The National Airspace System (NAS) includes the airspace, navigation facilities and airports of the United States, along with their associated information, services, rules, regulations, policies, procedures, personnel and equipment. These NAS components may be shared among private, commercial, and military aviation. Manned aircraft and unmanned aircraft systems (UAS) (sometimes referred to as unmanned aerial systems (UAS), unmanned aerial vehicles (UAV), and remotely piloted aircraft (RPA)) may operate in the NAS under control of Federal Aviation Administration (FAA) regulations. For manned aircraft, the FAA may require pilots to monitor the surrounding airspace for possible intruding aircraft and act to avoid a collision (sometimes referred to as detect-and-avoid (DAA)). For many UAS to be permitted in the NAS, the FAA requires the UAS be capable of a level of safety (Equivalent Level of Safety (ELOS)) equivalent to the detect-and-avoid requirements for manned aircraft. In effect, the UAS is required to operate to the same safety standards as a manned aircraft on instrument flight rules (IFR). Hobbyist UAS may be exempt from ELOS requirements provided the hobbyist UAS weighs less than a specified amount, is flown in line-of-sight of the UAS operator, and is flown below a specified altitude.
A manned aircraft flight through the NAS typically begins and ends at an airport; the airport may be controlled (by a tower) or uncontrolled. On departure, the aircraft may operate in one of five of the six airspace classes (based in part on altitude) with different flight rules for each airspace class. For example, depending on the airspace class and flight conditions, communication between pilots and controllers may be required. While Operation of an aircraft is the responsibility of the pilot, air traffic controllers (ATC) may give instructions for sequencing and safety as needed. After a controlled flight becomes airborne, control passes from the tower ATC who authorized the takeoff to a Terminal Radar Approach Control (TRACON). Between sectors administered by TRACONs are 21 contiguous areas of the NAS above 18,000 feet (class A airspace). Each of the 21 areas is managed by an Air Route Traffic Control Center (ARTCC), and generally referred to as a “Center,” that provide control functions. The ARTCCs manage more than 690 ATC facilities with associated systems and equipment to provide radar and communication services to aircraft transiting the NAS. An aircraft is handed off from one Center to another until the aircraft descends near its destination, when control is transferred to the TRACON serving the destination, and ultimately to the tower ATC serving the destination airport. Some airports have no TRACON around them, and control goes directly to or from a Center. Some flights are low enough and short enough that control is kept within one or more TRACONs without ever being passed to Center.
The NAS is transitioning to a Next Generation Air Transportation System (“NextGen” system), a feature of which involves non-radar surveillance of aircraft that are equipped with GPS satellite-based navigation systems, and that continuously broadcast their location. Receivers integrated into the air traffic control system or installed aboard other aircraft may receive the broadcast signals to provide an accurate depiction of real-time aviation traffic, both in the air and on the ground. This feature, known as ADS-B (automatic dependent surveillance-broadcast) is intended to provide not only enhanced aircraft separation, but also to allow pilots to use more precise and efficient landing paths, saving time and fuel. The FAA has mandated partial implementation of ADS-B by 2020.
Thus, one benefit of ADS-B may be improved situational awareness: through its broadcast signals, ADS-B may enhance safety by making an aircraft “visible,” in real-time, to air traffic control and to other appropriately equipped ADS-B aircraft. However, ADS-B also provides traffic- and government-generated graphical weather information and other data through TIS-B and FIS-B. Traffic Information Services-Broadcast, (TIS-B), is a component of the ADS-B technology that provides free traffic reporting services to aircraft equipped with ADS-B receivers. TIS-B allows non-ADS-B transponder equipped aircraft that are tracked by radar to have their location and track information broadcast to ADS-B equipped aircraft. Flight Information Services-Broadcast (FIS-B), also is a component of ADS-B technology that provides free graphical National Weather Service products, temporary flight restrictions (TFRs), and special use airspace information enabling pilots to increase levels of safety in the cockpit and on the ground.
ADS-B consists of two different services, ADS-B Out and ADS-B In. ADS-B Out periodically broadcasts aircraft information, such as identification (e.g., through an aircraft call sign), current position, altitude, and velocity, for example. ADS-B In refers to the reception by aircraft ADS-B data including broadcasts from nearby aircraft as well as graphical weather data (from FIS-B and TIS-B). ADS-B Out relies on two avionics components—a high-integrity GPS navigation source and a datalink (ADS-B unit). There are several types of certified ADS-B data links, the most common of which operate at 1090 MHz, essentially a modified Mode S transponder, or at 978 MHz. (Mode S or mode “select,” is a way to interrogate a specific aircraft by using a distinct address, such as an aircraft address, to which only the specific aircraft will respond. In addition to an aircraft identification signal, the Mode S transponder may provide other useful flight information.) Thus, to achieve ADS-B Out capability at 1090 MHz, an aircraft need only have installed an appropriate transponder and a certified GPS position source.
Two aspects of ADS-B operations may be of concern to general, commercial, and military aviation entities; namely (1) a lack of anonymity and (2) a lack of encryption, which may compromise manned and unmanned aircraft security. One aspect of ADS-B is that its operation may remove anonymity for aircraft observing visual flight rule (VFR) aircraft operations. This is because the International Civil Aviation Organization (ICAO) specifically assigns a unique 24-bit transponder code to each aircraft to allow monitoring of that aircraft when within the service volumes of the Mode-S/ADS-B system. Thus, unlike Mode A/C transponders, there is no code “1200”/“7000” to provide casual anonymity (for example, for a VFR flight, 1200 is the standard transponder code used in the NAS when no other code has been assigned). Mode-S/ADS-B identifies the aircraft uniquely among all aircraft in the world, in a manner similar to that of a MAC number for an Ethernet card or the International Mobile Equipment Identity (IMEI) of a GSM phone. Another aspect of the ADS-B broadcast of aircraft data is that the broadcast occurs over unencrypted data links. This means that the content of ADS-B broadcasts can be read by anybody who has the ability to use relatively simple receiving equipment such as a software defined radio to access the ADS-B broadcast.
A method for securing flight operations of an unmanned aerial system (UAS) includes a processor receiving a flight operation for a UAS, the flight operation defining a UAS flight profile; and the processor, based on a designation of the flight operation as sensitive, controlling an automatic dependent surveillance-broadcast (ADS-B) transponder on the UAS to broadcast a dummy aircraft identification different from an ICAO-assigned transponder code, and dummy airframe information during at least a portion of the flight operation.
A computer-implemented method for securing unmanned aerial system (UAS) operations includes receiving a UAS flight plan for a UAS and a UAS operation, the UAS operation including a flight profile and flight path for the UAS; determining a type for the UAS operation is sensitive; assigning a dummy UAS identification for the UAS; generating dummy airframe information for the UAS; and causing the UAS to broadcast the dummy UAS identification and the dummy airframe information with an automatic dependent surveillance-broadcast signal during at least a portion of the UAS operation.
A system for securing unmanned aerial system (UAS) operations includes multiple, geographically-separated processors. Each processor executes machine instructions encoded on a non-transitory, computer-readable storage media. The processors cooperate to receive a UAS flight plan for a UAS and a UAS operation, the UAS operation including a flight profile and flight path for the UAS; determine a type for the UAS operation is sensitive; assign dummy UAS identification for the UAS; generate dummy airframe information for the UAS. A selected one of the processors executes to identify flight conditions for the UAS in the flight profile, identify UAS flight characteristics of the UAS for the identified flight conditions, compare the UAS flight characteristics to flight characteristics for multiple aircraft under flight conditions similar to the identified flight conditions, select an aircraft having flight characteristics that are a closest match to the UAS flight characteristics as a basis for the dummy airframe information, and generate the dummy airframe information using the selected aircraft flight characteristics; and cause an automatic dependent surveillance-broadcast (ADS-B) transponder on the UAS to broadcast the dummy UAS identification and the dummy airframe information with an ADS-B signal during at least a portion of the UAS operation.
A non-transitory, computer-readable storage medium has encoded thereon machine instructions executable by a processor for securing unmanned aerial system (UAS) operations. The processor executes the machine instructions to receive a UAS flight plan for a UAS and a UAS operation, the UAS operation including a flight profile and flight path for the UAS; determine a type for the UAS operation is sensitive; assign dummy UAS identification for the UAS; generate dummy airframe information for the UAS; and cause the UAS to broadcast the dummy UAS identification and the dummy airframe information with an automatic dependent surveillance-broadcast signal during at least a portion of the UAS operation.
The detailed description refers to the following figures in which like numerals refer to like objects, and in which:
Many aircraft operating in the National Airspace System (NAS) use Automated Dependent Surveillance-Broadcast (ADS-B) systems to reduce the risk of in-flight collisions. The systems may include an ADS-B transponder that broadcasts and ADS-B Out signal. The broadcast signal may be received by air traffic controllers and aircraft equipped with ADS-B receivers. The broadcast signals also may be received by any party with a properly-configured receiver. The ADS-B message broadcasts GPS position (latitude, longitude), pressure, altitude, and a unique, ICAO-assigned, transponder code, as well as track and ground speed (separated into messages carrying 10 bytes of data each). The transponder code may be used to unambiguously identify the carrying aircraft. In addition, other of this information may be sensitive. However, ADS-B messages are not encrypted and thus intercepted ADS-B messages may be read by any intercepting party. For example, hobbyist software defined radio (SDR) users can, with little expense or expertise, cross-reference the ADS-B transmissions they receive to FAA public registration data. With this technique widely available, anyone can use this real-time data to acquire sensitive flight information and to identify the broadcasting aircraft. Thus, some entities operating in the NAS may be concerned that an intercepted ADS-B Out signal may be used to exploit sensitive flight information related to a specific aircraft (manned or unmanned). Accordingly, while the FAA has mandated incorporation of ADS-B capabilities for increased NAS safety and efficiency, some entities may not be able to provide a desired level of security for its aircraft when adopting ADS-B.
This potential lack of security with ADS-B transmissions also may be of concern to users of unmanned aircraft systems (UASs), and may present a major obstacle to overcome in terms of security in order to benefit from ADS-B. For example, some UAS users may employ encrypted Mode 5 communication to eliminate vulnerabilities, but encryption and ADS-B as currently used are mutually exclusive. Therefore, these UAS users must meet ADS-B equipage requirements to fly in the NAS, creating a conflict with their desire for secure communications. Another option might include leveraging TIS-B and FIS-B services, which are free and available, and which may provide comprehensive NAS data. However, these services may not be available via RF broadcast to a UAS ground control station when a UAS and its ground control station are widely separated. This means that the UAS would have to use onboard signal down-links from a satellite to the UAS ground control station; this process is bandwidth-intensive and increases latency of all signal transmissions. Furthermore, small UAS may not have the capability of relaying local traffic broadcasts due to onboard equipment limitations. For example, a UAS flying over Oklahoma may receive a local ADS-R signal from the Oklahoma City TIS-B transceiver. However, the UAS operator flying the UAS may be located in Seattle, Wash. The TIS-B transmission of Oklahoma City local traffic is well out of range of the Seattle ground control station. The UAS could use the satellite data link but adding traffic services to this data link adds latency and slows down other higher priority data.
Thus, implementation of ADS-B provides, on the one hand, enhanced flight awareness, but on the other hand, exposes certain aircraft to security vulnerabilities. To provide secure, enhanced flight awareness, disclosed herein is a system, and corresponding method, for UAS modernization for avoidance and detection (UMAD) leverages systems and services currently available in the NAS. In particular, the UMAD system addresses the problem associated with ADS-B implementation on UASs. The UMAD provides the ability to display UAS traffic to a UAS operator regardless of the UAS operator's location, and the ability to secure ADS-B information for sensitive flight operations.
Turning to
As further shown in
The ground control station 20 likely is beyond line of sight (BLOS) of the UAS 30. The ground control station 20 includes VHF transceiver 25, UMAD 120, and satellite transceiver 23. The satellite transceiver 23 may be used for BLOS command and control, as shown in
In
As noted above, the ADS-B signal 32 may be received by local ATC 40, which is in the same NAS region as UAS 30. The ADS-B signal 32 also may be received at a UMAD 100-equipped entity such as the ground control station 20 when the ground control station 20 is within LOS range of the UAS 30. In an aspect, UMADs 120 and 140 may receive real-time data transmitting over 1090 MHz ES (Elementary Surveillance), 978 MHz UAT (universal access transceiver) (for TIS-B, ADS-R) frequencies through Mode C or S signal communication equipment (Mode S is discussed above; Mode C refers to a transponder that provides an aircraft identification signal and aircraft altitude (actually pressure). Mode 5 refers to a cryptographically secured version of Mode S and ADS-B GPS position.) The UMAD 140 provides local traffic information 46 from TIS-B and FIS-B at ATC 40 to the ground control station 20 through landline 45. Additionally, the local ATC 40 may provide ADS-R signal 47 through landline 45 to ground control station 20. As an alternative to landline 45, the local ATC 40 and ground control 20 may communicate by other means such as by satellite communications. UMADs 120 and 140 may use the identification data that is broadcast by the UAS transponder 34 to identify the UAS 30 and to “see” or “lookup” the actual aircraft specifications (size, type, airworthiness, certifications, etc.) and performance capabilities of the UAS 30.
In an aspect, UAS 30 may engage in three mission types, namely, non-secure, sensitive, and covert. For non-secure missions, the UMAD 100 may not generate dummy aircraft information, and the ADS-B signal from ADS-B transponder 34 may include the actual UAS identification and actual UAS airframe information. For sensitive operations, the UMAD 100 may generate dummy aircraft information, which then is transmitted with the ADS-B signal 32. Note that for either non-secure and sensitive mission types, the X transponder 35 may broadcast actual UAS 30 identification; however, the X transponder signal 33 may be encrypted.
As a specific example, the UAS 30 may be a military UAS performing an air refueling mission in the NAS within a high traffic region with manned and unmanned flights. UMAD 130 provides dummy airframe information and a dummy aircraft identification for broadcast by ADS-B transponder 34 during the air refueling mission. Aircraft 50 operating in the vicinity of UAS 30 receives the ADS-B signal 32, which indicates to the cockpit crew of aircraft 50 that the broadcasting aircraft (the UAS 30) is a small civil aircraft having characteristics closely matching those of UAS 30. The ATC 40 receives the same ADS-B signal 32 and uses UMAD 140 to determine the actual aircraft is UAS 30. Because the UAS 30 operator 21 would benefit from access to ADS-B data related to other aircraft in the vicinity of UAS 30, UMAD 140 cooperates with components of the local ATC 40 to feed direct traffic information 47 from the local Traffic Information Service-Broadcast (TIS-B) and Flight Information Service (FIS-B) to the UAS ground control station 20 even though the ground control station 20 may be located hundreds of miles from the UAS 30.
In an aspect, the UMADs 120, 130, and 140 form a system for securing unmanned aerial system (UAS) operations using multiple, geographically-separated processors. Each processor executes machine instructions encoded on a non-transitory, computer-readable storage media. The processors cooperate to receive a UAS flight plan for a UAS and a UAS operation, the UAS operation including a flight profile and flight path for the UAS; determine a type for the UAS operation is sensitive; assign dummy UAS identification for the UAS; generate dummy airframe information for the UAS. A selected one of the processors executes to identify flight conditions for the UAS in the flight profile, identify UAS flight characteristics of the UAS for the identified flight conditions, compare the UAS flight characteristics to flight characteristics for multiple aircraft under flight conditions similar to the identified flight conditions, select an aircraft having flight characteristics that are a closest match to the UAS flight characteristics as a basis for the dummy airframe information, and generate the dummy airframe information using the selected aircraft flight characteristics; and cause an automatic dependent surveillance-broadcast (ADS-B) transponder on the UAS to broadcast the dummy UAS identification and the dummy airframe information with an ADS-B signal during at least a portion of the UAS operation.
In
In another UMAD embodiment, shown in
In the embodiment of
UMAD program 300 interacts with several external systems or components shown in
Since the traffic environment at the UAS location is dynamic, the communication intercept and processing module 320 processes various UAS-related data as the data are received to ensure minimal data latency between TIS-B stations (e.g., at ATC 40) and UAS operator 21. These data may include dummy airframe information transmitted with ADS-N signal 32 and TIS-B data for other aircraft in the vicinity of UAS-30.
Mission classification module 340 receives a mission type designation, which may be included with the UAS's flight plan, or may be separately provided, and determines whether to invoke dummy aircraft identification processes. In an example, UAS 30 may be assigned a non-secure, sensitive, or covert mission type. In an embodiment, only sensitive type missions use dummy aircraft information. Thus, for non-secure mission types, the ADS-B transponder 34 broadcasts an ADS-B message that includes the ICAO-assigned identification of the UAS 30. For sensitive missions, the ADS-B transponder 34 is provided dummy aircraft information including a dummy aircraft identification, which secures the identity of the UAS 30. Covert mission types may involve special use airspace and may not require public or ATC involvement. However, when flying a covert mission, the UAS operator 21 may file a special flight plan and UMAD 100 may follow high-security information dissemination procedures used for sensitive missions as disclosed herein, but in collaboration with a specialized covert mission flight plan. To successfully perform these functions, the module 340 may implement an efficient cryptographic algorithm solution to assign mission-sensitive UAS-unique identifier data and implements databases 301 for managing two potential sets of information for a given UAS operation (actual vs dummy data). In managing a potentially large data volume, UMAD program 300 ensure data integrity is maintained to make data validation and traceability to the actual UAS 30 is feasible.
The dummy data generator module 350 generates dummy aircraft identification and dummy airframe information for the UAS 30 when the UAS is assigned to sensitive flight operations. However, the module 350 stores the actual UAS ID regardless of the flight or mission type. To further secure military identification, the module 350 generates mock civil UAS data that closely matches the performance profile of the operating UAS-30. The UAS operator 21 and ATC 40 personnel will have access to both sets of aircraft identifications for their own system automation and usage, while the UMAD 130 causes the transponder 34 to transmit only the dummy aircraft identification to civil/public entities.
The data output module 360 provides information generated during operation of the UMADs 120, 130, and 140 without negatively impacting current traffic information systems or ATC. An aspect of operation of the module 360 is the dissemination of actual identification information to NAS authorities who require it, including the local ATCs in the NAS region in which the UAS 30 operates.
The data management module 370 implements and manages database(s) 301, which store flight plan information for current flight operations, actual UAS-30 characteristics and performance data, the ICAO-assigned transponder code, and dummy aircraft information generated for the current flight operations. The database(s) 301 further may store civil aircraft data that components of the UMAD program may access and use to generate dummy airframe information.
In block 415, the UMAD program 300 determines the mission type(s). If the mission type throughout the flight is either non-secure or covert, the operation 400 moves to block 430. If the mission type is sensitive (for all or part of the flight operations), the operation 400 moves to block 420.
In block 420, the UMAD program 300 provides a dummy aircraft identification (e.g., a dummy ADS-B transponder code) to be broadcast by the ADS-B transponder 34 as a component of ADS-B signal 32. The UMAD program 300 also provides dummy airframe information to be broadcast by the ADS-B transponder 34 as another component of the ADS-B signal 32. In an aspect, the UMAD program 300 may generate dummy airframe information that corresponds to airframe information for an actual aircraft that could follow the received flight plan. For example, if an appropriately sized civil aircraft could execute the flight plan, the UMAD program 300 may provide the airframe information for the civil aircraft as the dummy airframe information. In this way, the broadcast ADS-B signal 32 will provide accurate data for other civil aircraft operating in the same NAS region(s) as the UAS 30.
In block 430, the flight plan and other information (e.g., the actual ADS-B transponder code) for the UAS 30 is provided to local ATCs. Next, in block 435, the UMAD program determines if the mission type is non-secure, sensitive, or covert. For non-secure and covert mission types, the operation 400 moves to block 437 and ends. For sensitive mission types, the operation moves to block 440. In block 440 additional information such as dummy aircraft information generated by the UMAD program 300 may be provided to the local ATCs.
In block 450, the ground control station 20 provides command and control of UAS 30 using satellite link 22.
In block 460, the local ground control station 20 receives ADS-R information from local ATCs in regions in which the UAS 30 operates.
In block 470, the ground control station 20 continues to monitor and control operation of the UAS 30 using the ADS-R information from the ATC 40. As an aspect of the operations of block 470, the ground control station 20 may monitor the dummy aircraft identification provided in the ADS-B signal 32 (sent to the ground control station 20 by the local ATC 40) to ensure the UAS is able remain “undetectable” by entities that do not possess a copy of the UMAD program 300. As another aspect of the operation of block 470, the local ground control station 20 may override operation of the UMAD program 300 installed on UAS 30.
In an embodiment of
Certain of the devices shown in the Figures include a computing system. The computing system includes a processor (CPU) and a system bus that couples various system components including a system memory such as read only memory (ROM) and random access memory (RAM), to the processor. Other system memory may be available for use as well. The computing system may include more than one processor or a group or cluster of computing system networked together to provide greater processing capability. The system bus may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. A basic input/output (BIOS) stored in the ROM or the like, may provide basic routines that help to transfer information between elements within the computing system, such as during start-up. The computing system further includes data stores, which maintain a database according to known database management systems. The data stores may be embodied in many forms, such as a hard disk drive, a magnetic disk drive, an optical disk drive, tape drive, or another type of computer readable media which can store data that are accessible by the processor, such as magnetic cassettes, flash memory cards, digital versatile disks, cartridges, random access memories (RAM) and, read only memory (ROM). The data stores may be connected to the system bus by a drive interface. The data stores provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the computing system.
To enable human (and in some instances, machine) user interaction, the computing system may include an input device, such as a microphone for speech and audio, a touch sensitive screen for gesture or graphical input, keyboard, mouse, motion input, and so forth. An output device can include one or more of a number of output mechanisms. In some instances, multimodal systems enable a user to provide multiple types of input to communicate with the computing system. A communications interface generally enables the computing device system to communicate with one or more other computing devices using various communication and network protocols.
The preceding disclosure refers to flowcharts and accompanying descriptions to illustrate the embodiments represented in
Embodiments disclosed herein can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the herein disclosed structures and their equivalents. Some embodiments can be implemented as one or more computer programs, i.e., one or more modules of computer program instructions, encoded on computer storage medium for execution by one or more processors. A computer storage medium can be, or can be included in, a computer-readable storage device, a computer-readable storage substrate, or a random or serial access memory. The computer storage medium can also be, or can be included in, one or more separate physical components or media such as multiple CDs, disks, or other storage devices. The computer readable storage medium does not include a transitory signal.
The herein disclosed methods can be implemented as operations performed by a processor on data stored on one or more computer-readable storage devices or received from other sources.
A computer program (also known as a program, module, engine, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, declarative or procedural languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, object, or other unit suitable for use in a computing environment. A computer program may, but need not, correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.
Number | Name | Date | Kind |
---|---|---|---|
8248294 | Sampigethaya | Aug 2012 | B2 |
20110057830 | Sampigethaya | Mar 2011 | A1 |
20140327564 | Sampigethaya | Nov 2014 | A1 |
20170278409 | Johnson | Sep 2017 | A1 |
20180003656 | Michini | Jan 2018 | A1 |
20180222582 | Ohata | Aug 2018 | A1 |