Timed Efficient Stream Loss-Tolerant Authentication (TESLA)

Timed Efficient Stream Loss-Tolerant documentation (TESLA)When considered as a security solution for ADS-B, asymmetric-key encoding has twain major drawbacks. The first issue is that current asymmetric-key connives soak up no compact encryption implementations, and would result in an increase of the transmitted ADS-B message length. The second job is that unique encrypted ADS-B messages would be required for each recipient. To maintain a fully-connected web of n nodes would necessitate (n2 n) unique broadcasts rather than n in the current organization 15, which obviously does not scale well as the size of the network increases.As a possible answer to these two drawbacks, Costin et al. 3 have suggested what they term a lightweight PKI solution. In the lightweight PKI approach, node A transmits its digital signature over n messages, so that after every n messages, the surrounding nodes have received As digital signature. The recipients keep the messages until the entire digita l signature has been transmitted and they can authenticate the buffered messages. The authors suggest that the PKI key dissemination necessary for this system could be done during an aircrafts scheduled maintenance cycle 13.A security scheme called Timed Efficient Stream Loss-Tolerant Authentication (TESLA) is a variation on traditional asymmetric cryptography that has been proposed for use on broadcast networks 19, 20. With TESLA, senders retroactively publish their keys which are then utilize by receivers to authenticate the broadcast messages. A broadcasting node produces an encrypted message authentication code (MAC) which is included with every message. After a designated time interval or number of messages, the key to decode the senders MAC is published. Listening receivers who have buffered the senders previous messages can then decrypt the messages that were broadcast. When applied to ADS-B, this technique imposes a time delay on the broadcast imputable to the need to bu ffer messages, but it erects lawfulness and continuity of messages sent over the network.TESLA is an adaption of the TESLA protocol designed for use on wireless sensor networks. The TESLA protocol requires nodes in the network to be loosely time synchronized, with each node having an upper bound on the maximum clock synchroneity error. As discussed earlier, asymmetric encryption schemes have high computation and communication overhead, which limit their usefulness as security approaches on the bandwidth-constrained ADS-B network. The TESLA protocol overcomes this problem by employing asymmetric-key encryption through a delayed disclosure of symmetric keys, which results in an efficient broadcast authentication scheme. When one considers the bandwidth and interference limitations on the ADS-B frequency channel, the TESLA design adaptations identify this protocol as a viable scheme for providing security in ADS-B.However, there are two obstacles to applying TESLA to ADS-B. The prim ary issue is that, while sufficiently good time synchronization could be provided via GPS, it would require modification to the protocol to accommodate the GPS timestamp field. The second problem is that in order for TESLA to be used for verifying the identity of a network node, it needs to be reinitialized which leaves it susceptible to memory- based DoS attacks. In spite of these drawbacks, TESLA is a promising security scheme for integrating into ADS-B.B. Aircraft Address Message Authentication CodeThe cryptographic solutions PKI and TESLA both have shortcomings in that they require modifications to the current ADS-B protocol. The Aircraft Address Message Authentication Code (AA-MAC) security solution utilizes a example hash algorithm such as MD5 or SHA and a secret authentication key to perform message integrity 21. The AA-MAC message source integrity scheme would require a slight modification to the existing protocol in that it would replace the current Aircraft Address (AA) f ield with the MAC, but the ADS-B message is other than unchanged. The AA-MAC approach proposes a different aircraft identification strategy, assigning a unique identifier to each aircraft that is good for the duration of a particular flight. As with PKI cryptographic approaches, the distribution of the secret key presents challenges for AA-MAC. Since MAC requires just one key which is used to uniquely identify a sender on the network, the simplest approach would be to impart the secret key only when an aircraft intends to enter the air traffic control system and ADS-B network.The purpose here is to demonstrate a compatible security scheme that will mitigate threats posed by message injection and modification attacks, which are among the most critical vulnerabilities in the current ADS-B implementation. While AA-MAC does not provide data integrity, it is highly compatible with the existing 1090ES protocol and can be implemented at low cost relative to other security proposals, crac k a feasible partial security solution for ADS-B.4.1.2. Non-Cryptographic SchemesAs we have seen, cryptographic security schemes are difficult to implement in a counsel that are not compatible with the existing infrastructure, primarily due to the problem of key distribution and management. Non-cryptographic approaches to network security avoid the challenge of key management and instead involve either some form of fingerprinting on the physical layer, or a frequency modulation scheme such as spread spectrum.A. FingerprintingSchemes such as fingerprinting encompass various methods for authentication and identification, either based on hardware or software imperfections or characteristics of the frequency channel which are hard to replicate. Identifying signatures for legitimate nodes on the network provides data useful for the implementation of systems to detect network intrusions 22.Software-Based Fingerprinting schemes attempt to separate distinct characteristics of the softwar e operating on network equipment. The development teams for different network equipment manufacturers often take widely varied paths when implementing software on a given device. These differences can be cataloged and later exploited to tell apart dissimilar network devices, and can be used to verify their continuity up to a certain degree.Hardware-Based Fingerprinting approaches seek to identify and catalog unique network hardware differences. Some of these differences can be used for radiometric fingerprinting, which takes advantage of differences in the modulation of a radio foreshadow to catalog unique device signatures. Clock skew is another identifiable hardware feature that can be used to establish uniqueness between wireless devices. Since no two clocks are perfectly synchronized, time difference can be used to create signatures and enable identification.A third category of fingerprinting is Channel/Location-Based Fingerprinting. This fingerprinting method tries to exploit natural characteristics of the communications channel. Various approaches utilizing received signal strength (RSS), channel impulse response (CIR) and the carrier phase have shown that this can be a viable alternative to more traditional authentication and verification measures.