All the correlator detection output is fed into a machine learning server 60, which processes the above correlated data, including individual aircraft motion data and the total air traffic view, correlating all data against models created in a learning mode of the system.
- the machine-learning algorithms identify and flag all detected anomalies.
- an alert module 62 is notified.
- the alerts may be stored in local log file, output as notifications from a graphical user interface (GUI) application 64, as well as output to other external alarm systems 70, such as monitoring, and/or cyber-security Security Operation Centers (SOC), and control dashboards of a security officer of the network.
- GUI graphical user interface
- SOC cyber-security Security Operation Centers
- the machine learning algorithms process the data streams from the ADS-B correlator and the actual versus planned correlator, comparing the received streams with models of the expected behavior of the air traffic in the covered area.
- the model is based on several layers represented in a machine learning model of normal behavior of the system, covering multi-layers of the analysis. Examples for this process:
- the IoT Sensor may extract features of the ADS-B/Mode-S signal that represent physical motion of the aircraft in the air, such as position, velocity, and direction.
- the algorithm queries a database of real aircraft motion, which stores a model of a "normal" aircraft motion behavior.
- the motion of each aircraft received by the ADS-B antenna is tested against the model, generating scoring of how close the data from the current presumed aircraft is to the stored model. Scores lower than a preset threshold, such as 70%, may be marked as suspect (that is, of being fake).
- the pre-processing of actual versus planned flight path data provides a score that will indicate a deviation of the actual aircraft flight track from the planned flight path.
- This pre-processing provides a score of a deviation (for example, a weighted scoring of each flight leg, actual versus planned), thus providing a weighted score indicating the total deviation.
- the machine learning algorithm receives weighted deviations of all received flights, and extracts the typical deviation features over a large dataset.
- the actual versus learned flight-path deviation feature is examined and any significant anomalies versus the model are tested to indicate a suspected fake aircraft.
- new elements may be added to the runtime model, based on domain expert inputs. New elements may also be added when manually analyzed anomalies are determined to be false positives, to ensure that similar events are not subsequently detected as anomalies.
- FIG. 3 is a schematic block diagram of an IoT device 42 (also referred to as an IoT sensor) for secure ADS-B and/or Mode-S communications, according to some embodiments of the present invention.
- two processes may operate in parallel to process RF signals, such as ADS-B RF signals, from an aircraft.
- One process is an RF feature extractor 102, which extracts signal features, such as signal strength, from the RF signal.
- the other process is a standard ADS-B data receiver 104, which extracts ADS-B data from the signal.
- the results of the two processes are data streams that may be packaged for transmission by the IoT device. Packaging may include encoding a timestamp with transmissions of one or more units of data.
- Fig. 4 is a schematic block diagram of key processing elements of the network system 40 for secure ADS-B and/or Mode-S communications, according to some embodiments of the present invention.
- the ADS-B/Mode-S RF signal which is typically transmitted in frequencies such as 1090 MHz and 1030 MHz, or other signals, such as ACARS, TCAS etc., may be received by a directional antenna array of receiver elements and fed to two parallel processes, the RF feature extractor 102 and the ADS-B data receiver 104.
- the feature extractor includes an RF signal digitizer 122, which converts the RF signal into a digital sample, and a digital features extractor 124, which extracts parameters of the RF signal, such as approximate distance and direction, based on the relative power of the directional elements of the antenna.
- the extracted parameters are purely based on the RF signal characteristics, unrelated to the ADS-B data contents.
- the ADS-B data receiver 104 performs two main tasks in processing the same RF signal.
- the first is an ADS-B RF signal data extractor 132, which identifies valid ADS-B transmission pulses (or signals of other protocols, such as ACARS or TCAS), and forwards the generated digital pulse stream to a data extraction process 134.
- the data extraction process identifies the codes represented by the pulse stream.
- the ADS-B data stream is characterized by a series of preamble pulses that identify the beginning of ADS-B data transmission.
- Each ADS-B reception also includes a 24 bits ICAO code, which is unique to a specific aircraft tail number and uniquely identify a specific aircraft.
- ADS-B signals are all 120 ps in length (8 ps preamble plus 112 ps data block), that may contain the following data elements:
- Aircraft behavior for a specific aircraft may be "learned" by a machine learning framework that tracks aircraft. Subsequently, anomalous behavior of an aircraft, as indicated by ADS-B transmissions, such as irregular speeds and flight patterns, may be identified. Anomalous behavior may indicate that a given ADS-B transmission is fake (i.e., not generated by an actual aircraft).
- the resulting RF features and ADS-B data from the IoT device's parallel extraction processes may then fed into a preprocessor/comparator 140 of the ADS-B Correlation Server 50, which typically includes the ADS-B Correlator 52 and the Actual vs. Planned Correlator 54 described above.
- Machine learning algorithms may provide models of aircraft behavior for a specific geographic area of interest, containing a data set of all received aircraft IDs in the area, with a set of typical features, such as time of flight (in 12-24 segments during the day), speed, and altitude. Extracted features provide a model of a specific aircraft's behavior, including all detected instances of this aircraft's ID over time (typically over several days of machine learning of the model for those features). During runtime, the model is compared to the currently received features for a given ID. Zero or low correlation indicates suspect data (data suspected as being fraudulent or otherwise false). These events are marked as suspect.
- a multiple layer machine learning model may be applied to the current real-time received data, using a weighting function that provides a combined score. Any combined score (from multiple layers) that is greater than a threshold defined by the system triggers an alert of a fake aircraft, which is transmitted to other elements of the network, as well (such as other aircraft).
- synchronization to the beginning of a valid ADS-B transmission is based on a specific preamble pulse train of four pulses, each 0.5ps wide, in two groups, the first with a gap of 0.5ps between the two pulses, followed by a 2ps gap, and then two additional pulses with the same timing pattern.
- This preamble is part of
- IB the ADS-B protocol definition and is used by the ADS-B RF signal data extractor 132 to identify the beginning of a new aircraft ADS-B transmission, to trigger the beginning of signal analysis for RF and data correlation.
- the ADS-B signal data extractor 132 syncs on a transmission with the depicted pulse train, to trigger the extraction of the ADS-B data stream, while digitizing the information contained within this transmission for further handling.
- the RF signal digitizer may determine that the incoming signal is a valid ADS-B (or ACARS, TCAS, or other protocol), triggering the operation of the RF feature extractor 102.
- the RF feature extractor 102 may be configured to wait until receiving a validity indication from the ADS-B signal data extractor 132, to avoid unnecessary processing work.
- Fig. 6 is a flow diagram of a method 600 for secure ADS-B and/or Mode-S communications, performed by the ADS-B correlator 52, according to some embodiments of the present invention.
- the flowchart shows a correlation factor computation process, for determining a level of match, or "correlation,” between ADS-B data and extracted RF signal parameters.
