CN106961329B - Method for solving confidentiality and integrity of ADS-B protocol - Google Patents
Method for solving confidentiality and integrity of ADS-B protocol Download PDFInfo
- Publication number
- CN106961329B CN106961329B CN201710179121.0A CN201710179121A CN106961329B CN 106961329 B CN106961329 B CN 106961329B CN 201710179121 A CN201710179121 A CN 201710179121A CN 106961329 B CN106961329 B CN 106961329B
- Authority
- CN
- China
- Prior art keywords
- message
- ads
- key
- verification code
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000012795 verification Methods 0.000 claims abstract description 65
- 230000009191 jumping Effects 0.000 claims description 8
- 238000010276 construction Methods 0.000 claims description 4
- 238000009795 derivation Methods 0.000 claims 1
- 230000005540 biological transmission Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013100 final test Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/02—Protocol performance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for solving confidentiality and integrity of an ADS-B protocol, belonging to the technical field of applied cryptography; a method for solving confidentiality and completeness of an ADS-B protocol comprises the steps that a trusted third party configures security parameters, an airplane receives the security parameters to complete encryption and send ADS-B messages, and a receiver receives the ADS-B messages for verification. The invention can realize the guarantee of confidentiality and integrity of the traditional plaintext broadcast transmission message on the basis of being compatible with the current ADS-B protocol format.
Description
Technical Field
The invention belongs to the field of aviation communication, and particularly relates to a method for solving confidentiality and integrity of an ADS-B protocol.
Background
Due to unprecedented developments in the field of aviation in recent years, more and more people have begun to choose to ride an aircraft as a vehicle for long-distance travel. Meanwhile, the aviation accident rate is also increased. Such as recent horse navigation events, have raised global concerns about aviation safety.
The basic data format of ADS-B is shown in figure 1,
(i) DF (DownlinkFormat) field
The DF field is 5 bits in length to distinguish different downlink formats (downlinkformats). The value of DF may be 17, 18 or 19. DF is 17 for S mode answering machine sends ADS-B message; DF is 18 for the non-S mode answering machine to send ADS-B message or TIS-B message; DF 19 is for military use and non-military applications do not involve this type of message.
(ii) The CA/CF (Capability/codeFormat) field
The CA/CF field is 3 bits in length and has different meanings at different DF values. When DF is 17, this field is the CA field, meaning the capabilities of the S-mode transponder; when DF is 18, the field is a CF field, meaning is a coding format (CodeFormat), and is used to distinguish the content of the ME field, the type of the AA address, and two types of special messages; when CF is 0 or 1, the message is ADS-B message.
(iii) AA (ICAO24 Aircraftdress) field
The AA field is 24 bits in length and contains address information of the transmitting device. The types of addresses are of two types: an ICAO address and a non-ICAO address. The ICAO address is an address of an aircraft and the non-ICAO address is an anonymous address, a ground vehicle address, or a surface obstacle address.
(iv) DATA (Dataframe) field
The length of the DATA field is 56 bits, and the DATA field contains service DATA of an ADS-B message, which is called an ADS-B service message. The format of the DATA field will be further explained in the ADS-B service message.
(v) PI (ParityCheck) field
The PI field is 24 bits in length, is a downlink field, and means Parity (Parity) and Identity (Identity). This field contains the parity of the Code Label (CL) and the Interrogator Code (IC).
TABLE 1
In order to ensure the compatibility of the method to the original ADS-B protocol, we emphasize the TC field, and the ADS-B message contains different information when the TypeCode has different values. 33bit-37bit of the Dataframe (33bit-88bit) is TC (TypeCode), and if the value of TypeCode is different, the message contained in the ADS-B message is also different. In the present scheme, the ADS-B reservation message is represented by TC 25, that is, the airplane does not parse such message.
