ADS-B Data Authentication Based on ECC and X.509 Certificate

Similar documents
The Application of Elliptic Curves Cryptography in Embedded Systems

CSE 565 Computer Security Fall 2018

Cryptography (Overview)

BIG-IP System: SSL Administration. Version

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

BIG-IP System: SSL Administration. Version

Cryptography MIS

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Overview. SSL Cryptography Overview CHAPTER 1

Computer Security: Principles and Practice

Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network

Key Exchange. Secure Software Systems

CCNA Security 1.1 Instructional Resource

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Research Issues and Challenges for Multiple Digital Signatures

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

EEC-682/782 Computer Networks I

Contents Digital Signatures Digital Signature Properties Direct Digital Signatures

Computer Security 3/23/18

Study on data encryption technology in network information security. Jianliang Meng, Tao Wu a

Enhanced Authentication Protocol EAP-TTLS using encrypted ECDSA

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Cryptography and Network Security Chapter 13. Fourth Edition by William Stallings. Lecture slides by Lawrie Brown

1.264 Lecture 28. Cryptography: Asymmetric keys

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

Sample excerpt. Virtual Private Networks. Contents

RSA and ECDSA. Geoff Huston APNIC. #apricot2017

(2½ hours) Total Marks: 75

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

BCA III Network security and Cryptography Examination-2016 Model Paper 1

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Cryptographic Concepts

Garantía y Seguridad en Sistemas y Redes

A FAST HANDSHAKE CACHING PROTOCOL WITH CACHING CENTER

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

International Journal of Advance Engineering and Research Development

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Configuring Secure Socket Layer HTTP

Configuring Secure Socket Layer HTTP

APNIC elearning: Cryptography Basics

Public Key Algorithms

Network Security. Chapter 8. MYcsvtu Notes.

HTTPS is Fast and Hassle-free with Cloudflare

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Encryption I. An Introduction

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Cryptography and Network Security. Sixth Edition by William Stallings

Network Security Chapter 8

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

AN12120 A71CH for electronic anticounterfeit protection

Blind Signature Scheme Based on Elliptic Curve Cryptography

Technological foundation

CS Computer Networks 1: Authentication

Kurose & Ross, Chapters (5 th ed.)

Study Guide for the Final Exam

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

14. Internet Security (J. Kurose)

Computers and Security

Introduction to Cryptography. Vasil Slavov William Jewell College

Chapter 8 Information Technology

Spring 2010: CS419 Computer Security

Enhanced ECC algorithm over Public Key Cryptography

Diffie-Hellman Protocol as a Symmetric Cryptosystem

But where'd that extra "s" come from, and what does it mean?

Briefing: Navigation Message Authentication for Civil GPS Anti-Spoofing

CPSC 467b: Cryptography and Computer Security

UNIT III 3.1DISCRETE LOGARITHMS

KMIP 64-bit Binary Alignment Proposal

Intelligent Terminal System Based on Trusted Platform Module

A Simple User Authentication Scheme for Grid Computing

Digital Multi Signature Schemes Premalatha A Grandhi

Hybrid Key Encryption using Cryptography for Wireless Sensor Networks V-Algorithm

VPN Overview. VPN Types

SSL/TLS Vulnerability Detection Using Black Box Approach

CPSC 467b: Cryptography and Computer Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

MMVECC Encryption Algorithm for Redundancy Problem Solving and Authentication Verification

Public Key Algorithms

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

SMPTE Standards Transition Issues for NIST/FIPS Requirements

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Transcription:

