S2EV-Analog Voice with enhanced Safety and Security

Johannes Prinz, Miodrag Sajatovic, FREQUENTIS GmbH, Vienna, Austria

Horst Hering, EUROCONTROL Research Centre, Bretigny, France

1

Abstract

Air Traffic Control is a tactical operation. Aircraft are primarily controlled using voice commands via Radio-Telephony (R/T). Analogue DSB-AM technology still is the sole means for controller-pilot exchanges today. There are many reasons why this technology will survive the next decades. However, deficiencies especially in respect to security put a significant burden on maintaining DSB-AM technology deployment.

This paper will introduce two technical approaches to add digital information to the A/G voice transmissions enhancing safety and security of the exchange. The first approach, data-in-voice (DiV) uses in-band modem technology; the second, watermarking technology. Both technologies are capable of transmitting digital information integrated with voice without affecting audio quality perceived by the operator or the pilot. Additionally these technologies are transparent to the existing infrastructure and thus do not require changes to the existing radios.

S2EV concept allows both parties to receive identification information embedded in the transmitted voice, substantially reducing the risk of call sign misunderstanding or providing deliberate false information (phantom pilot, phantom controller).

Introduction

This paper briefly describes the current R/T communications solution and introduces the Safety and Security Enhanced Voice (S²EV) concept within the boundaries of the legacy analogue ATC radio system.

Furthermore, it describes two separate base-band technologies – Data in Voice (DiV) and Aircraft Identification Tag (AIT) – which are together used in support of the S²EV concept.

Finally, it addresses several possible applications, as well as some implementation and operational issues of the S²EV system.

Current ATC VHF R/T System

Very High Frequency (VHF) R/T system as used today for the Air Traffic Control (ATC) is based on analogue DSB-AM transmission technique. As communications security was not considered during the system design (it has been developed in 40’s), today’s R/T system is still completely open to different security treats, in particular spoofing (phantom controllers pretend to be authorized system users) and spamming (intentional jamming the ATC frequency).

Today, there is an increasing demand for secure aeronautical communications. Unfortunately, almost all modern security mechanisms rely upon digital techniques and there is currently no possibility to exchange any digital information between the pilot and controller within the existing voice system.

With the time, the aeronautical community came up with the demand for the air-ground data link. The industry responded by developing the Aircraft Communications Addressing and Reporting System (ACARS ). An important feature of ACARS is that it does not require changes to the airborne or ground radios: VHF subnetwork of the ACARS system uses “voice grade” analogue aeronautical radios and adds an external in-band MSK modem in order to achieve end-to-end data link functionality.

The whole concept was very successful, today’s ACARS population comprises thousands of aircraft and continues to grow on the voluntary basis, particularly due to the fact that the necessary infrastructure is affordable to both Airlines and ground communications providers.

On the contrary, the acceptance of the VHF Data Link (VDL) that requires completely new avionics and ground radio equipment remained very limited in the past, in spite of its apparent technological and operational advantages over ACARS data link. Finally, VDL may even (LINK2000+) require a mandate to become operationally available at least a regional scale.

This leads to the conclusion that the aeronautical community seems to be extremely sensitive to the cost-benefit performance of any new concept and generally more open to the concepts that provide clear operational benefits with acceptable cost requirements.

The VDL history has shown that the international standardisation and validation of new radio technologies requires many years. The driving idea behind the concepts described in this paper was to provide safety and security enhancements within the existing radio communications system, keeping the necessary modifications restricted to the base-band (Audio Frequency, AF).

The costs of the proposed changes in the AF part of the communications system should not be underestimated, but could still be low enough to justify safety and security benefits generated by the concept.

Safety and Security Enhanced Voice (S²EV) Concept

Authors believe that adding new "digital" features to the legacy analogue system is a feasible way to significantly improve its safety and security. Technically, this can be done by implementing a combination of Data in Voice (DiV) in-band modem and Aircraft Identification Tag (AIT) watermarking technologies within existing voice AF (Audio Frequency) base-band channels. The corresponding concept is called Safety and Security Enhanced Voice (S²EV).

Basically, S²EV concept comprises two separate communications services: digital messaging capability and digital watermarking service.

By combining these services, two distinct information containers are hooked onto the voice message. One of them (DiV in-band modem) could e.g. be used for identification purposes, while another one (AIT watermarking technology) may serve as the security channel, supporting the authentication of information and the keys management. Other combinations are possible as well.

AIT is based on spread spectrum digital watermarking technology (that is also used for protecting commercial audio and graphic information). The watermark information is spread over the audio bandwidth and adaptively masked by the audio signal. The resulting low-level spread-spectrum signal is very robust (can be detected even if its level is below the receiver noise floor), thus providing a very high security protection level.

DiV on the other side is an in-band modem technology, providing more data throughput (128 bits) per message than AIT (currently 12…36 bits). It is therefore perfectly applicable for exchanging safety related information and provides e.g. a mean for exchanging call signs and other short digital information.

AIT and DiV systems have been designed independently, but with limited knowledge about each other. Both systems are orthogonal to each other (can be operated without undesired mutual interference).

Both systems have some other important commonalities:

  • System architecture is very similar
    (Figure 1)
  • No changes of aircraft- or the ATC radios are required
  • Operation is possible with 8.33 kHz DSB-AM radios
  • Add-on in the AF area is required at both sides of the communications chain (DSP patch, could be shared by both systems)
  • Data transmission is triggered by the PTT transmitter keying signal
  • Each data transmission is time-limited to the maximum of about one second at the beginning of the voice message
  • In the most cases users will not notice data transmissions
  • Data transmissions introduce no changes of the duty-cycle on the R/T channel
  • Both methods include inherent data integrity mechanisms (FEC, CRC)
  • It may be feasible to implement S²EV modulator components in the aircraft as a part of the headset without supplementary connections (depending on transmitted data)

Figure 1: S2EV Architecture

S²EV is primarily seen as an enhancement of the voice communications system, it cannot provide general data link functionality and is therefore not directly comparable with VDL Modes 2, 3 and 4.

DiV Technology

In-band messaging [1] uses the fact that dedicated parts of the voice spectrum can be removed without noticeable effect on the voice intelligibility. ATC community uses this method for the PTT keying of the radios at the remote radio site.

DiV extends this method between the ground and airborne radio. As the avionics standards [3] discourage the effective use of AF frequencies above 2500 Hz, it is essential to place the in-band modem in the middle of the AF band. DiV uses the 300 Hz sub-band centred around 2040 Hz frequency that is often used for ground PTT signalling. By this way, it remains compatible with 8.33 kHz DSB-AM system with reduced audio bandwidth.

The MSK modem provides about 240 bps raw signalling speed, sufficient to broadcast a short data message at the beginning of each R/T voice message. The in-band data transmission is intentionally slightly delayed with respect to the PTT event to allow for the stabilisation of the transmitter's RF (Radio Frequency) signal and the DSB-AM receiver's AGC (Automatic Gain Control) loop.

The radio transmitter remains keyed for the minimum time of one second even if the pilot has pressed and immediately released the PTT key. Having completed the DiV transmission, the system reverts to the “normal” voice-only operation. As only band-reject filters appear on the voice path, excess voice delay introduced by the DiV system can be made very low. Received DiV message can be presented to the user within one second after the transmitting party activated the PTT key.

The audio frequency signal with “embedded” in-band data signal is shown in Figure 2.

Figure 2: Audio Frequency Signal With In-Band Modem Signal

In order to fulfil application data integrity requirements, 24 bit CRC (Cyclic Redundancy Check) and 48 bits FEC (Forward Error Correction) are implemented. Effective user’s payload is 128 bits of information.

AIT Technology

Watermarking AIT (Aircraft Identification Tag) technology [2] utilizes physiological and psychological effects to add digital information into an existing information package in a way that can not be recognized by a human ear by using masking effects in the frequency domain and hiding effects in the time domain. Figure 3 shows the masking effect of strong frequency components (red) with respect to weaker watermark signal components (blue) below a masking threshold. A very important capability of is the robustness against various external influences, including the adverse effects of the radio channel.

Figure 3: Watermark masking by strong signals

AIT uses a spread spectrum approach. The energy of the embedded digital signal is spread over the available audio bandwidth of about 2,8-3 kHz (dependent on whether 8.33 kHz or 25 kHz DSB-AM system is used).

The signal-to-watermark ratio (SWR, power level of the embedded watermark signal relative to the power of the voice signal) is configurable between -12 and -28 dB. This means that in some cases (low-noise RF channel) SNR of the ATC voice channel is slightly reduced. Adjusted SWR remains nearly constant in time, as the level of the watermark signal follows the changes of the voice signal.

Based on LPC-analysis (Linear Predictive Coding), the audio spectrum is assessed once every 20ms and the resulting estimates are used to modify the parameters of the watermarking generation. Thus the watermarking signal is dynamically adapted to the voice signal. This further reduces the added noise level and increases the throughput capacity for a given noise level. At the receiver, the spectrum is equalized with whitening filter (also based on LPC).

Figure 4: AIT spread spectrum principle

Matched-filters with 1440 Taps are used to synchronize the receiver and exactly determine the position of the watermark within the set of samples. The synchronization sequence consists of 18bit Maximum Length Pseudo Random Sequence (ML-PRS) at the beginning of the message.

As the level of the watermark signal is almost always deep below the voice signal level, errors are very likely and are handled with appropriate mechanisms. The data word size (raw data) of 80 bits/second (100…150 bits/s possible) contains in a typical configuration 12 user bits, 18 bits for synchronization and 50 bits for error correction (FEC – Forward Error Correction) using BCH-type codes.

In order to remain orthogonal with the DiV system, the AIT system can be configured to exclude about 300 Hz of spectrum centered at 2040 Hz.

S2EV Services

Talker Identification

With S²EV, an aircraft transmits its Flight ID as in-band data with each pilot's voice message. The ground ATM system receives downlinked S²EV messages and can easily validate received Flight IDs against flight plan and other available data. Additionally, the voice communications system indicates to the controller which user is currently active on the R/T channel [2].

No pilot’s action or the change of the current procedures is required. The controller uses the Flight IDs provided by the S²EV system at his own discretion. However it seems clear that any supplementary redundancy to the verbal aircraft identification will increase ATC safety and even may decrease controller’s workload caused by verbal aircraft identification ambiguities.

Security Application

AIT part of the S²EV package lends itself as a vehicle for the implementation of the end-to-end security mechanisms (e.g. user authentication via watermarking). This offers a possibility to create a “security envelope” for both the voice message and the associated S²EV message. The S²EV system could support both the exchanges of “security-hardened” payload and security keys themselves.

Further Applications

The S²EV system could enable many other interesting services within the existing analogue voice communications system like digital annotation of the next sector frequency to the pilot, digital downlink of emergency alerts or requests for some specific ground system’s response (e.g. runway lighting, on-demand ATIS update).

S2EV Implementation Aspects

In this section, we discuss the mutual impact of the S²EV system and the legacy features of the voice system.

Although the S²EV can be deployed without changing the existing aeronautical analogue radios, it still requires additional functional blocks in the area of audio processing. These must be implemented both within the airborne and the ground infrastructure.

In principle, the S²EV system can be implemented as downlink-only, providing aircraft information to the ground system, or in a symmetrical way, allowing for bi-directional information exchanges.

Moreover, S²EV system should not interfere with existing operational voice practices.

Airborne Architectural Choices

Within avionics, the S²EV end-system (being mainly the DSP) must be implemented somewhere between the pilot’s voice interface and the analogue airborne radio(s). Some of possible options will be briefly discussed here.

One apparent choice is the pilot’s headset itself, however in the most cases the headset connection does not allow to “import” the PTT key status that in turn is essential for the functioning of the S²EV system. The PTT problem may be circumvented by triggering the airborne S²EV system directly by detecting the raising edge of the voice signal (as used for VOX - Voice-Operated Transmit – mode of operation).

As the incoming/outgoing voice signals in the cockpit are “conferenced”, S²EV embedded signals would always be present (and even recorded-) in all pilot’s onboard voice communications, including pilot’s announcements to the cabin crew or even passengers. As the wired local voice channel may be of significantly better quality (lower noise) than the RF channel, it is even more important to keep embedded signal levels as low as possible.

Another possible option is to integrate the S²EV functionality into the cockpit intercom equipment (its interface towards onboard radios).

Ground Implementation Options

On the ground, the digital S²EV information should be inserted/extracted somewhere between the (digital-) Voice Communications System (VCS) and the (analogue-) ground ATC radio. Preferably, it would be implemented in the (digital part of the-) VCS radio interface. The VCS producers already master the DSP (Digital Signal Processing) and ground in-band transmission techniques. It may be expected that integrating S²EV ground sub-system and the facilities required for the ground transmission of very limited amount of S²EV data would not be a real challenge.

Two common situations are where ground ATC radios are local to the VCS and where radios are remote to the VCS (connected via landlines).

In the first case, it would be easy to integrate an S²EV end-system within the VCS radio interface, as the (wired-) PTT signaling would not interfere with S²EV functions.

In the second case, there is typically a kind of Remote Control Equipment (RCE) between the VCS and remote radios and in-band signaling is normally used for conveying PTT signal. As long as the RCE (often case in USA) uses frequencies above 2,7 kHz, it could be transparently used by the S²EV end system implemented within the VCS interface (there would be no need for a separate data exchange between the radio site and the VCS, however a 300 Hz “notch” would appear within audio spectrum, centered at 2040 Hz).

If the RCE used the frequency of 2040 Hz for PTT signaling, the RCE equipment could be modified to support combined PTT/ S²EV operation. Alternatively, the on-site RCE part alone could be adapted to implement S²EV functions and separate them from the ground-ground PTT signaling, using a separate dedicated way for the exchange of (small amount of-) S²EV data between the radio site and the VCS.

In all cases, it is important to extract the digital information prior to submitting the downlinked voice to the (VCS) Best Receiver Selection function, as it may during the selection process corrupt important parts of the received digital information blocks or even destroy the whole information.

Similarly, in the re-broadcast scenario (coupled ATC sectors/frequencies), downlinked digital data should be extracted (and optionally replaced by the uplink data-) from the voice information prior to the uplink re-transmission on other VHF frequencies belonging to the coupled frequency chain.

Each ATSP (Air Traffic Service Provider) would have a freedom to select the best option from his point of view.

Operational Aspects

Both S²EV components – DiV and AIT – normally do not produce noticeable interference in the properly equipped S²EV end system.