PowerPoint Presentation · Title: PowerPoint Presentation Author: omunger Created Date: 9/16/2015...
Transcript of PowerPoint Presentation · Title: PowerPoint Presentation Author: omunger Created Date: 9/16/2015...
-
ADS-B Authentication
Compliant with
Mode-S Extended Squitter
Using PSK Modulation
ITSC 2015 Sept. 17, 2015
Sept. 17, 2015 ITSC 2015 1
Omar Yeste and René Jr. Landry
-
Mode-S Extended Squitter (ES)
• Air Traffic Management
• ID, 4D position, intention
• ADS-B
– Automatic Dependent Surveillance-Broadcast
– Also proposed
for Collision
Avoidance in
Connected
Autonomous
Vehicles
Sept. 17, 2015 ITSC 2015 2
Courtesy of MIT
-
Mode-S ES Threatens
• Eavesdropping
– Messages are intentionally non-encrypted
• Jamming or denial of service
– Transmitter operating at the 1090 MHz channel.
• Radiation of Hazardously Misleading
Information (HMI):
– Spoofing (or impersonation) - multilateration
– Message manipulation.
– Message injection or replay
Sept. 17, 2015 ITSC 2015 3
-
Outline
1. Proposed solution (What? How?)
2. Modulation Order Selection
3. ADS-B Transmitting Device
– Preliminary results
4. ADS-B Receiving Device
5. Timestampting
6. Conclusions
Sept. 17, 2015 ITSC 2015 4
-
1. Proposed Solution (What?)
• Embed a Digital Signature in the message
• Protects against most types of HMI
– Message replay?
• Secure ADS-B still compliant with Mode-S ES.
Seamless transition:
– Old equipment can still decode the message
– New equipment can authenticate the message
Sept. 17, 2015 ITSC 2015 5
-
1. Proposed Solution (How?)
• Mode-S ES uses PPM (amplitude modulation)
• Use M-PSK modulation to embed the signature
• Previous works have paved the way:
– Key management
– Digital Signature length (448 bits, secure until 2030)
Sept. 17, 2015 ITSC 2015 6
-
2. Modulation Order Selection
Modulation Sensitivity
( BER 10-7 )
Maximum Range
70W 125W 200W
BPSK/QPSK −88.7 dBm 213NM 285NM 361NM
8PSK −82.8 dBm 108NM 145NM 183NM
16PSK −𝟕𝟔. 𝟖 dBm 54NM 73NM 92NM
Class A3 −81.0 dBm 34NM 64NM 90NM
Class A3+ −83.5 dBm 35NM 85NM 120NM
Sept. 17, 2015 ITSC 2015 7
• ADS-B consists of 112 pulses + preamble
• 4 bits/pulse: 448 bits
• Preamble used for carrier recovery
-
3. ADS-B Transmitting Device
3.1 Initial Architecture
Sept. 17, 2015 ITSC 2015 8
ADS-BMessage(112 bits)
Add Preamble(11N00NNN)
Digital Signature(448 bits)
Zero Padding(0x00000000)
-32 zeroes-
D16PSKGray Coding
PPMModulator
4 MSPS
1 MSPS
4 MSPS
1 MSPS 2 MSPSAmplitude
1 MSPS
SignedADS-B
Message
Amplitude/Phase to Complex
↑2“Nearest”
2 MSPS Phase
-
Nutaq’s ZeptoSDR
• Main components:
– Radio420X: High quality radio module
– Xilinx Zynq FPGA (pass-through mode)
– Dual ARM Cortex-A9
• Features
– Remote and embedded
operation
– GNU Radio support
Sept. 17, 2015 ITSC 2015 9
3. ADS-B Transmitting Device
3.3 SDR Platform
-
3. ADS-B Transmitting Device
3.3 GNU Radio
Sept. 17, 2015 ITSC 2015 10
-
3. ADS-B Transmitting Device
3.3 Preliminary Results
Sept. 17, 2015 ITSC 2015 11
-
3. ADS-B Transmitting Device
3.3 Preliminary Results
Sept. 17, 2015 ITSC 2015 12
-
3. ADS-B Transmitting Device
3.3 Preliminary Results
Sept. 17, 2015 ITSC 2015 13
-
3. ADS-B Transmitting Device
3.3 Preliminary Results
Sept. 17, 2015 ITSC 2015 14
-
3. ADS-B Transmitting Device
3.3 Preliminary Results
Sept. 17, 2015 ITSC 2015 15
-
3. ADS-B Transmitting Device
3.3 Spectrum Mask
Sept. 17, 2015 ITSC 2015 16
-
3. ADS-B Transmitting Device
3.3 Spectrum Mask
Sept. 17, 2015 ITSC 2015 17
-
3. ADS-B Transmitting Device
3.3 Phase Reversal
Sept. 17, 2015 ITSC 2015 18
-
3. ADS-B Transmitting Device
3.3 Phase Reversal
Sept. 17, 2015 ITSC 2015 19
-
3. ADS-B Transmitting Device
3.3 Initial Architecture
Sept. 17, 2015 ITSC 2015 20
-
3. ADS-B Transmitting Device
3.3 Proposed Architecture
Sept. 17, 2015 ITSC 2015 21
-
Sept. 17, 2015 ITSC 2015 22
3. ADS-B Transmitting Device
3.3 Proposed Architecture
ADS-BMessage(112 bits)
Add Preamble(11N00NNN)
Digital Signature(448 bits)
Zero Padding(0x00000000)
-32 zeroes-
D16PSKGray Coding
PPMModulator
4 MSPS
1 MSPS 1 MSPS
2 MSPS
SignedADS-B
Message
↑2“Nearest”
↑10“Nearest”
2 MSPS
↑2“Nearest”
4 MSPS
↑5“Cubic”
20 MSPS Phase
20 MSPSAmplitude
4 MSPS
Amplitude/Phase to Complex
1 MSPS
• Pulse rise time < 0.1 µs (Pulse shape)
• Phase transition > 0.25 µs (Spectrum Mask /
Merged Pulses)
-
3. ADS-B Transmitting Device
3.3 Spectrum Mask
Sept. 17, 2015 ITSC 2015 23
-
4. ADS-B Receiving Device
Sept. 17, 2015 ITSC 2015 24
AMDemodulator
ThresholdPreambleDetection
Down converted Complex
Signal
SymbolSynchronism
PPMDemodulator
Carrier Offset Estimation
D16PSKDemodulator
Signature
ADS-BMessage
-
5. Timestamping
• A pair (Message/Time) is used to generate the
signature
• Time uncertainty is < ±0.8 s
• Timestamp resolution: 2 s
– Time replay window of 2.8 s in the worst case
Sept. 17, 2015 ITSC 2015 25
Tm = Time of measurement
Information available at the GNSS output
Information available at the ADS-B transmitter’s input
Transmission of message
Reception of message at the ADS-B receiving subsystem
𝛿𝐺𝑁𝑆𝑆 𝛿𝐷𝐵 𝛿𝑂𝑢𝑡 𝛿𝑝𝑟𝑜𝑝
𝛿𝐼𝑛
-
Conclusion
• Solution against HMI
• Fully compliant with Mode-S ES standard
– Seamless transition
• 16-PSK modulation
– Allows authentication of every message (448 bits)
– Theoretical BER allows intended coverage area
• Timestamping to prevent message reply
– Vulnerable window of 2.8 s
Sept. 17, 2015 ITSC 2015 26
-
Thank you
Questions?
Sept. 17, 2015 ITSC 2015 27
Contact us: [email protected], [email protected]
mailto:[email protected]:[email protected]