CN106961329B - Method for solving confidentiality and integrity of ADS-B protocol - Google Patents

Method for solving confidentiality and integrity of ADS-B protocol Download PDF

Info

Publication number
CN106961329B
CN106961329B CN201710179121.0A CN201710179121A CN106961329B CN 106961329 B CN106961329 B CN 106961329B CN 201710179121 A CN201710179121 A CN 201710179121A CN 106961329 B CN106961329 B CN 106961329B
Authority
CN
China
Prior art keywords
message
ads
key
verification code
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710179121.0A
Other languages
Chinese (zh)
Other versions
CN106961329A (en
Inventor
杨浩淼
姚铭轩
何伟超
黄云帆
金保隆
冉鹏
汪小芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201710179121.0A priority Critical patent/CN106961329B/en
Publication of CN106961329A publication Critical patent/CN106961329A/en
Application granted granted Critical
Publication of CN106961329B publication Critical patent/CN106961329B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/02Protocol performance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/03Protocol definition or specification 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/06Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for solving confidentiality and integrity of an ADS-B protocol, belonging to the technical field of applied cryptography; a method for solving confidentiality and completeness of an ADS-B protocol comprises the steps that a trusted third party configures security parameters, an airplane receives the security parameters to complete encryption and send ADS-B messages, and a receiver receives the ADS-B messages for verification. The invention can realize the guarantee of confidentiality and integrity of the traditional plaintext broadcast transmission message on the basis of being compatible with the current ADS-B protocol format.

