On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems
Khandker, S., Turtiainen, H., Costin, A., & Hämäläinen, T. (2022). On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems. IEEE Access, 10, 37718-37730. https://doi.org/10.1109/ACCESS.2022.3164704
Julkaistu sarjassa
IEEE AccessPäivämäärä
2022Oppiaine
Secure Communications Engineering and Signal ProcessingTekniikkaSecure Communications Engineering and Signal ProcessingEngineeringTekijänoikeudet
© 2022 the Authors
Automatic dependent surveillance-broadcast (ADS-B) is a key air surveillance technology and a critical component of next-generation air transportation systems. It significantly simplifies aircraft surveillance technology and improves airborne traffic situational awareness. Many types of mobile cockpit information systems (MCISs) are based on ADS-B technology. MCIS gives pilots the flight and traffic-related information they need. MCIS has two parts: an ADS-B transceiver and an electronic flight bag (EFB) application. The ADS-B transceivers transmit and receive the ADS-B radio signals while the EFB applications hosted on mobile phones display the data. Because they are cheap, lightweight, and easy to install, MCISs became very popular. However, because it lacks basic security measures, ADS-B technology is vulnerable to cyberattacks, which makes the MCIS inherently exposed to attacks. This is even more likely because they are power, memory, and computationally constrained. This study explores the cybersecurity posture of various MCIS setups for both types of ADS-B technology: 1090ES and UAT978. Total six portable MCIS devices and 21 EFB applications were tested against radio-link- based attacks by transmission-capable software-defined radio (SDR). Packet-level denial of service (DoS) attacks affected approximately 63% and 37% of 1090ES and UAT978 setups, respectively, while many of them experienced a system crash. Our experiments show that DoS attacks on the reception could meaningfully reduce transmission capacity. Our coordinated attack and fuzz tests also reported worrying issues on the MCIS. The consistency of our results on a very broad range of hardware and software configurations indicate the reliability of our proposed methodology as well as the effectiveness and efficiency of our platform.
...
Julkaisija
Institute of Electrical and Electronics Engineers (IEEE)ISSN Hae Julkaisufoorumista
2169-3536Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/117637282
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Rahoittaja(t)
Suomen AkatemiaRahoitusohjelmat(t)
Tutkimusinfrastruktuuri, SALisätietoja rahoituksesta
This work was supported in part by the Finnish Grid and Cloud Infrastructure (FGCI) in part by the research dean for research funding within the Faculty of Information Technology of the University of Jyväskylä (07.04.2021), and in part by the Finnish Cultural Foundation, grant decision No. 00211119.Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
GDL90fuzz : Fuzzing “GDL-90 Data Interface Specification” Within Aviation Software and Avionics Devices : A Cybersecurity Pentesting Perspective
Turtiainen, Hannu; Costin, Andrei; Khandker, Syed; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)As the core part of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and ... -
Cybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures
Khandker, Syed; Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Automatic Dependent Surveillance-Broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in ... -
On Apache Log4j2 Exploitation in Aeronautical, Maritime, and Aerospace Communication
Juvonen, Artturi; Costin, Andrei; Turtiainen, Hannu; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Apache Log4j2 is a prevalent logging library for Java-based applications. In December 2021, several critical and high-impact software vulnerabilities, including CVE-2021-44228, were publicly disclosed, enabling remote code ... -
Smart Terminal System of Systems’ Cyber Threat Impact Evaluation
Simola, Jussi; Pöyhönen, Jouni; Lehto, Martti (Academic Conferences International, 2023)Systems of system-level thinking is required when the purpose is to develop a coherent understanding of the ecosystem where every user and system requirements are divided into specific parts. The smarter project, as a part ... -
Insecure Firmware and Wireless Technologies as “Achilles’ Heel” in Cybersecurity of Cyber-Physical Systems
Costin, Andrei (Springer, 2022)In this chapter, we analyze cybersecurity weaknesses in three use-cases of real-world cyber-physical systems: transportation (aviation), remote explosives and robotic weapons (fireworks pyrotechnics), and physical security ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.