-
Lessons Learned in ATCO2: 5000 hours of Air Traffic Control Communications for Robust Automatic Speech Recognition and Understanding
Authors:
Juan Zuluaga-Gomez,
Iuliia Nigmatulina,
Amrutha Prasad,
Petr Motlicek,
Driss Khalil,
Srikanth Madikeri,
Allan Tart,
Igor Szoke,
Vincent Lenders,
Mickael Rigault,
Khalid Choukri
Abstract:
Voice communication between air traffic controllers (ATCos) and pilots is critical for ensuring safe and efficient air traffic control (ATC). This task requires high levels of awareness from ATCos and can be tedious and error-prone. Recent attempts have been made to integrate artificial intelligence (AI) into ATC in order to reduce the workload of ATCos. However, the development of data-driven AI…
▽ More
Voice communication between air traffic controllers (ATCos) and pilots is critical for ensuring safe and efficient air traffic control (ATC). This task requires high levels of awareness from ATCos and can be tedious and error-prone. Recent attempts have been made to integrate artificial intelligence (AI) into ATC in order to reduce the workload of ATCos. However, the development of data-driven AI systems for ATC demands large-scale annotated datasets, which are currently lacking in the field. This paper explores the lessons learned from the ATCO2 project, a project that aimed to develop a unique platform to collect and preprocess large amounts of ATC data from airspace in real time. Audio and surveillance data were collected from publicly accessible radio frequency channels with VHF receivers owned by a community of volunteers and later uploaded to Opensky Network servers, which can be considered an "unlimited source" of data. In addition, this paper reviews previous work from ATCO2 partners, including (i) robust automatic speech recognition, (ii) natural language processing, (iii) English language identification of ATC communications, and (iv) the integration of surveillance data such as ADS-B. We believe that the pipeline developed during the ATCO2 project, along with the open-sourcing of its data, will encourage research in the ATC field. A sample of the ATCO2 corpus is available on the following website: https://www.atco2.org/data, while the full corpus can be purchased through ELDA at http://catalog.elra.info/en-us/repository/browse/ELRA-S0484. We demonstrated that ATCO2 is an appropriate dataset to develop ASR engines when little or near to no ATC in-domain data is available. For instance, with the CNN-TDNNf kaldi model, we reached the performance of as low as 17.9% and 24.9% WER on public ATC datasets which is 6.6/7.6% better than "out-of-domain" but supervised CNN-TDNNf model.
△ Less
Submitted 1 May, 2023;
originally announced May 2023.
-
FABRID: Flexible Attestation-Based Routing for Inter-Domain Networks
Authors:
Cyrill Krähenbühl,
Marc Wyss,
David Basin,
Vincent Lenders,
Adrian Perrig,
Martin Strohmeier
Abstract:
In its current state, the Internet does not provide end users with transparency and control regarding on-path forwarding devices. In particular, the lack of network device information reduces the trustworthiness of the forwarding path and prevents end-user applications requiring specific router capabilities from reaching their full potential. Moreover, the inability to influence the traffic's forw…
▽ More
In its current state, the Internet does not provide end users with transparency and control regarding on-path forwarding devices. In particular, the lack of network device information reduces the trustworthiness of the forwarding path and prevents end-user applications requiring specific router capabilities from reaching their full potential. Moreover, the inability to influence the traffic's forwarding path results in applications communicating over undesired routes, while alternative paths with more desirable properties remain unusable.
In this work, we present FABRID, a system that enables applications to forward traffic flexibly, potentially on multiple paths selected to comply with user-defined preferences, where information about forwarding devices is exposed and transparently attested by autonomous systems (ASes). The granularity of this information is chosen by each AS individually, protecting them from leaking sensitive network details, while the secrecy and authenticity of preferences embedded within the users' packets are protected through efficient cryptographic operations. We show the viability of FABRID by deploying it on a global SCION network test bed, and we demonstrate high throughput on commodity hardware.
△ Less
Submitted 10 October, 2023; v1 submitted 6 April, 2023;
originally announced April 2023.
-
Fundamentals of Generative Large Language Models and Perspectives in Cyber-Defense
Authors:
Andrei Kucharavy,
Zachary Schillaci,
Loïc Maréchal,
Maxime Würsch,
Ljiljana Dolamic,
Remi Sabonnadiere,
Dimitri Percia David,
Alain Mermoud,
Vincent Lenders
Abstract:
Generative Language Models gained significant attention in late 2022 / early 2023, notably with the introduction of models refined to act consistently with users' expectations of interactions with AI (conversational models). Arguably the focal point of public attention has been such a refinement of the GPT3 model -- the ChatGPT and its subsequent integration with auxiliary capabilities, including…
▽ More
Generative Language Models gained significant attention in late 2022 / early 2023, notably with the introduction of models refined to act consistently with users' expectations of interactions with AI (conversational models). Arguably the focal point of public attention has been such a refinement of the GPT3 model -- the ChatGPT and its subsequent integration with auxiliary capabilities, including search as part of Microsoft Bing. Despite extensive prior research invested in their development, their performance and applicability to a range of daily tasks remained unclear and niche. However, their wider utilization without a requirement for technical expertise, made in large part possible through conversational fine-tuning, revealed the extent of their true capabilities in a real-world environment. This has garnered both public excitement for their potential applications and concerns about their capabilities and potential malicious uses. This review aims to provide a brief overview of the history, state of the art, and implications of Generative Language Models in terms of their principles, abilities, limitations, and future prospects -- especially in the context of cyber-defense, with a focus on the Swiss operational environment.