Description

Method for solving confidentiality and integrity of ADS-B protocol
Technical Field
The invention belongs to the field of aviation communication, and particularly relates to a method for solving confidentiality and integrity of an ADS-B protocol.
Background
Due to unprecedented developments in the field of aviation in recent years, more and more people have begun to choose to ride an aircraft as a vehicle for long-distance travel. Meanwhile, the aviation accident rate is also increased. Such as recent horse navigation events, have raised global concerns about aviation safety.
The basic data format of ADS-B is shown in figure 1,
(i) DF (DownlinkFormat) field
The DF field is 5 bits in length to distinguish different downlink formats (downlinkformats). The value of DF may be 17, 18 or 19. DF is 17 for S mode answering machine sends ADS-B message; DF is 18 for the non-S mode answering machine to send ADS-B message or TIS-B message; DF 19 is for military use and non-military applications do not involve this type of message.
(ii) The CA/CF (Capability/codeFormat) field
The CA/CF field is 3 bits in length and has different meanings at different DF values. When DF is 17, this field is the CA field, meaning the capabilities of the S-mode transponder; when DF is 18, the field is a CF field, meaning is a coding format (CodeFormat), and is used to distinguish the content of the ME field, the type of the AA address, and two types of special messages; when CF is 0 or 1, the message is ADS-B message.
(iii) AA (ICAO24 Aircraftdress) field
The AA field is 24 bits in length and contains address information of the transmitting device. The types of addresses are of two types: an ICAO address and a non-ICAO address. The ICAO address is an address of an aircraft and the non-ICAO address is an anonymous address, a ground vehicle address, or a surface obstacle address.
(iv) DATA (Dataframe) field
The length of the DATA field is 56 bits, and the DATA field contains service DATA of an ADS-B message, which is called an ADS-B service message. The format of the DATA field will be further explained in the ADS-B service message.
(v) PI (ParityCheck) field
The PI field is 24 bits in length, is a downlink field, and means Parity (Parity) and Identity (Identity). This field contains the parity of the Code Label (CL) and the Interrogator Code (IC).
TABLE 1
Figure GDA0002217803300000021
In order to ensure the compatibility of the method to the original ADS-B protocol, we emphasize the TC field, and the ADS-B message contains different information when the TypeCode has different values. 33bit-37bit of the Dataframe (33bit-88bit) is TC (TypeCode), and if the value of TypeCode is different, the message contained in the ADS-B message is also different. In the present scheme, the ADS-B reservation message is represented by TC 25, that is, the airplane does not parse such message.
ADS-B has become of increasing interest to all parties in recent years as part of the United states' next generation air transport system. The European Union stipulates that its member nations will enforce the use of ADS-B before 2020. However, according to the ADS-B aviation field broadcast communication protocol, all ADS-B messages generated by all airplanes and containing important information such as position, speed and the like are broadcast on a specified channel in a plaintext form through ADS-B-out equipment equipped for the airplanes. This also weakens the security of the ADS-B protocol, because any attacker equipped with the ADS-B receiver can listen to the message broadcast by the airplane by modulating the frequency band at 1090MHz, thereby obtaining the sensitive information of the airplane, such as the position, the speed, etc. For the active attacker, on the basis of receiving the ADS-B message, a false message can be generated through the message memorability modification of the ADS-B message and is sent to the 1090MHz channel through the ADS-B transmitter, which undoubtedly threatens the safety of the airplane.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a method for solving the confidentiality and the integrity of an ADS-B protocol, which is used for encrypting the original ADS-B message on the basis of not modifying the ADS-B aeronautical communication protocol so as to ensure the confidentiality of sensitive data; providing a message authentication function to ensure the integrity of the message; meanwhile, the scheme has fault tolerance to the packet loss problem existing in the natural environment broadcasting.
In order to achieve the above object, the present invention comprises the steps of:
step 1: the trusted third party generates security parameters required by encryption and message verification for each airplane applying ADS-B, distributes the security parameters to each airplane through a security channel, and broadcasts the security parameters to the airplanes through a broadcast channel;
step 2: each airplane receives the safety parameters through the ADS-B Transponder in the flight process, generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to an ADS-B transmitter;
and step 3: and the receiver receives the ADS-B message for verification.
