Ahsan Saleem (University of Jyväskylä, Finland), Andrei Costin (University of Jyväskylä, Finland), Hannu Turtiainen (University of Jyväskylä, Finland), Timo Hämäläinen (University of Jyväskylä, Finland)

COSPAS-SARSAT is a satellite radio location system for aviation, maritime, and land travellers designed to aid search and rescue (SAR) services in distress. This system effectively detects, processes, and relays distress signals, facilitating prompt responses from SAR services. However, COSPAS-SARSAT 406 MHz protocols, both from an architectural and implementation point of view, exhibit fundamental cybersecurity weaknesses that make them an easy target for potential attackers. The two fundamental flaws of these protocols are the lack of digital signatures (i.e., integrity and authenticity) and encryption (i.e., confidentiality and privacy). The risks associated with these and other weaknesses have been repeatedly demonstrated by ethical cybersecurity researchers.

In this paper, we first present an overview of the insecure design of COSPAS-SARSAT messaging protocols. Subsequently, we propose a lightweight ECDSA message integrity and authenticity scheme that works seamlessly for COSPAS-SARSAT 406 MHz protocols. We propose that the scheme can be added as a backward-compatible software-only upgrade to existing systems without requiring expensive architectural redesign, upgrades, and retrofitting. The preliminary implementation, tests, and results from the lab show that our scheme is effective and efficient in adding message authenticity and integrity and represents a promising applied research direction for a low-cost, potentially backward-compatible upgrade for already deployed and operational systems.

View More Papers

K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits...

Zhengchuan Liang (UC Riverside), Xiaochen Zou (UC Riverside), Chengyu Song (UC Riverside), Zhiyun Qian (UC Riverside)

Read More

Cybersecurity of COSPAS-SARSAT and EPIRB: threat and attacker models,...

Andrei Costin, Hannu Turtiainen, Syed Khandkher and Timo Hamalainen (Faculty of Information Technology, University of Jyvaskyla, Finland) Presenter: Andrei Costin

Read More

Maginot Line: Assessing a New Cross-app Threat to PII-as-Factor...

Fannv He (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China), Yan Jia (DISSec, College of Cyber Science, Nankai University, China), Jiayu Zhao (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China), Yue Fang (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China),…

Read More

TextGuard: Provable Defense against Backdoor Attacks on Text Classification

Hengzhi Pei (UIUC), Jinyuan Jia (UIUC, Penn State), Wenbo Guo (UC Berkeley, Purdue University), Bo Li (UIUC), Dawn Song (UC Berkeley)

Read More