Ahsan Saleem (University of Jyväskylä, Finland), Andrei Costin (University of Jyväskylä, Finland), Hannu Turtiainen (University of Jyväskylä, Finland), Timo Hämäläinen (University of Jyväskylä, Finland)

COSPAS-SARSAT is a satellite radio location system for aviation, maritime, and land travellers designed to aid search and rescue (SAR) services in distress. This system effectively detects, processes, and relays distress signals, facilitating prompt responses from SAR services. However, COSPAS-SARSAT 406 MHz protocols, both from an architectural and implementation point of view, exhibit fundamental cybersecurity weaknesses that make them an easy target for potential attackers. The two fundamental flaws of these protocols are the lack of digital signatures (i.e., integrity and authenticity) and encryption (i.e., confidentiality and privacy). The risks associated with these and other weaknesses have been repeatedly demonstrated by ethical cybersecurity researchers.

In this paper, we first present an overview of the insecure design of COSPAS-SARSAT messaging protocols. Subsequently, we propose a lightweight ECDSA message integrity and authenticity scheme that works seamlessly for COSPAS-SARSAT 406 MHz protocols. We propose that the scheme can be added as a backward-compatible software-only upgrade to existing systems without requiring expensive architectural redesign, upgrades, and retrofitting. The preliminary implementation, tests, and results from the lab show that our scheme is effective and efficient in adding message authenticity and integrity and represents a promising applied research direction for a low-cost, potentially backward-compatible upgrade for already deployed and operational systems.

View More Papers

An Experimental Study on Attacking Homogeneous Averaging Processes via...

Olsan Ozbay (Dept. ECE, University of Maryland), Yuntao Liu (ISR, University of Maryland), Ankur Srivastava (Dept. ECE, ISR, University of Maryland)

Read More

QPEP in the Real World: A Testbed for Secure...

Julian Huwyler (ETH Zurich), James Pavur (University of Oxford), Giorgio Tresoldi and Martin Strohmeier (Cyber-Defence Campus) Presenter: Martin Strohmeier

Read More

Decentralized Information-Flow Control for ROS2

Nishit V. Pandya (Indian Institute of Science Bangalore), Himanshu Kumar (Indian Institute of Science Bangalore), Gokulnath M. Pillai (Indian Institute of Science Bangalore), Vinod Ganapathy (Indian Institute of Science Bangalore)

Read More

IRRedicator: Pruning IRR with RPKI-Valid BGP Insights

Minhyeok Kang (Seoul National University), Weitong Li (Virginia Tech), Roland van Rijswijk-Deij (University of Twente), Ted "Taekyoung" Kwon (Seoul National University), Taejoong Chung (Virginia Tech)

Read More