In the above technical method, the step 1 of generating security parameters required for encryption and message verification for each airplane to which ADS-B is applied by a trusted third party, distributing the security parameters to each airplane through a security channel, and broadcasting the security parameters to the airplane through a broadcast channel includes the following steps:
step 1.1: selecting safety parameters by each airplane applying ADS-B of a trusted third party and generating a key required by encryption and parameters required by encryption through an algorithm;
step 1.2: the trusted third party substitutes the key required by encryption and the parameters required by encryption into an encryption algorithm formula to generate a pseudonym;
step 1.3: the trusted third party selects different random keys for each airplane applying ADS-B as the nth key of the key chain, and generates a key chain which can only be derived in one way by applying a one-way hash function F;
step 1.4: distributing the two-tuple [ pseudonym, key link ] to the airplane through a secure channel, and broadcasting the two-tuple [ pseudonym, first key ] to the airplane through a broadcast channel;
in the above technical method, in the step 2, after receiving the security parameters through the ADS-btransporter, each aircraft generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to the ADS-B transmitter, so as to ensure the compatibility of the generated ADS-B message with the original ADS-B protocol, and the method includes the following steps:
step 2.1: reception of parameters required for encryption: the aircraft receives a pseudonym and a secret key in the security parameters from the trusted third party;
step 2.2: input of a constructed message verification code: taking out the ith-1 chain key from the key chain, and obtaining the ith-1 short key through a truncation function; using the Data field in the original message and the key used by the previous message as the input of the message verification code algorithm; taking out the ith chain key from the key chain, calculating the ith short key, and taking the ith short key as the other input of the message authentication code algorithm;
step 2.3: generating a message verification code: substituting a Data field in the original message, a key used by the previous message and an ith short key into a message verification code algorithm formula to generate a message verification code;
step 2.4: and (3) completing encryption and sending a message: replacing the original identity code ICAO by the received pseudonym, using the generated message authentication code and the key used by the previous message as a Data field of the new ADS-B message, constructing the ith message, and broadcasting the ith message to a receiver through a 1090MHz channel.
In the above technical method, the step 3, when the receiver receives the ADS-B message and checks that the message is not lost, includes the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: after the ith message is received, the (i-1) th short key in the Data field of the new message is taken out, the residual part of the Data field in the cache after the (i-1) th message verification code is removed is taken out, the (i-2) th short key is obtained by using the (i-1) th short key through a truncation function, and the (i-2) th short key is compared with the residual part of the Data field in the cache after the (i-1) th message verification code is removed. If the two signals are the same, jumping to 3.3, otherwise, jumping to 3.5;
step 3.3: taking out the (i-1) th message verification code from the cache, obtaining the (i-1) th new message verification code through a message verification code algorithm, comparing the (i-1) th message verification code in the cache with the (i-1) th new message verification code, if the (i-1) th message verification code is the same as the (i-1) th new message verification code, skipping 3.4 if the verification is successful, otherwise skipping 3.5;
step 3.4: reading the (i-1) th message, analyzing the original Data field of the ADS-B message in the cache, and caching the latest (i) th message;
step 3.5: the check fails and the newly received packet is discarded.
In the above technical method, when the receiver receives the ADS-B message and checks that the message is lost in step 3, the method includes the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: taking out the residual part and the i-1 message verification code after the i-1 message verification code is removed from the Data field in the cache, taking out the i + m-1 short key from the DATA field of the new message, deriving forward through a truncation function to obtain the i-2 front short key, comparing the i-2 front short key with the i-2 short key, if the two keys are the same, jumping to 3.3, otherwise jumping to 3.5;
step 3.3: backwards returning a key distance, obtaining an i-1 th short key through a truncation function, obtaining an i-1 th new message verification code through a message verification code algorithm by the i-1 th short key, comparing the i-1 th new message verification code with the i-1 th message verification code, if the i-1 th new message verification code is the same as the i-1 th new message verification code, successfully checking and skipping by 3.4, otherwise skipping by 3.5;