ADS-B has become of increasing interest to all parties in recent years as part of the United states' next generation air transport system. The European Union stipulates that its member nations will enforce the use of ADS-B before 2020. However, according to the ADS-B aviation field broadcast communication protocol, all ADS-B messages generated by all airplanes and containing important information such as position, speed and the like are broadcast on a specified channel in a plaintext form through ADS-B-out equipment equipped for the airplanes. This also weakens the security of the ADS-B protocol, because any attacker equipped with the ADS-B receiver can listen to the message broadcast by the airplane by modulating the frequency band at 1090MHz, thereby obtaining the sensitive information of the airplane, such as the position, the speed, etc. For the active attacker, on the basis of receiving the ADS-B message, a false message can be generated through the message memorability modification of the ADS-B message and is sent to the 1090MHz channel through the ADS-B transmitter, which undoubtedly threatens the safety of the airplane.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a method for solving the confidentiality and the integrity of an ADS-B protocol, which is used for encrypting the original ADS-B message on the basis of not modifying the ADS-B aeronautical communication protocol so as to ensure the confidentiality of sensitive data; providing a message authentication function to ensure the integrity of the message; meanwhile, the scheme has fault tolerance to the packet loss problem existing in the natural environment broadcasting.
In order to achieve the above object, the present invention comprises the steps of:
step 1: the trusted third party generates security parameters required by encryption and message verification for each airplane applying ADS-B, distributes the security parameters to each airplane through a security channel, and broadcasts the security parameters to the airplanes through a broadcast channel;
step 2: each airplane receives the safety parameters through the ADS-B Transponder in the flight process, generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to an ADS-B transmitter;
and step 3: and the receiver receives the ADS-B message for verification.
In the above technical method, the step 1 of generating security parameters required for encryption and message verification for each airplane to which ADS-B is applied by a trusted third party, distributing the security parameters to each airplane through a security channel, and broadcasting the security parameters to the airplane through a broadcast channel includes the following steps:
step 1.1: selecting safety parameters by each airplane applying ADS-B of a trusted third party and generating a key required by encryption and parameters required by encryption through an algorithm;
step 1.2: the trusted third party substitutes the key required by encryption and the parameters required by encryption into an encryption algorithm formula to generate a pseudonym;
step 1.3: the trusted third party selects different random keys for each airplane applying ADS-B as the nth key of the key chain, and generates a key chain which can only be derived in one way by applying a one-way hash function F;
step 1.4: distributing the two-tuple [ pseudonym, key link ] to the airplane through a secure channel, and broadcasting the two-tuple [ pseudonym, first key ] to the airplane through a broadcast channel;
in the above technical method, in the step 2, after receiving the security parameters through the ADS-btransporter, each aircraft generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to the ADS-B transmitter, so as to ensure the compatibility of the generated ADS-B message with the original ADS-B protocol, and the method includes the following steps:
step 2.1: reception of parameters required for encryption: the aircraft receives a pseudonym and a secret key in the security parameters from the trusted third party;
step 2.2: input of a constructed message verification code: taking out the ith-1 chain key from the key chain, and obtaining the ith-1 short key through a truncation function; using the Data field in the original message and the key used by the previous message as the input of the message verification code algorithm; taking out the ith chain key from the key chain, calculating the ith short key, and taking the ith short key as the other input of the message authentication code algorithm;
step 2.3: generating a message verification code: substituting a Data field in the original message, a key used by the previous message and an ith short key into a message verification code algorithm formula to generate a message verification code;
step 2.4: and (3) completing encryption and sending a message: replacing the original identity code ICAO by the received pseudonym, using the generated message authentication code and the key used by the previous message as a Data field of the new ADS-B message, constructing the ith message, and broadcasting the ith message to a receiver through a 1090MHz channel.
In the above technical method, the step 3, when the receiver receives the ADS-B message and checks that the message is not lost, includes the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: after the ith message is received, the (i-1) th short key in the Data field of the new message is taken out, the residual part of the Data field in the cache after the (i-1) th message verification code is removed is taken out, the (i-2) th short key is obtained by using the (i-1) th short key through a truncation function, and the (i-2) th short key is compared with the residual part of the Data field in the cache after the (i-1) th message verification code is removed. If the two signals are the same, jumping to 3.3, otherwise, jumping to 3.5;
step 3.3: taking out the (i-1) th message verification code from the cache, obtaining the (i-1) th new message verification code through a message verification code algorithm, comparing the (i-1) th message verification code in the cache with the (i-1) th new message verification code, if the (i-1) th message verification code is the same as the (i-1) th new message verification code, skipping 3.4 if the verification is successful, otherwise skipping 3.5;
step 3.4: reading the (i-1) th message, analyzing the original Data field of the ADS-B message in the cache, and caching the latest (i) th message;
step 3.5: the check fails and the newly received packet is discarded.