- the process begins by setting a baseline of a correlation factor (CORR) as 100%, (step 602).
- An RF signal is then received from a directional element of the antenna oriented towards an individual segment, for example from one of quadrants Q1 to Q4 (step 604).
- the signal may be received by a Q3 directional element of the antenna.
- This quadrant, based on the RF signal parameter, is indicated in the flowchart as Qx.
- the RF signal may be received from a rotating antenna, with timing to correlate the received signal with an individual segment.
- the received ADS-B data is also decoded to provide a direction of an aircraft, as claimed by the transmitting source (step 606). This quadrant indicated by the ADS-B data is indicated in the flowchart as Qy.
- a correlation factor is added, For example, if the difference between quadrants is 1 or 3 (a +/-90 degree difference) the CORR1 value is set to 80% (step 614). If the difference is 180 degrees (quadrant difference of 2) the CORR1 value is set to 60% (step 618).
- the process then proceeds to estimate the level of match with respect to the distance of the aircraft's position/altitude (step 640).
- the received RF signal strength is compared against a signal strength table, which provides an indication for the relative distance, with an index of 1-8. This index is compared against a similar table, applying the computed distance using the ADS-B received data (distance, altitude, etc.).
- the index for computation of the total process is CORR1 less the distance index (step 642).
- the end result (step 644) is a final correlation factor CORR2, which is an indication of how correlated the received ADS-B signal is to the actual physical source of the transmission.
- CORR2 is an indication of how correlated the received ADS-B signal is to the actual physical source of the transmission.
- the higher the correlation the higher the probability that the transmission is real.
- the lower the correlation factor the higher the probability that the received ADS-B transmission is fake and should not be used for traffic control.
- a preset threshold is typically applied to make a final determination of the authenticity of a received signal.
- the above correlation calculation is only one example of how the level of matching may be determined.
- the percentage threshold values and the computation of the correlation factor may be varied to provide reduce false positive and false negative results.
- the correlation process may further analyze, from the received ADS-B data stream, additional anomalies, such as (but not limited to) aircraft ID that does not change position data, or unreasonable or non-physical velocities.
- additional anomalies such as (but not limited to) aircraft ID that does not change position data, or unreasonable or non-physical velocities.
- the received ADS-B data also includes the present position of the aircraft claiming to make the transmission, this may be compared to the direction calculated from the RF signal.
- the comparison may be performed by the IoT device itself.
- the IoT sensor at a fixed point on the ground, can be pre-loaded with its geographic location, or receive a geographic location once from a GPS satellite.
- the knowledge of the GPS location and the direction of an aircraft, as determined from an RF signal permits estimation of a location, which can be compared with the location specified in the ADS-B data.
- the process is similar if the IoT device operates on an aircraft that receives signals from a second aircraft.
- the weighted CORR2 value of scenario 1 is only 50% correlation, which strongly indicates a fake transmission (again, depending on the threshold set for the system).
- the output of the Pre-Processor/Comparator module 140 typically includes aircraft ID, extracted from the ADS-B data, and an indication of the correlation. Over 90% is typically set to indicate a high level of confidence in the received signal RF parameters and the actual content of the received ADS-B signal (position), meaning that the received signal is trusted and probably comes from a valid, real aircraft. Lower correlation factors may indicate a suspect transmission, while less than 50% correlation generally will trigger actions based on the assumption that a fake transmission has been received (i.e., a malicious transmission was received). In such cases, an indication may be provided to the pilot, or to the ground ATC controller.
- Fig. 7 is a flow diagram of a method 700 for secure ADS-B and/or Mode-S communications, performed by the ADS-B correlator 52, according to some embodiments of the present invention.
- the estimated path of flight of an aircraft is compared (i.e., "correlated") with a flight plan "model" of the aircraft's typical flight path, which is stored, as described above, in the Flight Plan Repository 48.
- a deviation D% of the aircraft from the model is calculated. If the deviation is greater than a given threshold (e.g., 70%), determined at step 706, then the transmission is definitely fake (that is, the indicated aircraft does not exist) and at a step 720, a "fake aircraft suspected" alert is issued. [0064] If the weighted, flight path deviation (i.e., the average deviation) of multiple ADS-B transmissions from a single source is less than a given percent (e.g., 15%), then no alert is issued (step 710), but the process of tracking continues. If the deviation of multiple transmissions is greater than the given percent (e.g., 15%), other aircraft in the geographic region, for example of 100 km, are also monitored.
- a given threshold e.g. 70%
- step 714 If more than a given number (e.g., ten) transmissions have a similar deviation, then the deviations are probably due to a regional problem, such as weather, or an airport tracking problem, so no alert is issued (step 714). However, if not more than the given number (e.g., ten) of transmissions have a deviation over the threshold, then the alert of step 720 may be issued.
- a given number e.g., ten
- Computational aspects of systems 20 and 40 and of processes 600 and of 700 may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations thereof. All or part of the system and process can be implemented as a computer program product, tangibly embodied in an information carrier, such as a machine- readable storage device or in a propagated signal, for execution by, or to control the operation of, data processing apparatus, such as a programmable processor, computer, or deployed to be executed on multiple computers at one website or distributed across multiple websites.
- Memory storage may also include multiple distributed memory units, including one or more types of storage media. Examples of storage media include, but are not limited to, magnetic media, optical media, and integrated circuits such as read-only memory devices (ROM) and random access memory (RAM).
- a computing system configured to implement the system may have one or more processors and one or more network interface modules.
- Processors may be configured as a multi-processing or distributed processing system.
- Processors may also be any combination of general purpose (GP) processors, graphics processing units (GPUs), and/or dedicated artificial intelligence (AI) processors, for more efficient algorithm handling during runtime.
- Network interface modules may control the sending and receiving of data packets over networks.
- the ADS-B Message is 112 bits long, consisting of the following parts:
- ADS-B must begin with a downlink format 17 (Binary 10001) or 18 (Binary 10001) indicating if the source of data is broadcast only (format 17), or received from a transceiver that can be interrogated (format 18).
- a downlink format 17 (Binary 10001) or 18 (Binary 10001) indicating if the source of data is broadcast only (format 17), or received from a transceiver that can be interrogated (format 18).
- format 17 Downlink format 17
- 18 Binary 10001
- Other format may indicate additional possible transmission types (i.e. different interpretation of the data), which is out of scope for this discussion.
- ICAO address A01880 is Airbus-321 aircraft, operated by American Airline with the specific aircraft registration Id of N105NN.
- ICAO address: 76CD61 is an Airbus 380-841 aircraft of Singapore Airlines, with registration ID: 9V-SKA.
- ICAO code 76CD61 shall have the following binary representation in the message: 0111 0110 1010 1011 0110 0001.
- ICAO code is important in the system, as it permits unique identification of a specific aircraft in the network, and this information is fed into the software correlation module of planned versus actual flight path, external to the CyberSense sensor.