△ Less
Submitted 21 March, 2023;
originally announced March 2023.
-
Improving Aircraft Localization: Experiences and Lessons Learned from an Open Competition
Authors:
Martin Strohmeier,
Mauro Leonardi,
Sergei Markochev,
Fabio Ricciato,
Matthias Schäfer,
Vincent Lenders
Abstract:
Knowledge about the exact positioning of aircraft is crucial in many settings. Consequently, the opportunistic and independent localization of aircraft based on their communication has been a longstanding problem and subject of much research. Originating from military settings, the capability to conduct aircraft localization has moved first towards the institutional civil aviation domain and can n…
▽ More
Knowledge about the exact positioning of aircraft is crucial in many settings. Consequently, the opportunistic and independent localization of aircraft based on their communication has been a longstanding problem and subject of much research. Originating from military settings, the capability to conduct aircraft localization has moved first towards the institutional civil aviation domain and can now be undertaken by anyone who has access to multiple cheap software-defined radios. Based on these technological developments, many crowdsourced sensor networks have sprung up, which collect air traffic control data in order to localize aircraft and visualize the airspace. Due to their unplanned and uncontrolled deployment and heterogeneous receiver technology traditional solutions to the Aircraft Localization Problem (ALP) can either not be applied or do not perform in a satisfactory manner. In order to deal with this issue and to find novel approaches to the ALP itself, we have designed and executed a multi-stage open competition, conducted both offline and online.
In this paper, we discuss the setup, experiences, and lessons learned from this Aircraft Localization Competition. We report from a diverse set of technical approaches, comprising 72 participating teams over three stages. The participants reached a localization accuracy of up to 25 meters in a setting with fully GPS-synchronized receivers and 78 meters in a largely unsynchronized receiver setting. These results constitute a significant improvement over the previous baseline used in the OpenSky research network.
We compare the results of the study, discuss the current state of the art, and highlight the areas that, based on our experience from organizing a competition, need to be improved for optimal adoption of the competitive approach for other scenarios.
△ Less
Submitted 6 August, 2022;
originally announced September 2022.
-
Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing
Authors:
Juan R. Trocoso-Pastoriza,
Alain Mermoud,
Romain Bouyé,
Francesco Marino,
Jean-Philippe Bossuat,
Vincent Lenders,
Jean-Pierre Hubaux
Abstract:
Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. However, this activity presents challenges due to the tension between data sharing and confidentiality, that result in information retention often leading to a free-rider problem. Therefore, the information that is shared represents only the tip of the iceberg. Curren…
▽ More
Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. However, this activity presents challenges due to the tension between data sharing and confidentiality, that result in information retention often leading to a free-rider problem. Therefore, the information that is shared represents only the tip of the iceberg. Current literature assumes access to centralized databases containing all the information, but this is not always feasible, due to the aforementioned tension. This results in unbalanced or incomplete datasets, requiring the use of techniques to expand them; we show how these techniques lead to biased results and misleading performance expectations. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise, and demonstrate its use in several practical scenarios, in conjunction with the Malware Information Sharing Platforms (MISP). Policy implications for CTI sharing are presented and discussed. The proposed system relies on an efficient combination of privacy enhancing technologies and federated processing. This lets organizations stay in control of their CTI and minimize the risks of exposure or leakage, while enabling the benefits of sharing, more accurate and representative results, and more effective predictive and preventive defenses.
△ Less
Submitted 6 September, 2022;
originally announced September 2022.
-
From Scattered Sources to Comprehensive Technology Landscape: A Recommendation-based Retrieval Approach
Authors:
Chi Thang Duong,
Dimitri Percia David,
Ljiljana Dolamic,
Alain Mermoud,
Vincent Lenders,
Karl Aberer
Abstract:
Map** the technology landscape is crucial for market actors to take informed investment decisions. However, given the large amount of data on the Web and its subsequent information overload, manually retrieving information is a seemingly ineffective and incomplete approach. In this work, we propose an end-to-end recommendation based retrieval approach to support automatic retrieval of technologi…
▽ More
Map** the technology landscape is crucial for market actors to take informed investment decisions. However, given the large amount of data on the Web and its subsequent information overload, manually retrieving information is a seemingly ineffective and incomplete approach. In this work, we propose an end-to-end recommendation based retrieval approach to support automatic retrieval of technologies and their associated companies from raw Web data. This is a two-task setup involving (i) technology classification of entities extracted from company corpus, and (ii) technology and company retrieval based on classified technologies. Our proposed framework approaches the first task by leveraging DistilBERT which is a state-of-the-art language model. For the retrieval task, we introduce a recommendation-based retrieval technique to simultaneously support retrieving related companies, technologies related to a specific company and companies relevant to a technology. To evaluate these tasks, we also construct a data set that includes company documents and entities extracted from these documents together with company categories and technology labels. Experiments show that our approach is able to return 4 times more relevant companies while outperforming traditional retrieval baseline in retrieving technologies.