JOURNAL OF ELECTRONIC SCIENCE AND TECHNOLOGY, VOL. 10, NO. 1, MARCH 2012 51 Data Authentication Based on ECC and X.509 Certificate Wei-Jun Pan, Zi-Liang Feng, and Yang Wang Abstract An automatic dependent surveillancebroadcast () system has serious security problems, and the data can be spoofed during broadcasting precise position information of aircraft. A solution of the system data authentication based on the elliptic curve cipher (ECC) and X.509 certificate is proposed. It can avoid the key distribution problem by using the symmetric key algorithm and prevent the data from being spoofed thoroughly. Experimental test results show that the solution is valid and appropriate in universal access transceiver (UAT) mode. Index Terms Automatic dependent surveillancebroadcast, data authentication, elliptic curve cipher, X.509. 1. Introduction A major function of automatic dependent surveillance-broadcast () technology is to broadcast the satellite-based aircraft identification, position, and speed periodically. has been implemented in many countries and it is the backbone of the next generation air transportation system (NextGen) in United States. However, it is suffered from several severe security problems [1], such as data spoofing which has not been solved perfectly. A digital signature scheme based on elliptic curve cipher (ECC) is characterized of security and efficiency [2],[3] by refering to identification which is implemented by using certificate verifying supported by X.509 and digital signing [4]. A method of image encryption based on bivariate polynomials is proposed for improving encryption efficiency [5]. In this paper, based on the ECC and X.509 certificate, a solution to the problem of data authentication of systems is proposed, which may avoid the key distribution problems by using the symmetric key algorithm, and prevent data from being spoofed thoroughly. Manuscript received November 7, 2011; January 11, 2012. This work was supported by the National Natural Science Foundation of China under Grant No. 61179072 and the Civil Aviation Science Foundation of China. W.-J. Pan, Z.-L. Feng, and Y. Wang are the College of Computer Science, Sichuan University, Chengdu 610065, China (e-mail: panatc@sina.com; fengziliang@scu.edu.cn; wangyang@scu.edu. cn). W.-J. Pan is also the College of Aviation Management, the Civil Aviation Flight University of China, Guanghan 618307, China. Digital Object Identifier: 10.3969/j.issn.1674-862X.2012.01.009 2. Proposed Solution of Data Authentication There are two possible approaches to attacking systems by data spoofing. One is manipulating reasonable data, which is valid in format and sending in time. The other is recording legal signals or data in advance and resending them at some specified time, which is also named data replay attack. The aims of them are intended to disorder the display of ground and airborne equipment, or to confuse the command of the air traffic controller. data spoofing is a severe potential threaten to the safety of air traffic [1] and it is considered as the most serious obstacle for the popularization of. The potential and possible approaches against data spoofing may be cryptography techniques. Although modern cryptography techniques have been proved very safe and are used very widely, there are several difficulties that should be overcome. The most important problem is how to choose appropriate cryptography techniques. In a symmetrical cryptography system, the keys of the sender and receiver must be symmetrical or be the same [6]. The obvious difficulty of using an system is the distribution and management of the symmetrical keys, because the system is not a well-connected network and the keys can not be well distributed in real time, which limits the use of symmetrical cryptography. In a public keys cryptography system, there are two keys that are named private key and public key, respectively. The public key could be published so that it could be distributed in advance. So it is suitable for the system. However, the encrypted data size is too big to use public key cryptography of enough encryption strength. For example, the typical or minimum RSA (an algorithm for public-key cryptography, RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman) key size should be 1024 bits or more, this means that if RSA cryptography is used to encrypt an data block (typical payload size is 274 bits in universal access transceiver (UAT)), the consequential data size is at least 1024 bits. Therefore, the encryption leads to great expansion compared the original data size. Furthermore, the greater the encryption strength, the bigger the consequential data size is. Simply using encryption technologies to prevent