- the correlator is retrieving the planned flight plan, as files into a worldwide flight-plans repository, comparing the planned flight -plan, versus actual data received from the aircraft during flight, looking for correlation between the two.
- ADS-B uses Cyclic Redundancy Check (CRC) to validate the correctness of the received message, where the last 24 bits are parity bits.
- CRC Cyclic Redundancy Check
- ADS-B data is processed.
- various aircraft flight information position, velocity, altitude, etc.
- TC Type Code
- ST Sub -Type
- the received valid ADS-B transmission is further decoded, extracting the relevant data element that fits the identification data type bits (TC and ST).
- TC (Type Code) 19 (see TC table above for airborne velocity code in the table)
- Sub-Type (ST) 3 (This ST indicated a sub-sonic speed in this case).
- An example of an actual message transmitting airspeed may look like the following: Message: 8D-76CD61-9B06B6AF189400-XXXXX, translated into the following format fields:
- the speed value is simply a binary to decimal conversion of AS bits (in knot). In our example: 0101001000, translated into 328 knots.
- the output of the extractor (004) shall then become another input to the Pre -Processor/Comparator block (005).
- This block shall receive approximate pure RF signal physical distance and direction as one input from the electrical signal features extractor (002) and the decoded ADS-B signal parameters from the data elements extractor (004) for comparison.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Aviation & Aerospace Engineering (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Traffic Control Systems (AREA)
Abstract
A system and methods are provided for securing aircraft transmissions for air traffic control including: extracting flight data including one or more of a reported position, a reported speed, and a reported flight vector from the aircraft transmissions, determining a first correlation factor between the reported position and a detected position of the aircraft transmissions, determining a second correlation factor between a learned flight behavior and one of the reported position, the reported flight vector, and the reported speed, and responsively to at least one of the first and the second correlation factors being below a predefined correlation threshold, issuing an alert indicating a false transmission.
Description
SYSTEM AND METHODS OF
SECURING AIRCRAFT COMMUNICATIONS FOR TRACKING AND CONTROU
FIEUD OF THE INVENTION
[0001] The invention generally relates to communications security and in particular security for aviation communications.
BACKGROUND
[0002] Aircraft communications standards for air traffic control are currently undergoing a major transformation, with aircraft around the world being modified to conform to the new Automatic Dependent Surveillance, Broadcast (ADS-B) communications protocols. ADS-B will play a major role in air navigation and Air Traffic Control (ATC) in coming years, as the technology will be mandatory for civil aviation airplanes in many regions starting in the year 2020.
[0003] ADS-B is a cooperative surveillance technique used for air traffic control applications, both for ground-based (ATC centers and airport) control and for airborne reception (between planes). Two options for airborne equipment have been approved for ADS-B“Out” transmission. One is a dedicated 978 MHz universal access transceiver (UAT). The other is a 1090 MHz Mode-S transponder with a GPS tracker to provide position, direction, altitude, and velocity data. Aircraft broadcast this type of information to other aircraft in their vicinity and to ground ADS-B receivers, which also forward the received data for use by air traffic controllers (ATC) on the ground. Other ADS-B transceivers that are part of the ADS-B network (ground-based air traffic control stations and other aircraft) use the broadcast information, to provide traffic controllers and other users with a depiction of real time aviation traffic, both in the air and on the ground.
SUMMARY
[0004] Embodiments of the present invention provide a system and methods for securing aircraft transmissions for air traffic control. Hereinbelow, the term "aircraft transmissions for air traffic control" is also referred to herein as "ADS-B/Mode-S" communications, or simply as "ADS-B communications," meaning transmissions according to ADS-B standards, as well as to transmissions by Mode-S transponder, whether or not the latter is ADS-B compliant.
[0005] In embodiments of the present invention, a system is provided including one or more radio frequency (RF) receivers configured to receive aircraft transmissions for air traffic control. Each of the one or more RF receivers may be configured to receive the aircraft transmissions from multiple spatial segments surrounding the RF receiver. The system also includes one or more processors and memory storage, the memory storage including instructions that when executed by the one or more processors implement a process including: extracting flight data from the transmissions, wherein the flight data include one or more of a reported position, a reported speed, and a reported flight vector; determining a first correlation factor between the reported position and a detected position of the transmissions; determining a second correlation factor between a learned flight behavior and one of the reported position, the reported flight vector, and the reported speed; and responsively to at least one of the first and the second correlation factors being below a predefined correlation threshold, issuing an alert indicating a false transmission.
[0006] One or more of the RF receivers may include multiple directional RF receiver elements oriented to receive the aircraft transmissions, respectively from the multiple spatial segments. Alternatively, one or more RF receivers may include a rotating RF receiver configured to rotate to receive the aircraft transmissions from the multiple spatial segments. The multiple spatial segments may be four quadrants. Frequencies of the aircraft
transmissions may be one or both of 1090 MHz and 1030 MHz The system may further include determining, by measuring signal power of the transmissions, a detected distance to a source of the transmissions, and, from the detected distance and by comparing signal power in each of the multiple segments, calculating the detected position of the source of the transmissions. The system may further include receiving from an external device the detected position of the source of the transmissions. The system may further include correlating the reported position with a previously reported position and responsively issuing the alert.
[0007] Issuing the alert may include issuing an alert of a possible cyberattack. The system may further include issuing the alert when a deviation between the reported flight vector and the learned flight behavior is greater than a pre-defined deviation value. The pre defined deviation value may be, for example, 70 percent. The system may further include issuing the alert when a deviation between multiple reported flight vectors and learned flight behavior is greater than a pre-defined deviation value and not more than a pre-defined number of other aircraft in a given geographic region also have a deviation of greater than the pre-defined deviation value. The pre-defined deviation value may be 15% and the pre-defined number may be ten.
[0008] The learned flight behavior may be modeled by a machine learning system.
[0009] The learned flight behavior may be corrected during run-time operation by manually determining that a given flight behavior that is not anomalous is defined by the machine learning system as anomalous and by correcting the definition of the given flight behavior.
[0010] The learned flight plans may be flight plans deposited in the global ATC network prior to flights.
[0011] The system may be installed in one or more of a ground based system and an airborne system.
[0012] Further embodiments of the present invention include a computer-based method for securing aircraft transmissions for air traffic control including the steps of: extracting flight data from the transmissions, wherein the flight data include one or more of a reported position, a reported speed, and a reported flight vector; determining a first correlation factor between the reported position and a detected position of the transmissions; determining a second correlation factor between a learned flight behavior and one of the reported position, the reported flight vector, and the reported speed; and responsively to at least one of the first and the second correlation factors being below a predefined correlation threshold, issuing an alert indicating a false transmission.
