Design of A Cyber Security Framework for ADSB
Design of A Cyber Security Framework for ADS-B Based Surveillance Systems Sahar Amin Tyler Clark Rennix Offutt Kate Serenko
2 Agenda u Context Analysis u Stakeholder Analysis u Problem Statement & Needs Statement u Mission Requirements u Design Alternatives u Preliminary Simulation Design u Project Management Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
3 Context Analysis Increase in air transportation and air traffic Need for surveillance systems to track and monitor flights Implementation of Next. Gen by FAA Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
4 Context Analysis Increase in air transportation and air traffic Need for surveillance systems to track and monitor flights Implementation of Next. Gen by FAA Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
5 Number of People Flying Each Year in US Number of Passengers (Millions) 300 250 Forecast 200 150 100 50 0 1995 2000 2005 2010 * Source: U. S. Department of Transportation. Form 41 and 298 C 2015 Years 2020 2025 Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 2030 2035
6 United States Air Carriers Fleet US Air Carriers Fleet 10 000 9 000 Number of Planes 8 000 Forecast 7 000 6 000 5 000 Mainline 4 000 Regional 3 000 2 000 1 000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 0 Year *Source: FAA Aerospace Forecast: Fiscal Years 2012 -2032 Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
7 US Airspace Congestion Radar and ADS-B coverage Only ADS -B coverage Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
8 Context Analysis Increase in air transportation and air traffic Need for surveillance systems to track and monitor flights Implementation of Next. Gen by FAA Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
9 Surveillance What: Surveillance is close observation and monitoring of changing information. Why: Surveillance in air transportation is needed to track and monitor flights to maximize efficiency and safety in airspace. Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
10 Primary Surveillance u Primary Surveillance Radar u Created to provide continuous surveillance of air traffic disposition u Uses a rotating antenna to transmit electromagnetic waves that reflect from aircraft surface up to 60 miles from radar u Problems: could only provide object’s location; does not identify object type; does not provide coverage over oceanic regions Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
11 Secondary Surveillance Radar u Initially developed as a wartime radar system, called Identification Friend or Foe (IFF) u Attached to primary radar; relies on aircraft transponders to transmit and receive aircraft data u Problems: expensive; does not provide surveillance coverage over oceanic regions Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
12 Context Analysis Increase in air transportation and air traffic Need for surveillance systems to track and monitor flights Implementation of Next. Gen by FAA Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
13 Next Generation (Next Gen) u New airspace for US to be implemented between 2012 -2025 u New framework for flight tracking and monitoring u Ground/radar-based tracking system satellite-based tracking system u Major Component of Next. Gen: Automatic Dependent Surveillance-Broadcast (ADS-B) Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
14 Automatic Dependent Surveillance. Broadcast (ADS-B) u Automatic – does not require interrogation u Dependent – depends on location information from GPS u Surveillance – provides situational awareness for ADS-B equipped aircraft and ARTCC u Broadcast – constant broadcasting of flight navigation information Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
15 How ADS-B Works Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
16 ADS-B Advantages u Increased situational awareness for both pilots and ARTCC u Provides surveillance coverage in areas without radar coverage u Less expensive than traditional radar u Information is broadcasted in real time u Can decrease separation distance between aircraft Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
17 Decreased Separation Distance Without ADS-B Coverage One In, One Out 20 NM Separation distance decreased to 5 NM With ADS-B Coverage 5 NM Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
18 ADS-B Messages DF: Downlink Format AA: ADS-B Data: Aircraft CA: Capability Individual type, Altitude, Latitude, Aircraft Longitude, Airborne Address Velocity PI: Parity Information (Error Detection Code) Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
19 Cyber Security in Aviation u Aviation has gone Cyber u ADS-B transmits digital signals to ground servers and nearby aircraft u New threat vector in aviation u Signals are unencrypted signals can be spoofed or jammed by adversaries Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
