Formal Security Verification of the Station-to-Station based Cell-attachment Procedure of LDACS

Abstract

Aeronautical communications systems are currently undergoing a modernization process. Analogue legacy systems shall be replaced with modern digital alternatives, offering higher bandwidth, increasing capacity and paving the way for Unmanned Aeronautical Vehicles (UAVs). One modern candidate technology is the L-band Digital Aeronautical Communications System (LDACS), enabling long-range safety-critical digital communications between aircraft and ground. As with any modern wireless communications system, LDACS is prone to cyber-attacks. These issues were addressed in former research, where a secure cell-attachment procedure for LDACS, based on a modified Station to Station (STS) Mutual Authentication and Key Establishment (MAKE) protocol, was proposed. However, as of now, its security has not been proven. The contribution of this paper is the formal verification of the executability and security of the LDACS cell-attachment procedure using the symbolic model checker Tamarin. The achieved results proved that the suggested cell-attachment procedure for LDACS is workable and enables secure communication between aircraft and ground.