BRIEF DESCRIPTION OF DRAWINGS
[0013] For a better understanding of various embodiments of the invention and to show how the same may be carried into effect, reference will now be made, by way of example, to the accompanying drawings. Structural details of the invention are shown to provide a fundamental understanding of the invention, the description, taken with the drawings, making apparent to those skilled in the art how the several forms of the invention may be embodied in practice. In the accompanying drawings:
[0014] Fig. 1 is a schematic illustration of a system for secure aircraft transmissions for air traffic control, according to some embodiments of the present invention;
[0015] Figs. 2-4 are schematic block diagrams of a network system for secure aircraft transmissions for air traffic control, according to some embodiments of the present invention; and
[0016] Figs. 5 and 6 are flow diagrams of methods for secure aircraft transmissions for air traffic control, according to some embodiments of the present invention.
DETAILED DESCRIPTION
[0017] It is to be understood that the invention and its application are not limited to the system and methods described below or to the arrangement of the components set forth or illustrated in the drawings, but are applicable to other embodiments that may be practiced or carried out in various ways.
[0018] Air control communications protocols, such as ADS-B, TCAS, and ACARS, lack secure authentication mechanisms. Embodiments of the present invention provide a system and methods based on cyber security technologies that are specifically tailored to the aviation domain to reduce the risks and cost of cyber-attacks. The system and methods detect cyber attacks against the aviation networks that link ground Air Traffic Control (ATC) and airline operation centers with aircraft flight decks. The system and methods disclosed herein may be used for prevention, detection, response and mitigation of combined physical and cyber threats, i.e. threats to ATC (Air Traffic Control) infrastructure, as well as to aircraft.
[0019] Embodiments include securing communications by analyzing all received transmission data and identifying anomalies and fake data, based on factors including: 1) a machine-learning modeling of aircraft behavior; and 2) analysis of received flight data on ground and airborne antennas of the system, which is correlated against received signals from the RF source. That is, the VHF received signals are compared to flight data contained in the signals. For example, the transmitted data typically indicates the airplane location, while the received VHF signal processing provides independent indication of signal strength indicative of distance. The directional antenna at the VHF receiving device may provide airplane direction, which is compared to the direction indication in the received data. Extracting all
relevant features from the received network data and comparing them to the processed VHF signal provides an indication as to the level of authenticity of the received signal. Based on the authentication analysis, an authenticity grade may be assigned to each ADS-B/Mode-S transmission, supporting the process of determining that the data element is authentic and reliable.
[0020] A parallel process further analyzes the overall air traffic view. Using machine learning and deep learning techniques, the process "learns" the normal behavior of the air traffic view, extracting and keeping the features of normal traffic behavior of specific regions and specific flights. The process stores the features of the normal network behavior in routine operation, over different time of day and different days (weekends, etc.). Based on the acquired normal features modeling of the network, the process examines any incoming traffic and determines anomalies in the overall air traffic, compared to a previously learned behavior model.
[0021] The process of analysis provides an authentication service for air traffic controllers on the ground, as well as for pilots in the cockpit during flight.
[0022] The system and methods utilize the combined analysis of flight data included in ADS-B/Mode-S transmissions (such as aircraft ID, position, speed, flight vector, etc.) and parameters of the received RF (or VHF) signal in which the flight data (also referred to as messages) where transmitted, which provides an additional data source for correlation and authentication. Hereinbelow, ADS-B/Mode-S data (that is, flight data from any ADS-B and/or Mode-S transmissions, including those by SATCOM communications links) are also referred to as "reported" data, in that the data is claimed to be true by the transmitting source. By contrast, parameters extracted from the RF signal are referred to as "detected" data. Reported data may include one or more of a reported position (inertial and/or GPS-based
and/or any combination of both, including a reported altitude), a reported speed (i.e., velocity), a reported flight vector, and/or any other relevant transmitted data.
[0023] Fake transmissions that are transmitted by an attacker are thus analyzed by a multi-layer analysis the compares physical and electronic behavior of the system to previously learned behavior (i.e. models), with RF signal processing providing an additional correlation between the received signals and the data in the transmission (i.e., the flight data). Methods of the present invention may also be applied to other aircraft control communications protocols.
[0024] A multi-layer neural network may be incorporated to detect anomalies with respect to reported flight data contained in ADS-B transmission, based on aeronautics and physical knowledge, to verify reasonableness of data, such as airplane performance over time, thereby assuring that the network reflected performance is applicable to a physical airplane and not just a manipulation previously recorded data. Such analysis may monitor and detect phenomena such as unreasonable speed and maneuvering, and sudden appearance of an aircraft.
[0025] The system may also provide remediation of any anomaly detection by steps such as: alerting an operator (either air traffic controller or pilot); flagging a suspected airplane (i.e., an airplane signal suspected as being fake, that is, from a non-existent airplane); and blocking retransmission over the ADS-B network of data that appears fake. Remediation steps may be configured to require operator authorization.
[0026] Fig. 1 is a schematic illustration of a system 20 for secure transmissions for air traffic control, according to some embodiments of the present invention.
[0027] One or more ADS-B receivers are configured with Internet of Things (IoT) communication capabilities, as IoT devices 22, and are distributed and located as required for the reception of ADS-B or similar RF data signals from aircraft, such as aircraft 24.
[0028] The aircraft 24 typically receive GPS signals from GPS satellites 26. The IoT devices receive the RF signals, digitize the signals, and transfer the digitized and processed signals, typically in digital format, to one or more control workstations 30, which perform network anomaly detection and correlation processes. The IoT devices may be located at multiple locations, especially at air traffic control centers in airports, where it is most probable for an attacker to transmit fake ADS-B transmissions. IoT devices may also be mounted onboard airplanes, such as airplane 28, using existing antennas, and may perform additional VHF signal processing and transmission features extraction, as an input to the network level anomalies detection process. Typically, the IoT devices include directional RF receiver elements, as described further herein below.
[0029] Fig. 2 is a block diagram of a network system 40 for secure ADS-B and/or Mode- S communications, according to some embodiments of the present invention. IoT device 22 performs dedicated RF signal handling, having a directional set of ADS-B (or other RF) antennas, that will support the reception of ADS-B RF signals 42 from aircraft. The IoT sensor typically creates two data streams from the received RF signals. One data stream is the extracted ADS-B data stream 44, as defined by ADS-B standards (an overview is provided in the Appendix herein).
[0030] The second data stream includes received RF signal parameters 46, such as directional parameters. Whereas standard ADS-B antennas are omni-directional, the antenna of the IoT device 22 may be a directional antenna, each element of which receives a signal having a different power intensity, such that an approximate direction of a source of
transmission may be estimated. Typically, the direction of orientation determines a spatial segment of optimal signal reception. A segment may be a quadrant (that is, a 90 degree range) or any other sized sector of the space around the device. Alternatively, the IoT device 22 may be a rotating directional receiver, receiving transmissions throughout a 360 degree rotation, such that during rotation the transmission is received from multiple spatial segments. Whether the IoT devices including multiple fixed, directional receiver elements or a rotating directional receiver, direction estimation is supported by an algorithm that correlates estimation of direction with a position specified in the ADS-B data received.