△ Less
Submitted 9 December, 2021;
originally announced December 2021.
-
5G System Security Analysis
Authors:
Gerrit Holtrup,
William Lacube,
Dimitri Percia David,
Alain Mermoud,
Gérôme Bovet,
Vincent Lenders
Abstract:
Fifth generation mobile networks (5G) are currently being deployed by mobile operators around the globe. 5G acts as an enabler for various use cases and also improves the security and privacy over 4G and previous network generations. However, as recent security research has revealed, the standard still has security weaknesses that may be exploitable by attackers. In addition, the migration from 4G…
▽ More
Fifth generation mobile networks (5G) are currently being deployed by mobile operators around the globe. 5G acts as an enabler for various use cases and also improves the security and privacy over 4G and previous network generations. However, as recent security research has revealed, the standard still has security weaknesses that may be exploitable by attackers. In addition, the migration from 4G to 5G systems is taking place by first deploying 5G solutions in a non-standalone (NSA) manner where the first step of the 5G deployment is restricted to the new radio aspects of 5G, while the control of the user equipment is still based on 4G protocols, i.e. the core network is still the legacy 4G evolved packet core (EPC) network. As a result, many security vulnerabilities of 4G networks are still present in current 5G deployments. This paper presents a systematic risk analysis of standalone and non-standalone 5G networks. We first describe an overview of the 5G system specification and the new security features of 5G compared to 4G. Then, we define possible threats according to the STRIDE threat classification model and derive a risk matrix based on the likelihood and impact of 12 threat scenarios that affect the radio access and the network core. Finally, we discuss possible mitigations and security controls. Our analysis is generic and does not account for the specifics of particular 5G network vendors or operators. Further work is required to understand the security vulnerabilities and risks of specific 5G implementations and deployments.
△ Less
Submitted 20 August, 2021; v1 submitted 19 August, 2021;
originally announced August 2021.
-
Blockchain in Cyberdefence: A Technology Review from a Swiss Perspective
Authors:
Luca Gambazzi,
Patrick Schaller,
Alain Mermoud,
Vincent Lenders
Abstract:
Since the advent of bitcoin in 2008, the concept of a blockchain has widely spread. Besides crypto currencies and trading activities, there is a wide range of potential application areas where blockchains are providing the main building block for secure solutions. From a technical point of view, a blockchain involves a set of cryptographic primitives to provide a data structure with security and t…
▽ More
Since the advent of bitcoin in 2008, the concept of a blockchain has widely spread. Besides crypto currencies and trading activities, there is a wide range of potential application areas where blockchains are providing the main building block for secure solutions. From a technical point of view, a blockchain involves a set of cryptographic primitives to provide a data structure with security and trust properties. However, a blockchain is not a golden bullet. It may be well suited for some problems, but often an inappropriate data structure for many applications. In this paper, we review the high-level concept of a blockchain and present possible applications in the military field. Our review is targeted to readers with little prior domain knowledge as a support to decide where it makes sense to use a blockchain and where a blockchain might not be the right tool at hand.
△ Less
Submitted 3 March, 2021;
originally announced March 2021.
-
LocaRDS: A Localization Reference Data Set
Authors:
Matthias Schäfer,
Martin Strohmeier,
Mauro Leonardi,
Vincent Lenders
Abstract:
The use of wireless signals for purposes of localization enables a host of applications relating to the determination and verification of the positions of network participants, ranging from radar to satellite navigation. Consequently, it has been a longstanding interest of theoretical and practical research in mobile networks and many solutions have been proposed in the scientific literature. Howe…
▽ More
The use of wireless signals for purposes of localization enables a host of applications relating to the determination and verification of the positions of network participants, ranging from radar to satellite navigation. Consequently, it has been a longstanding interest of theoretical and practical research in mobile networks and many solutions have been proposed in the scientific literature. However, it is hard to assess the performance of these in the real world and, more severely, to compare their advantages and disadvantages in a controlled scientific manner.
With this work, we attempt to improve the current state of the art in localization research and put it on a solid scientific grounding for the future. Concretely, we develop LocaRDS, an open reference dataset of real-world crowdsourced flight data featuring more than 222 million measurements from over 50 million transmissions recorded by 323 sensors. We show how LocaRDS can be used to test, analyze and directly compare different localization techniques and further demonstrate its effectiveness by examining the open question of the aircraft localization problem in crowdsourced sensor networks. Finally, we provide a working reference implementation for the aircraft localization problem and a discussion of possible metrics for use with LocaRDS.
