Saturday, March 30, 2019
Importance of Using the ACARS System
Importance of Using the ACARS SystemAbbreviationsACARS Aircraft converse Addressing and Reporting SystemADS-B Automatic dep interceptent surveillance broadcastCMU dialogue solicitude UnitCDU authorisation Display UnitFMS Flight Management SystemATC Air Traffic ControlAOC Aeronautical Operational ControlAAC Airline Administrative ControlNOTAM Notice to Airmenhaemorrhagic fever Very advanced FrequencyVDL VHF instruction LinkMAC Message credentials CodeAES Advance Encryption StandardSHA Secure Hash algorithmic programCA Certificate AuthorityICAO International Civil Aviation institutionIPsec Internet Protocol SecurityIn this report the importance of utilize the ACARS body in the intercourse surrounded by the aircrafts and the institute wholes much(prenominal) as Air traffic falsify (ATC), aeronautical operational control (AOC) and course path administrative Control (AAC). (2) Also, the pauperization of securing the conference head against passive and energetic att ackers go out be identified and analysed.The ACARS corpse is utilise to ventilate entropy some(prenominal) from aircraft to underseal and from make to aircraft. The info varyted from the aircraft to the ATC impart s send away requests and receipts for clearances and instruction manual when the aircraft is on the ground, during the microscope stages of take-off and landing and in the end during the time the aircraft is in the air.The ACARS is schema is also apply for colloquy amid the aircrafts and the AOC and AAC ground units. The information communeted among these three entities is about various aspects of the aircraft, weather entropy and observations, NOTAMS, flight plan and any diversion from the flight plan, technical performance, assert adapted dodge failures and any modified information regarding the flight and its passengers. ACARS form to transmit information to the ground take onrs, the FMC hardw be is used on naturaler aircrafts or the C DU on ho atomic number 18r ones.The intercourse is accomplished by utilise the FMS unit and a small printer in the aircrafts and similar hardw atomic number 18 on the ground. The FMS transmits the data to all a satellite or a ground antennas, regarding the overhead railway of the aircraft. After either the satellite or the antenna will transmit the data through the conversation vane to the appropriate ground unit using a private ne devilrk.Due to the reason that these data ar crucial and moldiness not be altered or in time sometimes monitored by unauthorised users the warranter of the communication channel and the data should be the top priority of the airlines. To achieve that the data ancestral should incessantly principal(prenominal)tain the three major(ip) aspects of information credential which beConfidentiality im sectionialityAvailabilityDuring the early eld of the zephyr industry communication conduct were only mandatory amid the ATC and the pilots. There were no shipway to transmit data regarding the aircrafts avionic systems, engines and rightfulness, of importly imputable to the reason that there was not such advanced applied science, on both the communication bring and on the aircrafts. The only communication channel forthcoming was the VHF carry that in our days is the least trusted protocol.As the aircrafts set abouted, the boundaries were extended, and led to a speedy increase in air traffic. In station to co-op with this, the aircrafts manufacturers clear-cut to improve the quality and quantity of the systems aboard the aircrafts in array to shelter them from mid-air collisions and also help the ATCs to execute the traffic easier. From the moment that the aviation instruments on board the aircraft changed from analogue to digital, a breakthrough was achieved, guide many companies to develop softwargon and ironware that standed the improvement of the communication and data transmission between the aircrafts and the ground. Along with these improvements, the aircrafts diminutive systems were able to continuously offer up the data rec give information regarding their condition. During this phase the CPDLC was positive in identify to minimize the acoustical mis commiserateings (6) tenderd accountability and made the communication easier, more(prenominal) efficient and safer to transmit and clear long cores (6). Although in my thought process this system would make the communication between the pilots and the ATC easier and safer, it wasnt widely used because of hostage threats like pass manipulation or injection (6) that were not achievable to be detected. Also, a major backdoor to the system in my assurance was that there was no enfranchisement cartroading to eavesdropping or spoof clearances (6).For the improvement of rubber and to be able to improve the slash investigations, the authorities decided that it would be helpful, that these data should be transmitted to the gr ound and in order to improve the communications between the aircrafts and the ATCs, a untried system was developed, which is called ACARS. Along with it sweet techniques of communication and data transmission were introduced that allowed the aircraft, ATCs and airlines plate to declare with severally early(a) by sending short texts.ACARS was introduced during the 80s and as the years passed it became actually(prenominal) popular among the airlines. It allowed direct communication between aircrafts and ATCs for requesting and receiving instructions and clearances. The ability of communicating between the aircraft and the AOC and AAC was introduced, that allowed the exchange of information about the weather, possible issues with the aircrafts systems, NOTAMs, passenger information, etc.In the early years of aviation, the computers were not precise capable in intercepting or manipulating a message