[0031] The data streams generated by the IoT sensor are received by an ADS-B correlation server 50, which may be included in the control workstations 30, or may be connected locally or remotely to the control workstations.
[0032] An ADS-B correlator 52 and an Actual vs. Planned correlator 54 perform pre processing of the data streams from the IoT sensor and also may provide an initial authenticity grading of each received transmission (associated with each specific airplane). The IoT sensor may also provide the streams packed together with a block-chain "stamp", to make sure that the system transmission, which is all digital (typically over Ethernet protocols), is confirmed to be authentic. "Stamping" of transmissions improves security, as transmissions cannot easily be altered. This makes the system more robust and difficult to penetrate.
[0033] All the correlator detection output is fed into a machine learning server 60, which processes the above correlated data, including individual aircraft motion data and the total air traffic view, correlating all data against models created in a learning mode of the system. During runtime operations ("production" mode), the machine-learning algorithms identify and flag all detected anomalies. When detected, an alert module 62 is notified. The alerts may be
stored in local log file, output as notifications from a graphical user interface (GUI) application 64, as well as output to other external alarm systems 70, such as monitoring, and/or cyber-security Security Operation Centers (SOC), and control dashboards of a security officer of the network.
[0034] The machine learning algorithms process the data streams from the ADS-B correlator and the actual versus planned correlator, comparing the received streams with models of the expected behavior of the air traffic in the covered area. The model is based on several layers represented in a machine learning model of normal behavior of the system, covering multi-layers of the analysis. Examples for this process:
Analysis of a single aircraft physical performance
[0035] The IoT Sensor may extract features of the ADS-B/Mode-S signal that represent physical motion of the aircraft in the air, such as position, velocity, and direction. The algorithm queries a database of real aircraft motion, which stores a model of a "normal" aircraft motion behavior. During runtime, the motion of each aircraft received by the ADS-B antenna is tested against the model, generating scoring of how close the data from the current presumed aircraft is to the stored model. Scores lower than a preset threshold, such as 70%, may be marked as suspect (that is, of being fake).
Analysis of actual versus planned flight path correlation data
[0036] The pre-processing of actual versus planned flight path data (for a single aircraft) provides a score that will indicate a deviation of the actual aircraft flight track from the planned flight path. This pre-processing provides a score of a deviation (for example, a weighted scoring of each flight leg, actual versus planned), thus providing a weighted score indicating the total deviation. The machine learning algorithm, during the learning mode of operation, receives weighted deviations of all received flights, and extracts the typical
deviation features over a large dataset. During runtime, the actual versus learned flight-path deviation feature is examined and any significant anomalies versus the model are tested to indicate a suspected fake aircraft. During runtime, new elements may be added to the runtime model, based on domain expert inputs. New elements may also be added when manually analyzed anomalies are determined to be false positives, to ensure that similar events are not subsequently detected as anomalies.
[0037] Fig. 3 is a schematic block diagram of an IoT device 42 (also referred to as an IoT sensor) for secure ADS-B and/or Mode-S communications, according to some embodiments of the present invention. As indicated, two processes may operate in parallel to process RF signals, such as ADS-B RF signals, from an aircraft. One process is an RF feature extractor 102, which extracts signal features, such as signal strength, from the RF signal. The other process is a standard ADS-B data receiver 104, which extracts ADS-B data from the signal. The results of the two processes are data streams that may be packaged for transmission by the IoT device. Packaging may include encoding a timestamp with transmissions of one or more units of data.
[0038] Fig. 4 is a schematic block diagram of key processing elements of the network system 40 for secure ADS-B and/or Mode-S communications, according to some embodiments of the present invention.
[0039] As depicted above, the ADS-B/Mode-S RF signal, which is typically transmitted in frequencies such as 1090 MHz and 1030 MHz, or other signals, such as ACARS, TCAS etc., may be received by a directional antenna array of receiver elements and fed to two parallel processes, the RF feature extractor 102 and the ADS-B data receiver 104. The feature extractor includes an RF signal digitizer 122, which converts the RF signal into a digital sample, and a digital features extractor 124, which extracts parameters of the RF signal, such
as approximate distance and direction, based on the relative power of the directional elements of the antenna. The extracted parameters are purely based on the RF signal characteristics, unrelated to the ADS-B data contents.
[0040] In parallel to the operation of the RF feature extractor 102, the ADS-B data receiver 104 performs two main tasks in processing the same RF signal. The first is an ADS-B RF signal data extractor 132, which identifies valid ADS-B transmission pulses (or signals of other protocols, such as ACARS or TCAS), and forwards the generated digital pulse stream to a data extraction process 134. The data extraction process identifies the codes represented by the pulse stream. The ADS-B data stream is characterized by a series of preamble pulses that identify the beginning of ADS-B data transmission. Each ADS-B reception also includes a 24 bits ICAO code, which is unique to a specific aircraft tail number and uniquely identify a specific aircraft.
[0041] ADS-B signals are all 120 ps in length (8 ps preamble plus 112 ps data block), that may contain the following data elements:
• Flight Identification (flight number call sign)
• ICAO 24-bit Aircraft Address (globally unique aircraft code)
• Position (latitude/longitude)
• Position integrity/accuracy (GPS horizontal protection limit)
• Barometric and Geometric Altitudes
• Vertical Rate (rate of climb/descent)
• Track Angle and Ground Speed (velocity)
[0042] Additional details of ADS-B signals are provided in the Appendix.
[0043] Aircraft behavior for a specific aircraft may be "learned" by a machine learning framework that tracks aircraft. Subsequently, anomalous behavior of an aircraft, as indicated
by ADS-B transmissions, such as irregular speeds and flight patterns, may be identified. Anomalous behavior may indicate that a given ADS-B transmission is fake (i.e., not generated by an actual aircraft).
[0044] The resulting RF features and ADS-B data from the IoT device's parallel extraction processes may then fed into a preprocessor/comparator 140 of the ADS-B Correlation Server 50, which typically includes the ADS-B Correlator 52 and the Actual vs. Planned Correlator 54 described above.
[0045] Machine learning algorithms may provide models of aircraft behavior for a specific geographic area of interest, containing a data set of all received aircraft IDs in the area, with a set of typical features, such as time of flight (in 12-24 segments during the day), speed, and altitude. Extracted features provide a model of a specific aircraft's behavior, including all detected instances of this aircraft's ID over time (typically over several days of machine learning of the model for those features). During runtime, the model is compared to the currently received features for a given ID. Zero or low correlation indicates suspect data (data suspected as being fraudulent or otherwise false). These events are marked as suspect.
