Show simple item record

dc.contributor.authorKhandker, Syed
dc.contributor.authorTurtiainen, Hannu
dc.contributor.authorCostin, Andrei
dc.contributor.authorHämäläinen, Timo
dc.date.accessioned2022-02-17T10:08:37Z
dc.date.available2022-02-17T10:08:37Z
dc.date.issued2022
dc.identifier.citationKhandker, S., Turtiainen, H., Costin, A., & Hämäläinen, T. (2022). Cybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures. <i>IEEE Transactions on Aerospace and Electronic Systems</i>, <i>58</i>(4), 2702-2719. <a href="https://doi.org/10.1109/taes.2021.3139559" target="_blank">https://doi.org/10.1109/taes.2021.3139559</a>
dc.identifier.otherCONVID_103842967
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/79806
dc.description.abstractAutomatic Dependent Surveillance-Broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in the ADS-B architecture. In this paper, we demonstrate and evaluate the impact of multiple cyberattacks on ADS-B via remote radio frequency links that affected various network, processing, and display subsystems used within the ADS-B ecosystem. Overall we implemented and tested 12 cyberattacks on ADS-B in a controlled environment, out of which 5 attacks were presented or implemented for the first time. For all these attacks, we developed a unique testbed that consisted of 13 hardware devices and 22 software that ran on Android, iOS, Linux, and Windows operating systems, which result in a total of 36 tested configurations. Each of the attacks was successful on various subsets of the tested configurations. In some attacks, we discovered wide qualitative variations and discrepancies in how particular configurations react to and treat ADS-B inputs that contain errors or contradicting flight information, with the main culprit almost always being the software implementation. In some other attacks, we managed to cause Denial of Service (DoS) by remotely crashing/impacting more than 50% of the test-set that corresponded to those attacks. Besides demonstrating successful attacks, we also implemented, investigated, and report herein some practical countermeasures to these attacks. We demonstrated that the strong relationship between the received signal strength and the distance-to-emitter might help verify the aircrafts advertised ADS-B position and distance. For example, our best machine learning models achieved 90% accuracy in detecting spoofed ADS-B signals, which may be effectively used to distinguish ADS-B signals of real aircraft from spoofed signals of attackers.en
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartofseriesIEEE Transactions on Aerospace and Electronic Systems
dc.rightsCC BY 4.0
dc.subject.otherADS-B
dc.subject.other1090ES
dc.subject.otherUAT
dc.subject.otherEFB
dc.subject.other1090MHz
dc.subject.other978MHz
dc.subject.otheraviation
dc.subject.otheravionics
dc.subject.otherATC
dc.subject.otherATM
dc.subject.otherdatalink
dc.subject.othercybersecurity
dc.subject.othervulnerabilities
dc.subject.otherpentesting
dc.subject.otherexperimental platform
dc.subject.othercountermeasures
dc.titleCybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-202202171534
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.contributor.oppiaineSecure Communications Engineering and Signal Processingfi
dc.contributor.oppiaineTekniikkafi
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineSecure Communications Engineering and Signal Processingen
dc.contributor.oppiaineEngineeringen
dc.contributor.oppiaineMathematical Information Technologyen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.type.coarhttp://purl.org/coar/resource_type/c_2df8fbb1
dc.description.reviewstatuspeerReviewed
dc.format.pagerange2702-2719
dc.relation.issn0018-9251
dc.relation.numberinseries4
dc.relation.volume58
dc.type.versionacceptedVersion
dc.rights.copyright© Authors, 2021
dc.rights.accesslevelopenAccessfi
dc.subject.ysolennonjohto
dc.subject.ysolentoliikenne
dc.subject.ysoverkkohyökkäykset
dc.subject.ysokyberturvallisuus
dc.subject.ysolennonvarmistus
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p525
jyx.subject.urihttp://www.yso.fi/onto/yso/p4262
jyx.subject.urihttp://www.yso.fi/onto/yso/p27466
jyx.subject.urihttp://www.yso.fi/onto/yso/p26189
jyx.subject.urihttp://www.yso.fi/onto/yso/p14938
dc.rights.urlhttps://creativecommons.org/licenses/by/4.0/
dc.relation.doi10.1109/taes.2021.3139559
jyx.fundinginformationSuomen Kulttuurirahasto (Grant Number: 00211119) SESAR Engage KTN (Grant Number: Engage - 204 - Proof-of-concept: practical, flexib)
dc.type.okmA1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

CC BY 4.0
Except where otherwise noted, this item's license is described as CC BY 4.0