In the above technical method, when the receiver receives the ADS-B message and checks that the message is lost in step 3, the method includes the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: taking out the residual part and the i-1 message verification code after the i-1 message verification code is removed from the Data field in the cache, taking out the i + m-1 short key from the DATA field of the new message, deriving forward through a truncation function to obtain the i-2 front short key, comparing the i-2 front short key with the i-2 short key, if the two keys are the same, jumping to 3.3, otherwise jumping to 3.5;
step 3.3: backwards returning a key distance, obtaining an i-1 th short key through a truncation function, obtaining an i-1 th new message verification code through a message verification code algorithm by the i-1 th short key, comparing the i-1 th new message verification code with the i-1 th message verification code, if the i-1 th new message verification code is the same as the i-1 th new message verification code, successfully checking and skipping by 3.4, otherwise skipping by 3.5;
step 3.4: reading the (i-1) th message packet, analyzing the original Data field of the ADS-B message in the cache, and caching the (i) th message packet;
step 3.5: the check fails and the newly received packet is discarded.
In the technical method, the encryption algorithm adopts FFX, and the message authentication code algorithm adopts HMAC-MD5 based on a key chain.
In the above technical method, the number of the pseudonyms received in step 2.1 is the same as the number of ICAO bits in step 2.4; in step 2.3, for the generation of the message authentication code and the construction of the ADS-B message, the TC field value in the Data field of the new ADS-B message containing the authentication code is 25.
Because the invention adopts the technical method, the invention has the following beneficial effects:
(1) in the actual execution process, the format of the encryption result is the same as that of the plaintext in the original message, so that the compatibility of the original ADS-B protocol is ensured, and the integrity of the broadcast communication protocol in the ADS-B aviation field is promoted;
(2) the message authentication code is connected with a previous key in a key chain and then is filled into a reserved ADS-B message with TC (25), so that the message authentication code data in the message authentication code can not be analyzed into relevant position information by an airplane, and the compatibility of the original ADS-B protocol is also ensured;
(3) the key for generating the message authentication code is based on the key chain and the delayed authentication technology, so that developers can replace the key regularly without notifying all terminals of a new key, and the confidentiality and the safety of the broadcast communication protocol in the ADS-B aviation field are effectively improved;
(4) the key chain of the invention is based on the unidirectional property of the key chain, and can still authenticate the message to be authenticated under the condition that the ADS-B message is lost, thereby ensuring the fault tolerance of the scheme to the heat preservation loss in the actual application.
Drawings
FIG. 1 is a schematic overall flow diagram of the process;
FIG. 2 is a diagram of an ADS-B message format;
FIG. 3 is a diagram of a method of constructing a packet;
FIG. 4 is a system model diagram of an application environment.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
The invention provides a method for solving the confidentiality and the integrity of an ADS-B protocol, which has good effect on the compatibility of the generated ADS-B message to the original ADS-B protocol while encrypting and generating a message verification code. The overall flow diagram of the whole scheme is shown in fig. 1, and comprises the following steps:
the avro file contains the original ADS-B message and other information such as sensor numbers.
In the Java program, the reading and the parsing of the avro file can be realized by using an org. The rawADS-B message is read through org, OpenSky, example, Modesencoded message provided by OpenSky, and the specified digits can be read out because the format of the ADS-B message is fixed. FFX encryption is realized by adding an encryption method in the ModosencodedMessage.
In the encryption process, the Java program transmits the rawmessage to the Python program in a parameter transmission mode. High-precision operation is realized through a gmpy packet in a Python program, AES encryption is directly realized through a crypto packet, and an FFX encryption algorithm is realized through programming on the basis of the AES encryption; generating a key chain required by a later generation message verification code by using a hashlib library of Python; and (5) communicating the hmac library file to simulate the generation of a message authentication code.
As shown in FIG. 2, the Python program encrypts ICAO and K'i-1||ΓiAnd then transmitted back to the Java program. The Java program is responsible for replacing the original ICAO with the PidAnd adding new ADS-B message after the original message, wherein the TC field is set to 25 to indicate that the ADS-B message is a reserved message, and the Data field is used for storing K'i-1||Γi。
Because the basic requirement of the scheme is to ensure the compatibility with the original ADS-B protocol, for the convenience of final testing, after generating a new ADS-B message, the new ADS-B message is written into an Avro file by using a JavaAPI interface org, OpenSky, example, Modosendodmessage provided by OpenSky, and the Avro file is converted into an xml file which can be recognized by GoogleEarth, and the compatibility with the original ADS-B protocol is judged by comparing whether tracks on GoogleEarth before and after the file are the same or not.
The invention realizes the guarantee of confidentiality and integrity of the traditional plaintext broadcast transmission message on the basis of being compatible with the current ADS-B protocol format, and the whole method realizes the flow chart as shown in figure 1 and comprises the following steps:
step 1: initializing a trusted third party system: the trusted third party generates security parameters required by encryption and message verification codes for each airplane applying ADS-B, distributes the security parameters to each airplane through a security channel, and broadcasts the security parameters through a broadcast channel, and the steps are as follows:
a. the trusted third party selects a security parameter lambda and executes an algorithm theta (lambda) to generate a key required by encryption for each airplane applying ADS-BAnd a parameter T required for encryptioniWherein
b. Trusted third party executing encryption algorithmThe identity code is encrypted, and a corresponding pseudonymous pid is generated for each airplaneiWherein ICAOiThe ID code is a 24-bit ID code stored in AA field of ADS-B message;
c. can be used forSelecting different random secret keys K for each airplane applying ADS-B by a third partynUsing the nth key as the key chain and applying a one-way hash function F to run Fv(x)=F(Fv-1(x) Generate a key chain keycin ═ (K) that can only be derived in one direction1,K2,...,Kn);
d. Will binary sigma1=(pidiKeychain) is distributed to aircraft over a secure channel and σ is distributed2=(pidi,K1) Broadcast to the aircraft over a broadcast channel.
Step 2: after receiving the safety parameters through the ADS-BTransponder in the flight process, each airplane generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to an ADS-B transmitter, and the processing steps are as follows:
a. reception of parameters required for encryption: receiving a pseudonym and a secret key from a trusted third party;
b. input of a constructed message verification code: for the ith ADS-B message, take the ith-1 chain key K from the keychaini-1And obtaining a short key K 'corresponding to the i-1 chain key by truncating a function F (x)'i-1=F′(Ki-1) (ii) a Data field in original message and key used by previous message<Mi||K′i-1>Taking out the ith chain key K from the key chain as input of message authentication code algorithmiIs through K'i=F′(Ki) Computing ith short Key K'iIth short Key K'iAs another input to the message authentication code algorithm;
c. generating a message verification code: will ith short secret key K'iAnd the Data field in the original message together with the key used by the previous message<Mi||K′i-1>Substituting message authentication code algorithm formulaObtaining a message authentication code gammai;
d. Data field construction and message sending construction: replacing the original ICAO by the received pseudonym pid, and generating the messageThe authentication code is associated with the key Data used by the previous messagei=<Mi||K′i-1||Γi>As Data field of new ADS-B message, the ith message P is constructedi=<Head||pidi||Datai||PIi>(Head is ADS-B header; Pid is generated pseudonym; Data is Data field; PI is parity word), and the ith packet PiBroadcast to the recipient over a 1090MHz channel.