[0046] A multiple layer machine learning model may be applied to the current real-time received data, using a weighting function that provides a combined score. Any combined score (from multiple layers) that is greater than a threshold defined by the system triggers an alert of a fake aircraft, which is transmitted to other elements of the network, as well (such as other aircraft).
[0047] As depicted in the timing diagram of Fig. 5, synchronization to the beginning of a valid ADS-B transmission is based on a specific preamble pulse train of four pulses, each 0.5ps wide, in two groups, the first with a gap of 0.5ps between the two pulses, followed by a 2ps gap, and then two additional pulses with the same timing pattern. This preamble is part of
IB
the ADS-B protocol definition and is used by the ADS-B RF signal data extractor 132 to identify the beginning of a new aircraft ADS-B transmission, to trigger the beginning of signal analysis for RF and data correlation.
[0048] The ADS-B signal data extractor 132 syncs on a transmission with the depicted pulse train, to trigger the extraction of the ADS-B data stream, while digitizing the information contained within this transmission for further handling. The RF signal digitizer may determine that the incoming signal is a valid ADS-B (or ACARS, TCAS, or other protocol), triggering the operation of the RF feature extractor 102. The RF feature extractor 102 may be configured to wait until receiving a validity indication from the ADS-B signal data extractor 132, to avoid unnecessary processing work.
[0049] Fig. 6 is a flow diagram of a method 600 for secure ADS-B and/or Mode-S communications, performed by the ADS-B correlator 52, according to some embodiments of the present invention.
[0050] The flowchart shows a correlation factor computation process, for determining a level of match, or "correlation," between ADS-B data and extracted RF signal parameters. The process begins by setting a baseline of a correlation factor (CORR) as 100%, (step 602). An RF signal is then received from a directional element of the antenna oriented towards an individual segment, for example from one of quadrants Q1 to Q4 (step 604). For example, the signal may be received by a Q3 directional element of the antenna. This quadrant, based on the RF signal parameter, is indicated in the flowchart as Qx. Alternatively, the RF signal may be received from a rotating antenna, with timing to correlate the received signal with an individual segment.
[0051] The received ADS-B data is also decoded to provide a direction of an aircraft, as claimed by the transmitting source (step 606). This quadrant indicated by the ADS-B data is indicated in the flowchart as Qy.
[0052] A difference between Qy and Qx is then tested, and, if zero (for example, both are in quadrant 3), then the value of CORR1 is set to CORR (100%). No correlation factoring is needed, as both RF data and Ads-B decoded data are correlated.
[0053] In other cases, in which the decoding and RF analysis produce different measures, a correlation factor is added, For example, if the difference between quadrants is 1 or 3 (a +/-90 degree difference) the CORR1 value is set to 80% (step 614). If the difference is 180 degrees (quadrant difference of 2) the CORR1 value is set to 60% (step 618).
[0054] The process then proceeds to estimate the level of match with respect to the distance of the aircraft's position/altitude (step 640). The received RF signal strength is compared against a signal strength table, which provides an indication for the relative distance, with an index of 1-8. This index is compared against a similar table, applying the computed distance using the ADS-B received data (distance, altitude, etc.). The index for computation of the total process is CORR1 less the distance index (step 642).
[0055] The end result (step 644) is a final correlation factor CORR2, which is an indication of how correlated the received ADS-B signal is to the actual physical source of the transmission. The higher the correlation, the higher the probability that the transmission is real. The lower the correlation factor, the higher the probability that the received ADS-B transmission is fake and should not be used for traffic control. A preset threshold is typically applied to make a final determination of the authenticity of a received signal.
[0056] The above correlation calculation is only one example of how the level of matching may be determined. The percentage threshold values and the computation of the correlation factor may be varied to provide reduce false positive and false negative results.
[0057] In addition to the above, the correlation process may further analyze, from the received ADS-B data stream, additional anomalies, such as (but not limited to) aircraft ID that does not change position data, or unreasonable or non-physical velocities.
[0058] Because the received ADS-B data also includes the present position of the aircraft claiming to make the transmission, this may be compared to the direction calculated from the RF signal. The comparison may be performed by the IoT device itself. The IoT sensor, at a fixed point on the ground, can be pre-loaded with its geographic location, or receive a geographic location once from a GPS satellite. The knowledge of the GPS location and the direction of an aircraft, as determined from an RF signal, permits estimation of a location, which can be compared with the location specified in the ADS-B data. The process is similar if the IoT device operates on an aircraft that receives signals from a second aircraft.
EXAMPLE 1
[0059] In this example scenario, we assume that a transmitting aircraft is flying north east of our receiving directional antenna, but transmits a fake aircraft message, which contains ADS-B data indicating that the aircraft is flying south-west of the receiving antenna. Using the correlation determination flow chart above we first calculate CORR1, giving the following results:
• RF Reception Qx = Q3
• ADS-B data Qy= Q2
• Therefore, CORR1=80%
• Consequently, the relative distance indication is around 50% closer, and we shall define the distance index as 3 out of 6. We can then calculate CORR2:
CORR2=80-3*10 = 50%
[0060] The weighted CORR2 value of scenario 1 is only 50% correlation, which strongly indicates a fake transmission (again, depending on the threshold set for the system).
[0061] The output of the Pre-Processor/Comparator module 140 typically includes aircraft ID, extracted from the ADS-B data, and an indication of the correlation. Over 90% is typically set to indicate a high level of confidence in the received signal RF parameters and the actual content of the received ADS-B signal (position), meaning that the received signal is trusted and probably comes from a valid, real aircraft. Lower correlation factors may indicate a suspect transmission, while less than 50% correlation generally will trigger actions based on the assumption that a fake transmission has been received (i.e., a malicious transmission was received). In such cases, an indication may be provided to the pilot, or to the ground ATC controller.
[0062] Fig. 7 is a flow diagram of a method 700 for secure ADS-B and/or Mode-S communications, performed by the ADS-B correlator 52, according to some embodiments of the present invention. At a step 702, the estimated path of flight of an aircraft, based on multiple ADS-B data readings, is compared (i.e., "correlated") with a flight plan "model" of the aircraft's typical flight path, which is stored, as described above, in the Flight Plan Repository 48.
[0063] At a step 704, a deviation D% of the aircraft from the model is calculated. If the deviation is greater than a given threshold (e.g., 70%), determined at step 706, then the transmission is definitely fake (that is, the indicated aircraft does not exist) and at a step 720, a "fake aircraft suspected" alert is issued.
[0064] If the weighted, flight path deviation (i.e., the average deviation) of multiple ADS-B transmissions from a single source is less than a given percent (e.g., 15%), then no alert is issued (step 710), but the process of tracking continues. If the deviation of multiple transmissions is greater than the given percent (e.g., 15%), other aircraft in the geographic region, for example of 100 km, are also monitored. If more than a given number (e.g., ten) transmissions have a similar deviation, then the deviations are probably due to a regional problem, such as weather, or an airport tracking problem, so no alert is issued (step 714). However, if not more than the given number (e.g., ten) of transmissions have a deviation over the threshold, then the alert of step 720 may be issued.
