Ahsan Saleem (University of Jyväskylä, Finland), Andrei Costin (University of Jyväskylä, Finland), Hannu Turtiainen (University of Jyväskylä, Finland), Timo Hämäläinen (University of Jyväskylä, Finland)

COSPAS-SARSAT is a satellite radio location system for aviation, maritime, and land travellers designed to aid search and rescue (SAR) services in distress. This system effectively detects, processes, and relays distress signals, facilitating prompt responses from SAR services. However, COSPAS-SARSAT 406 MHz protocols, both from an architectural and implementation point of view, exhibit fundamental cybersecurity weaknesses that make them an easy target for potential attackers. The two fundamental flaws of these protocols are the lack of digital signatures (i.e., integrity and authenticity) and encryption (i.e., confidentiality and privacy). The risks associated with these and other weaknesses have been repeatedly demonstrated by ethical cybersecurity researchers.

In this paper, we first present an overview of the insecure design of COSPAS-SARSAT messaging protocols. Subsequently, we propose a lightweight ECDSA message integrity and authenticity scheme that works seamlessly for COSPAS-SARSAT 406 MHz protocols. We propose that the scheme can be added as a backward-compatible software-only upgrade to existing systems without requiring expensive architectural redesign, upgrades, and retrofitting. The preliminary implementation, tests, and results from the lab show that our scheme is effective and efficient in adding message authenticity and integrity and represents a promising applied research direction for a low-cost, potentially backward-compatible upgrade for already deployed and operational systems.

View More Papers

COSPAS Search and Rescue Satellite Uplink: A MAC-Based Security...

Syed Khandker (New York University Abu Dhabi), Krzysztof Jurczok (Amateur Radio Operator), Christina Pöpper (New York University Abu Dhabi)

Read More

Decentralized Information-Flow Control for ROS2

Nishit V. Pandya (Indian Institute of Science Bangalore), Himanshu Kumar (Indian Institute of Science Bangalore), Gokulnath M. Pillai (Indian Institute of Science Bangalore), Vinod Ganapathy (Indian Institute of Science Bangalore)

Read More

Why People Still Fall for Phishing Emails: An Empirical...

Asangi Jayatilaka (Centre for Research on Engineering Software Technologies (CREST), The University of Adelaide, School of Computing Technologies, RMIT University), Nalin Asanka Gamagedara Arachchilage (School of Computer Science, The University of Auckland), M. Ali Babar (Centre for Research on Engineering Software Technologies (CREST), The University of Adelaide)

Read More

WIP: An Adaptive High Frequency Removal Attack to Bypass...

Yuki Hayakawa (Keio University), Takami Sato (University of California, Irvine), Ryo Suzuki, Kazuma Ikeda, Ozora Sako, Rokuto Nagata (Keio University), Qi Alfred Chen (University of California, Irvine), Kentaro Yoshioka (Keio University)

Read More