The present application is generally related to prediction of opportunities to enhance privacy of an aircraft flight path.
Air transportation systems with e-enabled aircraft and networked technologies, such as Automated Dependent Surveillance Broadcast (ADS-B), are data communications systems developed to assist in reducing air traffic congestion and air traffic control inefficiencies by enabling exchange of precise aircraft surveillance data in shared airspaces. An e-enabled aircraft means an aircraft with advanced computing, sensing, control, and communications. An e-enabled aircraft is capable of communicating in a global information network, e.g., as a network node. ADS-B protocol requires each aircraft to periodically broadcast air traffic beacons, as frequent as one or two times per second. Each beacon from an aircraft contains an authentic digital identity of the aircraft as well as highly accurate surveillance data, e.g., position, altitude, velocity, time, intent, and other spatial data currently associated with the aircraft. Air traffic beacons can inform air traffic control tasks while ensuring liability or traceability of the associated aircraft in the shared networked airspace. These air traffic beacons are in plaintext and can be received by anyone located up to 100 miles or more from the source of ADS-B broadcasts. Thus traffic beacons from aircraft may be misused by unauthorized entities, e.g., an adversary, and used to obtain unique identifiers of communicating aircraft as well as track in real-time the positions of these uniquely identifiable aircraft and record all position trajectories of these aircraft.
In the airborne IP network, a major threat to flight privacy is from the location estimation of communicating aircraft based on their transmission radio signal properties as well as position data available from aircraft originating messages such as ADS-B beacons. Location tracking can invade aircraft operator privacy in unanticipated ways, since private aircraft may be used to visit places of political, business or personal interest. Location trajectories of a private aircraft, when correlated with other information databases such as geographic maps and business or political developments, can help in the identification of places visited by the aircraft as well as inference of travel intent of the user. Furthermore, location history of an aircraft over time can lead to profiling of the user's personal preferences and interests.
The default identifier in an ADS-B beacon from an aircraft may be, e.g., a permanent 24-bit address of the aircraft as defined by the ICAO (International Civil Aviation Organization). An aircraft in an uncontrolled airspace, operating under visual flight rules (VFR), or instrument flight rules (IFR) may use an anonymous identifier in ADS-B broadcast. An aircraft flight control system may compute a random identifier to generate a 24-bit anonymous identifier for an aircraft. The aircraft flight control system computes the anonymous identifier as a function of a random quantity, e.g., a location or a time of use of anonymous identifier, or a combination thereof, and the ICAO identifier. Air traffic controllers on the ground know the ICAO address of the aircraft and can verify ADS-B broadcasts from the aircraft, e.g., to establish liability in airspace for emergency events. Various methods of updating aircraft identifiers are described in U.S. Pat. No. 8,248,294, by Sampigethaya, et al.
Privacy-enhancing technologies which provide confidentiality, such as cryptographic encryption, can also mitigate privacy risks by controlling access to sensitive or personal data in aircraft messages. Such solutions require a cryptographic key to be shared between each aircraft and all the air traffic controllers on the ground.