[0065] Computational aspects of systems 20 and 40 and of processes 600 and of 700 may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations thereof. All or part of the system and process can be implemented as a computer program product, tangibly embodied in an information carrier, such as a machine- readable storage device or in a propagated signal, for execution by, or to control the operation of, data processing apparatus, such as a programmable processor, computer, or deployed to be executed on multiple computers at one website or distributed across multiple websites. Memory storage may also include multiple distributed memory units, including one or more types of storage media. Examples of storage media include, but are not limited to, magnetic media, optical media, and integrated circuits such as read-only memory devices (ROM) and random access memory (RAM). A computing system configured to implement the system may have one or more processors and one or more network interface modules. Processors may be configured as a multi-processing or distributed processing system. Processors may also be any combination of general purpose (GP) processors, graphics processing units (GPUs), and/or dedicated artificial intelligence (AI) processors, for more efficient algorithm
handling during runtime. Network interface modules may control the sending and receiving of data packets over networks.
[0066] It is to be understood that the scope of the present invention includes variations and modifications thereof which would occur to persons skilled in the art upon reading the foregoing description and which are not disclosed in the prior art.
APPENDIX
The ADS-B Message is 112 bits long, consisting of the following parts:
TC - Bits 33-37, TC (Type Code), the first 5 bits of the DATA field
DF field
Any ADS-B must begin with a downlink format 17 (Binary 10001) or 18 (Binary 10001) indicating if the source of data is broadcast only (format 17), or received from a transceiver that can be interrogated (format 18). For the sake of this discussion, we may assume it is a fixed format 17. Other format (different pattern in this DF field) may indicate additional possible transmission types (i.e. different interpretation of the data), which is out of scope for this discussion.
ICAO Code
Unique identifier of the originating aircraft, a unique identification using the ICAO address, dedicated ID for every aircraft. A World Aircraft Database query tool from mode-s.org may be used to find aircraft ID. For example: ICAO address A01880 is Airbus-321 aircraft, operated by American Airline with the specific aircraft registration Id of N105NN. Another example: ICAO address: 76CD61 is an Airbus 380-841 aircraft of Singapore Airlines, with registration ID: 9V-SKA.
The second example, ICAO code 76CD61 shall have the following binary representation in the message: 0111 0110 1010 1011 0110 0001.
Note that ICAO code is important in the system, as it permits unique identification of a specific aircraft in the network, and this information is fed into the software correlation module of planned versus actual flight path, external to the CyberSense sensor. In this plan versus actual correlation, the correlator is retrieving the planned flight plan, as files into a worldwide flight-plans repository,
comparing the planned flight -plan, versus actual data received from the aircraft during flight, looking for correlation between the two.
Type Code
PI (Checksum)
ADS-B uses Cyclic Redundancy Check (CRC) to validate the correctness of the received message, where the last 24 bits are parity bits.
To further illustrate and explain how ADS-B data is processed, the following is an example of extracting aircraft airspeed data out of a transmission. As explained above, various aircraft flight information (position, velocity, altitude, etc.) are all decoded in ADS-B messages. The method it is implemented is that each type of data is coded with a specific TC (Type Code) and ST (Sub -Type) in the message, followed by a 51 bits of data (see ADS-B format structure above). Therefore, the received valid ADS-B transmission is further decoded, extracting the relevant data element that fits the identification data type bits (TC and ST). As an example, let us examine the extraction of the airspeed data out of ADS-B message:
The message decoding shall include TC (Type Code) = 19 (see TC table above for airborne velocity code in the table), Sub-Type (ST) = 3 (This ST indicated a sub-sonic speed in this case). An example of an actual message transmitting airspeed may look like the following:
Message: 8D-76CD61-9B06B6AF189400-XXXXXX, translated into the following format fields:
Convert DATA [9B06B6A9189400] into binary (focus please on the field of interest in this example, marked in Green in the table):
Although we focus our example in the above table on airspeed value extraction, note that in the above table we also have in the same transmission format additional aircraft heading, vertical rate and other information. However, if we complete the above example and further look at the airspeed field, we are extracting the following:
a. AS-Type field to extract the type of airspeed in the message, according to the following format:
• Value = 0 -> Indicated Airspeed (IAS)
• Value = 1 -> True Airspeed (TAS)
Therefore, in our above message decoding example, the airspeed value indicated TAS. b. Then, the speed value is simply a binary to decimal conversion of AS bits (in knot). In our example: 0101001000, translated into 328 knots.
Based on the above aircraft flight airspeed, we shall further follow the ADS-B protocol and extract all relevant flight vector data (position, altitude etc.)
The output of the extractor (004) shall then become another input to the Pre -Processor/Comparator block (005). This block shall receive approximate pure RF signal physical distance and direction as one input from the electrical signal features extractor (002) and the decoded ADS-B signal parameters from the data elements extractor (004) for comparison.
Claims
1. A system for securing aircraft transmissions for air traffic control comprising:
one or more radio frequency (RF) receivers configured to receive the aircraft transmissions from multiple spatial segments surrounding the RF receiver; and
one or more processors and memory storage, the memory storage including instructions that when executed by the one or more processors implement the steps of:
extracting flight data from the transmissions, wherein the flight data include one or more of a reported position, a reported speed, and a reported flight vector;
determining a first correlation factor between the reported position and a detected position of the transmissions;
determining a second correlation factor between a learned flight behavior and one of the reported position, the reported flight vector, and the reported speed; and,
responsively to at least one of the first and the second correlation factors being below a predefined correlation threshold, issuing an alert indicating a false transmission.
2. The system of claim 1, wherein the one or more RF receivers are Internet of Things (IoT) devices.
3. The system of claim 1, wherein one or more of the RF receivers include multiple directional RF receiver elements, each oriented to receive the aircraft transmissions from a respective spatial segment of the multiple spatial segments.
4. The system of claim 1, wherein one or more of the RF receivers include a rotating RF receiver, configured to rotate to receive the aircraft transmissions from the multiple spatial segments.
5. The system of claim 1, wherein the multiple spatial segments are four quadrants.
6. The system of claim 1, wherein the ADS-B transmission frequency is one or both of 1090 MHz and 1030 MHz.
7. The system of claim 1, further including determining, by measuring signal power of the ADS-B transmission, a detected distance to a source of the ADS-S transmission, and, from the detected distance and by comparing signal power in each of the multiple segments, calculating the detected position of the source of the ADS-B transmission.
8. The system of claim 1, further including receiving from an external device the detected position of the source of the ADS-B transmission.
