Cybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures
Khandker, S., Turtiainen, H., Costin, A., & Hämäläinen, T. (2022). Cybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures. IEEE Transactions on Aerospace and Electronic Systems, 58(4), 2702-2719. https://doi.org/10.1109/taes.2021.3139559
Date
2022Discipline
Secure Communications Engineering and Signal ProcessingTekniikkaTietotekniikkaSecure Communications Engineering and Signal ProcessingEngineeringMathematical Information TechnologyCopyright
© Authors, 2021
Automatic Dependent Surveillance-Broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in the ADS-B architecture. In this paper, we demonstrate and evaluate the impact of multiple cyberattacks on ADS-B via remote radio frequency links that affected various network, processing, and display subsystems used within the ADS-B ecosystem. Overall we implemented and tested 12 cyberattacks on ADS-B in a controlled environment, out of which 5 attacks were presented or implemented for the first time. For all these attacks, we developed a unique testbed that consisted of 13 hardware devices and 22 software that ran on Android, iOS, Linux, and Windows operating systems, which result in a total of 36 tested configurations. Each of the attacks was successful on various subsets of the tested configurations. In some attacks, we discovered wide qualitative variations and discrepancies in how particular configurations react to and treat ADS-B inputs that contain errors or contradicting flight information, with the main culprit almost always being the software implementation. In some other attacks, we managed to cause Denial of Service (DoS) by remotely crashing/impacting more than 50% of the test-set that corresponded to those attacks. Besides demonstrating successful attacks, we also implemented, investigated, and report herein some practical countermeasures to these attacks. We demonstrated that the strong relationship between the received signal strength and the distance-to-emitter might help verify the aircrafts advertised ADS-B position and distance. For example, our best machine learning models achieved 90% accuracy in detecting spoofed ADS-B signals, which may be effectively used to distinguish ADS-B signals of real aircraft from spoofed signals of attackers.
...


Publisher
Institute of Electrical and Electronics Engineers (IEEE)ISSN Search the Publication Forum
0018-9251Keywords
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/103842967
Metadata
Show full item recordCollections
Additional information about funding
Suomen Kulttuurirahasto (Grant Number: 00211119) SESAR Engage KTN (Grant Number: Engage - 204 - Proof-of-concept: practical, flexib)License
Related items
Showing items with similar title or keywords.
-
Cybersecurity Attacks on Software Logic and Error Handling within AIS Implementations : A Systematic Testing of Resilience
Khandker, Syed; Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)To increase situational awareness of maritime vessels and other entities and to enable their exchange of various information, the International Maritime Organization mandated the use of the Automatic Identification System ... -
GDL90fuzz : Fuzzing “GDL-90 Data Interface Specification” Within Aviation Software and Avionics Devices : A Cybersecurity Pentesting Perspective
Turtiainen, Hannu; Costin, Andrei; Khandker, Syed; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)As the core part of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and ... -
On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems
Khandker, Syed; Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Automatic dependent surveillance-broadcast (ADS-B) is a key air surveillance technology and a critical component of next-generation air transportation systems. It significantly simplifies aircraft surveillance technology ... -
On Attacking Future 5G Networks with Adversarial Examples : Survey
Zolotukhin, Mikhail; Zhang, Di; Hämäläinen, Timo; Miraghaei, Parsa (MDPI AG, 2023)The introduction of 5G technology along with the exponential growth in connected devices is expected to cause a challenge for the efficient and reliable network resource allocation. Network providers are now required to ... -
A View on Vulnerabilities Within IoT Devices in the Smart Home Environment
Nykänen, Annika; Costin, Andrei (Springer Nature Switzerland, 2023)The number of different devices connected to the Internet is constantly increasing. There is a high demand for these devices, and their benefits are clear for certain groups of users. Some of these devices, the Internet ...