52 data spoofing should not be applicable, because the broadcasting position data perhaps could not be decoded correctly by the public, and this would also violate the original intention of the system design. The data authentication technology, sometimes called data signature algorithm (DSA), is a data signature and verification technology, which does not involve changing the original data itself but adds an additional stamping data to guarantee that the data is created by its original hosts. ECC has been proved as an excellent public key cryptography a small key size compared RSA and examples show that the encryption strength of ECC the key size of 128 bits is similar to the strength of RSA the key size of 1024 bits. The elliptic curve data signature algorithm () is a data signature algorithm derived from ECC and DSA, and it has been standardized in Federal Information Processing Standard (FIPS) 186-3b by National Institute of Standards and Technology (NIST) [7]. Although the signature data length of is twice of that of its key, the smaller key size makes it more suitable for data authentication. To accommodate the encryption data or signature data, the data block formats, include in data and out data format, should be changed no matter which cryptography is used. The main points of the proposed data authentication solution are described as follows. The timestamp data of global position system (GPS) will be added to check the data reply attack. The original out payload and the timestamp data should be signed by the algorithm the ECC private key. The signature data will be encapsulated in a new data type of out which will be defined to accommodate the new signature data. The new data will be sent together original payload data through the communication channel. The GPS data and signature data in received data will be separated from the original payload. The received GPS timestamp will be compared current time to check the replay attacks, and the signature data will be verified by the verification algorithm the public key in the X.509 certificate, which can be verified by the hierarchy model of X.509 management mechanism. The most significant difference between the proposed solution and others is the use of the X.509 certificate the ECC public key and the extra GPS timestamp. It makes the data authentication solution practical due to the smaller amount of signature data and the measure of anti-replay attacks. The proposed solution is shown in Fig. 1, where letter S, V, C in circle denote the signature process, verification process, and comparison process. JOURNAL OF ELECTRONIC SCIENCE AND TECHNOLOGY, VOL. 10, NO. 1, MARCH 2012 3. Analysis of Key Technology Three important problems will be discussed in this paper. They are the analysis of the authentication data size and DSA, the modification of the data format of out, and the management and the usage of the X.509 certificate. 3.1 Authentication Data Size and DSA The available out data space is small and limited in various realization technologies [8],[9]. A small size of signature data is required; meanwhile, it could result in a reduction in the security of the signature. Considering the typical data block size of payload in UAT, there are only 272 bit of data space left, and the 32 bit header (HDR) data space, there is only 240 bit data space that can be used. To accommodate the GPS data stamp, the elliptic curves over a 112 bit prime field could be selected (such as the curve named secp112r1), for which the input data size will be 112 bit at most and the signature data size will be 224 bit. The signature output data include two parts, s1 and s2, respectively (in openssl, which is an open source implementation of the SSL and TLS protocols [10], nominated r and s, respectively). If other elliptical curves a higher order are selected, the signature data size will be increased correspondently. original payload + orignal GPS payload timestamp message signature ECC ECC private key S genera- Signature private generation tion key A Signature data Data (s1, s2) s2) Verified the X.509 Verified certificate the X.509 of aircraft certificate A of A Data Data Verified? verified? Received Received orignal payload original payload Received Received GPS timestamp GPS timestamp Replayed data? Data? B signature verification signature verification V C ECC public key in X.509 certificate ECC public key in X.509 certificate Received signature data (s1, s2) Received Signature Data (s1, s2) Received message Current GPS Current GPS time time Fig. 1. Proposed solution of data authentication.... data download data... data download data

