Encrypted Mode Select ADS-B for Tactical Military Situational Awareness by 2Lt. John R. Jochum B.S., Electrical Engineering (1999) United States Air Force Academy Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 2001 ( 2001, Massachusetts Institute of Technology. All rights reserved Auth or..................................................................... ...... ....... Department of Electrical XYngineeriag and Computer Science April 27, 2001 C ertified by............ .. .................. Certified by... Val M. finz '/ Dr. Thomas J. (joblick MIT Lincoln Laboratory MIT Lincoln Laboratory Thesis Supervisor Thesis Supervisor Certified by........... .- X.. ........... C ertified by....................... ..................... Kenneth W. Saunders Dr. Pratap N. Misra MIT Lincoln Laboratory MIT Lincoln Laboratory Thesis Supervisor Thesis Supervisor C ertified by ................................................................ ............................... .. Professor James K. Roberge D-nqrtninf-TF~TJctrical Engineeinind Computer Science *pervisor Accepted by................................. r C. Smith 0- Chairman, Department Committee on Graduate Thesis JF BARKER LIBRARIES WEEINNOMMO I Encrypted Mode Select ADS-B for Tactical Military Situational Awareness by John R. Jochum Submitted to the Department of Electrical Engineering and Computer Science on April 27, 2001, in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science Abstract Mid-air collisions between tactical military aircraft occur somewhat frequently and are a product of the inherent danger of dynamic maneuvering and flight at high airspeeds. Each collision results in significant loss to the military in terms of aircrew injury or fatality and airframe damage or loss. However, tactical aircraft do not have a collision avoidance or situational awareness aid. A potential solution to improve pilots' awareness of proximate traffic is Automatic Dependent Surveillance - Broadcast (ADS-B). Existing civil ADS-B systems are problematic for military use, because the broadcast data is not secure. In this thesis, we explore the feasibility of encryption for adapting civil Mode Select (Mode S) ADS-B to a secure military ADS-B system. Encryption theory applicable to ADS-B is reviewed. Modifications to the existing civil Mode S system required for encrypted ADS-B are identified, as well as required format modifications. The feasibility of encryption is discussed in terms of necessary security services for secure ADS-B: confidentiality, identification, authentication, and integrity. We examine the trade-offs between different types of conventional encryption techniques to provide these services, and conclude that encryption can be successfully applied to Mode S ADS-B. A feasible approach for encrypted ADS-B is presented. Thesis Supervisor: Val M. Heinz Thesis Supervisor: Kenneth W. Saunders Title: Technical Staff, MIT Lincoln Laboratory Title: Technical Staff, MIT Lincoln Laboratory Thesis Supervisor: Dr. Thomas J. Goblick Thesis Supervisor: Dr. Pratap N. Misra Title: Technical Staff, MIT Lincoln Laboratory Title: Senior Staff, MIT Lincoln Laboratory Thesis Supervisor: James K. Roberge Title: Professor of Electrical Engineering, Massachusetts Institute of Technology 2 Table of Contents Abstract ...................................................................................................................................... 2 Table of Contents........................................................................................................................3 List of Figures ............................................................................................................................ 5 List of Tables..............................................................................................................................6 List of Acronym s........................................................................................................................7 Acknowledgm ents ...................................................................................................................... 8 1. Introduction ........................................................................................................................ 9 1.1 Problem Definition......................................................................................................9 1.2 Air Traffic Control Technology................................................................................ 9 1.3 M ilitary Situational Awareness.............................................................................. 12 2. Objective and Approach.................................................................................................. 15 2.1 Thesis Objectives ................................................................................................... 15 2.2 Approach................................................................................................................... 16 3. Encryption Theory Applicable to ADS-B ....................................................................... 17 3.1 Symm etric and Asym metric System s and Algorithm s.............................................. 19 3.2 Block and Stream Symm etric Algorithm s.................................................................. 21 3.3 Security and the ADS-B Environm ent ................................................................... 22 4. M ode S Extended Squitter.............................................................................................. 25 4.1 M ilitary M ode S System Description..................................................................... 25 4.2 DF 17 Extended Squitter ....................................................................................... 29 4.3 M ode S Parity Encoding......................................................................................... 33 5. Encryption ........................................................................................................................ 37 5.1 DF 19 Squitter Composition.................................................................................. 39 5.1.1 DF 17 Civil Squitter Description............................................................... 40 5.1.2 DF 19 Form at Considerations .................................................................. 41 5.1.3 Sum m ary ................................................................................................. 44 5.2 Case Against Stream Algorithm s ............................................................................... 44 5.2.1 Self-Synchronizing Stream Algorithm s ........................................................ 45 5.2.2 Synchronous Stream Algorithm s.................................................................. 45 3 5.2.3 Tim e Synchronization Requirem ent .......................................................... 46 5.3 Block A lgorithm s and M odes ................................................................................ 49 5.3.1 Cryptographic M odes................................................................................. 50 5.3.2 Requirem ents for ECB and CBC M odes ................................................... 53 5.3.3 Trade-off Between ECB and CBC M odes ................................................. 57 5.3.4 Sum m ary ................................................................................................. 58 5.4 Authentication and Integrity .................................................................................. 58 5.4.1 Authentication and Integrity Through Encryption .................................... 59 5.4.2 Checksum s and M essage Authentication Codes ........................................ 64 5.4.3 Sum m ary ................................................................................................. 65 5.5 Irregular Block Size................................................................................................ 65 5.6 Sym m etric Keys .................................................................................................... 68 5.6.1 DF 19 Adversaries .................................................................................... 69 5.6.2 Keylength Estim ates ................................................................................ 69 5.6.3 A ssets for a Brute-Force Attack ................................................................ 70 5.6.4 Security for the lifetim e of DF 19............................................................. 72 5.6.5 Key Validity Interval ................................................................................ 73 5.6.6 Sum m ary ................................................................................................. 73 6. Conclusions and Recom m ended Research..................................................................... 75 6.1 Recom m endations for a Feasible Encryption System ............................................. 75 6.1.1 System Recom mendations ........................................................................... 75 6.1.2 DF 19 Form at Issues ................................................................................ 76 6.1.3 Encryption Feasibility and Recom m endations..........................................