△ Less
Submitted 30 November, 2020;
originally announced December 2020.
-
Understanding Realistic Attacks on Airborne Collision Avoidance Systems
Authors:
Matthew Smith,
Martin Strohmeier,
Vincent Lenders,
Ivan Martinovic
Abstract:
Airborne collision avoidance systems provide an onboard safety net should normal air traffic control procedures fail to keep aircraft separated. These systems are widely deployed and have been constantly refined over the past three decades, usually in response to near misses or mid-air collisions. Recent years have seen security research increasingly focus on aviation, identifying that key wireles…
▽ More
Airborne collision avoidance systems provide an onboard safety net should normal air traffic control procedures fail to keep aircraft separated. These systems are widely deployed and have been constantly refined over the past three decades, usually in response to near misses or mid-air collisions. Recent years have seen security research increasingly focus on aviation, identifying that key wireless links---some of which are used in collision avoidance---are vulnerable to attack. In this paper, we go one step further to understand whether an attacker can remotely trigger false collision avoidance alarms. Primarily considering the next-generation Airborne Collision Avoidance System X (ACAS X), we adopt a modelling approach to extract attacker constraints from technical standards before simulating collision avoidance attacks against standardized ACAS X code. We find that in 44% of cases, an attacker can successfully trigger a collision avoidance alert which on average results in a 590 ft altitude deviation; when the aircraft is at lower altitudes, this success rate rises considerably to 79%. Furthermore, we show how our simulation approach can be used to help defend against attacks by identifying where attackers are most likely to be successful.
△ Less
Submitted 2 October, 2020;
originally announced October 2020.
-
Contact Tracing: An Overview of Technologies and Cyber Risks
Authors:
Franck Legendre,
Mathias Humbert,
Alain Mermoud,
Vincent Lenders
Abstract:
The 2020 COVID-19 pandemic has led to a global lockdown with severe health and economical consequences. As a result, authorities around the globe have expressed their needs for better tools to monitor the spread of the virus and to support human labor. Researchers and technology companies such as Google and Apple have offered to develop such tools in the form of contact tracing applications. The g…
▽ More
The 2020 COVID-19 pandemic has led to a global lockdown with severe health and economical consequences. As a result, authorities around the globe have expressed their needs for better tools to monitor the spread of the virus and to support human labor. Researchers and technology companies such as Google and Apple have offered to develop such tools in the form of contact tracing applications. The goal of these applications is to continuously track people's proximity and to make the smartphone users aware if they have ever been in contact with positively diagnosed people, so that they could self-quarantine and possibly have an infection test. A fundamental challenge with these smartphone-based contact tracing technologies is to ensure the security and privacy of their users. Moving from manual to smartphone-based contact tracing creates new cyber risks that could suddenly affect the entire population. Major risks include for example the abuse of the people's private data by companies and/or authorities, or the spreading of wrong alerts by malicious users in order to force individuals to go into quarantine. In April 2020, the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) was announced with the goal to develop and evaluate secure solutions for European countries. However, after a while, several team members left this consortium and created DP-3T which has led to an international debate among the experts. At this time, it is confusing for the non-expert to follow this debate; this report aims to shed light on the various proposed technologies by providing an objective assessment of the cybersecurity and privacy risks. We first review the state-of-the-art in digital contact tracing technologies and then explore the risk-utility trade-offs of the techniques proposed for COVID-19. We focus specifically on the technologies that are already adopted by certain countries.
△ Less
Submitted 6 July, 2020;
originally announced July 2020.
-
QPEP: A QUIC-Based Approach to Encrypted Performance Enhancing Proxies for High-Latency Satellite Broadband
Authors:
James Pavur,
Martin Strohmeier,
Vincent Lenders,
Ivan Martinovic
Abstract:
Satellite broadband services are critical infrastructures enabling advanced technologies to function in the most remote regions of the globe. However, status-quo services are often unencrypted by default and vulnerable to eavesdrop** attacks. In this paper, we challenge the historical perception that over-the-air security must trade off with TCP performance in high-latency satellite networks due…
▽ More
Satellite broadband services are critical infrastructures enabling advanced technologies to function in the most remote regions of the globe. However, status-quo services are often unencrypted by default and vulnerable to eavesdrop** attacks. In this paper, we challenge the historical perception that over-the-air security must trade off with TCP performance in high-latency satellite networks due to the deep-packet inspection requirements of Performance Enhancing Proxies (PEPs).
After considering why prior work in this area has failed to find wide adoption, we present an open-source encrypted-by-default PEP - QPEP - which seeks to address these issues. QPEP is built around the open QUIC standard and designed so individual customers may adopt it without ISP involvement. QPEP's performance is assessed through simulations in a replicable docker-based testbed. Across many benchmarks and network conditions, QPEP is found to avoid the perceived security-encryption trade-off in PEP design. Compared to unencrypted PEP implementations, QPEP reduces average page load times by more than 30% while also offering over-the-air privacy. Compared to the traditional VPN encryption available to customers today, QPEP more than halves average page load times. Together, these experiments lead to the conclusion that QPEP represents a promising new approach to protecting modern satellite broadband connections.
△ Less
Submitted 12 February, 2020;
originally announced February 2020.
-
Classi-Fly: Inferring Aircraft Categories from Open Data using Machine Learning
Authors:
Martin Strohmeier,
Matthew Smith,
Vincent Lenders,
Ivan Martinovic
Abstract:
In recent years, air traffic communication data has become easy to access, enabling novel research in many fields. Exploiting this new data source, a wide range of applications have emerged, from weather forecasting to stock market prediction, or the collection of information about military and government movements. Typically these applications require knowledge about the metadata of the aircraft,…
▽ More
In recent years, air traffic communication data has become easy to access, enabling novel research in many fields. Exploiting this new data source, a wide range of applications have emerged, from weather forecasting to stock market prediction, or the collection of information about military and government movements. Typically these applications require knowledge about the metadata of the aircraft, specifically its operator and the aircraft category.
armasuisse Science + Technology, the R\&D agency for the Swiss Armed Forces, has been develo** Classi-Fly, a novel approach to obtain metadata about aircraft based on their movement patterns. We validate Classi-Fly using several hundred thousand flights collected through open source means, in conjunction with ground truth from publicly available aircraft registries containing more than two million aircraft. Classi-Fly obtains the correct aircraft category with an accuracy of over 88%, demonstrating that it can improve the meta data necessary for applications working with air traffic communication. Finally, we show that it is feasible to automatically detect specific flights such as police and surveillance missions.
△ Less
Submitted 5 August, 2020; v1 submitted 30 July, 2019;
originally announced August 2019.
-
Safety vs. Security: Attacking Avionic Systems with Humans in the Loop
Authors:
Matthew Smith,
Martin Strohmeier,
Jon Harman,
Vincent Lenders,
Ivan Martinovic
Abstract:
Many wireless communications systems found in aircraft lack standard security mechanisms, leaving them fundamentally vulnerable to attack. With affordable software-defined radios available, a novel threat has emerged, allowing a wide range of attackers to easily interfere with wireless avionic systems. Whilst these vulnerabilities are known, concrete attacks that exploit them are still novel and n…
▽ More
Many wireless communications systems found in aircraft lack standard security mechanisms, leaving them fundamentally vulnerable to attack. With affordable software-defined radios available, a novel threat has emerged, allowing a wide range of attackers to easily interfere with wireless avionic systems. Whilst these vulnerabilities are known, concrete attacks that exploit them are still novel and not yet well understood. This is true in particular with regards to their kinetic impact on the handling of the attacked aircraft and consequently its safety.
To investigate this, we invited 30 Airbus A320 type-rated pilots to fly simulator scenarios in which they were subjected to attacks on their avionics. We implement and analyse novel wireless attacks on three safety-related systems: Traffic Collision Avoidance System (TCAS), Ground Proximity Warning System (GPWS) and the Instrument Landing System (ILS).
We found that all three analysed attack scenarios created significant control impact and cost of disruption through turnarounds, avoidance manoeuvres, and diversions. They further increased workload, distrust in the affected system, and in 38% of cases caused the attacked safety system to be switched off entirely. All pilots felt the scenarios were useful, with 93.3% feeling that simulator training for wireless attacks could be valuable.
△ Less
Submitted 20 May, 2019;
originally announced May 2019.
-
Crowdsourced wireless spectrum anomaly detection
Authors:
Sreeraj Rajendran,
Vincent Lenders,
Wannes Meert,
Sofie Pollin
Abstract:
Automated wireless spectrum monitoring across frequency, time and space will be essential for many future applications. Manual and fine-grained spectrum analysis is becoming impossible because of the large number of measurement locations and complexity of the spectrum use landscape. Detecting unexpected behaviors in the wireless spectrum from the collected data is a crucial part of this automated…
▽ More
Automated wireless spectrum monitoring across frequency, time and space will be essential for many future applications. Manual and fine-grained spectrum analysis is becoming impossible because of the large number of measurement locations and complexity of the spectrum use landscape. Detecting unexpected behaviors in the wireless spectrum from the collected data is a crucial part of this automated monitoring, and the control of detected anomalies is a key functionality to enable interaction between the automated system and the end user. In this paper we look into the wireless spectrum anomaly detection problem for crowdsourced sensors. We first analyze in detail the nature of these anomalies and design effective algorithms to bring the higher dimensional input data to a common feature space across sensors. Anomalies can then be detected as outliers in this feature space. In addition, we investigate the importance of user feedback in the anomaly detection process to improve the performance of unsupervised anomaly detection. Furthermore, schemes for generalizing user feedback across sensors are also developed to close the anomaly detection loop.
△ Less
Submitted 13 March, 2019;
originally announced March 2019.
-
Electrosense+: Crowdsourcing Radio Spectrum Decoding using IoT Receivers
Authors:
Roberto Calvo-Palomino,
Héctor Cordobés,
Markus Engel,
Markus Fuchs,
Pratiksha Jain,
Marc Liechti,
Sreeraj Rajendran,
Matthias Schäfer,
Bertold Van den Bergh,
Sofie Pollin,
Domenico Giustiniano,
Vincent Lenders
Abstract:
Web spectrum monitoring systems based on crowdsourcing have recently gained popularity. These systems are however limited to applications of interest for governamental organizationsor telecom providers, and only provide aggregated information about spectrum statistics. Theresult is that there is a lack of interest for layman users to participate, which limits its widespreaddeployment. We present E…
▽ More
Web spectrum monitoring systems based on crowdsourcing have recently gained popularity. These systems are however limited to applications of interest for governamental organizationsor telecom providers, and only provide aggregated information about spectrum statistics. Theresult is that there is a lack of interest for layman users to participate, which limits its widespreaddeployment. We present Electrosense+ which addresses this challenge and creates a general-purpose and open platform for spectrum monitoring using low-cost, embedded, and software-defined spectrum IoT sensors. Electrosense+ allows users to remotely decode specific parts ofthe radio spectrum. It builds on the centralized architecture of its predecessor, Electrosense, forcontrolling and monitoring the spectrum IoT sensors, but implements a real-time and peer-to-peercommunication system for scalable spectrum data decoding. We propose different mechanismsto incentivize the participation of users for deploying new sensors and keep them operational inthe Electrosense network. As a reward for the user, we propose an incentive accounting systembased on virtual tokens to encourage the participants to host IoT sensors. We present the newElectrosense+ system architecture and evaluate its performance at decoding various wireless sig-nals, including FM radio, AM radio, ADS-B, AIS, LTE, and ACARS.
△ Less
Submitted 11 May, 2020; v1 submitted 29 November, 2018;
originally announced November 2018.
-
Nanosecond-precision Time-of-Arrival Estimation for Aircraft Signals with low-cost SDR Receivers
Authors:
Roberto Calvo-Palomino,
Fabio Ricciato,
Blaz Repas,
Domenico Giustiniano,
Vincent Lenders
Abstract:
Precise Time-of-Arrival (TOA) estimations of aircraft and drone signals are important for a wide set of applications including aircraft/drone tracking, air traffic data verification, or self-localization. Our focus in this work is on TOA estimation methods that can run on low-cost software-defined radio (SDR) receivers, as widely deployed in Mode S / ADS-B crowdsourced sensor networks such as the…
▽ More
Precise Time-of-Arrival (TOA) estimations of aircraft and drone signals are important for a wide set of applications including aircraft/drone tracking, air traffic data verification, or self-localization. Our focus in this work is on TOA estimation methods that can run on low-cost software-defined radio (SDR) receivers, as widely deployed in Mode S / ADS-B crowdsourced sensor networks such as the OpenSky Network. We evaluate experimentally classical TOA estimation methods which are based on a cross-correlation with a reconstructed message template and find that these methods are not optimal for such signals. We propose two alternative methods that provide superior results for real-world Mode S / ADS-B signals captured with low-cost SDR receivers. The best method achieves a standard deviation error of 1.5 ns.
△ Less
Submitted 20 February, 2018;
originally announced February 2018.
-
Distributed Deep Learning Models for Wireless Signal Classification with Low-Cost Spectrum Sensors
Authors:
Sreeraj Rajendran,
Wannes Meert,
Domenico Giustiniano,
Vincent Lenders,
Sofie Pollin
Abstract:
This paper looks into the technology classification problem for a distributed wireless spectrum sensing network. First, a new data-driven model for Automatic Modulation Classification (AMC) based on long short term memory (LSTM) is proposed. The model learns from the time domain amplitude and phase information of the modulation schemes present in the training data without requiring expert features…
▽ More
This paper looks into the technology classification problem for a distributed wireless spectrum sensing network. First, a new data-driven model for Automatic Modulation Classification (AMC) based on long short term memory (LSTM) is proposed. The model learns from the time domain amplitude and phase information of the modulation schemes present in the training data without requiring expert features like higher order cyclic moments. Analyses show that the proposed model yields an average classification accuracy of close to 90% at varying SNR conditions ranging from 0dB to 20dB. Further, we explore the utility of this LSTM model for a variable symbol rate scenario. We show that a LSTM based model can learn good representations of variable length time domain sequences, which is useful in classifying modulation signals with different symbol rates. The achieved accuracy of 75% on an input sample length of 64 for which it was not trained, substantiates the representation power of the model. To reduce the data communication overhead from distributed sensors, the feasibility of classification using averaged magnitude spectrum data, or online classification on the low cost sensors is studied. Furthermore, quantized realizations of the proposed models are analyzed for deployment on sensors with low processing power.
