Show simple item record

dc.contributor.authorJuvonen, Artturi
dc.contributor.authorCostin, Andrei
dc.contributor.authorTurtiainen, Hannu
dc.contributor.authorHämäläinen, Timo
dc.date.accessioned2023-01-09T12:45:04Z
dc.date.available2023-01-09T12:45:04Z
dc.date.issued2022
dc.identifier.citationJuvonen, A., Costin, A., Turtiainen, H., & Hämäläinen, T. (2022). On Apache Log4j2 Exploitation in Aeronautical, Maritime, and Aerospace Communication. <i>IEEE Access</i>, <i>10</i>, 86542-86557. <a href="https://doi.org/10.1109/ACCESS.2022.3198947" target="_blank">https://doi.org/10.1109/ACCESS.2022.3198947</a>
dc.identifier.otherCONVID_156493259
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/84864
dc.description.abstractApache Log4j2 is a prevalent logging library for Java-based applications. In December 2021, several critical and high-impact software vulnerabilities, including CVE-2021-44228, were publicly disclosed, enabling remote code execution (RCE) and denial of service (DoS) attacks. To date, these vulnerabilities are considered critical and the consequences of their disclosure far-reaching. The vulnerabilities potentially affect a wide range of internet of things (IoT) devices, embedded devices, critical infrastructure (CI), and cyber-physical systems (CPSs). In this paper, we study the effects and feasibility of exploiting these vulnerabilities in mission-critical aviation and maritime environments using the ACARS, ADS-B, and AIS protocols. We develop a systematic methodology and an experimental setup to study and identify the protocols’ exploitable fields and associated attack payload features. For our experiments, we employ software-defined radios (SDRs), use open-source software, develop novel tools, and develop features to existing software. We evaluate the feasibility of the attacks and demonstrate end-to-end RCE with all three studied protocols. We demonstrate that the aviation and maritime environments are susceptible to the exploitation of the Log4j2 vulnerabilities, and that the attacks are feasible for non-sophisticated attackers. To facilitate further studies related to Log4j2 attacks on aerospace, aviation, and maritime infrastructures, we release relevant artifacts (e.g., software, documentation, and scripts) as open-source, complemented by patches for bugs in open-source software used in this study.en
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartofseriesIEEE Access
dc.rightsCC BY 4.0
dc.subject.otherCVE-2021-44228
dc.subject.otherlog4j
dc.subject.otherlog4shell
dc.subject.othervulnerability
dc.subject.otherexploitation
dc.subject.otherexperimentation
dc.subject.otherproof-of-concept
dc.subject.otheraviation
dc.subject.otheravionics
dc.subject.otherACARS
dc.subject.otherADS-B
dc.subject.othermaritime
dc.subject.otherAIS
dc.subject.otheraerospace
dc.subject.othersatellite
dc.titleOn Apache Log4j2 Exploitation in Aeronautical, Maritime, and Aerospace Communication
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-202301091213
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineSecure Communications Engineering and Signal Processingfi
dc.contributor.oppiaineTekniikkafi
dc.contributor.oppiaineMathematical Information Technologyen
dc.contributor.oppiaineSecure Communications Engineering and Signal Processingen
dc.contributor.oppiaineEngineeringen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.type.coarhttp://purl.org/coar/resource_type/c_2df8fbb1
dc.description.reviewstatuspeerReviewed
dc.format.pagerange86542-86557
dc.relation.issn2169-3536
dc.relation.volume10
dc.type.versionpublishedVersion
dc.rights.copyright© The Authors 2022
dc.rights.accesslevelopenAccessfi
dc.subject.ysolangaton tiedonsiirto
dc.subject.ysotietoliikennesatelliitit
dc.subject.ysolangaton viestintä
dc.subject.ysoJava
dc.subject.ysomeriliikenne
dc.subject.ysolentoliikenne
dc.subject.ysoverkkohyökkäykset
dc.subject.ysolennonvarmistus
dc.subject.ysoApache
dc.subject.ysohaavoittuvuus
dc.subject.ysokyberturvallisuus
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p5445
jyx.subject.urihttp://www.yso.fi/onto/yso/p5595
jyx.subject.urihttp://www.yso.fi/onto/yso/p5443
jyx.subject.urihttp://www.yso.fi/onto/yso/p16144
jyx.subject.urihttp://www.yso.fi/onto/yso/p2046
jyx.subject.urihttp://www.yso.fi/onto/yso/p4262
jyx.subject.urihttp://www.yso.fi/onto/yso/p27466
jyx.subject.urihttp://www.yso.fi/onto/yso/p14938
jyx.subject.urihttp://www.yso.fi/onto/yso/p6068
jyx.subject.urihttp://www.yso.fi/onto/yso/p25011
jyx.subject.urihttp://www.yso.fi/onto/yso/p26189
dc.rights.urlhttps://creativecommons.org/licenses/by/4.0/
dc.relation.doi10.1109/ACCESS.2022.3198947
jyx.fundinginformationThis work was supported in part by the Finnish Grid and Cloud Infrastructure (FGCI) (persistent identifier urn:nbn:fi:research-infras-2016072533); in part by the Decisions of the Research Dean on Research through the Faculty of Information Technology, University of Jyväskylä, in April 2021 and April 2022; and in part by the Finnish Cultural Foundation under Grant 00221059. The work of Hannu Turtiainen was supported by the Finnish Cultural Foundation/Suomen Kulttuurirahasto (https://skr.fi/en) for supporting his Ph.D. Dissertation Work and Research under Grant 00221059. The work of Timo Hämäläinen was supported by the Faculty of Information Technology, University of Jyväskylä (JYU), for partly supporting his Ph.D. supervision at JYU during (2021–2023).
dc.type.okmA1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

CC BY 4.0
Except where otherwise noted, this item's license is described as CC BY 4.0