To get started playing the simulator with ADS-B attacks, please follow the instructions called "Developer Quick Start" to start the simulator locally on your computer. The first extension was built by Anton Blåberg & Gustav Lindahl as a bachelor thesis work at Linköping University in 2020 and can be found on this repository: https://github.com/joakimthorn96/openScopeAttacks. The second extension provides new types of attacks and was implemented by Eleonora Mancini & Riccardo Cestaro for a university project in Padua. First and second extensions are available in this repository.
Below are described all the attacks implemented in the first and second extension.
For the first extension:
- Non-responsive aircraft: this attack affects the communication between aircraft and ATCs, therefore the aircraft are no longer able to respond to commands issued by the ATCs.
- Jumping aircraft: simulates a message modification attack in which the adversary modifies the longitudinal and latitudinal coordinates. In this way, the aircraft will ”jump” to another location. After the jump, the aircraft will continue to send modified messages with a different position, until it reaches its destination (which is still the original one).
- Aircraft displaying false information: another message modification attack in which the adversary spoofs the velocity and altitude. Differently from the previous one, in this attack the fake messages are not continuous, the aircraft can also send authentic messages in between the fake ones.
- Aircraft standing still: in this attack the longitudinal and latitudinal coordinates will no longer change and the velocity will be set to 0, making the aircraft standing still.
For the second extension:
- Virtual Trajectory Modification: is an attack that in a real case scenario would be performed using the message modification technique; in this simulation instead we altered the trajectory of the aircraft by changing its heading field. The amount of changes on this value is random, but within a certain predetermined limit. The aircraft affected by this attack changes its heading many times through time, at random intervals.
- False Alarm Attack: to simulate the False Alarm Attack (or Virtual Aircraft Hijacking) the aircraft's transponder code field was altered. When an aircraft is affected by this attack, the transponder code is replaced with an emergency code, chosen at random. The original squawk code is saved in order to be restored when the attack is over.
- Aircraft Spoofing: in the original Aircraft Spoofing attack the adversary modifies the aircraft's ICAO 24-bit address to carry out the attack. However, the OpenScope simulator does not assign this address to the planes, therefore, to simulate the aircraft spoofing, we used its unique id, which is present on the simulator. We changed this field in order to make it correspond to the id of another aircraft, while the original one is saved in order to be restored when the attack is over.
- Ghost Injection Attack: in the real world, the Ghost Injection Attack is performed by injecting fabricated ADS-B messages on the same frequency as the legitimate ones, making non-existing aircraft appear on the radar: to simulate this, we generated a set of ghost aircraft, i.e. fake planes created with random altitude, callsign, heading, speed and transponder code, and added them to the simulator. The number of random temporary aircraft can be chosen by the user. Consequently the user can delete them using the apposite option on the GUI.
- Message Delay Attack: the aircraft affected by this attack send ADS-B messages with a lower frequency than normal. In a real case scenario this could be obtained by the adversary by deleting some of the ADS-B messages that the aircraft broadcasts. In the simulation though, this is obtained by saving tuples only when the number of updates modulo n is zero, where n is the delay rate that can be chosen in the GUI. This value ranges from skipping only one message up to skipping 70 of them.
Also, for the second extension we implement the possibility to choose a specific aircraft to attack since before aircraft are chosen according to a distribution.
The guide is pretty similar to the original OpenScope.
Prerequisites: In order to successfully complete this quick start, you will need to have the following installed locally:
- Git: sudo apt install git
- Nodejs: sudo apt-get install -y nodejs npm
To install and run OpenScope-sec run the following commands:
git clone https://github.com/RiccardoCestaro/OpenScope-sec.gitcd OpenScope-secnpm installnpm run buildnpm run start
Once that finishes doing its thing, you should see something close to the following in the terminal:
> node ./public/assets/scripts/server/index.js
Listening on PORT 3003You should now be able to play with the simulator by opening a browser (Google Chrome is recommended) and connecting at the following address:
localhost:3003
However, since Google Chrome updates very often there may be the necessity to update the Chrome driver.
To do so, you can download it at the following link: https://chromedriver.chromium.org/downloads, and place/overwrite it in the chromedriver_linux64.
Note that the Chrome drivers must match your Google Chrome version.
Eleonora Mancini ([email protected])
Riccardo Cestaro ([email protected])
Federico Turrin ([email protected])
We are members of SPRITZ Security and Privacy Research Group at University of Padua, Italy.
Are you using OpenScope-sec in your research work? Please, cite us:
@inproceedings{cestaro2023openscope,
title={OpenScope-sec: An ADS-B Simulator to Support the Security Research},
author={Cestaro, Riccardo and Conti, Mauro and Mancini, Elonora and Turrin, Federico},
booktitle={Proceedings of the 18th International Conference on Availability, Reliability and Security},
pages={1--6},
year={2023}
}