And step 3: the receiving party receives ADS-B message for checking, and for the ideal condition that no message is lost, the steps are as follows:
a. receives the i-1 th message Pi-1Then caching;
b. waiting to receive the ith message PiThen, removing the residual part D after the i-1 st message verification code in the Data field in the cachei-1=<Mi-1||K′i-2>(Mi-1Is an original data field, K 'in the (i-1) ADS-B message'i-2For the i-2 th short key) and from the i-th message PiTakes out the i-1 th short key K'i-1Calculating the i-2 th short key K ″)i-2=F′(F(K′i-1) K ') are prepared'i-2∈Di-1Comparing, if the two are the same, executing c, otherwise, skipping d;
c. fetching the i-1 th message authentication code gamma from the bufferi-1By message authentication code algorithmCalculate the i-1 st new message authentication code Γ'i-1(ii) a Comparing gammai-1And Γ'i-1If the sizes of the messages are the same, the verification is successful, and the message P from the i-1 th message is selectedi-1Reads the information and caches the ith message PiOtherwise, skipping d;
d. the check fails and the newly received packet is discarded.
And step 3: the receiving party receives ADS-B message for checking, and the steps are as follows for the condition of message loss:
a. receives the i-1 th message Pi-1Then caching;
b. waiting to receive the (i + m) th message Pi+mThen, removing the residual part D after the i-1 st message verification code in the Data field in the cachei-1=<Mi-1||K′i-2>And the i-1 th message authentication code Гi-1Taking out; from the i + m th packet Pi+mTakes out the (i + m-1) th short secret key K'i+m-1By means of a truncation function K ″)i-2=F′(Fm(K′i+m-1) Calculate the i-2 th short key, let K ″)i-2From K'i-2Comparing; if the two are the same, skipping c, otherwise skipping d;
c. through K'i-1=F′(Fm-1(K′i+m-1) Computing the i-1 th short key with a key distance back, passing through the message authentication code algorithmCalculate the (i) -1 st new message authentication code and convert the (i-1) th new message authentication code Γ'i-1The same as the i-1 message authentication code gammai-1Comparing; if the two are the same, the verification is successful; otherwise, skipping d;
d. the check fails and the newly received packet is discarded.
Claims (5)
1. A solution for confidentiality and integrity of ADS-B protocol comprises the following steps:
step 1: the trusted third party generates security parameters required by encryption and message verification for each airplane applying ADS-B, distributes the security parameters to each airplane through a security channel, and broadcasts the security parameters to the airplanes through a broadcast channel;
step 2: after receiving the safety parameters through the ADS-BTransponder in the flight process, each airplane generates a message verification code to complete encryption, generates an ADS-B message and transmits the ADS-B message to an ADS-B transmitter;
and step 3: the receiver receives the ADS-B message for verification;
the encryption algorithm adopts FFX, and the message authentication code algorithm adopts HMAC-MD5 based on a key chain;
the step 1 comprises the following steps:
step 1.1: the trusted third party selects safety parameters for each airplane applying ADS-B and generates a key required by encryption and parameters required by encryption through an algorithm;
step 1.2: the trusted third party substitutes the key required by encryption and the parameters required by encryption into an encryption algorithm formula to generate a pseudonym;
step 1.3: the trusted third party selects different random keys as nth keys of the key chain for each airplane applying ADS-B, and generates a key chain which can be derived in one direction by using a one-way hash function F, wherein n is a positive integer greater than 1;
step 1.4: the doublet [ pseudonym, key association ] is distributed to the aircraft over a secure channel and the doublet [ pseudonym, first key ] is broadcast to the aircraft over a broadcast channel.
2. The solution for ADS-B protocol confidentiality and integrity according to claim 1, wherein: the step 2 of ensuring the generated ADS-B message to be compatible with the original ADS-B protocol includes the following steps:
step 2.1: receiving parameters required for encryption: the aircraft receives a pseudonym and a secret key in the security parameters from the trusted third party;
step 2.2: constructing the input quantity of the message verification code: taking out the ith-1 chain key from the key chain, and obtaining the ith-1 short key through a truncation function; taking a Data field in an original message and a key used by a previous message as input quantity of a message verification code algorithm; taking out the ith chain key from the key chain, calculating the ith short key, and taking the ith short key as another input quantity of the message authentication code algorithm, wherein i is a positive integer greater than 1;
step 2.3: generating a message verification code: substituting a Data field in the original message, a key used by the previous message and an ith short key into a message verification code algorithm formula to generate a message verification code;
step 2.4: and (3) completing encryption and sending a message: replacing the original identity code ICAO by the received pseudonym, using the generated message authentication code and the key used by the previous message as a Data field of the new ADS-B message, constructing the ith message, and broadcasting the ith message to a receiver through a 1090MHz channel.
