Aviation and Cybersecurity: Opportunities for Applied Research

Aviation connects the global community and is moving more people and payloads faster than ever. The next decade will experience an increase in manned and unmanned aircraft and systems with new features and unprecedented applications. Cybertechnologies—including software, computer networks, and information technology—are critical and fundamental to these advances in meeting the needs of the aviation ecosystem of aircraft, pilots, personnel, passengers, stakeholders, and society. This article discusses current and evolving threats as well as opportunities for applied research to improve the global cybersecurity stance in the aviation and connected transportation industry of tomorrow

Intelligent Sensors Security

The paper is focused on the security issues of sensors provided with processors and software and used for high-risk applications. Common IT related threats may cause serious consequences for sensor system users. To improve their robustness, sensor systems should be developed in a restricted way that would provide them with assurance. One assurance creation methodology is Common Criteria (ISO/IEC 15408) used for IT products and systems. The paper begins with a primer on the Common Criteria, and then a general security model of the intelligent sensor as an IT product is discussed. The paper presents how the security problem of the intelligent sensor is defined and solved. The contribution of the paper is to provide Common Criteria (CC) related security design patterns and to improve the effectiveness of the sensor development process

Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols

Code voting was introduced by Chaum as a solution for using a possibly infected-by-malware device to cast a vote in an electronic voting application. Chaum's work on code voting assumed voting codes are physically delivered to voters using the mail system, implicitly requiring to trust the mail system. This is not necessarily a valid assumption to make - especially if the mail system cannot be trusted. When conspiring with the recipient of the cast ballots, privacy is broken. It is clear to the public that when it comes to privacy, computers and "secure" communication over the Internet cannot fully be trusted. This emphasizes the importance of using: (1) Unconditional security for secure network communication. (2) Reduce reliance on untrusted computers. In this paper we explore how to remove the mail system trust assumption in code voting. We use PSMT protocols (SCN 2012) where with the help of visual aids, humans can carry out $\mod 10$ addition correctly with a 99\% degree of accuracy. We introduce an unconditionally secure MIX based on the combinatorics of set systems. Given that end users of our proposed voting scheme construction are humans we \emph{cannot use} classical Secure Multi Party Computation protocols. Our solutions are for both single and multi-seat elections achieving: \begin{enumerate}[i)] \item An anonymous and perfectly secure communication network secure against a $t$-bounded passive adversary used to deliver voting, \item The end step of the protocol can be handled by a human to evade the threat of malware. \end{enumerate} We do not focus on active adversaries

Early Afternoon Concurrent Sessions: Critical Issues: Presentation: Cyber Security and Privacy of Air Traffic Systems

The next-generation air traffic system will be composed of established as well as new technologies to safely, securely, and efficiently manage a heterogeneous mix of air traffic. Recently the cyber security of this system came under intense public scrutiny. This presentation seeks to provide a framework to clarify and understand this emerging aviation security threat surface. Security and privacy considerations for the Automatic Dependent Surveillance Broadcast (ADS-B)-- a key enabling technology in the air traffic system--will be highlighted. The system risks resulting from threats to ADS-B integrity, availability, and confidentiality and some novel solutions to mitigate these risks will be presented. Challenges and opportunities in securing the next-generation air traffic system will be discussed

Aviation and Cybersecurity: Opportunities for Applied Research

Aviation connects the global community and is moving more people and payloads faster than ever. The next decade will experience an increase in manned and unmanned aircraft and systems with new features and unprecedented applications. Cybertechnologies—including software, computer networks, and information technology—are critical and fundamental to these advances in meeting the needs of the aviation ecosystem of aircraft, pilots, personnel, passengers, stakeholders, and society. This article discusses current and evolving threats as well as opportunities for applied research to improve the global cybersecurity stance in the aviation and connected transportation industry of tomorrow

A Framework for Securing Future eEnabled Aircraft Navigation and Surveillance

Current air traffic management systems suffer from poor radar coverage and a highly centralized architecture which can under heavy traffic loads overwhelm Air Traffic Control (ATC) centers. Such limitations can lead to inefficient use of the available airspace capacity and insecure scenarios such as low-visibility landings. Future air transportation systems with e-enabled aircraft and networked technologies, such as Automated Dependent Surveillance Broadcast (ADS-B), are cyber-physical systems that promise to help reduce traffic congestion and ATC inefficiencies by enabling exchange of precise surveillance data in shared airspace. This paper focuses on cyber security concerns with highly accurate surveillance of aircraft navigating in a future shared space. A framework is proposed to protect traffic data for both ground and airborne surveillance of aircraft. The framework identifies major threats and vulnerabilities from cyber exploits, specifies security requirements and mitigation solutions. Major security challenges anticipated in supporting networked infrastructure are given along with some open problems

Making air traffic surveillance more reliable: a new authentication framework for automatic dependent surveillance-broadcast (ADS-B) based on online/offline identity-based signature

Automatic dependent surveillance-broadcast is an emerging surveillance technology for the future “e-enabled” aircrafts, which will make it possible for aircrafts to share their location data with neighboring aircrafts, ground controllers, and other interested parties. In order to provide the automatic dependent surveillance-broadcast communications with a high level of accuracy and integrity, a reliable authentication mechanism is required. So far, however, very few cryptographic solutions have been offered to achieve this in the literature. Even existing solutions have faced the following challenges: (i) the authentication solutions based on regular digital signature require complex management of public-key infrastructureell; and (ii) signing messages exchanged or broadcast frequently in aircraft-to-aircraft and aircraft-to-ground communication modes can cause a computational bottleneck easily. In order to address these challenges, we take a fresh approach to building up an authentication framework by introducing a new online/offline identity-based signature scheme. Our scheme will resolve the public-key infrastructure management issue by using the identities of aircrafts as public keys and will achieve a high efficiency through online/offline signature generation