Cybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures
Khandker, S., Turtiainen, H., Costin, A., & Hämäläinen, T. (2022). Cybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures. IEEE Transactions on Aerospace and Electronic Systems, 58(4), 2702-2719. https://doi.org/10.1109/taes.2021.3139559
DisciplineSecure Communications Engineering and Signal ProcessingOhjelmisto- ja tietoliikennetekniikkaTietotekniikkaSecure Communications Engineering and Signal ProcessingSoftware and Communications EngineeringMathematical Information Technology
© Authors, 2021
Automatic Dependent Surveillance-Broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in the ADS-B architecture. In this paper, we demonstrate and evaluate the impact of multiple cyberattacks on ADS-B via remote radio frequency links that affected various network, processing, and display subsystems used within the ADS-B ecosystem. Overall we implemented and tested 12 cyberattacks on ADS-B in a controlled environment, out of which 5 attacks were presented or implemented for the first time. For all these attacks, we developed a unique testbed that consisted of 13 hardware devices and 22 software that ran on Android, iOS, Linux, and Windows operating systems, which result in a total of 36 tested configurations. Each of the attacks was successful on various subsets of the tested configurations. In some attacks, we discovered wide qualitative variations and discrepancies in how particular configurations react to and treat ADS-B inputs that contain errors or contradicting flight information, with the main culprit almost always being the software implementation. In some other attacks, we managed to cause Denial of Service (DoS) by remotely crashing/impacting more than 50% of the test-set that corresponded to those attacks. Besides demonstrating successful attacks, we also implemented, investigated, and report herein some practical countermeasures to these attacks. We demonstrated that the strong relationship between the received signal strength and the distance-to-emitter might help verify the aircrafts advertised ADS-B position and distance. For example, our best machine learning models achieved 90% accuracy in detecting spoofed ADS-B signals, which may be effectively used to distinguish ADS-B signals of real aircraft from spoofed signals of attackers. ...
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
ISSN Search the Publication Forum0018-9251
Publication in research information system
MetadataShow full item record
Additional information about fundingSuomen Kulttuurirahasto (Grant Number: 00211119) SESAR Engage KTN (Grant Number: Engage - 204 - Proof-of-concept: practical, flexib)
Showing items with similar title or keywords.
GDL90fuzz : Fuzzing “GDL-90 Data Interface Specification” Within Aviation Software and Avionics Devices : A Cybersecurity Pentesting Perspective Turtiainen, Hannu; Costin, Andrei; Khandker, Syed; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)As the core part of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and ...
Cybersecurity Attacks on Software Logic and Error Handling within AIS Implementations : A Systematic Testing of Resilience Khandker, Syed; Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)To increase situational awareness of maritime vessels and other entities and to enable their exchange of various information, the International Maritime Organization mandated the use of the Automatic Identification System ...
On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems Khandker, Syed; Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Automatic dependent surveillance-broadcast (ADS-B) is a key air surveillance technology and a critical component of next-generation air transportation systems. It significantly simplifies aircraft surveillance technology ...
On Apache Log4j2 Exploitation in Aeronautical, Maritime, and Aerospace Communication Juvonen, Artturi; Costin, Andrei; Turtiainen, Hannu; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Apache Log4j2 is a prevalent logging library for Java-based applications. In December 2021, several critical and high-impact software vulnerabilities, including CVE-2021-44228, were publicly disclosed, enabling remote code ...
On Attacking Future 5G Networks with Adversarial Examples : Survey Zolotukhin, Mikhail; Zhang, Di; Hämäläinen, Timo; Miraghaei, Parsa (MDPI AG, 2023)The introduction of 5G technology along with the exponential growth in connected devices is expected to cause a challenge for the efficient and reliable network resource allocation. Network providers are now required to ...