Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices

In this paper we investigate (in)security aspects of Automatic Dependent Surveillance-Broadcast (ADS-B) protocol. ADS-B is intended to be widely deployed in Air Traffic Management (ATM) Surveillance systems by 2020. One of the goals of ADS-B is to increase safety of air traffic. While the security of ADS-B was previously questioned, in this paper we demonstrate that attacks are both easy and practically feasible, for a moderately sophisticated attacker. Attacks range from passive attacks (eavesdropping) to active attacks (message jamming, replaying of injection). The attacks have been implemented using an Universal Software Radio Peripheral (USRP), a widely available SoftwareDefined Radio (SDR). for which we developed an ADS-B receiver/transmitter chain with GNURadio. We then present and analyze the results of the implemented attacks tested against both USRP-based and commercial-off-the-self (COTS) radio-enthusiast receivers. Subsequently, we discuss the risks associated with the described attacks and their implication on safety of air-traffic, as well as possible solutions on short and long terms. Finally, we argue that ADS-B, which is planned for long-term use, lacks the minimal and necessary security mechanism to ensure necessary security of the air traffic. Keywords-Architecture and Design Air Traffic Control, Air Traffic Management, Automatic Dependent SurveillanceBroadcast, ADS-B, message injection, message replay, wireless security, privacy.