9. The system of claim 1, further comprising correlating the reported position with a previously reported position and responsively issuing the alert.
10. The system of claim 1, wherein issuing the alert comprising issuing an alert of a possible cyberattack.
11. The system of claim 1, further including issuing the alert when a deviation between the reported flight vector and the learned flight behavior is greater than a pre-defined deviation value.
12. The system of claim 1, further including issuing the alert when a deviation between multiple reported flight vectors and learned flight behavior is greater than a pre-defined deviation value and not more than a pre-defined number of other aircraft in a given geographic region also have a deviation of greater than the pre-defined deviation value.
13. The system of claim 1, wherein the learned flight behavior is modeled by a machine learning system.
14. The system in claim 11, wherein the learned flight behavior is corrected during run-time operation by manually determining that a given flight behavior that is not anomalous is defined by the machine learning system as anomalous and by correcting the definition of the given flight behavior.
15. The system in claim 1, wherein the learned flight plans are flight plans deposited in the global ATC network prior to flights.
16. The system in claim 1, wherein an installation of the system is performed in one or more of a ground based system and an airborne system.
17. A computer-based method for securing aircraft transmissions for air traffic control comprising:
extracting flight data from the aircraft transmissions, wherein the flight data include one or more of a reported position, a reported speed, and a reported flight vector;
determining a first correlation factor between the reported position and a detected position of the aircraft transmissions;
determining a second correlation factor between a learned flight behavior and one of the reported position, the reported flight vector, and the reported speed; and
responsively to at least one of the first and the second correlation factors being below a predefined correlation threshold, issuing an alert indicating a false transmission.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962829382P | 2019-04-04 | 2019-04-04 | |
US62/829,382 | 2019-04-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020202160A1 true WO2020202160A1 (en) | 2020-10-08 |
Family
ID=70554147
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IL2020/050403 WO2020202160A1 (en) | 2019-04-04 | 2020-04-02 | System and methods of securing aircraft communications for tracking and control |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2020202160A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3438703A1 (en) * | 2017-08-03 | 2019-02-06 | Airbus Operations S.A.S. | Method and device for monitoring the position of a following aircraft relative to a leading aircraft during a formation flight |
US20230053158A1 (en) * | 2021-05-13 | 2023-02-16 | Nexteon Technologies, Inc. | Avionics-free global aviation surveillance systems and processes |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030097216A1 (en) * | 2001-11-20 | 2003-05-22 | United Parcel Service | Systems and methods for correlation in an air traffic control system of interrogation-based target positional data and GPS-based intruder positional data |
US20050156777A1 (en) * | 2004-01-15 | 2005-07-21 | Honeywell International, Inc. | Integrated traffic surveillance apparatus |
EP2136222A1 (en) * | 2008-06-18 | 2009-12-23 | Saab Ab | Validity check of vehicle position information |
US20190042748A1 (en) * | 2017-08-03 | 2019-02-07 | B. G. Negev Technologies And Applications Ltd., At Ben-Gurion University | Using lstm encoder-decoder algorithm for detecting anomalous ads-b messages |
-
2020
- 2020-04-02 WO PCT/IL2020/050403 patent/WO2020202160A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030097216A1 (en) * | 2001-11-20 | 2003-05-22 | United Parcel Service | Systems and methods for correlation in an air traffic control system of interrogation-based target positional data and GPS-based intruder positional data |
US20050156777A1 (en) * | 2004-01-15 | 2005-07-21 | Honeywell International, Inc. | Integrated traffic surveillance apparatus |
EP2136222A1 (en) * | 2008-06-18 | 2009-12-23 | Saab Ab | Validity check of vehicle position information |
US20190042748A1 (en) * | 2017-08-03 | 2019-02-07 | B. G. Negev Technologies And Applications Ltd., At Ben-Gurion University | Using lstm encoder-decoder algorithm for detecting anomalous ads-b messages |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3438703A1 (en) * | 2017-08-03 | 2019-02-06 | Airbus Operations S.A.S. | Method and device for monitoring the position of a following aircraft relative to a leading aircraft during a formation flight |
US20230053158A1 (en) * | 2021-05-13 | 2023-02-16 | Nexteon Technologies, Inc. | Avionics-free global aviation surveillance systems and processes |
WO2023287483A3 (en) * | 2021-05-13 | 2023-05-19 | Nexteon Technologies, Inc. | Avionics-free global aviation surveillance systems and processes |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Strohmeier et al. | On perception and reality in wireless air traffic communication security | |
Kim et al. | ADS-B vulnerabilities and a security solution with a timestamp | |
US11068593B2 (en) | Using LSTM encoder-decoder algorithm for detecting anomalous ADS-B messages | |
Strohmeier et al. | Intrusion detection for airborne communication using PHY-layer information | |
EP2603814B1 (en) | Method for providing spoof detection | |
CN103699713A (en) | Collision detection method for airplane formation and application of method | |
CN110061801B (en) | Abnormal target discrimination system and method in aviation monitoring system | |
CN107015249B (en) | ADS-B Deceiving interference detection method based on space correlation consistency | |
Strohmeier et al. | On passive data link layer fingerprinting of aircraft transponders | |
Khan et al. | Intrusion detection in automatic dependent surveillance-broadcast (ADS-B) with machine learning | |
Sahawneh et al. | Detect and avoid for small unmanned aircraft systems using ADS-B | |
Akerman et al. | VizADS-B: Analyzing sequences of ADS-B images using explainable convolutional LSTM encoder-decoder to detect cyber attacks | |
WO2020202160A1 (en) | System and methods of securing aircraft communications for tracking and control | |
TajDini et al. | Performing Sniffing and Spoofing Attack Against ADS-B and Mode S using Software Define Radio | |
Smith et al. | Understanding realistic attacks on airborne collision avoidance systems | |
Khandker et al. | On the (in) security of 1090ES and UAT978 mobile cockpit information systems–an attacker perspective on the availability of ADS-B safety-and mission-critical systems | |
Habler et al. | Analyzing sequences of airspace states to detect anomalous traffic conditions | |
Lin et al. | Quasi‐ADS‐B Based UAV Conflict Detection and Resolution to Manned Aircraft | |
Adesina et al. | Aircraft location prediction using deep learning | |
US10277356B2 (en) | Multi-platform location deception system | |
Chen et al. | Vulnerabilities in ADS-B and verification method | |
Harison et al. | Survey of cyber threats in air traffic control and aircraft communications systems | |
Xu et al. | Aircraft go-around detection employing open source ADS-B data | |
Longo et al. | On a Collision Course: Unveiling Wireless Attacks to the Aircraft Traffic Collision Avoidance System ({{{{{TCAS}}}}}) | |
CN110621067B (en) | ADS-B anti-interference anti-deception multi-station system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20724227 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20724227 Country of ref document: EP Kind code of ref document: A1 |