step 3.4: reading the (i-1) th message packet, analyzing the original Data field of the ADS-B message in the cache, and caching the (i) th message packet;
step 3.5: the check fails and the newly received packet is discarded.
In the technical method, the encryption algorithm adopts FFX, and the message authentication code algorithm adopts HMAC-MD5 based on a key chain.
In the above technical method, the number of the pseudonyms received in step 2.1 is the same as the number of ICAO bits in step 2.4; in step 2.3, for the generation of the message authentication code and the construction of the ADS-B message, the TC field value in the Data field of the new ADS-B message containing the authentication code is 25.
Because the invention adopts the technical method, the invention has the following beneficial effects:
(1) in the actual execution process, the format of the encryption result is the same as that of the plaintext in the original message, so that the compatibility of the original ADS-B protocol is ensured, and the integrity of the broadcast communication protocol in the ADS-B aviation field is promoted;
(2) the message authentication code is connected with a previous key in a key chain and then is filled into a reserved ADS-B message with TC (25), so that the message authentication code data in the message authentication code can not be analyzed into relevant position information by an airplane, and the compatibility of the original ADS-B protocol is also ensured;
(3) the key for generating the message authentication code is based on the key chain and the delayed authentication technology, so that developers can replace the key regularly without notifying all terminals of a new key, and the confidentiality and the safety of the broadcast communication protocol in the ADS-B aviation field are effectively improved;
(4) the key chain of the invention is based on the unidirectional property of the key chain, and can still authenticate the message to be authenticated under the condition that the ADS-B message is lost, thereby ensuring the fault tolerance of the scheme to the heat preservation loss in the actual application.
Drawings
FIG. 1 is a schematic overall flow diagram of the process;
FIG. 2 is a diagram of an ADS-B message format;
FIG. 3 is a diagram of a method of constructing a packet;
FIG. 4 is a system model diagram of an application environment.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
The invention provides a method for solving the confidentiality and the integrity of an ADS-B protocol, which has good effect on the compatibility of the generated ADS-B message to the original ADS-B protocol while encrypting and generating a message verification code. The overall flow diagram of the whole scheme is shown in fig. 1, and comprises the following steps:
the avro file contains the original ADS-B message and other information such as sensor numbers.
In the Java program, the reading and the parsing of the avro file can be realized by using an org. The rawADS-B message is read through org, OpenSky, example, Modesencoded message provided by OpenSky, and the specified digits can be read out because the format of the ADS-B message is fixed. FFX encryption is realized by adding an encryption method in the ModosencodedMessage.
In the encryption process, the Java program transmits the rawmessage to the Python program in a parameter transmission mode. High-precision operation is realized through a gmpy packet in a Python program, AES encryption is directly realized through a crypto packet, and an FFX encryption algorithm is realized through programming on the basis of the AES encryption; generating a key chain required by a later generation message verification code by using a hashlib library of Python; and (5) communicating the hmac library file to simulate the generation of a message authentication code.
As shown in FIG. 2, the Python program encrypts ICAO and K'i-1||ΓiAnd then transmitted back to the Java program. The Java program is responsible for replacing the original ICAO with the PidAnd adding new ADS-B message after the original message, wherein the TC field is set to 25 to indicate that the ADS-B message is a reserved message, and the Data field is used for storing K'i-1||Γi
Because the basic requirement of the scheme is to ensure the compatibility with the original ADS-B protocol, for the convenience of final testing, after generating a new ADS-B message, the new ADS-B message is written into an Avro file by using a JavaAPI interface org, OpenSky, example, Modosendodmessage provided by OpenSky, and the Avro file is converted into an xml file which can be recognized by GoogleEarth, and the compatibility with the original ADS-B protocol is judged by comparing whether tracks on GoogleEarth before and after the file are the same or not.
The invention realizes the guarantee of confidentiality and integrity of the traditional plaintext broadcast transmission message on the basis of being compatible with the current ADS-B protocol format, and the whole method realizes the flow chart as shown in figure 1 and comprises the following steps:
step 1: initializing a trusted third party system: the trusted third party generates security parameters required by encryption and message verification codes for each airplane applying ADS-B, distributes the security parameters to each airplane through a security channel, and broadcasts the security parameters through a broadcast channel, and the steps are as follows:
a. the trusted third party selects a security parameter lambda and executes an algorithm theta (lambda) to generate a key required by encryption for each airplane applying ADS-B
Figure GDA0002217803300000071
And a parameter T required for encryptioniWherein
Figure GDA0002217803300000072
b. Trusted third party executing encryption algorithm
Figure GDA0002217803300000073
The identity code is encrypted, and a corresponding pseudonymous pid is generated for each airplaneiWherein ICAOiThe ID code is a 24-bit ID code stored in AA field of ADS-B message;
c. can be used forSelecting different random secret keys K for each airplane applying ADS-B by a third partynUsing the nth key as the key chain and applying a one-way hash function F to run Fv(x)=F(Fv-1(x) Generate a key chain keycin ═ (K) that can only be derived in one direction1,K2,...,Kn);
d. Will binary sigma1=(pidiKeychain) is distributed to aircraft over a secure channel and σ is distributed2=(pidi,K1) Broadcast to the aircraft over a broadcast channel.
Step 2: after receiving the safety parameters through the ADS-BTransponder in the flight process, each airplane generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to an ADS-B transmitter, and the processing steps are as follows:
a. reception of parameters required for encryption: receiving a pseudonym and a secret key from a trusted third party;
b. input of a constructed message verification code: for the ith ADS-B message, take the ith-1 chain key K from the keychaini-1And obtaining a short key K 'corresponding to the i-1 chain key by truncating a function F (x)'i-1=F′(Ki-1) (ii) a Data field in original message and key used by previous message<Mi||K′i-1>Taking out the ith chain key K from the key chain as input of message authentication code algorithmiIs through K'i=F′(Ki) Computing ith short Key K'iIth short Key K'iAs another input to the message authentication code algorithm;
c. generating a message verification code: will ith short secret key K'iAnd the Data field in the original message together with the key used by the previous message<Mi||K′i-1>Substituting message authentication code algorithm formula
Figure GDA0002217803300000074
Obtaining a message authentication code gammai
d. Data field construction and message sending construction: replacing the original ICAO by the received pseudonym pid, and generating the messageThe authentication code is associated with the key Data used by the previous messagei=<Mi||K′i-1||Γi>As Data field of new ADS-B message, the ith message P is constructedi=<Head||pidi||Datai||PIi>(Head is ADS-B header; Pid is generated pseudonym; Data is Data field; PI is parity word), and the ith packet PiBroadcast to the recipient over a 1090MHz channel.
And step 3: the receiving party receives ADS-B message for checking, and for the ideal condition that no message is lost, the steps are as follows:
a. receives the i-1 th message Pi-1Then caching;
b. waiting to receive the ith message PiThen, removing the residual part D after the i-1 st message verification code in the Data field in the cachei-1=<Mi-1||K′i-2>(Mi-1Is an original data field, K 'in the (i-1) ADS-B message'i-2For the i-2 th short key) and from the i-th message PiTakes out the i-1 th short key K'i-1Calculating the i-2 th short key K ″)i-2=F′(F(K′i-1) K ') are prepared'i-2∈Di-1Comparing, if the two are the same, executing c, otherwise, skipping d;
c. fetching the i-1 th message authentication code gamma from the bufferi-1By message authentication code algorithm
Figure GDA0002217803300000081
Calculate the i-1 st new message authentication code Γ'i-1(ii) a Comparing gammai-1And Γ'i-1If the sizes of the messages are the same, the verification is successful, and the message P from the i-1 th message is selectedi-1Reads the information and caches the ith message PiOtherwise, skipping d;
d. the check fails and the newly received packet is discarded.
And step 3: the receiving party receives ADS-B message for checking, and the steps are as follows for the condition of message loss:
a. receives the i-1 th message Pi-1Then caching;
b. waiting to receive the (i + m) th message Pi+mThen, removing the residual part D after the i-1 st message verification code in the Data field in the cachei-1=<Mi-1||K′i-2>And the i-1 th message authentication code Гi-1Taking out; from the i + m th packet Pi+mTakes out the (i + m-1) th short secret key K'i+m-1By means of a truncation function K ″)i-2=F′(Fm(K′i+m-1) Calculate the i-2 th short key, let K ″)i-2From K'i-2Comparing; if the two are the same, skipping c, otherwise skipping d;
c. through K'i-1=F′(Fm-1(K′i+m-1) Computing the i-1 th short key with a key distance back, passing through the message authentication code algorithm
Figure GDA0002217803300000091
Calculate the (i) -1 st new message authentication code and convert the (i-1) th new message authentication code Γ'i-1The same as the i-1 message authentication code gammai-1Comparing; if the two are the same, the verification is successful; otherwise, skipping d;
d. the check fails and the newly received packet is discarded.

