Plane & Pilot
Tuesday, May 7, 2013

No Ghosts In The Air…No Privacy, Either!

The Great ADS-B Scare of 2012

Under NextGen, air traffic controllers see a combination of ADS-B and radar data, with automatic validation to prevent "spoofing."
I apologize for the title; I couldn't resist. It was inspired by a presentation with the provocative title, [The] "Ghost Is In the Air (Traffic)," written by two French researchers and presented last year at Black Hat, an annual conference on computer and network security. The presentation did a good, if incomplete, job of explaining how ADS-B works, and went on to posit that by using simple equipment, it would be possible to "spoof" the system—by recording legitimate signals sent from ADS-B-equipped aircraft and playing them back to fill ATC scopes with false targets and force airline pilots into radical deviations around threats that would turn out to be bogus. The story was picked up and reported by many outlets in the general press, and Plane & Pilot heard from readers who were genuinely concerned.

After speaking with people in a position to know how the system works, now I can confirm that ADS-B won't make U.S. airspace less secure—far from it. It will enhance the safety and security of all operators (especially those who file and fly IFR). However, it turns out that one problem identified by our French friends is real and will have an impact on some users—in a nutshell, with ADS-B, airspace becomes safer and more secure…but less private. To understand why, we'll need to review how air traffic was managed before ADS-B and how the new system (part of the FAA's Next Generation initiative) changes things.

Operations in most U.S.-controlled airspace requires a transponder, which responds to interrogation from primary and secondary surveillance radar signals, sending altitude and a four-digit "squawk code" to the radar site. Air traffic controllers use that to identify where aircraft are located, keep them separated if operating on IFR flight plans and offer traffic advisories if they're operating VFR. That system has been in use since World War II and works well, but it has problems. Radar isn't all that accurate at long ranges, and aircraft positions are only updated when an aircraft passes through the radar beam (typically every 12 seconds). As a result, ATC requires a five-mile separation between each aircraft. And there are some locations with heavy air traffic—including large parts of Alaska and the Gulf of Mexico—where radar isn't available.

ADS-B, part of the Next Generation air traffic system (NextGen), is autonomous, sending the aircraft position, a unique 24-bit identifier, N-number (or airline flight number), altitude, transponder squawk, heading, velocity and other data every two seconds. It's dependent on GPS (or an equally accurate system) for its position information. The data transmitted by ADS-B is used by ATC for surveillance of traffic in their airspace, broadcast using one of two radio links through a network of ground stations being installed by ITT Corporation under contract to the FAA. ADS-B also differs from radar-based surveillance in being a two-way system; in addition to broadcasting aircraft position to ATC (and other aircraft), if you have the right equipment, you can receive information including the position of nearby aircraft and, in some cases, free weather information.

Now that we've got that out of the way, let's review the scenario presented at the Black Hat conference: A hacker buys an ADS-B receiver, connects it to a data recorder and records the broadcast information for one or more real airplanes. Then he connects that recorder to a transmitter and plays the broadcast information back—repeating it endlessly. Pilots and air traffic controllers in the area see an endless stream of "ghost" airplanes requiring deviations. Pushed to its limits, this would result in a "denial of service" situation, with ATC unable to provide IFR separation service to pilots.


Add Comment