PAN et al.: Data Authentication Based on ECC and X.509 Certificate 53 payload.. H SHA-1 Hash HASH Hash 112 112bits Receiver 160 bits SHA-1-112 S Private Key key Fig. 2. Hash truncation and data signature algorithm process. Type 1-10 Type 30p1 Type 1-10 Type 30p2 Fig. 3. UAT data composition of new type 30. In the data signature process, a Hash value should be calculated before calculating the signature, and the Hash function may be chosen to be SHA-1 the output data block size of 160 bit which is larger than 112 bit that is the maximal input size of the selected signature process. This means that the Hash value must be truncated before the signature process to fit the input block size. The data truncation process will not affect the subsequent signature or the verification process, because they are truncated before encryption and symmetrical in both signature and verification ends, which are minimally different from the traditional process. The negative effect of the truncation process may be tiny because the discarded data is small. Even though the process may reduce the security of the signature, it can be ignored completely. The process is illustrated in Fig. 2, where the letter H in the circle denotes the process of SHA-1 process. S1 S2 224 bits payload.. S1 S2 payload.. S1 S2 payload S1 S2 224 bits H Public Key key in CertificateC SHA-1 Hash 160 bits HASH Hash 112 bits SHA-1-112 1 4 5 6 7 34 HDR1 HDR2 HDR3 HDR4 T1 T2 Element1 Signature(HDR1,Element1,HDR2,T1) Element2 Signature(HDR3,Element2,HDR4,T2) Sender Sender? V? Package sending Sending sequence Sequence 3.2 Analysis of Out Data Format The GPS timestamp data will be included in the final out data except signature data and it is useful in avoiding the replay attacks. The 32 bit timestamp can be selected. It adds the signature data size by 224 bit and the new data size is 256 bit, which is larger than the volume size of 240 bit according to [8] for an out message payload excluding the 32 bit HDR field for all types. A compromise timestamp sending solution is used to split the timestamp data into two parts (named T1 and T2) and to send 16 bit once. It means the replay attacks check frequency will be halved. A new type 30 is defined to accommodate the GPS timestamp and signature data. It will be sent following any other original data types. This means that the communication volume after adding the signature data will be two times over that of the original one. The encapsulated data format and package sending sequence is illustrated in Fig. 3. The input data of signature generation includes 3 parts, the final whole payload package (HDR1 and element1), the header or the new payload package (HDR2), and the current GPS timestamp (T1 or T2). Two link solutions are used as the physical layer for relaying the position reports, one is UAT, and the other one is 1090 MHz mode S extended squitter (1090ES), besides the occupation of the aircraft location and other necessary information, only 56 bit of message (ME) field may be used [9]. It is not enough for the above signature data and timestamp, so 4 DF24 (downlink format field 24, named COMM-D) packages may be combined and there is total 320 bit payload that could be used to accommodate the signature data and timestamp. The new DF24 package will be sent following DF17. This means that the communication volume will be 5 times of the size of the original. 3.3 Management and Using of Certificate The aircraft certificate is a special file issued by the CA (certificate authority), which should be distributed in public because there is a public key contained in certificate and it can be used to verify the signature of out data. A certificate can be considered as the identity of an aircraft because it can be verified by the upper certificate authority in the X.509 hierarchy model. Accordingly, the root CAs should be crosswise certified each other so that the aircraft certificate in other areas can also be verified through the X.509 hierarchy mechanism. When an message should be verified, for example, when a ground station or an aircraft B needs to verify the received message from the local aircraft A, it has only to perform the verification process by using the public key of A. When it is needed to verify the message from an unknown aircraft Z, the hierarchy model or certificate

54 chains should be used to verify the public key of Z step by step, illustrated in Fig. 4 as CAAC<<>><<AA>>AA<<Z>> where << >> means certificates. And as shown in Fig. 4, means Federal Aviation Administration of United States, CAAC means Civil Aviation Administration of China, CAFUC means Civil Aviation Flight University of China, and AA means American Airlines, Z means aircraft Z. When the public key of Z can be verified, it can be used to verify the message from aircraft Z. To verify a message of, certificates of all levels are very necessary. But it is impractical to store all the certificates of aircrafts in the world for every verifier, especially for the airborne verifier. A practical certificate exchange and the distribution mechanism may be a combination certificate exchange scheme a static certificate database and dynamic certificates. The establishment of a static certificate database is essential for an ground station. It means that a special ground service network of the certificate database, which is helpful in the establishment of certificate chains, the query of a certificate, and the revocation of certificates, should be established first, and this is practical and easy. The certificates for one flight are limited. For an airborne receiver, the certificates used during one flight can be estimated and downloaded from the certificate network before taking off. The dynamic certificates exchange scheme, which includes certificates or certificate chain request broadcasting, and an uploading function, is to remedy the insufficiency of the certificate, especially in the temporary change of a flight plan or in a long distance flight. For example, if aircraft A needs to verify another aircraft B out its certificate, it could broadcast the certificate request message of B, and the ground station, nearby aircraft, or aircraft B will respond. If the new certificate could not be verified by A because of the lack of certificate chains, it could broadcast the request for certificate chains also. After a request is responded, all the aircraft or ground stations in this area will receive the certificate or chains, and all of them could verify it. This scheme will concern the modification of upload and download data formats of. Although there is 423 bytes application data space that could be used in the UAT ground uplink message payload [8], which is suitable for the upload of temporary certificate and chains, the data format of certificate request and reply need to be redefined. JOURNAL OF ELECTRONIC SCIENCE AND TECHNOLOGY, VOL. 10, NO. 1, MARCH 2012 (computer F), and the clock of all computers is set to the same before the test. Three serial communication lines are used to connect three computers to simulate the air-ground and air-air communications and the baud rate are set to be. There is a software running in E and D the function of creating a simulated flight track of a aircraft per second, sending encapsulated UAT position package (type 1) and a new package (type 30) per second, receiving the package of another aircraft, and displaying dynamic information of nearby aircrafts. <<CAAC>> <<CAAC>> CAAC<<CAFU CAAC <<CAFUC>> C>> CAFUC <<A>> CAFUC<<A> A CAAC Root CA CAFUC CA Cross Cross Certificated B Fig. 4. Certificate chains and hierarchy model. EA RS232 Serial s FC RS232 serial Serial Root CA American Airlines CA Z RS232 Serial serial Fig. 5. Scheme of laboratory experimental test. CAAC <<>> CAAC<<>> <<AA>> D B AA AA<<Z>> <<Z>> 4. Laboratory Test The laboratory test is illustrated in Fig. 5. There are 3 computers, which are used to denote two airborne devices (computer E and D) and one ground station Fig. 6. Display of verification.