△ Less
Submitted 11 July, 2018; v1 submitted 27 July, 2017;
originally announced July 2017.
-
Analyzing Privacy Breaches in the Aircraft Communications Addressing and Reporting System (ACARS)
Authors:
Matthew Smith,
Daniel Moser,
Martin Strohmeier,
Vincent Lenders,
Ivan Martinovic
Abstract:
The manner in which Aircraft Communications, Addressing and Reporting System (ACARS) is being used has significantly changed over time. Whilst originally used by commercial airliners to track their flights and provide automated timekee** on crew, today it serves as a multi-purpose air-ground data link for many aviation stakeholders including private jet owners, state actors and military. Since A…
▽ More
The manner in which Aircraft Communications, Addressing and Reporting System (ACARS) is being used has significantly changed over time. Whilst originally used by commercial airliners to track their flights and provide automated timekee** on crew, today it serves as a multi-purpose air-ground data link for many aviation stakeholders including private jet owners, state actors and military. Since ACARS messages are still mostly sent in the clear over a wireless channel, any sensitive information sent with ACARS can potentially lead to a privacy breach for users. Naturally, different stakeholders consider different types of data sensitive. In this paper we propose a privacy framework matching aviation stakeholders to a range of sensitive information types and assess the impact for each. Based on more than one million ACARS messages, collected over several months, we then demonstrate that current ACARS usage systematically breaches privacy for all stakeholder groups. We further support our findings with a number of cases of significant privacy issues for each group and analyze the impact of such leaks. While it is well-known that ACARS messages are susceptible to eavesdrop** attacks, this work is the first to quantify the extent and impact of privacy leakage in the real world for the relevant aviation stakeholders.
△ Less
Submitted 19 May, 2017;
originally announced May 2017.
-
Electrosense: Open and Big Spectrum Data
Authors:
Sreeraj Rajendran,
Roberto Calvo-Palomino,
Markus Fuchs,
Bertold Van den Bergh,
Héctor Cordobés,
Domenico Giustiniano,
Sofie Pollin,
Vincent Lenders
Abstract:
While the radio spectrum allocation is well regulated, there is little knowledge about its actual utilization over time and space. This limitation hinders taking effective actions in various applications including cognitive radios, electrosmog monitoring, and law enforcement. We introduce Electrosense, an initiative that seeks a more efficient, safe and reliable monitoring of the electromagnetic s…
▽ More
While the radio spectrum allocation is well regulated, there is little knowledge about its actual utilization over time and space. This limitation hinders taking effective actions in various applications including cognitive radios, electrosmog monitoring, and law enforcement. We introduce Electrosense, an initiative that seeks a more efficient, safe and reliable monitoring of the electromagnetic space by improving the accessibility of spectrum data for the general public. A collaborative spectrum monitoring network is designed that monitors the spectrum at large scale with low-cost spectrum sensing nodes. The large set of data is stored and processed in a big data architecture and provided back to the community with an open spectrum data as a service model, that allows users to build diverse and novel applications with different requirements. We illustrate useful usage scenarios of the Electrosense data.
△ Less
Submitted 31 May, 2018; v1 submitted 29 March, 2017;
originally announced March 2017.
-
A Localization Approach for Crowdsourced Air Traffic Communication Networks
Authors:
Martin Strohmeier,
Vincent Lenders,
Ivan Martinovic
Abstract:
In this work, we argue that current state-of-the-art methods of aircraft localization such as multilateration are insufficient, in particular for modern crowdsourced air traffic networks with random, unplanned deployment geometry. We propose an alternative, a grid-based localization approach using the k-Nearest Neighbor algorithm, to deal with the identified shortcomings. Our proposal does not req…
▽ More
In this work, we argue that current state-of-the-art methods of aircraft localization such as multilateration are insufficient, in particular for modern crowdsourced air traffic networks with random, unplanned deployment geometry. We propose an alternative, a grid-based localization approach using the k-Nearest Neighbor algorithm, to deal with the identified shortcomings. Our proposal does not require any changes to the existing air traffic protocols and transmitters, and is easily implemented using only low-cost, commercial-off-the-shelf hardware.
Using an algebraic multilateration algorithm for comparison, we evaluate our approach using real-world flight data collected with our collaborative sensor network OpenSky. We quantify its effectiveness in terms of aircraft location accuracy, surveillance coverage, and the verification of false position data. Our results show that the grid-based approach can increase the effective air traffic surveillance coverage compared to multilateration by a factor of up to 2.5. As it does not suffer from dilution of precision, it is much more robust in noisy environments and performs better in pre-existing, unplanned receiver deployments.
We further find that the mean aircraft location accuracy can be increased by up to 41% in comparison with multilateration while also being able to pinpoint the origin of potential spoofing attacks conducted from the ground.
△ Less
Submitted 21 October, 2016;
originally announced October 2016.
