Ahsan Saleem (University of Jyväskylä, Finland), Andrei Costin (University of Jyväskylä, Finland), Hannu Turtiainen (University of Jyväskylä, Finland), Timo Hämäläinen (University of Jyväskylä, Finland)

COSPAS-SARSAT is a satellite radio location system for aviation, maritime, and land travellers designed to aid search and rescue (SAR) services in distress. This system effectively detects, processes, and relays distress signals, facilitating prompt responses from SAR services. However, COSPAS-SARSAT 406 MHz protocols, both from an architectural and implementation point of view, exhibit fundamental cybersecurity weaknesses that make them an easy target for potential attackers. The two fundamental flaws of these protocols are the lack of digital signatures (i.e., integrity and authenticity) and encryption (i.e., confidentiality and privacy). The risks associated with these and other weaknesses have been repeatedly demonstrated by ethical cybersecurity researchers.

In this paper, we first present an overview of the insecure design of COSPAS-SARSAT messaging protocols. Subsequently, we propose a lightweight ECDSA message integrity and authenticity scheme that works seamlessly for COSPAS-SARSAT 406 MHz protocols. We propose that the scheme can be added as a backward-compatible software-only upgrade to existing systems without requiring expensive architectural redesign, upgrades, and retrofitting. The preliminary implementation, tests, and results from the lab show that our scheme is effective and efficient in adding message authenticity and integrity and represents a promising applied research direction for a low-cost, potentially backward-compatible upgrade for already deployed and operational systems.

View More Papers

VETEOS: Statically Vetting EOSIO Contracts for the “Groundhog Day”...

Levi Taiji Li (University of Utah), Ningyu He (Peking University), Haoyu Wang (Huazhong University of Science and Technology), Mu Zhang (University of Utah)

Read More

More Lightweight, yet Stronger: Revisiting OSCORE’s Replay Protection

Konrad-Felix Krentz (Uppsala University), Thiemo Voigt (Uppsala University, RISE Computer Science)

Read More

Transpose Attack: Stealing Datasets with Bidirectional Training

Guy Amit (Ben-Gurion University), Moshe Levy (Ben-Gurion University), Yisroel Mirsky (Ben-Gurion University)

Read More