Backward-compatible Software Upgrades for ADS-B and AIS To Support ECDSA-Secured Protocols




Cybersecurity, Protocol Upgrades, Message Authentication, ADS-B, 1090ES, AIS


During the past few decades, the aviation, maritime, aerospace, and search-and-rescue domains have witnessed tremendous improvement thanks to technological, digitalization and Internet of Things (IoT) advances such as Automatic Dependent Surveillance–Broadcast (ADS-B) (e.g., Aviation IoT, Airports IoT) and Automatic Identification System (AIS) (e.g., Maritime IoT). All these are high-profile examples of new digital communication protocols combined with IoT devices that make efficient use of wide-area earth and space radio communications to provide real-time, truly globally interoperable, and optimised services required by these domains. However, the protocols and technologies mentioned above, both from an architectural and implementation point of view, exhibit fundamental cybersecurity weaknesses (both at protocol and IoT device level). These weaknesses make them an easy target for potential attackers. The two fundamental flaws of these protocols are the lack of digital signatures (i.e., integrity and authenticity) and the lack of encryption (i.e., confidentiality and privacy). The risks associated with these, and other weaknesses have been over the last decade repeatedly demonstrated with ease by ethical cybersecurity researchers. In this paper, we design, propose, and discuss a single generic PKI-enabled message integrity and authenticity scheme that works seamlessly for any of the ADS-B, and AIS, with the possibility of easy extension and integration into other protocols (e.g., ACARS). Our scheme can be added as backward-compatible software upgrades (e.g., third-party library) to existing systems without requiring expensive architectural redesign, upgrades, and retrofitting. Our present work is aimed to serve as a bootstrap to securing such insecure protocols without completely replacing or redesigning the systems. It also aims to provide a discussion background of advantages and limitations of such backward-compatible securing methods.