Efﬁcient anonymous authentication scheme for automatic dependent surveillance-broadcast system with batch veriﬁcation

Automatic Dependent Surveillance-Broadcast (ADS-B) system provides signiﬁcant improvements in air trafﬁc control system such as optimal routing in non-radar environments with a new level of safety and efﬁciency. The ADS-B system is being installed in many aircrafts in recent year. The ADS-B equipped aircraft broadcasts the air traf-ﬁc information to nearby aircraft and ground stations either once or twice per second. Because of the open channel communication atmosphere, the ADS-B system is affected by many security attacks. Many authentication and batch veriﬁcation schemes are available to provide data integrity and source authentication for the ADS-B system. But they are suffering from computational overhead and communication overhead. Hence, an efﬁ-cient anonymous authentication scheme is proposed for the ADS-B system with batch veriﬁcation based on Message Recovery Signature (MRS). The security and performance analysis section ensure that the proposed scheme provides essential security features with less computational and communication overhead comparison with the other existing schemes.


INTRODUCTION
In recent years, air transport has become very dynamic and developing constantly. Due to the development of space technology, travel comfort, and the increase in population, most people prefer air travel. To meet this requirement, currently, there are 1303 and more organized airlines, around 31,717 aircrafts in service, airports are increased to 3759 and air navigation service providers have become 170. It connects all the parts of the world and develops international business to improve the economy. On the other hand, managing the Air Traffic Control (ATC) and civil aviation security is considered to be challenging tasks [1]. In the air space, aircrafts are restricted in their movements. A small problem in the aircraft may lead to a severe aircraft accident. To control the movements of aircraft, the ATC needs to know the complete picture of all the aircraft to provide the central coordination [2]. To provide the central coordination, the ATC should know the complete data of the aircraft such the transponder which is equipped with the aircraft receives the radar pulse and sends it back to the ground station with the altitude information. The main advantages of SSR are low power and high signal strength. The drawback of SSR is that the aircraft needs to carry the transponder to improve the efficiency of the received radar signal. Moreover, the synchronization problem in the interrogation signal of SSR leads to overlapping of different aircraft signals.
To overcome the limitations in radar system and to improve air traffic management, it is necessary to use advanced navigation, communication, and surveillance technologies such as Automatic Dependent Surveillance-Broadcast (ADS-B) system [7]. To ensure the safety of air navigation, many countries have deployed the ADS-B in their aircraft. Also, the Federal Aviation Administration has instructed the service providers to install the ADS-B in the aircraft by 2020 to fly within the US airspace. Whereas, the European organization made the ADS-B installation in the aircraft mandatory by 2017 to fly in the European airspace. The Global Positioning System (GPS) is used by the aircraft to identify its location [8]. The primary function of ADS-B is to identify the location of aircraft and broadcast the same to nearby aircraft and ground stations to avoid aircraft collision. Besides, ADS-B communicates the aircraft identity, altitude, heading, and the call sign automatically. Also, the pilot is not required to perform any action during the location identity of the ADS-B system [9].
The ATC can get a clear picture of the airspace by using ADS-B and it can manage the landing and take-off of aircraft efficiently in a very short period without affecting safety. Hence, it reduces the waiting time of aircraft in the air for landing clearances. Also, it reduces the fuel consumption of the aircraft, reduces operating cost and supports a green environment. Further, it reduces the controlling time of ATC [10]. The ADS-B installed aircraft has the ability to know the complete picture of the surrounding airspace and it is used to provide increased visibility to avoid aircraft collision. But it is not possible in the conventional radar system. Unlike conventional radar system, the ADS-B signals are not affected by the increased range or out of range aircraft [11].
The function of ATC is heavily dependent on the ADS-B information. Hence, the susceptibilities in ADS-B submissions need to be attempted very seriously. The ADS-B messages are broadcasted over the public channel without using cryptographic functions. Further, the ground station or any other aircraft which has a low-cost ADS-B receiver can find the transmitted ADS-B messages. Also, an adversary can modify and delete the ADS-B messages transmitted through the public channel [12]. Hence, the vulnerabilities in the ADS-B messages attract the attention of many academia, industry researchers and they reported different practical attacks in the ADS-B messages [13][14][15]. Among the various practical attacks in ADS-B messages, we mainly focused on data integrity and source authentication. These two security features are essential to provide secure communication in an ADS-B system. Otherwise, an adversary can easily inject fake information or modify ADS-B messages.

Our research contribution
In recent studies, the essential security requirements of ADS-B messages are not achieved efficiently and it has some computational and communication overheads and limitations. To overcome these shortcomings, an efficient anonymous batch authentication scheme for the ADS-B system is proposed. The key contribution of this paper is as follows.
• To develop an anonymous mutual authentication scheme to check the legitimacy of the aircraft securely. • To provide data integrity to the gathered ADS-B messages.
• To develop an efficient batch verification scheme to validate the data integrity and source authentication in a single instance, which reduces the computational complexity of the aircraft and ground station.
The remaining part of our proposed work is constructed as follows. Section 2 presents related works. Section 3 describes the preliminaries and system model. Sections 4 and 5 discuss the proposed anonymous authentication and batch verification scheme, respectively. We evaluate the security and performance of our proposed work in Sections 6 and 7, respectively. Finally, Section 8 concludes the proposed work.

RELATED WORKS
In recent years, many cryptographic and non-cryptographic schemes are developed by researchers to avoid the various ADS-B message attacks. In the non-cryptographic approach, the researchers proposed many methods such as multilateration, distance bounding, Kalman filtering, data fusion, and efficient position verification [16]. Kacem et al. [17] proposed a new method to provide data integrity and source authenticity of information communicated by the ADS-B system. Later, Strohmeier et al. [18] developed authentication and key management scheme based on the hashed-message authentication code. However, in this scheme, the secret keys should be pre-loaded in the aircraft for secure communication. Further, this scheme does not guarantee the other essential security features, such as forward and backward secrecy.
To overcome the shortcomings in the symmetric key cryptography-based approaches, Feng et al. [19] introduced a novel authentication method using asymmetric key cryptography based on Public Key Infrastructure (PKI) to generate and verify the aircraft certificates. Later, Buchholz [20] developed an authentication method based on dual PKI to manage the certificate withdrawal. However, in this scheme, certificate management increases the computational complexity, when the number of aircraft increases. To overcome the certificate management issue, Baek et al. [21] proposed an identity-based authentication scheme. Wesson et al. [22] introduced a new scheme to broadcast signed ADS-B information through aviation protected L-band. But, the computational complexity of Baek et al. and Wesson et al's scheme is high, because the aircraft need to check the legitimacy of receiving information one at a time. To improve the performance of the ADS-B system, Gentry and Silverberg [23], Chow et al. [24], Galindo et al. [25] and Brent Waters [26] introduced a Hierarchical Identity-Based Signature (HIBS) scheme based on the random oracle model. Also, these schemes support converting the PKI-based hierarchical signature method to a HIBS method to simplify the PKI requirements. In these schemes, the Private Key Generator (PKG) generates secret keys for every aircraft and attaches the corresponding public key to the aircraft identification with the help of a signature. However, the computational overhead for signature generation and verification process is more. Hence, these schemes are not suitable for practical implementation.
Further, Haomiao Yang et al. [40] proposed an efficient broadcast authentication scheme with batch verification for ADS-B messages using identity-based signature and Yang Haomiao et al. [41] proposed an identity-based signature with message recovery. Also, various HIBS methods are developed by Li et al. [27], L. Zhang et al. [28], Y. Zhang et al. [29] Anjia Yang et al. [42] and Debiao He et al. [43] to provide secure communication with efficient signature generation and verification process. Later, Gowri Thumbur et al. [44] proposed the efficient, and secure pairing-free ADS-B authentication scheme with Batch Verification in ID-based framework. However, these schemes are not suitable for the practical implementation of the ADS-B system because they are not supporting batch verification. Further, to perform the batch verification, more cryptographic operations are involved in the existing schemes. Hence, the computational overhead of the method gets increased linearly with the number of users. To overcome the above-mentioned challenges, we propose an efficient anonymous batch verification scheme for the ADS-B system.

LENGTH PRELIMINARIES AND SYSTEM MODEL
In this section, the theoretical background of the proposed work such as bilinear pairing, MRS, ADS-B, and system model are explained.

Bilinear pairing
Let G 1 , G 2 and G T be the three multiplicative cyclic groups of order p. Where p denotes the large prime number. Let g 1 be the generator of G 1 and g 2 be the generator of G 2 . Assume that G 1 , G 2 and G T are equipped with pairing. e ∶ G 1 × G 2 → G T is a bilinear map and it should satisfy the following properties.
• Computability: There exists an efficient algorithm to compute the bilinear map easily e ∶ G 1 × G 2 → G T .
The isomorphism denoted by and ∶ G 2 → G 1 is required basically. The group contains a map e known as a bilinear group.

Message recovery signature (MRS)
The MRS is used to verify the validity of the received data's signature and to recover the corresponding original information [30][31][32]. The MRS comprises four phases such as setup phase, extract phase, signature generation phase, and signature verification phase.

Setup phase
The system generates the essential security parameters and security keys in this phase. The system chooses ∈ Z * q as a master secret key and s ∈ Z * q as a private key. Next, the system calculates the corresponding public key.

Extract phase
The major function of this phase is to choose the user secret key. The system generates the secret key for the user based on the unique user identity UI D u . After receiving the UI D u from the user, the system generates the secret key and is issued to the user in a secure manner.

Signature generation phase
The user generates the signature for communicating his/her data D by using his own secret key. After the generation signature, it will be transmitted to the server over a secure channel.

Signature verification phase
Upon receiving the signature from the user, the server first checks the legitimacy of the user by validating his/her signature. After successful verification, the server can recover the original data of the user correctly. Otherwise, the server cannot extract the original data of the user from his/her signature.

Automatic dependent surveillance-broadcast (ADS-B)
ADS-B is a device that is installed in aircrafts, airbase vehicles, and other objects to broadcast its identification, location, and other additional information through a data link automatically. The architecture of ADS-B is shown in Figure 1 and the operation of ADS-B is discussed as follows. ADS-B uses satellite signals and avionics systems to read the aircraft information and broadcasts it to other aircraft and the ground station continuously. The satellite signal and aircraft avionics information generate a complete picture of every aircraft's position, speed, altitude, and other parameters. ADS-B consists of four parts such as satellite constellation, ground station, Extended Squitter (ES), and Universal Access Transceiver (UAT). The satellite constellation is used to send the information from a set of satellites to aircraft continuously, where the information is read and then directed to ADS-B ground stations. The ground stations are used to receive and transmit the air traffic information to the ATC. Each aircraft must be equipped with 1090 MHz ES and 978 MHz UAT. It is used to broadcast the air traffic information to the ground station and other ADS-B equipped aircraft. The UAT is used only for the aircraft that flies below 18,000 feet or except US air space.

System model
The overall system model of the single geographical region is depicted in Figure 2. The proposed system consists of two main parts such as air traffic controller (ATC) and aircraft (AC). The ATC is equipped with ADS-B and it is considered as the heart of the proposed scheme. Also, the ATC is a fully trusted system and it is not possible for an adversary to compromise. The AC is required to register with ATC by using its identity and airline identity to achieve efficient and secure communication.
In this paper, the entire air transport system is divided based on the geographical region or country and each geographical region has a separate ATC. When the aircraft is moving from one region to another region, the aircraft is authenticated by the new geographical region ATC with the help of a registered ATC public key. Here, the public key values of ATC are interchanged among the other region ATCs to validate the authenticity of the aircraft when they are moving from one region to another geographical region. For convenience, we have considered a single ATC of a specific region. During the AC registration, the ATC calculates and issues the initial security parameters to all the registered AC in a secure manner.

Aircraft (AC)
Each AC is equipped with ADS-B, which is used to communicate the location, altitude, speed, and other relevant information to nearby AC and ATC for efficient take-off and landing by reducing the waiting time in the air space, fuel consumption and environmental impact.

PROPOSED SYSTEM
The proposed work consists of two main parts such as ADS-B equipped ATC and ADS-B equipped aircraft. The ATC (ICAO, FAA) is considered a trusted system, and it is used to generate the private keys for aircraft based on their unique identity. The ADS-B equipped aircraft will generate the signature for communicating information related to air traffic to the nearby aircraft and ground station using his/her private key. The operation of the proposed scheme is explained as follows.

System setup
In this paper, the ATC is considered as a fully trusted system and the ATC generates the security parameters and the secret keys for the system and the aircraft. The ATC chooses a random number S atc ∈ Z * q as a private key and calculates its corresponding public key as U atc = S atc .g 1 . Next, the ATC calculates |q| = l 1 + l 2 where l 1 and l 2 denote the length of the bits used. Also, the ATC computes the collision-resistant one-way hash functions as Finally, the ATC announces the system parameters to the public as param = {G 1 , G 2 , e, U atc , l 1 , l 2 , H 0 , H 1 , H 2 , H 3 }.

Extraction
During the aircraft registration process, the ATC computes the private and public key pair for the registered aircraft. The private key of the aircraft AC i is calculated as S AC i = (H 0 (AI D AC i ) + S atc ) −1 .g 1 and the corresponding public key is calculated as U AC i = H 0 (AI D AC i ).g 1 + U atc .

Signature generation
ADS-B equipped aircraft collects the air traffic information such as the location, speed, altitude, and other relevant information and communicate the same to the nearby aircraft and ground station. To communicate the air traffic information with integrity and source authentication, the aircraft needs to generate and affix the digital signature with the communicating information. Let us consider D i ∈ {0, 1} l 1 as the ADS-B gathered air traffic data of the particular AC i . To communicate the D i to the nearby aircrafts and ground stations, the AC i first chooses the random number x 1 ∈ Z * q as the security parameter. Next, the AC i computes msg = e(g 1 , g 1 ) x 1 and Finally, the AC i generates the digital signature ( i ) as i = (msg, x 2 , ) and then it transmits the i to the ATC in a secure manner.

Signature verification
Upon receiving the i from the AC i , the ATC and the nearby aircraft validate i by verifying the condition e( , U AC i ) ⋅ e(g 1 , g 1 ) −x 2 = msg. Here, the , x 2 and msg are the parts of the i . After the successful validation, the ATC ensures the data integrity and source authentication of the received information.

Air traffic data (D i ) recovery
The ATC can recover and read the D i of AC i after the successful signature verification. To recover the D i , the ATC calculates M * = H 0 (msg), N * = x 2 ⊕ M * and D * i = |N * | l 1 ⊕ H 3 (|N * | l 2 ). Here, |N * | l 1 represents the left side bit values of the N * and |N * | l 2 defined as the l 2 bit values from the right side of the N * . Further, the integrity and the correctness of the recovered data are verified by calculating |N * | l 2 = H 2 (D i ). Hence, the ATC can recover and read the exact D i of AC i from the valid i .

BATCH VERIFICATION
In the real world, there are 'n' number of aircrafts in the air space. They need to communicate the air traffic information to the nearby aircraft and the ground station simultaneously. If ATC verifies the data signature of each aircraft one by one, it will lead to a delay in decision-making and create many traffic problems and air accidents. To overcome the signature verification delay, an efficient batch verification scheme is proposed to verify the ′ n ′ number of signatures at the same time. The proposed batch verification scheme consists of three phases such as extraction, signature generation, and signature verification phase. The function of the batch verification scheme is explained as follows.

Extraction
If ′ n ′ number of aircrafts are running in the ATC covered airspace and also all the aircrafts need to generate the signature for communicating D i to the nearby aircraft and the ground station, the communication burden in the ATC will be increased. When the ATC receives ′ n ′ number of signatures simultaneously, the ATC executes the batch verification scheme to reduce the computational burden. The identity of all the ′ n ′ aircrafts is defined as {AI D AC 1 , AI D AC 2 , … , AI D AC n }. The ATC calculates the private key for batch verification of the aircraft as Similarly, the corresponding public key is calculated as Finally, the ATC sends the private key to the corresponding aircraft in a secure manner.

Signature generation
The collected air traffic data of AC f is defined as D f ∈ {0, 1} l 1 , where 1 ≤ f ≤ n. To generate the signature, the aircraft chooses the random number x 1, f ∈ Z * q as a security parameter and also the aircraft calculates msg f = e(g 1 , g 1 ) x 1, f , Finally, the aircraft generates the signature as f = (msg f , x 2, f , f ) and forwards it to the nearby AC and ATC in a secure manner.

Signature verification
After receiving the f , the ATC or nearby AC can verify the legitimacy of all the ′ n ′ aircraft signatures by using the public key of the batch verification scheme. The received f should satisfy the condition f =1 msg f to ensure the received data integrity and source authentication. If the received signature satisfies the above-said condition, then the ATC or nearby AC ensures that the received data signature is valid. Further, the ATC or nearby AC recovers and reads the individual air traffic data of the aircraft as per the data recovery procedure.

SECURITY ANALYSIS
In this section, the security strength of the proposed scheme is explained. First, proof of the proposed batch verification scheme is given. Second, the security features such as data confidentiality, resistance to replay attacks, and privacy-preservation of the proposed scheme are presented.

Theorem 1
The proposed scheme for the ADS-B system is said to be secure when the entities in the system compute the security parameters and secret keys correctly. Proof: The validity of the signature generated by the aircraft is verified by checking Equation (1). The ATC performs the signature verification, once the signature is received from the aircraft. In Equation (1), the msg, x 2 and are the parts of the signature. The condition for verifying the received data signature is given by The proof of correctness of the above equation is presented as follows The R.H.S of the expression is msg, where msg = e(g 1 , g 1 ) x 1 . Hence e( , U AC i ) ⋅ e(g 1 , g 1 ) −x 2 = msg. If the received signature satisfies this condition, then the received air traffic-related information is correct and ATC or nearby AC can make the decision based on the received air traffic information. Else, the received information is rejected immediately by the ATC.
To improve the performance of the system, the batch verification scheme is used to verify the ′ n ′ number of aircraft data signatures. The condition to validate the signature of n aircrafts simultaneously is expressed in Equation (2).
The left-hand side of the above equation is solved by using the U AC f and f as follows The right-hand side of the expression is msg f , where msg f = e(g 1 , f =1 msg f . If the received data signature satisfies the above condition, then the received air traffic data are correct and ATC can ensure the data integrity and source authentication. If the signature of one aircraft is valid, then ATC recovers and reads the original air traffic information from the received signature.
To verify the correctness of the received information, the proposed scheme uses the features of one-way hash function and EX-OR operation to validate the recovered air traffic data D f . In the signature generation phase, f is generated by using the D f and U AC f as In the original data recovery phase, the received D f is validated when it satisfies the condition |N * | l 2 = H 2 (D f ). Therefore, the proposed scheme verifies the correctness of the recovered D f successfully.
The proposed scheme efficiently validates the aircraft signature, only if the received data signature is correct. Hence, the integrity and correctness of the recovered D f is proved [33].

Security features
The security features supported by our proposed scheme is explained as follows.

Data confidentiality
In the proposed system, the received air traffic data D i are recovered only when the received data signature i is valid. Then only, the received D i can be recovered and read by the ATC [34,35]. Further, the original air traffic data D i are blinded as N = H 2 (D i ) ∥ (H 3 (H 2 (D i )) ⊕ D i with the help of security features of one-way hash function and EX-OR operation. Hence, it is not possible for an adversary to obtain D i due to the irreversibility property of the one-way hash function [36]. Hence, the proposed system provides data confidentiality to the air traffic data D i .

Resistance to replay attack
In this replay attack, an adversary obtains the system generated information and retransmits the same information after some time to get benefit out of it. By using the random masking technique, our proposed system provides resistance to replay attacks [37]. In the proposed scheme, the aircraft needs to use the security parameters x 1 , x 2 as well as the secret keys S AC i and U AC i to generate the data signature for communicating the air traffic information D i to the other aircraft and the ATC. Here, S AC i and U AC i are the private and public key pair of the specific aircraft. The secret key values x 1 and x 2 are generated by the aircraft as one-time security parameters to compute the data signature. Even though, an adversary finds the values of previous x 1 and x 2 , they can get zero knowledge about the current values of x 1 , x 2 and the current signature i . Hence, an adversary cannot compute the current signature i without knowing the current value of x 1 and x 2 . In the proposed scheme, i is computed as i = (msg, x 2 , ) and it is based on the one-time security parameters such as x 1 and x 2 . On the receiver side, the data signature is verified by using Equation (1). The left-hand-side of the equation is calculated as e( , U AC i ) ⋅ e(g 1 , g 1 ) −x 2 . The righthand-side of the equation is calculated as msg = e(g 1 , g 1 ) x 1 .
Let us consider that an adversary found the previous signature ′ i = (msg ′ , x ′ 2 , ′ ), the values of one-time security parameters are considered as x ′ 1 , x ′ 2 and the private-public keys of the aircraft S ′ AC i and U ′ AC i . If an adversary wants to generate the i , then it should satisfy the signature verification equation e( , U AC i ) ⋅ e(g 1 , g 1 ) −x 2 = msg. The left-hand-side of the equation is solved as Hence, an adversary's computed signature cannot satisfy the signature verification equation by using the previous security parameters and signature. Therefore, the proposed scheme is secure against the replay attack.

Privacy-preservation
To avoid malicious attacks, private air traffic information needs to be preserved [38,39]. In the proposed scheme, the aircraft identity number AI D AC i is used to calculate the privatepublic key pairs such as S AC i = (H 0 (AI D AC i ) + S atc ) −1 .g 1 and U AC i = H 0 (AI D AC i ).g 1 + U atc . In the key calculation process, the AI D AC i is hidden in a one-way hash function H 0 . Due to the irreversibility property of the hash function, an adversary cannot find AI D AC i . Also, in the signature verification and original data recovery process, AI D AC i is not leaked to other entities of the system. Hence, the proposed system preserves the privacy of the aircraft.

Data integrity and source authentication
To provide data integrity and source authentication for communicating the air traffic information to the other aircraft and the ground stations, the aircraft will generate and affix the digital signature with the communicating information. We have considered D i ∈ {0, 1} l 1 is the ADS-B gathered air traffic data of the particular AC i and to communicate the D i to the nearby aircrafts and ground stations, the AC i need to choose the random number x 1 ∈ Z * q as the security parameter. Then the AC i computes msg = e(g 1 , g 1 ) x 1 and M = H 1 (msg) where M ∈ {0, 1} (l 1 +l 2 ) . Also, the AC i calculates N = H 2 (D i ) ∥ (H 3 (H 2 (D i )) ⊕ D i , x 2 = M ⊕ N and = (x 1 + x 2 ) ⋅ S AC i . Finally, the AC i generates the digital signature ( i ) as i = (msg, x 2 , ) and then it transmits the i to the ATC in a secure manner.

PERFORMANCE ANALYSIS
In this section, the performance of the proposed scheme is analyzed and it is compared with the other competitive schemes in terms of computation overhead and communication overhead to verify its efficiency.

Computational overhead
The time required to generate the data signature and the time required to verify the data signature to ensure the air traffic information integrity and source authentication is defined as the computation cost.  [44]. In the computational overhead calculation, only the major cryptographic operations are considered to perform secure communication such as bilinear pairing operation (T p ), point multiplication (T pm ), exponential operation (T e ), one-way hashing function (T h ), modular multiplication (T mm ), modular inversion operation (T mi ) and map to point hash function (T mph ). To calculate the computation overhead of the proposed scheme, the protocol is implemented using an Intel core i5 2-GHz computer system with the memory capacity of 8 GB, Cygwin 2.9.0 with the gcc version 4.9.2 [45][46][47]. Every result is evaluated for 100 simulation runs and the average results are taken into account. During the simulation, the execution time to perform the T p is calculated as 1.6 ms, the time required to perform the T pm is computed as 2.6 ms, the time needed to perform the T e is 16.84 ms, the time consumed to perform T h is 0.011 ms, the time required to perform the T mm is 3.76 ms, the time needed to perform the T mi is 1.17 ms and the time required to perform the T mph is computed as 1.37 ms.
The signature generation and the signature verification overheads of the proposed system are reviewed with the other existing competitive schemes in Table 1. From Table 1, it is very clear that the proposed scheme takes very little time to perform the signature generation and a signature verification operation. The signature generation overhead of the proposed scheme and the signature generation of the other existing schemes are shown in Figure 3. The proposed scheme consumes only 4.33 ms to generate the signature whereas the other existing schemes such as [40][41][42][43][44] takes 24.66 ms, 22.84 ms, 33.69 ms, 10.27 ms, and 7.14 ms to generate the data signature. The signature verification overhead of the various schemes for the single aircraft is shown in Figure 4.    From Figure 4, it is observed that the proposed scheme consumes only 6 ms to verify the signature on the receiver side for the single aircraft whereas the other existing competitive schemes such as [40,44] take 21.16 ms, 38.02 ms, 31.89 ms, 11.23 ms, and 7.82 ms. For verifying the 'n' number of signatures on the receiver side, the proposed batch verification scheme consumes very little computation overhead comparing with other existing schemes. The efficiency of the proposed batch verification scheme and the other existing scheme is shown in Figure 5.
For example, the number of data signatures received from the aircraft is 30. To verify the 30 signatures at the same time, the proposed batch verification algorithm takes only 180 ms whereas the other existing schemes such as [40,42,43], and [44] consume 198.94 ms, 808.83 ms, 595.99 ms, and 312.66 ms. Hence, the proposed scheme consumes very less computation overhead in terms of signature generation and signature verification compared to that of other existing schemes.

Communication overhead
In this section, the communication overhead of the proposed scheme is analyzed and it is compared with the other existing schemes such as [40][41][42][43][44]. To analyze the communication overhead, we considered the data size in the communication process from one aircraft to nearby aircraft or the ground station.
In the proposed scheme, to ensure the data integrity and the source authentication, the aircraft generates the data signature and sends the same to the nearby aircraft and the ground station. In our scheme, i = (msg, x 2 , ) is communicated to the other entities of the system and it consists of three parts such as msg, x 2 and . We assumed that the length of the element G is 1024 bits, the length of the element G 1 is 160 bits, the length of the element G T is 1024 bits and the length of the element Z * q is 160 bits [44]. The communication bit length of the proposed scheme is 3|z * q | + 6 |G 1 | = (3 × 160) + (6 × 160) = 1440 bits. The   Table 2.

CONCLUSION
In this paper, an efficient batch verification scheme for the ADS-B system is presented to check the legitimacy of the multiple aircraft data signatures at the same time. The proposed scheme was developed based on the MRS to validate the received signature as well as to recover the original air traffic information from the valid signatures. The security analysis section ensures that the proposed scheme provides essential security features such as data confidentiality, replay attack, and privacy-preserving. The performance analysis section shows that the proposed scheme is efficient in terms of computational overhead and communication overhead compared to that of other existing schemes. Hence, the proposed scheme is very much suitable for ADS-B implementation.