CABBA: Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B

TL;DR

CABBA tackles ADS-B spoofing by fusing TESLA-based authenticated broadcast with phase-overlay modulation and PKI, all while preserving the 1090ES bandwidth and backward compatibility. The approach leverages a TESLA key-disclosure delay and enhanced I/Q modulation to transmit security data alongside standard ADS-B payload, with a novel packet taxonomy (A,B1,B2,C) and certificates delivered in Type C packets. SDR-based backward-compatibility experiments with GA and commercial receivers, plus BER and COR analyses on real ADS-B traffic, show CABBA incurs minimal overhead (often below a few percent) and maintains acceptable error rates for Eb/No values above 14–15 dB, supporting coexistence with legacy equipment. The work demonstrates practical viability for incremental CABBA deployment and outlines PKI challenges and safety considerations, offering a concrete path toward a secure, scalable, and standards-aligned ADS-B security augmentation.

Abstract

The Automatic Dependent Surveillance-Broadcast (ADS-B) is a surveillance technology that mandated in many airspaces. It improves safety, increases efficiency and reduces air traffic congestion by broadcasting aircraft navigation data. Yet, ADS-B is vulnerable to spoofing attacks as it lacks mechanisms to ensure the integrity and authenticity of the data being supplied. None of the existing cryptographic solutions fully meet the backward compatibility and bandwidth preservation requirements of the standard. Hence, we propose the Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B (CABBA), an improved approach that integrates TESLA, phase-overlay modulation techniques and certificate-based PKI. As a result, entity authentication, data origin authentication, and data integrity are the security services that CABBA offers. To assess compliance with the standard, we designed an SDR-based implementation of CABBA and performed backward compatibility tests on commercial and general aviation (GA) ADS-B in receivers. Besides, we calculated the 1090ES band's activity factor and analyzed the channel occupancy rate according to ITU-R SM.2256-1 recommendation. Also, we performed a bit error rate analysis of CABBA messages. The results suggest that CABBA is backward compatible, does not incur significant communication overhead, and has an error rate that is acceptable for Eb/No values above 14 dB.

Figures (10)

• Figure 1: Block diagram for the use of phase overlay method to add more data to a 1090ES message, as explained in the patents EP2661039B1US20100079329A1. To perform an SDR-based implementation using an I-Q modulator at the input of the transmitting antenna and an I-Q demodulator at the output of the receiving antenna is the most practical way to proceed. In this way, the 1090ES message is conveyed in the in-phase (I) component of the carrier and the additional data in its quadrature (Q) component.
• Figure 2: Structure of the Type A packets in CABBA. The ADS-B message $m$ encoded in the in-phase component $P_{A-I}$ (in this example an airborne position report) and the security data $\sigma$ in the quadrature component $P_{A-Q}$. These two logical packets are then used to generate the in-phase and quadrature signal components $S_{A-I}$ and $S_{A-Q}$ of the RF signal to be transmitted $S_{A}$.
• Figure 3: Structure of Type B1 and B2 packets, conveying only the authentication key or the authentication key and its signature, respectively.
• Figure 4: Structure of Type C packets. They contain the public key $K_{pub}$ of the aircraft and the signature of said key $\text{sig}_{K_{prCA}}(K_{pub})$. These packets are then used to generate the transmitted signal $S_C$.
• Figure 5: State diagram illustrating the authentication process for ADS-B messages on the receiver side.