A couple of papers popped up in the US:
Practical attacks on ADS-B devices
I had a quick scan of them. To anyone who knows about radio, electronics, etc, there is not much surprising there.
Basically, it is trivial to fake ADS-B signals. Since the receivers are non-directional, it is trivial to create a completely fictitious (or really existing) aircraft doing a completely fictitious flight. You could shut down airports by buzzing this imaginary aircraft overhead them. All you would need is a transmitter some xxx miles away, radiating right-looking packets. Look how “barely visible” drones can shut down an airport right now. You could also create huge hassle for aircraft owners by creating a flight which busts airspace; they would have to prove an alibi, which could be hard for someone based at a remote location. So, any large scale reliance on ADS-B is not going to work; one must retain SSR at the very least, to verify the aircraft is “probably real” and is actually more or less where it says it is.
One interesting snippet is that ADS-B packet loss is around 1/3 i.e. 1/3 of packets transmitted get corrupted, mostly due to packet collisions. This will get worse as there is more ADS-B OUT traffic.
The second doc is about preventing eavesdropping (FR24, and other less benign outfits) and it concludes that nothing can be done, which is really obvious 
You could, but you wouldn’t shut an airport down for long.
There’s a popular pastime amongst radio amateurs called “foxhunting” (someone hides a beacon, and the participants have to find it as quickly as possible). With the short wavelength at 1090 MHz, you don’t even need a particularly huge yagi to get pointed in the general direction of the pirate. The likes of Ofcom are likely better equipped and can probably do it faster. To keep it going for any length of time, an attacker would have to deploy multiple transmitters, which increases the cost – but also increases greatly the risk of being caught. In most countries, the fines for making illegal transmissions are not a joke (they usually start out in the high tens of thousands).
Of course everyone is going “But SDR this and SDR that” – however, even very expensive SDRs have feeble output powers (a few milliwatts at most) so you also have to get a linear amplifier (or construct one), the former expensive in money, the latter expensive in time.
When this topic came up I was thinking of the emission end of ADS-B, since receivers are readily available already, but then got to think: how do you ensure data quality? How to make sure a home-made emitter does not send bogus traffic and weather, and everybody starts diverting/avoiding left and right. In the best case Mk II Eyeballs confirm the alert is not real, but pilots would lose trust in the system. So probably not a good idea. A corollary point might be designing the low-cost HW only, and broadcast certified good data, but I have no clue where to source said data, it’s probably not available to the public.
Arne wrote:
how do you ensure data quality?
By verifying authenticity using private-public key pair signatures. No encryption needed, just a checksum that basically says: “yes you are who you say you are and I can trust your data”. Same sort of problem as the 802.11p system faces for vehicles.
Dimme wrote:
By verifying authenticity using private-public key pair signatures.
I can’t believe that in 21st century nobody came to idea to issue private key to each installed device (stored securely somewhere in firmware) and to occasionally send signature in one of the packages.
Emir wrote:
I can’t believe that in 21st century nobody came to idea to issue private key to each installed device
That’s because ADS-B is 20th century technology. It was specified and developed in the 1990s. Embedded processors back then had much less CPU power than now, and also signing algorithms that had been developed by that stage are now known to be insecure to the point they are useless today, so even if they had, it wouldn’t have made all that much difference today (especially as the number of bits used in the signature would have almost assuredly not been very many) and no doubt keys would have been extracted from avionics in the first place, given the state of technology at the time (remember not even all the money poured into content protection by Hollywood could prevent CSS being thoroughly neutralised within months of DVDs coming out).
While you could come up with a signing system a bit like what we use when generating server certs for HTTPS sites, it’s only relatively recently that this has become a mature process. There were tons of exploits until the early 2010s and still a dribble of new exploits showing up today (every time I test a new HTTPS site, it seems like there’s some new weakness in an implementation or protocol that needs to be mitigated against). With far fewer people working on avionics, the chance of all this being set up securely in a system that has to work, without modification, for decades is approximately zero.
Getting signing and/or encryption today would require a new standard to be developed and the payload would be much bigger because the hash sent along with the data is going to have to be at least 256 bits to be considered worthwhile (which will make the packet collision problem worse in busy airspace). You’d possibly have to start looking at new frequency bands, which will take years because every single country in the world would have to agree to it. By which time, some exploit will have been discovered making the digital signatures useless, and of course it takes 20+ years to get everyone to upgrade due to the eyewatering cost not just of what’s in the plane, but the ground stations too.
The problem with certificates is that you end up needing agencies like Verisign, and they charge money for the certificates. So, yet more money to pay out – of the order of €200/year and for aviation it would be more.
Peter wrote:
The problem with certificates is that you end up needing agencies like Verisign, and they charge money for the certificates. So, yet more money to pay out – of the order of €200/year and for aviation it would be more.
Try Let’s encrypt.
The cheap ones work until they don’t
We used them…
Let’s encrypt still works, what do you mean?