20 Threats u. Spoofing u. False Source u. False Content 1090 MHz u. Jamming 1090 MHz u. Ghost Plane Flooding u. Ground Station Flooding Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
21 Scope Definition u Oceanic area between two land masses covered by ARTCC u No radar coverage – Only ADS-B surveillance u Commercial aviation – en route flights u Spoofing attacks only - concentrating on prevention of attacks u Jamming is out of our scope because it cannot be prevented Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
22 Agenda u Context Analysis u Stakeholder Analysis u Problem Statement & Needs Statement u Mission Requirements u Design Alternatives u Preliminary Simulation Design u Project Management Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
23 Stakeholder Analysis Crew/Pilots Airline Companies ARTCC ADS-B Manufacturers Congress Passengers FAA Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 Labor Unions
24 Primary Stakeholders FAA (Federal Aviation Administration) • Objective: provide the safest, most efficient aerospace system in the world ARTCC (Air Route Traffic Control Center) • Objective: maintain safety and efficiency of flights in specified volume of airspace at high altitudes Airline Companies • Objective: provide a safe and up-to-date aircraft; maximize profits Crew/Pilots • Objective: Provide safe and enjoyable flying experience for their customers Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
25 Secondary Stakeholders ADS-B Manufacturers • Objective: Provide aircraft with satellite-based surveillance system that allows for more accurate and real-time transfer of flight data Congress • Objective: Control spending across government and government agencies Passengers • Objective: Arrive at destination safely and on time Labor Unions • Objective: Protects rights of workers, strive to secure better working conditions for members, increase workers’ income Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
26 Stakeholder Tensions FAA vs. Congress • Budget for proposal has to be approved by Congress • Tension if Congress disagrees with proposed FAA budget FAA vs. Airline Companies • Airline companies must follow and meet requirements set by FAA • Tension if FAA wants airplane companies to pay for installation of ADS-B systems in aircraft FAA vs. ARTCC • ARTCC employees must follow all rules and regulations set by FAA • Tension if proposed rules increase workload and employees are required to learn how to use new equipment Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
27 Agenda u Context Analysis u Stakeholder Analysis u Problem Statement & Needs Statement u Mission Requirements u Design Alternatives u Preliminary Simulation Design u Project Management Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
28 Gap Analysis Number of Aircraft Handled by En Route Traffic Control Centers (In Millions) Gap Analysis 70 60 Gap 50 40 30 20 10 0 1995 2000 * Source: FAA Aerospace Forecast 2005 2010 2015 Year 2020 2025 Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 2030 2035
29 Problem Statement Unencrypted communication between aircraft and ARTCC ADS-B signals can be spoofed Unreliable/untrustworthy signals Location of aircraft cannot be determined with 100% certainty Reduced situational awareness, threatened flight safety, reduced airspace capacity Decreased airspace efficiency Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
30 Win-Win Analysis Solution is cost effective Implementation occurs by 2020 Win-Win Analysis ADS-B signals are secure and reliable Separation distance between aircraft is decreased Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
31 Needs Statement There is a need for a system that prevents spoofing attacks on ADS-B signals sent from aircraft to ARTCC and between aircrafts. Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
32 Agenda u Context Analysis u Stakeholder Analysis u Problem Statement & Needs Statement u Mission Requirements u Design Alternatives u Preliminary Simulation Design u Project Management Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
Mission Requirements 1. 0 The system shall increase the capacity of airspace by 32% in the areas without radar coverage. 1. 1 The system shall decrease the separation distance between aircraft to 3 nautical miles. 1. 1. 1 ADS-B messages shall be resistant to spoofing attacks Y% of times. 1. 1. 2 A spoofing attack shall not overload the capacity of the airspace. 2. 0 The system shall maintain or decrease accident rate of 0. 291* accidents per 100, 000 departures. 3. 0 The system shall be ready to be implemented by 2020. *Source: Bureau of Transportation Statistics Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
34 Agenda u Context Analysis u Stakeholder Analysis u Problem Statement & Needs Statement u Mission Requirements u Design Alternatives u Preliminary Simulation Design u Project Management Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
35 Design Alternatives 1. Hashing 2. Symmetric Encryption 3. Asymmetric Encryption 4. Maintain Status Quo Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
36 1. Hashing u What Is It? u Goal – Confirming the source of a message u Digital Signature/Hash created by sender – aircraft u Attached at the end of the message u Verified by receiver - ARTCC Fusion System Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
Hashing Demo Hash – attaching at the end of the message Original Text with Hash Design of Cyber-Security Prevention System for ADSB Based Surveillance System. Bc 89236 dec 6 d 39 f 8 SHA-2 Algorithm Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
2. Symmetric Encryption u What Is It? u Encryption – converting data into code u Symmetric – each entity has one private key u Message encrypted with key has to be decrypted with the same key Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
39 3. Asymmetric Encryption u What Is It? u Two keys – Public and Private u Longer keys – stronger security Message from A Encrypt Private A Encrypt Public B Message in Public Airspace Decrypt Private B Decrypt Public A Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 Message received at B
40 Encryption Demo Original Text Design of Cyber. Security Prevention System for ADS-B Based Surveillance System Key: Cyber. Security Encrypt Decrypt Encrypted Text f. J 9 z. VVvyy. PFFyzhdyaeu. V 68 Ayz +g. BHl. Vo. Fgzoj. Mb. Id. Z 8 c 2 p. OLtnd L 1 wz. L 0 Bj. ONp. NP 0 t. Zassp. RPoa NPdc. NDT 9 fp. QNDbv. QSWOURC f. WQJWFKQI= Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
41 Design Alternatives Evaluation Design Alternative Attack Prevention Ease of Implementation Security Strength Spoofing Easy TBD Available Low More bits 2. Symmetric Encryption Spoofing Moderate TBD Available Low Key Exchange 3. Asymmetric Encryption Spoofing Moderate TBD Available Low Access to public keys 4. Maintain Status Quo Nothing Easy Not secure None 1. Hashing Technology Cost/Air plane Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 Additional Requirements
42 Value Hierarchy Security WS Execution Time WE Minimum Separation Distance Achieved WD Ease of Implementation WI Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
43 Agenda u Context Analysis u Stakeholder Analysis u Problem Statement & Needs Statement u Mission Requirements u Design Alternatives u Preliminary Simulation Design u Project Management Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
Design of Experiment u Goal – show securing ADS-B signals can increase airspace capacity u Verify the ability of the system to prevent cyber attacks and maintain current safety level under diverse/dangerous conditions. u Simulation Design: u 1. Signal Simulation u 2. Airspace Capacity Simulation Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
45 Simulation Design 1 ADS-B Messages Design Alternatives Spoofed Messages Signal Simulation Separation Distance Re Alt liabil ern ity ati of D ve s esig 2 n Airspace capacity Airspace Capacity Simulation Departure Streams Arrival Capacities Speed of Aircraft Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 Collision Rate
46 1. Signal Simulation u Purpose of simulation: evaluate reliability of design alternatives u Simulating signals with and without signal security design alternatives u Output (reliability of signal security methods) of signal simulation will be used as input to airspace capacity simulation u Signal simulation will be programed in Matlab Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
47 2. Airspace Capacity Simulation u Purpose of simulation: verify ability of system to maximize airspace capacity and maintain safety levels u Find the optimal separation distance for flights to operate in the airspace allows for increase in airspace capacity u Simulation will abide by FAA regulations u En route flights over oceanic area relying solely on ADS-B data u Flight paths modeled after popular Gulf of Mexico flights u Airspace capacity will be modeled in Arena Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
48 Airspace Simulation (Continued) Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
49 Arena Simulation Model Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
