Final Project Report Document information Project Title Improved 1090 MHz ADS-B Ground station capacity and security Project Number 15.04.06 Project Manager Thales Deliverable Name Final Project Report Deliverable ID D01 Edition 00.01.03 Template Version 03.00.04 Task contributors THALES. Abstract This project covered two crucial future ADS-B Ground Surveillance fields of activities: The analysis of enhanced ADS-B Ground Sensor security functionality comprising threat definition, detection, indication and potential threat mitigations means, completed by a conclusive prototype implementation and demonstration. The ADS-B Ground station capacity study focusing on the availability of reception of 1090MHz signals by using the signal phase information. The usage of phase information allows the inclusion of extra information that may be used for different purposes. The project evaluated new potential data items and security concepts (data encryption). The capacity to receive and extract such kind of information was analysed and tested by the implementation and afterwards demonstration of one Phase Overlay capable ADS-B receiver laboratory prototype.
Authoring & Approval Prepared By - Authors of the document. Name & Company Position & Title Date Volker Seidelmann / THALES> Project Manager 17/02/2016 Reviewed By - Reviewers internal to the project. Name & Company Position & Title Date Maria Tabernero / ENAIRE Contribution Manager 22/08/2016 Christos Rekkas / EUROCONTROL Contribution Manager 22/08/2016 Manuela Marzocchi / ENAV Contribution Manager 22/08/2016 Miguel Muñoz / INDRA SWP 15.04 22/08/2016 Reviewed By - Other SESAR projects, Airspace Users, staff association, military, Industrial Support, other organisations. Name & Company Position & Title Date Approved for submission to the SJU By - Representatives of the company involved in the project. Name & Company Position & Title Date Felice Maccaro / SELEX WP 15 Leader 29/09/2016 Philippe Jasselin / THALES WP 15 Leader 29/09/2016 Miguel Muñoz / INDRA SWP 15.04 30/08/2016 Maria Tabernero / ENAIRE Contribution Manager 31/08/2016 Christos Rekkas / EUROCONTROL Contribution Manager 30/08/2016 Manuela Marzocchi / ENAV Contribution Manager 31/08/2016 Volker Seidelmann / THALES> Project Manager 30/08/2016 Rejected By - Representatives of the company involved in the project. Name & Company Position & Title Date Rational for rejection None. Document History Edition Date Status Author Justification 00.01.00 17/02/2016 Draft Volker Seidelmann 00.01.01 04/08/2016 Revised Draft Volker Seidelmann Initial Final Report Version requested by SJU for preliminary review. Project will be closed in October 2016. Preparation of Final document version. Incorporation of the changes since initial version. 00.01.02 31/08/2016 Final Volker Seidelmann Updates after final review. 2 of 13
00.01.03 05/10/2016 Final Volker Seidelmann Updates as requested by SJU after assessment. Intellectual Property Rights (foreground) This deliverable consists of SJU foreground. 3 of 13
Acronyms Acronym ADS-B APT ASP ASTERIX ATM CNS DS ES EUROCAE GEN-SUR GEN-SUR-SEC ICAO MOPS NRA OI RAD SECRAM SPR SUR TRL WG Definition Automatic Dependent Surveillance Broadcast Airport Surface Surveillance ICAO Aeronautical Surveillance Panel All-purpose structured EUROCONTROL surveillance information exchange Air Traffic Management Communication, Navigation and Surveillance Data Set 1090 Extended Squitter The European Organisation for Civil Aviation Equipment is a nonprofit organisation dedicated to aviation standardisation Generic Surveillance Eurocontrol Generic Surveillance Security Requirements International Civil Aviation Organization Minimum Operational Performance Specification Non Radar Airspace Operational Improvement Radar Airspace Security Risk Assessment Methodology Safety and Performance Requirements Surveillance Technology Readiness Level Working Group 4 of 13
1 Project Overview The ADS-B Ground Surveillance Sensor system addressed by this project covers two separate improved 1090MHz ADS-B Ground station functionalities. The analysis of enhanced ADS-B Ground Sensor security functionality comprising the definition of potential ADS-B Security threats, threat detection, threat indication and possible threat mitigations means. The Project implemented and demonstrated relevant prototypes. The baseline for the ADS-B Security Ground Sensor prototype implementation were the enhanced ADS-B ground station systems developed by the project partner Indra & Thales in the preceding SESAR 15.04.05a&b projects. The study of ADS-B Ground station capacity focusing on the availability of reception of 1090MHz signals by using the signal phase information. The project evaluated new potential data items and security concepts (data encryption). The capacity to receive and extract such kind of information was analyzed and tested by the implementation and demonstration of one Phase Overlay capable ADS-B laboratory prototype receiver. 1.1 Project progress and contribution to the Master Plan The enhanced ADS-B Ground Surveillance system is based on the next enablers of the Integrated Roadmap dataset DS15 [4] of the preceding SESAR 15.04.05 (A&B) projects: Ground Enabler: CTE-S03a ADS-B station for Non Radar Airspace (NRA) Surveillance Ground Enabler: CTE-S03b ADS-B station for Radar Airspace (RAD) and Airport Surface Surveillance (APT) As a result of this new subsequent project, the new ADS-B Ground Enabler 'CTE-S03c New ADS-B station for future ADS-B applications (ED-102A+)' has been created. The new enabler is currently not linked to any Operational Improvements Step (OI), but it was linked to Performance Improvements created in dataset DS15 [4]. The evolution of the surveillance technology with the use of ADS-B is not only led by operational factors, but also by rationalization in the use of the systems and the provision of better performance. In this sense, new Operational Improvement Steps called Performance Improvements were created in the SESAR Master Plan and were linked to the ADS-B systems developed in this project. CNS-0003-B: Rationalisation of surveillance functionalities and/or technologies for CNS systems supporting cost efficiency, spectrum efficiency, etc. for Step 2. CNS-0003-C: Rationalisation of surveillance functionalities and/or technologies for CNS systems supporting cost efficiency, spectrum efficiency, etc. for Step 3. The CTE-S03c enabler addresses both Capacity and Security functionalities. On the other hand, the maturity level achieved for Capacity and Security functionality is different. As only one maturity level can be addressed per enabler, lower one will be reflected on the next table. 5 of 13
The enhanced ADS-B Security Ground Sensor prototypes of Indra and Thales have been verified in their respective laboratories. Both prototypes are reaching the Technology Readiness Level (1) TRL-5 (V2 equivalent). The capable Phase Overlay ADS-B receiver prototype, implemented by Indra, was verified in the laboratory. The prototype is reaching TRL-4 (V2 equivalent). Code Name Project contribution Maturity at project start Maturity at project end CTE-S03c New ADS-B station for future ADS-B applications (ED- 102A+) Development of Capacity & Security prototypes TRL-2 Enabler Maturity TRL-4 ADS-B Capacity prototype Laboratory prototype to continue the evolution of 1090ES phase overlay datalink in SESAR2020 TRL-2 Partial Functionality development to TRL-4 ADS-B Security Ground Sensor prototype TRL-4 Partial Functionality Verified security prototypes prepared for implementation developed to TRL-5 R&D activities under the scope of SESAR2020 solution: 'Improved 1090MHz ADS-B Ground station capacity and security' will continue the work of this project. 1.2 Project achievements A summary of the project achievements is presented below: Improved ADS-B Security The project examined and detailed feasible ADS-B security threats. A selected group of these threats are captured and incorporated into the related SUR sensor 'ADS-B ground system' parts of the EUROCONTROL Generic Surveillance Security Requirements GEN-SUR-SEC document. The project specified high-level technical system requirements to detect and manage related ADS-B ground sensor security threats. These requirements are the basis for discussion as input to the EUROCAE working group WG51 preparing the next standard document (ED- 129C). On the basis of the requirements specification, the project developed two independent ADS-B Security Ground sensor prototypes (INDRA&THALES), whereby the project focusing primarily onto the domain of threat detection and threat indication. The prototype capabilities and 1 A maturity assessment of the prototype performed all along the design process at the end of each Technology readiness Level step (TRL) or V phase. 6 of 13
performance are successfully tested in a laboratory environment and demonstrated and discussed during two separate project internal demonstration days in Stuttgart (Thales) & Madrid (Indra). For the prototype verification, the project defined and used a set of common and replicable threat tests, which used to verify independently different ADS-B security prototype solutions. The security part concludes by a final report, summarising the project activities, findings and recommendations. The Improved ADS-B Security activities include a proposal for additional minimum security features for inclusion into the next EUROCAE standard (ED-129C). Improved ADS-B Capacity The project stated the first requirements specification for an ADS-B receiver prototype using phase overlay modulation techniques. The project created test cases descriptions and test environment definitions, which used afterwards for the prototype verification as well the internal project prototype demonstration. The project developed one Phase Overlay capable ADS-B receiver laboratory prototype (INDRA). Besides the internal verification tests, the project intention was also to prove and verify that downwards compatibility requirements are met and that the operational performance of ADS-B ground stations was not affected. The use of phase information contained in the existing sequence of pulses for each message allows the inclusion of extra information. It is against this background that the project defined a proposal for new useful applications and suggestions for data encoding for a phase overlay service. The findings during the elaboration of ADS-B capacity improvements through 1090MHz phase overlay are noted down in a final report. It considered the compatibility with existing ground systems, evaluated the performance of phase-overlay-capable equipment under real conditions, list benefits and mark risks of the new 1090 MHz phase overlay technique. The report makes suggestions for additional minimum security features for inclusion into EUROCAE ED-129C, and proposes suitable changes to ICAO ASP for integration into future standards (ED-102A+). 1.3 Project Deliverables The following table presents the relevant deliverables that have been produced by the project. Reference Title Description D02 ADS-B Security - ADS-B Threat Analysis Report The ADS-B Threat Analysis report analyses and defines possible security threats for ADS-B, and groups threats according to their likelihood and impact. The project uses the GEN-SUR-SEC document as base reference, taking into account the SESAR SECRAM. The threat analysis based on the GEN-SUR LOGICAL Model, whereby the project security scope concentrated solely onto the SUR sensor (ADS-B ground sensor system). ADS-B Security - Risk Focus Area The document presents a summary of the security 7 of 13
D03 D04 D07 Summary ADS-B Security - Definition of ADS- B Security Requirements and Share between INDRA and THALES ADS-B Security - Test Scenarios and Test Environment Definition Report ADS-B Security - Demonstration Report risk assessment for ADS-B. It provides the map of the risk on a per surveillance threat scenario and per surveillance environment basis, including the consideration of possible mitigation means. This version of the document has been developed as part of SESAR WP 15.4.6 (task 02) and the scope is therefore adapted to this WP where only the combinations of surveillance techniques including ADS-B are considered. The document specifies and sub-classifies the elaborated ADS-B security threats of deliverable D02 in a more detailed manner. Once refined the threats definition, the project establishes their associated high-level technical requirements for an ADS-B ground sensor system, evaluates related adequate threat detection means and defines when possible related threat mitigation means. Finally, the document indicates which ADS-B threats will be address, processed and implemented subsequently by the project partner. The document serves as base input to the project tasks for implementation and verification of the ADS-B Security prototypes and elaboration of test scenarios. The Verification Plan describes the test installation and test environment to verify the functioning of the ADS-B Security prototype(s). At this, the project defined for each selected ADS-B threat a related set of test cases. The Test Specification concentrates on the detection and indication of ADS-B threats. A fundamental principle of the threat tests was the definition of a set of common and replicable tests, which could be used to verify independently different ADS-B security prototype solutions. The document covers the internal provider ADS-B security prototype verification phase as well the internal prototype demonstration. The project realized two project internal demonstration days in separate Indra and Thales test-beds to evaluate and discuss the implemented prototype ADS-B security solutions. The subsequent report summarizes the demonstration cases and demonstration results of the prototypes in a laboratory environment by using simulated threat scenarios and/or real injected traffic. The report comprises an effectiveness review of the ADS-B validation functions of WP15.04.05 for 8 of 13
spoofed targets. D08 D09 D10 D13 D14 D15 ADS-B Security - Final Report on ADS-B Security ADS-B Capacity - Phase Overlay Report ADS-B Capacity - Definition of Verification and Demonstration Test Cases ADS-B Capacity - Demonstration Report ADS-B Capacity - 1090 MHz Phase Overlay Applications Proposal ADS-B Capacity - Final Report on ADS-B Capacity The report makes some proposals for additional minimum security features for inclusion into EUROCAE ED-129B standard to Eurocae Working Group 51. The report consolidates and concludes the ADS-B security working part. It describes in a concise form the performed activities, and list recommendations for further future SESAR projects and standardisation work. The document specifies the first set of requirements for a prototype of ADS-B receiver capable of decoding signals using phase overlay modulation techniques. The requirements are derived and reviewed from existing ICAO materials that have been developed in related ICAO surveillance panels. The specification addresses functional receiver requirements for the implementation in a prototype covering the following main aspects of Detection, Data correction, Synchronization and Interferences. The document serves as input to the subsequent project tasks for implementation and verification of laboratory prototypes and elaboration of test scenarios. The report covers test cases descriptions and test environment definitions of the internal Phase Overlay prototype verification phase as well the prototype pre-validation demonstration. Test cases and environmental scenario definitions are intended to verify and validate that downwards compatibility requirements can be met and that operational performance of ADS-B ground stations is not impaired when phase overlay techniques are used. The limited evaluation report enfolds the addressed pre-validation test cases and test results of the Phase Overlay prototype. The project collected, analysed and defined new useful applications and suggestions for data encoding for a phase overlay service. The research findings are summarised in this report. The report proposes suitable changes to ICAO ASP for integration into future standards. The report contains the findings of the elaboration of ADS-B capacity improvements through 1090MHz phase overlay. It evaluates the achievable performance of phaseoverlay-capable equipment under laboratory 9 of 13
conditions. This report considers again benefits, risks and possible applications of the new 1090 MHz phase overlay technique. The report makes some suggestions for additional minimum security features for inclusion into EUROCAE ED-129B standard to Eurocae Working Group 51. 1.4 Contribution to Standardisation The SESAR project contributes to the progress of the following standards: Application standards considered are: ADS-B in Radar Airspace, ADS-B for Airport Surveillance (both published by EUROCAE/RTCA), as well as the EUROCAE Generic Surveillance SPR (ongoing). EUROCONTROL ASTERIX Interface Specifications ASTERIX Category 021 ADS-B Messages - Based on latest edition 2.4 - Project update proposal edition 2.90 and 2.91 (SESAR) - To cover ADS-B security threat subjects ASTERIX Category 023 CNS/ATM Ground Status Service Messages - Based on latest edition 1.2 - Project update proposal edition 2.90 and 2.91 (SESAR) - To cover ADS-B security threat subjects Baseline of the ASTERIX proposals were the previous editions of the SESAR projects 15.04.05.a+b. The project revised and cleaned-up these editions. ADS-B Security: o o Proposal for additional minimum security features for inclusion into the next EUROCAE standard (ED-129C). Proposal for additional minimum security features for inclusion into the next EUROCAE standard (ED-142A). ADS-B Capacity: Proposal of suitable changes into future standards (ED-102A+ ). 1.5 Project Conclusion and Recommendations Conclusions: Improved ADS-B security: The enhanced ADS-B ground sensor system prototype improves the security by the successful detection and indication of associated ADS-B threats. 10 of 13
Improved ADS-B capacity: The evaluation of the ADS-B receiver prototype has shown that the usage of phase overlay modulation techniques for a 1090 MHZ ADS-B receiver is feasible. Based on the gained data storage capability, the project defined for the foreseeable future new useful applications and suggestions for data encoding. These proposals should be considered by the next standard preparation (ED-129C, ED-102A+). Recommendations: Further development and validation activities for the enhanced ADS-B Security Ground sensor as well as the capable Phase Overlay ADS-B receiver prototype are preferable and should be conducted in related SESAR2020 solution PJ14.04.03. Improved ADS-B security: The project recommends the validation and a detailed assessment of the performance of the overall ADS-B Security system and its components in SESAR 2020, with the goal of later standardisation and industrialisation. This should include a long-term analysis/evaluation of the system threat detection efficiency (false alarms & non-detection of threats), even outside the lab, and an investigation of effectual threat mitigation means having no negative effects on the operational environment. Impact of threat detection at ATCo/Supervisor level should be further assessed, including the definition and analysis of potential security procedures for ATCo/Supervisor. Improved ADS-B capacity: As the project built up in the first step an engineering sample of a Phase Overlay capable ADS-B receiver in the laboratory, the project recommends continuing in SESAR 2020 with next logical step to develop a prototype, which could be examined in real operational field environment. This should include a detailed assessment of the performance of the overall system and its components w.r.t. associated emerging standards (e.g. EUROCAE) and Specifications. 11 of 13
2 References [1] SESAR Programme Management Plan, Edition 03.00.01 [2] European ATM Master Plan [3] Multilateral Framework Agreement ( MFA ) signed between the SJU, EUROCONTROL and its 15 selected members on August 11, 2009, amended on 14 June 2010, 19 October 2010 and 2 July 2012 [4] Integrated Roadmap Dataset DS15 [5] ** 15.04.06, ADS-B Security Threat Analysis Report, D02, Edition 00.01.02, 13-Jan-2016 [6] ** 15.04.06, ADS-B Security Risk Focus Area Summary, D02, Edition 00.01.01, 13-Jan-2016 [7] ** 15.04.06, ADS-B GS Security Requirements, D03, Edition 00.01.05, 29-Mar-2016 [8] ** 15.04.06, ADS-B Security - Test Scenarios and Test Environment Definition Report, D04, Edition 00.02.01, 02-Feb-2016 [9] ** 15.04.06, ADS-B Security - Indra Verification Report, D05, Edition 00.01.00, 30-May-2016 [10] ** 15.04.06, ADS-B Security - Thales Verification Report, D06, Edition 00.01.00, 20-May-2016 [11] ** 15.04.06, ADS-B Security - Demonstration Report, D07, Edition 00.01.03, 06-Jul-2016 [12] ** 15.04.06, Final Report on ADS-B Security, D08, Edition 00.05.00, 06-Oct-2016 [13] 15.04.06, Phase Overlay Report, D09, Edition 00.01.03, 30-Mar-2016 [14] 15.04.06, ADS-B Capacity - Definition of Verification and Demonstration Test Cases, D10, Edition 00.01.00, 11-Apr-2016 [15] 15.04.06, ADS-B Capacity - Indra Verification Report, D11, Edition 00.01.00, 30-May-2016 [16] 15.04.06, ADS-B Capacity - Demonstration Report, D13, Edition 00.01.01, 06-Oct-2016 [17] 15.04.06, 1090MHz Phase Overlay Applications Proposal, D14, Edition 00.01.01, 04-July-2016 [18] 15.04.06, Final Report on ADS-B Capacity, D15, Edition 00.01.01, 06-Oct-2016 [19] Asterix Category 021 Sesar Proposal, Edition 2.90, 25-Feb-2016 [20] Asterix Category 021 Sesar Proposal, Edition 2.91, 20-Jun-2016 [21] Asterix Category 023 Sesar Proposal, Edition 2.90, 25-Feb-2016 [22] Asterix Category 023 Sesar Proposal, Edition 2.91, 20-Jun-2016 Note: ** marked deliverables are security related and sensitive from a confidentiality perspective, the related linked documents cannot be made publicly available. 12 of 13
-END OF DOCUMENT- 13 of 13