that was transmitted and and then there was little need for that system to be secure. As the years pass and computers became stronger, together with the knowledge of lot, possible unauthorised monitoring of message transmission or even manipulating the messages transmitted between the aircrafts and the ground was a threat to aviation. In order to solve this issues, security weapons were placed in order to comfort the communication channels and the data transmitted.The security mechanisms placed, are updated regularly in order to maintain the information secure against unused threats and attackers. The difficulty of maintaining a secure communication channel is becoming greater, due to the reason that the cost of hardware that allow you to monitor the information transmitted by aircrafts are really cheap and easily accessible. This together with the change magnitude knowledge of people on how to use them the wrong way and with the mark to cause harm for various reasons, makes the work of the ones trying to protect these systems, in truth difficult a nd crucial for the safety of the passengers and aircraft lot lives.As the work stretch along for the pilots in command increased greatly due to the increased traffic, reduction of the crew members in aircrafts and the need to maximize profit without undermining safety and in order to protect the pilots from making mistakes or forget to complete the unavoidable steps for the safe conduct of a flight, researchers were working on a new way of communication between the aircraft and the ground operations. That software was ACARS and was developed in the 1980s.ACARS is a digital datalink system (3) that allows the pilots, ATC and the airlines headquarters to exchange short messages no matter of the location of the aircraft around the adult male. In order to achieve that the aircraft is equipt with an avionics computer which is called Communications Management Unit (CMU), a control endanger unit (CDU) and a printer. The CMU was designed to be able to send and receive digital messages (3) regarding aspects of the flight, instructions and clearances from the ATC, weather forecasts, NOTAMs and information to and from the companys headquarters regarding the aircrafts performance and special needs about the passengers.In order to achieve the level of communication needed, the ACARS system is using varied compositors upshots of communication media. The two media used to communicate between the aircraft and the ground by using satellites when the aircrafts are at higher(prenominal)(prenominal) altitudes and radio antennas at lower altitudes. Before the starting line implementations of the ACARS system, the communication between the aircrafts and the ground was performed by VHF voice channels. As the technology advanced, new way of communication were developed. During the first base periods of implementation of the ACARS system the ARINC organisation, developed a service that a allowed for the VHF communication service to be upgraded by a new service that allowed t he use of digital telex formats (3) to the VHF communication channel. During the 90s this led to the standardization of a VHF digital Link. As the implementation of the ACARS software by airliners became widespread, new services were developed in order to make the communication channels more efficient. SITA company, during this phase had developed a oversize ground communication network that was connecting places around the valet de chambre. In order to further enhance the abilities of ACARS, SITA integrated their ground communication network to be able and cooperate with ACARS already existing communication channels between aircraft and ground. In my opinion the ACARS system was designed very vigorously because it was able to cooperate with many types of aircraft communications equipment such as VHF, Inmarsat, sitcom, atomic subject 77 satellite, VDL and high frequency data link (6).More detailed, SITA managed to merge both VHF and VDL air to ground communication channel toget her with the ground network it had already developed and to provide an end to end communication channel between aircrafts and ground operations no matter the type of flights. Both short haul and long haul routes were supported.Figure .1 ACARS frame-up (9)ACARS security is very important for the safe conduct of flights. Two distinguishable types of security were implemented. The first one was called DSP-based architecture and is only capable to protect ACARS messages during transmission from the aircraft to the ground, leaving the ground network unprotected and risking attacks from hackers subject.For that reason, there is an end to end security architecture was proposed and developed. In order for the security of the ACARS system to be complete it will amaze to maintain confidentiality, integrity and handiness to the information transmitted at all times, both in the communication channel between the aircraft and the ground and also in the ground network.On the end to end solutio n proposed in the article The Approach of ACARS Data Encryption and Authentication (5), The proposed security will be using isobilateral and asymmetric cryptograph, a hybrid system that could solve the line of works of using practiced one of the methods of cryptography, along with digital signatures to provide adequate privacy and integrity (5) to the messages. The issues that came up with the symmetric cryptography were that in order to communicate with each some other, a backbone had to be exchanged between the vector and the recipients of the message. This unusual see was designed to be known just by the sender and the recipient of the message in order to protect it from unauthorized users. This turn out to be very difficult to maintain secure due to the large number of users that are using ACARS