Air transportation systems with e-enabled aircraft and networked technologies, such as Automated Dependent Surveillance Broadcast (ADS-B), are data communications systems developed to assist in reducing traffic congestion and air traffic control inefficiencies by enabling exchange of precise surveillance data in shared airspace. e-Enabled aircraft means an aircraft with advanced computing, sensing, control, and communications. An e-Enabled aircraft is capable of communicating in a global information network, e.g., as a network node. In broadcasting air traffic beacons in an ADS-B protocol or format, an aircraft discloses an authentic digital identity as well as a highly accurate position and spatial information, e.g., velocity, intent, and other data associated with the aircraft. ADS-B communications are broadcast periodically in traffic beacons, e.g., one or two times per second. ADS-B broadcast traffic beacons can perform traffic control tasks while ensuring liability or traceability of the associated aircraft in the shared networked airspace. Periodic traffic beacons may be detected by unauthorized entities over a range of up to 100 miles or more from the source of ADS-B broadcasts. Thus traffic beacons may be received by unauthorized entities, e.g., an adversary, and used to obtain unique identifiers of communicating aircraft as well as record position trajectories of uniquely identifiable aircraft.
In the airborne IP network, a major privacy threat is from the location estimation of communicating aircraft based on their radio signal properties. Location tracking can invade aircraft operator privacy in unanticipated ways, since private aircraft may be used to visit places of political, business or personal interest. Location trajectories of a private aircraft, when correlated with other information databases such as geographic maps and business or political developments, can help in the identification of places visited by the aircraft as well as inference of travel intent of the user. Furthermore, location history of an aircraft over time can lead to profiling of the user's personal preferences and interests.
The default identifier in an ADS-B broadcast from an aircraft may be, e.g., a permanent 24-bit address of the aircraft as defined by the ICAO (International Civil Aviation Organization). An aircraft in an uncontrolled airspace, operating under visual flight rules (VFR), or instrument flight rules (IFR) may use an anonymous identifier in ADS-B broadcast. An aircraft flight control system may compute a random identifier to generate a 24-bit anonymous identifier for an aircraft. The aircraft flight control system computes the anonymous identifier as a function of a random quantity, e.g., a location or a time of use of anonymous identifier, or a combination thereof, and the ICAO identifier. Air traffic controllers on the ground know the ICAO address of the aircraft and can verify ADS-B broadcasts from the aircraft, e.g., to establish liability in airspace for emergency events.
Privacy-enhancing technologies which provide confidentiality, such as cryptographic encryption, can also mitigate privacy risks by controlling access to sensitive or personal data in aircraft messages. Such solutions require a cryptographic key to be shared between each aircraft and all the air traffic controllers on the ground.
There is a need for mitigating location tracking based on ADS-B messages from aircraft, rather than existing solutions which focus on anonymity of ADS-B messages. There is also a need to consider the presence of unauthorized or external entities that may passively eavesdrop on air traffic communications and track the source of communications.