50 Single Cell Decision u Planned/preferred path is in red u If capacity of cell 1 (Level 0 Preference) is full: u Level 1 Preference: Cells 2 or 4 (blue) u Shortest path to 1 (2 iterations) u Level 2 Preference: Cells 3, 6 or 7 (green) u 3 iterations u Level 3 Preference: Cell 9 (orange) u 4 iterations u Will choose the highest ranked level with free capacity Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
51 Control Scenario Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
52 Attack Scenario Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
53 Attack Scenario (Continued) Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
54 Formulas for Simulation Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
55 Expected Results u We expect that asymmetric encryption will be the best design alternative u Easy to implement u Technology is already available u Inexpensive to implement u Most secure design alternative u No security issues related to key exchange u Quick processing time Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
56 Agenda u Context Analysis u Stakeholder Analysis u Problem Statement & Needs Statement u Mission Requirements u Design Alternatives u Preliminary Simulation Design u Project Management Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
57 Work Breakdown Structure Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
58 Work Breakdown Structure (Continued) u 1. 0 Management – Assigning tasks and deadlines, contacting sponsors, organization, revision, etc u 2. 0 Research & Data – Primary and secondary radar, ADS-B, meetings with sponsors, data collection, etc u 3. 0 Conops & Requirements – Context analysis, stakeholder analysis, problem and needs statement, requirements u 4. 0 Simulation/Analysis – Simulation design, implementation of simulation, tradeoff analysis of alternatives, testing, results, conclusion u 5. 0 Documentation – Initial deliverables, conference papers, poster u 6. 0 Reports & Presentations – Prelim project plan and presentation, final report, faculty presentations, etc Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
59 Project Plan Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
60 Budget Individual hourly rate: $45/hour Overhead costs: $54/hour Total billing rate person: $99/hour Estimated Time to Be Spent on Project: 1, 350 Hours Total Project Cost: $133, 650 Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
61 Earned Value, Actual Cost, Predicted Value Budget 160000 140000 Cost ($) 120000 100000 Cumulative PV 80000 Cumulative AC EV 60000 Best Case Worst Case 40000 20000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 Weeks Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
62 Earned Value, Actual Cost, Predicted Value Budget 80000 70000 Cost ($) 60000 50000 Cumulative PV Cumulative AC 40000 EV 30000 Best Case Worst Case 20000 10000 0 1 2 3 4 5 6 7 8 9 Weeks 10 11 12 13 14 15 Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 16
63 Cost Performance Index vs. Schedule Performance Index CPI vs. SPI 1, 2 1 Ratio 0, 8 0, 6 CPI SPI 0, 4 0, 2 0 1 2 3 4 5 6 Weeks 7 8 9 Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013 10 11
64 Project Risks WBS Task Risks Mitigation Techniques 1. 0 Management u Tasks not assigned with correct deadlines u Deliverables not completed by internal team deadlines u Sponsors do not reply after being contacted u Assign internal team deadlines several days before official deadlines u Continue following up with sponsors 2. 0 Research u Majority of research is not completed by the middle of the Fall semester u Assign research tasks to each team member so that research findings can be combined 3. 0 Conops & Requirements u Context Analysis, Stakeholder u Make sure that each of these Analysis, Problem Statement, components is about 60% Needs Statement, and complete by mid-October Requirements are not complete by Final Project Plan Department of Systems Engineering and Operations Research due date Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
65 Project Risks (Continued) WBS Task Risks Mitigation Techniques 4. 0 Simulation u Not enough data for simulation u Data is not collected time for simulation u Simulation is too complex to be modeled within time frame of this project u Begin data collection right after Prelim Project Plan due date u Resize scope early in semester; seek guidance from sponsors 5. 0 Documentation u Documentation deliverables are not completed by deadline u Set internal team deadlines for at least five days before official deadline 6. 0 Reports & Presentations u Reports or presentations are not completed by deadline u Set internal team deadlines for at least five days before official deadline Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
66 Questions? Department of Systems Engineering and Operations Research Design of A Cyber Security Framework for ADS-B Based Surveillance Systems SYST 490 - 2013
- Slides: 66