Claims (5)

1. A solution for confidentiality and integrity of ADS-B protocol comprises the following steps:
step 1: the trusted third party generates security parameters required by encryption and message verification for each airplane applying ADS-B, distributes the security parameters to each airplane through a security channel, and broadcasts the security parameters to the airplanes through a broadcast channel;
step 2: after receiving the safety parameters through the ADS-BTransponder in the flight process, each airplane generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to an ADS-B transmitter;
and step 3: the receiver receives the ADS-B message for verification;
the encryption algorithm adopts FFX, and the message authentication code algorithm adopts HMAC-MD5 based on a key chain;
the step 1 comprises the following steps:
step 1.1: the trusted third party selects safety parameters for each airplane applying ADS-B and generates a key required by encryption and parameters required by encryption through an algorithm;
step 1.2: the trusted third party substitutes the key required by encryption and the parameters required by encryption into an encryption algorithm formula to generate a pseudonym;
step 1.3: the trusted third party selects different random keys as nth keys of the key chain for each airplane applying ADS-B, and generates a key chain which can be derived in one direction by using a one-way hash function F, wherein n is a positive integer greater than 1;
step 1.4: the doublet [ pseudonym, key association ] is distributed to the aircraft over a secure channel and the doublet [ pseudonym, first key ] is broadcast to the aircraft over a broadcast channel.
2. The solution for ADS-B protocol confidentiality and integrity according to claim 1, wherein: the step 2 of ensuring the generated ADS-B message to be compatible with the original ADS-B protocol includes the following steps:
step 2.1: receiving parameters required for encryption: the aircraft receives a pseudonym and a secret key in the security parameters from the trusted third party;
step 2.2: constructing the input quantity of the message verification code: taking out the ith-1 chain key from the key chain, and obtaining the ith-1 short key through a truncation function; taking a Data field in an original message and a key used by a previous message as input quantity of a message verification code algorithm; taking out the ith chain key from the key chain, calculating the ith short key, and taking the ith short key as another input quantity of the message authentication code algorithm, wherein i is a positive integer greater than 1;
step 2.3: generating a message verification code: substituting a Data field in the original message, a key used by the previous message and an ith short key into a message verification code algorithm formula to generate a message verification code;
step 2.4: and (3) completing encryption and sending a message: replacing the original identity code ICAO by the received pseudonym, using the generated message authentication code and the key used by the previous message as a Data field of the new ADS-B message, constructing the ith message, and broadcasting the ith message to a receiver through a 1090MHz channel.
3. The solution for ADS-B protocol confidentiality and integrity according to claim 1, wherein: if the message is not lost in the step 3, the method comprises the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: after receiving the ith message, taking out the (i-1) th short key in the Data field of the new message, taking out the residual part in the Data field in the cache after the (i-1) th message verification code is removed, obtaining the (i-2) th short key by using the (i-1) th short key through a truncation function, and comparing the (i-2) th short key with the residual part in the Data field in the cache after the (i-1) th message verification code is removed; if the two signals are the same, jumping to 3.3, otherwise, jumping to 3.5;
step 3.3: taking out the (i-1) th message verification code from the cache, obtaining the (i-1) th new message verification code through a message verification code algorithm, comparing the (i-1) th message verification code in the cache with the (i-1) th new message verification code, if the (i-1) th message verification code is the same as the (i-1) th new message verification code, skipping 3.4 if the verification is successful, otherwise skipping 3.5;
step 3.4: reading the (i-1) th message, analyzing the original Data field of the ADS-B message in the cache, and caching the latest (i) th message;
step 3.5: the check fails and the newly received packet is discarded.
4. The solution for ADS-B protocol confidentiality and integrity according to claim 1, wherein: if the message is lost in the step 3, the method comprises the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: after an i + m message is received, taking out the part and the i-1 message verification code which are left in a Data field in a cache after the i-1 message verification code is removed, taking out an i + m-1 short key from a Data field of a new message, carrying out forward derivation through a truncation function to obtain an i-2 front short key, comparing the i-2 front short key with the i-2 short key, if the i-2 front short key is the same as the i-2 short key, jumping to 3.3, otherwise, jumping to 3.5, wherein m is a positive integer greater than 1;
step 3.3: backwards returning a key distance, obtaining an i-1 th short key through a truncation function, obtaining an i-1 th new message verification code through a message verification code algorithm by the i-1 th short key, comparing the i-1 th new message verification code with the i-1 th message verification code, if the i-1 th new message verification code is the same as the i-1 th new message verification code, successfully checking and skipping by 3.4, otherwise skipping by 3.5;
step 3.4: reading the (i-1) th message packet, analyzing the original Data field of the ADS-B message in the cache, and caching the (i) th message packet;
step 3.5: the check fails and the newly received packet is discarded.
5. The solution for ADS-B protocol confidentiality and integrity according to claim 3, wherein: the pseudonym received in step 2.1 has the same number of ICAO bits as in step 2.4; step 2.3; for the generation of the message authentication code and the construction of the ADS-B message, the TC field value in the Data field of the new ADS-B message containing the message authentication code is 25.
CN201710179121.0A 2017-03-23 2017-03-23 Method for solving confidentiality and integrity of ADS-B protocol Expired - Fee Related CN106961329B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710179121.0A CN106961329B (en) 2017-03-23 2017-03-23 Method for solving confidentiality and integrity of ADS-B protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710179121.0A CN106961329B (en) 2017-03-23 2017-03-23 Method for solving confidentiality and integrity of ADS-B protocol