-
On Perception and Reality in Wireless Air Traffic Communications Security
Authors:
Martin Strohmeier,
Matthias Schäfer,
Rui Pinheiro,
Vincent Lenders,
Ivan Martinovic
Abstract:
More than a dozen wireless technologies are used by air traffic communication systems during different flight phases. From a conceptual perspective, all of them are insecure as security was never part of their design. Recent contributions from academic and hacking communities have exploited this inherent vulnerability to demonstrate attacks on some of these technologies. However, not all of these…
▽ More
More than a dozen wireless technologies are used by air traffic communication systems during different flight phases. From a conceptual perspective, all of them are insecure as security was never part of their design. Recent contributions from academic and hacking communities have exploited this inherent vulnerability to demonstrate attacks on some of these technologies. However, not all of these contributions have resonated widely within aviation circles. At the same time, the security community lacks certain aviation domain knowledge, preventing aviation authorities from giving credence to their findings.
In this paper, we aim to reconcile the view of the security community and the perspective of aviation professionals concerning the safety of air traffic communication technologies. To achieve this, we first provide a systematization of the applications of wireless technologies upon which civil aviation relies. Based on these applications, we comprehensively analyze vulnerabilities, attacks, and countermeasures. We categorize the existing research on countermeasures into approaches that are applicable in the short term and research of secure new technologies deployable in the long term.
Since not all of the required aviation knowledge is codified in academic publications, we additionally examine existing aviation standards and survey 242 international aviation experts. Besides their domain knowledge, we also analyze the awareness of members of the aviation community concerning the security of wireless systems and collect their expert opinions on the potential impact of concrete attack scenarios using these technologies.
△ Less
Submitted 24 October, 2016; v1 submitted 28 February, 2016;
originally announced February 2016.
-
An Analytical Model of Packet Collisions in IEEE 802.15.4 Wireless Networks
Authors:
Matthias Wilhelm,
Vincent Lenders,
Jens B. Schmitt
Abstract:
Numerous studies showed that concurrent transmissions can boost wireless network performance despite collisions. While these works provide empirical evidence that concurrent transmissions may be received reliably, existing signal capture models only partially explain the root causes of this phenomenon. We present a comprehensive mathematical model that reveals the reasons and provides insights on…
▽ More
Numerous studies showed that concurrent transmissions can boost wireless network performance despite collisions. While these works provide empirical evidence that concurrent transmissions may be received reliably, existing signal capture models only partially explain the root causes of this phenomenon. We present a comprehensive mathematical model that reveals the reasons and provides insights on the key parameters affecting the performance of MSK-modulated transmissions. A major contribution is a closed-form derivation of the receiver bit decision variable for arbitrary numbers of colliding signals and constellations of power ratios, timing offsets, and carrier phase offsets. We systematically explore the root causes for successful packet delivery under concurrent transmissions across the whole parameter space of the model. We confirm the capture threshold behavior observed in previous studies but also reveal new insights relevant for the design of optimal protocols: We identify capture zones depending not only on the signal power ratio but also on time and phase offsets.
△ Less
Submitted 18 August, 2014; v1 submitted 19 September, 2013;
originally announced September 2013.
-
On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Authors:
Martin Strohmeier,
Vincent Lenders,
Ivan Martinovic
Abstract:
Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in…
▽ More
Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching.
This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.
△ Less
Submitted 15 April, 2014; v1 submitted 13 July, 2013;
originally announced July 2013.
-
Air Dominance in Sensor Networks: Guarding Sensor Motes using Selective Interference
Authors:
Matthias Wilhelm,
Ivan Martinovic,
Jens B. Schmitt,
Vincent Lenders
Abstract:
Securing wireless sensor networks (WSNs) is a hard problem. In particular, network access control is notoriously difficult to achieve due to the inherent broadcast characteristics of wireless communications: an attacker can easily target any node in its transmission range and affect large parts of a sensor network simultaneously. In this paper, we therefore propose a distributed guardian system to…
▽ More
Securing wireless sensor networks (WSNs) is a hard problem. In particular, network access control is notoriously difficult to achieve due to the inherent broadcast characteristics of wireless communications: an attacker can easily target any node in its transmission range and affect large parts of a sensor network simultaneously. In this paper, we therefore propose a distributed guardian system to protect a WSN based on physically regulating channel access by means of selective interference. The guardians are deployed alongside a sensor network, inspecting all local traffic, classifying packets based on their content, and destroying any malicious packet while still on the air. In that sense, the system tries to gain "air dominance" over attackers. A key challenge in implementing the guardian system is the resulting real-time requirement in order to classify and destroy packets during transmission. We present a USRP2 software radio based guardian implementation for IEEE 802.15.4 that meets this challenge; using an FPGA-based design we can even check for the content of the very last payload byte of a packet and still prevent its reception by a potential victim mote. Our evaluation shows that the guardians effectively block 99.9% of unauthorized traffic in 802.15.4 networks in our experiments, without disturbing the legitimate operations of the WSN.
△ Less
Submitted 17 May, 2013;
originally announced May 2013.