to communicate. On the other hand, asymmetric cryptography was able to solve this problem but it required the use of a large size keys that led to a rather large core of bandw idth required just for the exchange of the keys that kept secure the communication, which was a problem due to the limited amount of bandwidth the ACARS system was designed to require.This hybrid system that was proposed, made use of a key derivation algorithm called elliptic skip Diffie-Hellman which is using an elliptic carousal and certain points in order to find the private key. By using the elliptic curve along with the private key, it was able to devolve the universe key of both the aircraft and the ground station (sender and recipient). By using this technique, the communication channel was secure because it was very difficult for the attacker to find the private key even though the exchange of public key is intercepted (5). For the receiver to be able to rewrite and use the private key a key derivation incline is needed which in this example is the MAC.In order to provide encoding to the data transmitted the AES algorithm is used in combination with the SHA 256 algo rithm. The number 256 after the SHA acronym means the length of the random binary sequence that is used as the key for the AES (5) algorithm.Due to the reason of the limited bandwidth that ACARS is designed to be using, the message data transmitted and the necessary data transmitted to provide security should be compressed as much as possible. In order to do so every letter, number or image will arrest to be encoded to a 6 musical composition stream during the encryption phase. In order for the recipient to be able to decode it and read the cover message, the MAC of the encrypted data will have to be read and be decrypted to an ACARS readable character. Also, the correct MAC value will have to be calculated in order for the message to be authenticated.During the testing phase of the above end to end security mechanism, eavesdropping was possible to be through but no actual data were able to be read, due to the AES that was used in the encryption of the message, so confidentiality was achieved. Privacy was also achieved because if the message was manipulated, the MAC value would have been changed and the recipient would have detected the change in value. Finally for the digital signature to be correct, the assumptions that the CA was fiducial had to be made.Wireless Communication SecurityDue to the reason that the main communication channel between the aircraft and the ground stations will constantly be receiving set, some necessary aspects of security will al ways have to exist in order to able to say that the channel is secure. check to the authors of the article (7), in order for a security protocol be acceptable, it must meet some urgencys. The first one is the mutual entity credential which is able to provide security by identifying the sender and the receiver. Also, the Asymmetric algorithms are very critical according to my opinion, regarding the key distribution that will allow the sender and the receiver authenticate each other messages. Next i n order to prevent unauthorised people to access the communication channel, the two parties must allot to the keys used and to be able to confirm them when needed along with being able to control them, maintain the key glowing (7) so no replay attacks could be performed and also to protect secrets of old communications in the case that an unauthorised person gains access to a session key. All the above aspects, in my opinion are critical in order to maintain privacy in the communication channel. match to the article (7) which I agree with, some compromises should be taken in order to have the security options made-to-order to the needs of your systems. In our case the ACARS system was designed to have a small amount of load in transmitting data and thus and IPsec with fixed pre-shared keys (7) would be very helpful because it has limited data exchanged in order to provide security. On the other hand, protocols based on asymmetric cryptosystems (7) are able to provide better secur ity but in a higher data load cost.Wireless Communication Threat ModelIn order to be able to provide better solutions in the wireless communication channel, we must be able to identify the threat that are possible to be faced during the transfer of data. In order to do so we must have a threat model that is tailored to our needs.In order to create a threat model, we must also know the adversaries capabilities. In the case of wireless networks according to the article (8) authors, which are the one that ACARS uses, the adversary usually has the ability to receive and transmit data (8), should be able to monitor the network and in order to do the previous two, he must have knowledge on how the network was setup. Commonly, if the attacker is able to eavesdrop a wireless, he will be able to inject traffic (8) into the network. All of the above capabilities in my opinion are depended to the knowledge he has and to the money he is willing to decease in order to be able to perform such ta sks.The main attacks he give the sack perform to a wireless network has to do with spoofing attacks (8), replay attacks (8) which I believe is easily solved by the in skunkdescence aspect of security, eavesdropping (8) compromise or introduction of nodes, wireless jamming (8) and finally a denial of service (8) attack by increasing super the load of the network.ACARS Security per HoneywellPer Honeywell, ACARS is using a message security system that is able to provide message authentication, confidentiality and data integrity, which are the basic aspects that need to be protected. Based on an ICAO papers regarding the security plan a public key infrastructure and other cryptographic algorithms are used in order to protect the data transmitted.More specifically, according to the ARINC condition 823 (4) the security of the messages is split in two different parts. The first part was published on 2007 and contains everything regarding the framework of the security, such as algorith ms, protocols and message formats. The blurb parts are about the key management of this security mechanism and was published 1 year later and contains information regarding the key liveliness cycle and the how a certificate is managed.Furthermore, two different security feed were developed and each of them had different characteristics regarding the mechanisms used in order to protect the data transmitted.The first one is called ATN/OSI Security and it was described in the ICAO document 9880. This kind of security foresight used digital signatures which uses the Elliptic Curve Diffie-Hellman cryptographic algorithm combined with a SHA256 in order to generate and verify the signatures. As for Message authentication, it uses hashed MAC with a 32bit MAC length. A key agreement is used in order to share the public key that will then be used in order for the recipient to be able to derive the secret key and be able to decode the message sent.The second one is called ACARS Security ARI NC 823. This one also uses the digital signatures in order to sign the message and the specifications of the digitals signatures are similar to the first security foresight, making use of the elliptic curve Diffie-Hellman algorithm combined with a SHA256 for the signature generation and verification. Again, for the message authentication a hashed MAC is being used but in this case the length of the MAC is not standard. It could be 32 bit, 64 bit or even 128 bit, with the default one to be the 32 bit. The main difference between the two security foresights is that the previous didnt require a confidentiality mechanism to be in place. On the other hand, this one uses for encryption and AES128 cipher algorithm that is mainly used to encrypt and decrypt the messages. Finally, the key establishment mechanism is similar on both security foresights, nitty-gritty that both of them use an elliptic curve Diffie-Hellman with SHA256 algorithm to provide the communication channel with a secret key agreement, shared public key and the derivation of the secret key.ThreatsAs the technology is improved, the computers become more powerful, leading in the implementation of better security mechanisms but also in increasing amount of computing power that possible attackers have in their hands. This along with the ability given to the public to be able to undercut the flights using the ADS-B can have possible backdoors that can threaten the safety of the flights. The main use of this surveillance technology is for the improvement of the safety and skill of the flights. This technology also lead to the creation of a web occupation and smartphone application, that gave the ability to anyone to be able to track any aircraft in the world that had this technology active. Anyone with a cheap hardware setup could receive the information sent to the ground by the aircrafts.If an attacker is able to intercept these signals, he is able to perform passive attacks like eavesdropping the co mmunications or furthermore, retard the response from the ATC (jamming) and finally send his response back (message injection), could leave behind in the attacker to be able to perform an active attack and come through the aircrafts navigation system. Another possible attack according the article (6) this attacks could result in the virtually modifying the trajectory of an aircraft (6). After the attacker, has gained access to the aircraft systems, he can receive information via the ACARS system. If the ACARS system is not protected correctly, the attacker will be able to exploit the systems and either insert false information to the avionics or just attach a virus or malware and have a constant access to the aircrafts avionics and information.Furthermore, the attacker could gain access to the FMS he will be able to mess with the navigation and flight supplying such as waypoints, altitudes, speeds, alternate the destination airport of the flight etc. This will result to the atta cker being in complete control of the aircraft, with the pilots not being able to do much in order to gain back the control of the aircraft.Although the ACARS system was updated regularly and the ACARS AMS was developed in order to provide end to end security, many airlines decided to not use it and instead provide some security by reconditeness (6), which according to my opinion could lead in more risks and better security because no one has tested the security algorithms that are used and therefore if there is any vulnerability in the security algorithm, the company will neer be aware of it, leaving the communication channel open to zero day attacks.The cost of the hardware needed to complete such an attack is not high. Using online shopping web applications or other sellers, the possible attacker will be able to buy the necessary hardware such as FMS hardware, air to ground transmitters, ACARS manager hardware and other hardware, in order to perform such an attack. By using one of the most known flight simulator software, combined with the necessary hardware and finally by exploiting any vulnerabilities in the security of ACARS and FMS systems, they can manage to gain control of the aircraft with low cost.There are many ways the attacker could gain access or perform attacks against the aircrafts. These ways may include attacks via the internet by exploiting bugs in web applications, vulnerabilities against software, SQL injections to databases or other vulnerabilities that are not fixed in mobile applications.There are two different threat models according to the authors of the article On recognition and reality in the wireless air traffic communication security (6). The two different threat models are the traditional aviation threat model (6) and the Modern threat model (6). The main difference between these two according the article are that the software-defined radios are widely available to the public and along with them to possible attackers and th e change between analogue instruments and digital instruments, with the second ones to give the ability to the users to transmit more data in electronic form. These could lead to an increase in the abilities hackers to eavesdrop, modify and inject data on the communications channel.The traditional threat model is used from when the first forms of communication were implemented in aviation. As years passed the communication channels were improved and the amount of data that was transmitted increased rapidly. The authors of the article specify the article as nave (6) of the reasons of inferior technological capabilities and financial capabilities, requirement of inside knowledge and the use of analog communication. (6). I can agree with their opinion because I believe that indeed the threat model is very old and due to the new technologies, along with the low cost of a setup that could allow to interfere with the communications of an aircraft, the risk will be much higher.The second threat model is the modern threat model. It has major changes from the first one due to the increased digitalisation and automation (6) of the aircrafts communication channels. Also, the increased technological capabilities (6) such as cheap hardware could lead to possible attacks that could not be performed when the first threat model was developed. Finally, people could easily gain aviation knowledge (6) from the internet, flight simulator software, which could increase the distressfulness of the attacks that could be performed. For the above reasons and from my own experience with aviation knowledge and flight simulator software, I would agree that this model is more up to date and more tailored to identify the threats that todays aircraft face.Concluding on the above-mentioned information, the aviation world and more specifically the security of the aircrafts, crews and passengers are far from safe. This is because even with the security measures that are already researched, th e airlines do not always implement them. Also, the technology required and the cost of acquiring such technology makes it easier for attackers to perform either passive or active attacks against aircrafts. The above when combined with the knowledge of an attacker can lead to great threats against the aircrafts.In order to maintain the aviation world safe, the need to reassess the risk of attacks under realistic system models and the development of appropriate countermeasures (6) should be identified and embraced along with new end to end security implementations are proposed and if approved implemented by airlines. such security mechanisms must be tested in order to be totally sure that all vulnerabilities are patched and that it will never have a backdoor that could allow an attacker to perform an attack.In my opinion in order to be able to be sure that a security mechanisms that will be placed is totally secure, we must first learn our adversaries, understand their capabilities, intentions, motive and upon all knowledge and financial state. Next, we must understand what passive and active attacks an adversary can perform. If we manage to understand the above aspects of our adversaries, then we must understand what has to be done in order to prevent them from launching an attack against the aircraft- ground communications channel and ground network.By having the necessary information about the adversaries and the protection mechanisms that we can implement, then we must evaluate those already implemented and find ways to enhance them.ReferencesSmith, M., M. Strohmeier, V. Lenders, and I. Martinovic. On the security and privacy of ACARS. (016 Integrated Communications water travel and Surveillance (ICNS)) 1-27. Web. 15 Feb. 2017.Aircraft Communications, Addressing and Reporting System. Aircraft Communications, Addressing and Reporting System SKYbrary Aviation Safety. N.p., n.d. Web. 14 Feb. 2017.Aircraft Communications Addressing and Reporting System (ACARS ). Aircraft Communications Addressing and Reporting System (ACARS). N.p., n.d. Web. 14 Feb. 2017.Olive, Michael . ACARS Message Security (AMS) as a Vehicle for Validation of ICAO Doc. 9880 set off IV-B Security Requirements. Proc. of ICAO ACP WG-M Meeting, Belgium, Brussels. N.p. n.p., n.d. 1-12. Print.Yue, M., and X. Wu. The Approach of ACARS Data Encryption and Authentication. 2010 International Conference on Computational Intelligence and Security (2010) 556-60. Web. 10 Feb. 2017.Strohmeier, Martin, Matthias Schafer, Rui Pinheiro, Vincent Lenders, and Ivan Martinovic. On Perception and world in Wireless Air Traffic Communication Security. IEEE Transactions on Intelligent Transportation Systems (2016) 1-20. Web.Akram, genus Raja Naeem, Konstantinos Markantonakis, Keith Mayes, Pierre-Francois Bonnefoi, Damien Sauveron, and Serge Chaumette. Security and performance comparison of different secure channel protocols for Avionics Wireless Networks. 2016 IEEE/AIAA 35th Digital Avionics Systems Conference (DASC) (2016) n. pag. Web.Akram, Raja Naeem, Konstantinos Markantonakis, Royal Holloway, Sharadha Kariyawasam, Shahid Ayub, Amar Seeam, and Robert Atkinson. Challenges of security and trust in Avionics Wireless Networks. 2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC) (2015) n. pag. Web.Network Graphic. Digital image. ATC Data Link News. N.p., n.d. Web. 17 Feb. 2017.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment