www.elsevier.com/locate/ijcip
Available online at www.sciencedirect.com
Enhancing the security of aircraft surveillance
in the next generation air traffic control system
Cindy Finke, Jonathan Butts
n
, Robert Mills, Michael Grimaila
Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio 45433, USA
article info
Article history:
Received 28 December 2012
Accepted 15 February 2013
Available online 20 February 2013
Keywords:
Air traffic control
ADS-B
NextGen
Format-preserving encryption
FFX algorithm
abstract
The U.S. air traffic control system is reliant on legacy systems that artificially limit air
traffic capacity. With the demand for air transportation increasing each year, the U.S.
Federal Aviation Administration has introduced the Next Generation (NextGen) upgrade to
modernize the air traffic control system. Automatic Dependent Surveillance-Broadcast
(ADS-B), a key component of the NextGen upgrade, enables an aircraft to generate and
broadcast digital messages that contain the GPS coordinates of aircraft. The incorporation
of ADS-B is intended to provide enhanced accuracy and efficiency of surveillance as well as
aircraft safety. The open design of the system, however, introduces some security
concerns. This paper evaluates the limitations of the legacy systems currently used in
air traffic control and explores the feasibility of employing format-preserving encryption,
specifically the FFX algorithm, in the ADS-B environment. The ability of the algorithm to
confuse and diffuse predictable message input is examined using message entropy as a
metric. Based on the analysis, recommendations are provided that highlight areas which
should be examined for inclusion in the ADS-B upgrade plan.
Published by Elsevier B.V.
1. Introduction
Despite the economic turmoil in the United States and abroad,
air travel and transportation have only seen modest drops in
activity. The most recent U.S. Federal Aviation Administration
(FAA) report [1] notes that civil aviation contributes $1.3 trillion
annually to the national economy, earning upward of $397
billion or about 5.2% of the gross domestic product. The
aviation industry generated more than 10 million jobs in
2009 alone and in excess of 730 million passengers utilized
air travel in 2011. Additionally, 26 cargo-only carriers operate
within the nation’s airspace to transport freight and mail; UPS
announced that its aircraft hauled an average of 2.2 million
packages in 2012 [20]. The United States is so heavily reliant on
the air transport industry that the Department of Homeland
Security has identified aviation as a key component of the
transportation critical infrastructure sector.
With the constant demand for faster travel and package
delivery, the volume of air traffic is expected to increase
considerably. In 2011, air traffic control centers handled 41.2
million aircraft, and this number is expected to increase by
50% over the next 20 years, significantly stressing the air
traffic control system [7]. For reasons of efficiency and cost
savings, flights are expected to bypass the established airline
hubs around which the air traffic network is currently
structured. The resulting concerns about air traffic safety
have provided the impetus to adapt the air traffic network
and upgrade legacy air traffic control systems under the Next
Generation (NextGen) plan.
The proposed changes include the upgrade to the Auto-
matic Dependent Surveillance-Broadcast (ADS-B) system.
The upgrade, however, introduces potential network-wide
vulnerabilities. This paper assesses the current state of
the air traffic control system, identifies the security risks
1874-5482/$ -see front matter Published by Elsevier B.V.
http://dx.doi.org/10.1016/j.ijcip.2013.02.001
n
Corresponding author.
E-mail address: jonathan.butts@afit.edu (J. Butts).
international journal of critical infrastructure protection 6 (2013) 3–11