3. The solution for ADS-B protocol confidentiality and integrity according to claim 1, wherein: if the message is not lost in the step 3, the method comprises the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: after receiving the ith message, taking out the (i-1) th short key in the Data field of the new message, taking out the residual part in the Data field in the cache after the (i-1) th message verification code is removed, obtaining the (i-2) th short key by using the (i-1) th short key through a truncation function, and comparing the (i-2) th short key with the residual part in the Data field in the cache after the (i-1) th message verification code is removed; if the two signals are the same, jumping to 3.3, otherwise, jumping to 3.5;
step 3.3: taking out the (i-1) th message verification code from the cache, obtaining the (i-1) th new message verification code through a message verification code algorithm, comparing the (i-1) th message verification code in the cache with the (i-1) th new message verification code, if the (i-1) th message verification code is the same as the (i-1) th new message verification code, skipping 3.4 if the verification is successful, otherwise skipping 3.5;
step 3.4: reading the (i-1) th message, analyzing the original Data field of the ADS-B message in the cache, and caching the latest (i) th message;
step 3.5: the check fails and the newly received packet is discarded.
4. The solution for ADS-B protocol confidentiality and integrity according to claim 1, wherein: if the message is lost in the step 3, the method comprises the following steps:
step 3.1: receiving the (i-1) th message cache;
step 3.2: after an i + m message is received, taking out the part and the i-1 message verification code which are left in a Data field in a cache after the i-1 message verification code is removed, taking out an i + m-1 short key from a Data field of a new message, carrying out forward derivation through a truncation function to obtain an i-2 front short key, comparing the i-2 front short key with the i-2 short key, if the i-2 front short key is the same as the i-2 short key, jumping to 3.3, otherwise, jumping to 3.5, wherein m is a positive integer greater than 1;
step 3.3: backwards returning a key distance, obtaining an i-1 th short key through a truncation function, obtaining an i-1 th new message verification code through a message verification code algorithm by the i-1 th short key, comparing the i-1 th new message verification code with the i-1 th message verification code, if the i-1 th new message verification code is the same as the i-1 th new message verification code, successfully checking and skipping by 3.4, otherwise skipping by 3.5;
step 3.4: reading the (i-1) th message packet, analyzing the original Data field of the ADS-B message in the cache, and caching the (i) th message packet;
step 3.5: the check fails and the newly received packet is discarded.
5. The solution for ADS-B protocol confidentiality and integrity according to claim 3, wherein: the pseudonym received in step 2.1 has the same number of ICAO bits as in step 2.4; step 2.3; for the generation of the message authentication code and the construction of the ADS-B message, the TC field value in the Data field of the new ADS-B message containing the message authentication code is 25.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710179121.0A CN106961329B (en) | 2017-03-23 | 2017-03-23 | Method for solving confidentiality and integrity of ADS-B protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710179121.0A CN106961329B (en) | 2017-03-23 | 2017-03-23 | Method for solving confidentiality and integrity of ADS-B protocol |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106961329A CN106961329A (en) | 2017-07-18 |
CN106961329B true CN106961329B (en) | 2020-02-14 |
Family
ID=59471259
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710179121.0A Expired - Fee Related CN106961329B (en) | 2017-03-23 | 2017-03-23 | Method for solving confidentiality and integrity of ADS-B protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106961329B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109145614A (en) * | 2018-07-12 | 2019-01-04 | 电子科技大学 | The aircraft method for secret protection of low-cost in a kind of General Aviation |
CN109033878B (en) * | 2018-08-08 | 2021-04-16 | 莆田学院 | File storage verification method and storage medium |