PAN et al.: Data Authentication Based on ECC and X.509 Certificate 55 Two software run in computer F. One is the certificate management software the function of creating the certificate of a root CA or an aircraft and distributing certificates. The other is the flight dynamic display software the function of verifying the received message and displaying aircraft dynamics information in the air especially including the verification status of data. As illustrated in Fig. 6, if an aircraft passes the verification process, the message verified will be displayed in the third line of its tag; if it does not pass, the message will be SP data! or RP Data! ; if it does not include a verification message, the message will be No Sig. The laboratory experimental testing results show that the proposed solution is valid and suitable for the verification of out data of UAT. 5. Conclusions An data authentication solution based on the ECC certificate and the X.509 certificate is proposed. The extra signature data and timestamp is appended in the out message to verify the original message and to check replay attacks. A suggestion of data format modification of the UAT and a combination mechanism of static and dynamic certificate exchange are proposed. It is demonstrated that the solution is effective and appropriate for the verification of out data of UAT by the laboratory experimental test results. References [1] K. Sampigethaya and R. Poovendran, Visualization & assessment of security for green ATM, in Proc. of IEEE/AIAA the 29th Digital Avionics Systems Conf. Salt Lake City, 2010, pp. 3.A.3-1 3.A.3-16. [2] Z. Qin and X. Zhang, Threshold digital signature scheme based on ECC and its security, Journal of University of Electronic Science and Technology of China, vol. 34, no.1, pp. 109 112, 2005. (in Chinese) [3] S. Yang and X. Li, Scheme of secure message interchange based on ECC, Journal of University of Electronic Science and Technology of China, vol. 36, no. 5, pp. 292 294, 2007. (in Chinese) [4] Y. Chun, Study of making up VPN TLS protocol based on SOCKS V5, Journal of University of Electronic Science and Technology of China, vol. 30, no. 3, pp. 292 294, 2001. (in Chinese) [5] D. Tang, New class of image encryption method, Journal of University of Electronic Science and Technology of China, vol. 39, no. 1, pp. 128 132, 2010. (in Chinese) [6] B. A. Forouzan, Cryptography and Network Security, New York: McGraw-Hill Companies, Inc., 2008. [7] Digital Signature Standard, National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 186-3. [8] Minimum Operating Performance Standard for Universal Access Transceiver (UAT) Automatic Dependent Surveillance Broadcast, RTCA DO-282A. [9] Minimum Operational Performance Standard for 1090 MHz Extended Squitter and TIS-B, RTCA DO-260A. [10] Nils Larsch. OpenSSL Document for. [Online]. Available: http://www.openssl.org/docs/crypto/ecdsa.html. 2010 Wei-Jun Pan was born in Hubei Province, China, in 1968. He received the M.S. degree in aviation management from RMIT University, Australia. He works CAFUC as a researcher and he is pursuing the Ph.D. degree Sichuan University in computer science. His research interests include air traffic control theory and applications, and computer image process. Zi-Liang Feng was born in Sichuan Province, China, in 1970. He received the Ph.D. degree from the Department of Mathematics, Sichuan University, in 2001. He works as a professor Sichuan University. His research interests include air traffic control systems and image process. Yang Wang born in Sichuan Province, China, in 1982. She received the M.S. degree from Sichuan University in 2007. She works Sichuan University. Her research interests include real-time systems and image process.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback