407 research outputs found
An efficient, secure and trusted channel protocol for avionics wireless networks
Avionics networks rely on a set of stringent reliability and safety
requirements. In existing deployments, these networks are based on a wired
technology, which supports these requirements. Furthermore, this technology
simplifies the security management of the network since certain assumptions can
be safely made, including the inability of an attacker to access the network,
and the fact that it is almost impossible for an attacker to introduce a node
into the network. The proposal for Avionics Wireless Networks (AWNs), currently
under development by multiple aerospace working groups, promises a reduction in
the complexity of electrical wiring harness design and fabrication, a reduction
in the total weight of wires, increased customization possibilities, and the
capacity to monitor otherwise inaccessible moving or rotating aircraft parts
such as landing gear and some sections of the aircraft engines. While providing
these benefits, the AWN must ensure that it provides levels of safety that are
at minimum equivalent to those offered by the wired equivalent. In this paper,
we propose a secure and trusted channel protocol that satisfies the stated
security and operational requirements for an AWN protocol. There are three main
objectives for this protocol. First, the protocol has to provide the assurance
that all communicating entities can trust each other, and can trust their
internal (secure) software and hardware states. Second, the protocol has to
establish a fair key exchange between all communicating entities so as to
provide a secure channel. Finally, the third objective is to be efficient for
both the initial start-up of the network and when resuming a session after a
cold and/or warm restart of a node. The proposed protocol is implemented and
performance measurements are presented based on this implementation. In
addition, we formally verify our proposed protocol using CasperFDR.Comment: 10 pages, 2 figures, 4 tables, IEEE DAS
Security and performance comparison of different secure channel protocols for Avionics Wireless Networks
The notion of Integrated Modular Avionics (IMA) refers to inter-connected
pieces of avionics equipment supported by a wired technology, with stringent
reliability and safety requirements. If the inter-connecting wires are
physically secured so that a malicious user cannot access them directly, then
this enforces (at least partially) the security of the network. However,
substituting the wired network with a wireless network - which in this context
is referred to as an Avionics Wireless Network (AWN) - brings a number of new
challenges related to assurance, reliability, and security. The AWN thus has to
ensure that it provides at least the required security and safety levels
offered by the equivalent wired network. Providing a wired-equivalent security
for a communication channel requires the setting up of a strong, secure
(encrypted) channel between the entities that are connected to the AWN. In this
paper, we propose three approaches to establish such a secure channel based on
(i) pre-shared keys, (ii) trusted key distribution, and (iii) key-sharing
protocols. For each of these approaches, we present two representative protocol
variants. These protocols are then implemented as part of a demo AWN and they
are then compared based on performance measurements. Most importantly, we have
evaluated these protocols based on security and operational requirements that
we define in this paper for an AWN.Comment: 8 page, 4 images, 2 tables, conference, IEEE DAS
Challenges of security and trust of mobile devices as digital avionics component
Mobile devices are becoming part of modern digital avionics. Mobile devices
can be applied to a range of scenarios, from Electronic Flight Bags to
maintenance platforms, in order to manage and configure flight information,
configure avionics networks or perform maintenance tasks (including offloading
flight logs). It can be argued that recent developments show an increased use
of personal mobile devices playing an integral part in the digital avionics
industry. In this paper, we look into different proposals for integrating
mobile devices with various avionics networks -- either as part of the Bring
Your Own Device (BYOD) or Corporate Owned Personally Enabled (COPE) paradigms.
Furthermore, we will evaluate the security and trust challenges presented by
these devices in their respective domains. This analysis will also include the
issues related to communication between the mobile device and the aircraft
network via either wired or wireless channels. Finally, the paper puts forward
a set of guidelines with regards to the security and trust issues that might be
crucial when enabling mobile devices to be part of aircraft networks.Comment: 11 pages, 3 figures, 1 tabl
On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Automatic dependent surveillance-broadcast (ADS-B) is the communications
protocol currently being rolled out as part of next generation air
transportation systems. As the heart of modern air traffic control, it will
play an essential role in the protection of two billion passengers per year,
besides being crucial to many other interest groups in aviation. The inherent
lack of security measures in the ADS-B protocol has long been a topic in both
the aviation circles and in the academic community. Due to recently published
proof-of-concept attacks, the topic is becoming ever more pressing, especially
with the deadline for mandatory implementation in most airspaces fast
approaching.
This survey first summarizes the attacks and problems that have been reported
in relation to ADS-B security. Thereafter, it surveys both the theoretical and
practical efforts which have been previously conducted concerning these issues,
including possible countermeasures. In addition, the survey seeks to go beyond
the current state of the art and gives a detailed assessment of security
measures which have been developed more generally for related wireless networks
such as sensor networks and vehicular ad hoc networks, including a taxonomy of
all considered approaches.Comment: Survey, 22 Pages, 21 Figure
Challenges of Implementing Automatic Dependent Surveillance Broadcast in the Nextgen Air Traffic Management System
The Federal Aviation Administration is in the process of replacing the current Air Traffic Management (ATM) system with a new system known as NextGen. Automatic Dependent Surveillance-Broadcast (ADS-B) is the aircraft surveillance protocol currently being introduced as a part of the NextGen system deployment. The evolution of ADS-B spans more than two decades, with development focused primarily on increasing the capacity of the Air Traffic Control (ATC) system and reducing operational costs. Security of the ADS-B communications network has not been a high priority, and the inherent lack of security measures in the ADS-B protocol has come under increasing scrutiny as the NextGen ADS-B implementation deadline draws near.
The research conducted in this thesis summarizes the ADS-B security vulnerabilities that have been under recent study. Thereafter, we survey both the theoretical and practical efforts which have been conducted concerning these issues, and review possible security solutions. We create a classification of the ADS-B security solutions considered and provide a ranking of the potential solutions. Finally, we discuss the most compatible approaches available, given the constraints of the current ADS-B communications system and protocol
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
Detecting ADS-B Spoofing Attacks using Deep Neural Networks
The Automatic Dependent Surveillance-Broadcast (ADS-B) system is a key
component of the Next Generation Air Transportation System (NextGen) that
manages the increasingly congested airspace. It provides accurate aircraft
localization and efficient air traffic management and also improves the safety
of billions of current and future passengers. While the benefits of ADS-B are
well known, the lack of basic security measures like encryption and
authentication introduces various exploitable security vulnerabilities. One
practical threat is the ADS-B spoofing attack that targets the ADS-B ground
station, in which the ground-based or aircraft-based attacker manipulates the
International Civil Aviation Organization (ICAO) address (a unique identifier
for each aircraft) in the ADS-B messages to fake the appearance of non-existent
aircraft or masquerade as a trusted aircraft. As a result, this attack can
confuse the pilots or the air traffic control personnel and cause dangerous
maneuvers. In this paper, we introduce SODA - a two-stage Deep Neural Network
(DNN)-based spoofing detector for ADS-B that consists of a message classifier
and an aircraft classifier. It allows a ground station to examine each incoming
message based on the PHY-layer features (e.g., IQ samples and phases) and flag
suspicious messages. Our experimental results show that SODA detects
ground-based spoofing attacks with a probability of 99.34%, while having a very
small false alarm rate (i.e., 0.43%). It outperforms other machine learning
techniques such as XGBoost, Logistic Regression, and Support Vector Machine. It
further identifies individual aircraft with an average F-score of 96.68% and an
accuracy of 96.66%, with a significant improvement over the state-of-the-art
detector.Comment: Accepted to IEEE CNS 201
L-band Digital Aeronautical Communications System (LDACS) draft-ietf-raw-ldacs-07
This document provides an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable multi-application cellular broadband system with support for IPv6. LDACS shall provide a data link for IP network-based aircraft guidance. High reliability and availability for IP connectivity over LDACS are therefore essential
Security, privacy and safety evaluation of dynamic and static fleets of drones
Inter-connected objects, either via public or private networks are the near
future of modern societies. Such inter-connected objects are referred to as
Internet-of-Things (IoT) and/or Cyber-Physical Systems (CPS). One example of
such a system is based on Unmanned Aerial Vehicles (UAVs). The fleet of such
vehicles are prophesied to take on multiple roles involving mundane to
high-sensitive, such as, prompt pizza or shopping deliveries to your homes to
battlefield deployment for reconnaissance and combat missions. Drones, as we
refer to UAVs in this paper, either can operate individually (solo missions) or
part of a fleet (group missions), with and without constant connection with the
base station. The base station acts as the command centre to manage the
activities of the drones. However, an independent, localised and effective
fleet control is required, potentially based on swarm intelligence, for the
reasons: 1) increase in the number of drone fleets, 2) number of drones in a
fleet might be multiple of tens, 3) time-criticality in making decisions by
such fleets in the wild, 4) potential communication congestions/lag, and 5) in
some cases working in challenging terrains that hinders or mandates-limited
communication with control centre (i.e., operations spanning long period of
times or military usage of such fleets in enemy territory). This self-ware,
mission-focused and independent fleet of drones that potential utilises swarm
intelligence for a) air-traffic and/or flight control management, b) obstacle
avoidance, c) self-preservation while maintaining the mission criteria, d)
collaboration with other fleets in the wild (autonomously) and e) assuring the
security, privacy and safety of physical (drones itself) and virtual (data,
software) assets. In this paper, we investigate the challenges faced by fleet
of drones and propose a potential course of action on how to overcome them.Comment: 12 Pages, 7 Figures, Conference, The 36th IEEE/AIAA Digital Avionics
Systems Conference (DASC'17
- …