Publications (2)

Publication Number Publication Date
CN106961329A CN106961329A (en) 2017-07-18
CN106961329B true CN106961329B (en) 2020-02-14

Family

ID=59471259

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710179121.0A Expired - Fee Related CN106961329B (en) 2017-03-23 2017-03-23 Method for solving confidentiality and integrity of ADS-B protocol

Country Status (1)

Country Link
CN (1) CN106961329B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109145614A (en) * 2018-07-12 2019-01-04 电子科技大学 The aircraft method for secret protection of low-cost in a kind of General Aviation
CN109033878B (en) * 2018-08-08 2021-04-16 莆田学院 File storage verification method and storage medium
CN110764784B (en) * 2019-10-24 2023-05-30 北京智游网安科技有限公司 Method for identifying three-party SO (SO) file, intelligent terminal and storage medium
CN112669650B (en) * 2020-12-01 2022-12-13 广西综合交通大数据研究院 Privacy protection method, system and storage medium based on ADS-B message
CN112866927A (en) * 2021-01-11 2021-05-28 四川九洲空管科技有限责任公司 Dynamic encryption method and decryption method for ADS-B information
CN115134123B (en) * 2022-06-01 2023-05-05 北京航空航天大学 Anonymous safety conversation method and device for civil aviation ACARS ground-air data link

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917273A (en) * 2010-08-26 2010-12-15 四川大学 ECC certificate-based ADS-B data authentication method
CN102215077A (en) * 2011-06-13 2011-10-12 四川大学 Automatic dependence surveillance-broadcast (ADS-B) accurate target location encryption method
CN106411527A (en) * 2016-09-30 2017-02-15 北京邮电大学 Data authentication method in very-high-frequency data chain transmission

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7730307B2 (en) * 2006-04-07 2010-06-01 Sensis Corporation Secure ADS-B authentication system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917273A (en) * 2010-08-26 2010-12-15 四川大学 ECC certificate-based ADS-B data authentication method
CN102215077A (en) * 2011-06-13 2011-10-12 四川大学 Automatic dependence surveillance-broadcast (ADS-B) accurate target location encryption method
CN106411527A (en) * 2016-09-30 2017-02-15 北京邮电大学 Data authentication method in very-high-frequency data chain transmission

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ADS-B Data Authentication Based on AH Protocol;Ruidong Chen;《IEEE》;20131231;全文 *
基于UAT数据链的ADS-B系统加密研究;刘引川;《中国西部科技》;20111031;第10卷(第30期);全文 *

Also Published As

Publication number Publication date
CN106961329A (en) 2017-07-18

Similar Documents

Publication Publication Date Title
CN106961329B (en) Method for solving confidentiality and integrity of ADS-B protocol
US7730307B2 (en) Secure ADS-B authentication system and method
US7515715B2 (en) Information security for aeronautical surveillance systems
US8689339B2 (en) Method, system and apparatus for game data transmission
KR20140116144A (en) Method and system for secured communication of control information in a wireless network environment
CN110380842B (en) CAN bus message signature method, device and system suitable for intelligent network-connected automobile
Neish et al. Design and analysis of a public key infrastructure for SBAS data authentication
Sciancalepore et al. Auth-AIS: secure, flexible, and backward-compatible authentication of vessels AIS broadcasts
US20220294607A1 (en) Transport layer authenticity and security for automotive communication
CN110417724A (en) Application program logs in method, system, server and the terminal of state joint authentication
de Fuentes et al. Applying information hiding in VANETs to covertly report misbehaving vehicles
CN106453362A (en) Data transmission method and apparatus of vehicle-mounted device
Mäurer et al. Advancing the Security of LDACS
CN105376236B (en) Mobile device information transmitting methods
Liu et al. Blockchain enabled secure authentication for unmanned aircraft systems
CN105246172A (en) Network transmission method for mobile terminals
CN111628959B (en) Large-scale unmanned aerial vehicle group security authentication mechanism based on random label
Kacem et al. Secure ADS-B design & evaluation
CN105430430B (en) Intelligent terminal network communication means
Yang et al. Secure Automatic Dependent Surveillance-Broadcast Systems
CN111869160B (en) Method and apparatus for secure transmission of a message from a transmitting device to a receiving device
CN113383514A (en) Method for authenticating messages in resource-constrained systems
JP2003512784A (en) Video signal authentication system
CN113302961B (en) Safety beacon
Yang et al. Complete ADS-B Security Solution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200214

CF01 Termination of patent right due to non-payment of annual fee