CN110764784B (en) * | 2019-10-24 | 2023-05-30 | 北京智游网安科技有限公司 | Method for identifying three-party SO (SO) file, intelligent terminal and storage medium |
CN112669650B (en) * | 2020-12-01 | 2022-12-13 | 广西综合交通大数据研究院 | Privacy protection method, system and storage medium based on ADS-B message |
CN112866927A (en) * | 2021-01-11 | 2021-05-28 | 四川九洲空管科技有限责任公司 | Dynamic encryption method and decryption method for ADS-B information |
CN115134123B (en) * | 2022-06-01 | 2023-05-05 | 北京航空航天大学 | Anonymous safety conversation method and device for civil aviation ACARS ground-air data link |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101917273A (en) * | 2010-08-26 | 2010-12-15 | 四川大学 | ECC certificate-based ADS-B data authentication method |
CN102215077A (en) * | 2011-06-13 | 2011-10-12 | 四川大学 | Automatic dependence surveillance-broadcast (ADS-B) accurate target location encryption method |
CN106411527A (en) * | 2016-09-30 | 2017-02-15 | 北京邮电大学 | Data authentication method in very-high-frequency data chain transmission |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7730307B2 (en) * | 2006-04-07 | 2010-06-01 | Sensis Corporation | Secure ADS-B authentication system and method |
-
2017
- 2017-03-23 CN CN201710179121.0A patent/CN106961329B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101917273A (en) * | 2010-08-26 | 2010-12-15 | 四川大学 | ECC certificate-based ADS-B data authentication method |
CN102215077A (en) * | 2011-06-13 | 2011-10-12 | 四川大学 | Automatic dependence surveillance-broadcast (ADS-B) accurate target location encryption method |
CN106411527A (en) * | 2016-09-30 | 2017-02-15 | 北京邮电大学 | Data authentication method in very-high-frequency data chain transmission |
Non-Patent Citations (2)
Title |
---|
ADS-B Data Authentication Based on AH Protocol;Ruidong Chen;《IEEE》;20131231;全文 * |
基于UAT数据链的ADS-B系统加密研究;刘引川;《中国西部科技》;20111031;第10卷(第30期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106961329A (en) | 2017-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106961329B (en) | Method for solving confidentiality and integrity of ADS-B protocol | |
US7730307B2 (en) | Secure ADS-B authentication system and method | |
US7515715B2 (en) | Information security for aeronautical surveillance systems | |
US8689339B2 (en) | Method, system and apparatus for game data transmission | |
KR20140116144A (en) | Method and system for secured communication of control information in a wireless network environment | |
CN110380842B (en) | CAN bus message signature method, device and system suitable for intelligent network-connected automobile | |
Neish et al. | Design and analysis of a public key infrastructure for SBAS data authentication | |
Sciancalepore et al. | Auth-AIS: secure, flexible, and backward-compatible authentication of vessels AIS broadcasts | |
US20220294607A1 (en) | Transport layer authenticity and security for automotive communication | |
CN110417724A (en) | Application program logs in method, system, server and the terminal of state joint authentication | |
de Fuentes et al. | Applying information hiding in VANETs to covertly report misbehaving vehicles | |
CN106453362A (en) | Data transmission method and apparatus of vehicle-mounted device | |
Mäurer et al. | Advancing the Security of LDACS | |
CN105376236B (en) | Mobile device information transmitting methods | |
Liu et al. | Blockchain enabled secure authentication for unmanned aircraft systems | |
CN105246172A (en) | Network transmission method for mobile terminals | |
CN111628959B (en) | Large-scale unmanned aerial vehicle group security authentication mechanism based on random label | |
Kacem et al. | Secure ADS-B design & evaluation | |
CN105430430B (en) | Intelligent terminal network communication means | |
Yang et al. | Secure Automatic Dependent Surveillance-Broadcast Systems | |
CN111869160B (en) | Method and apparatus for secure transmission of a message from a transmitting device to a receiving device | |
CN113383514A (en) | Method for authenticating messages in resource-constrained systems | |
JP2003512784A (en) | Video signal authentication system | |
CN113302961B (en) | Safety beacon | |
Yang et al. | Complete ADS-B Security Solution |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200214 |
|
CF01 | Termination of patent right due to non-payment of annual fee |