Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends

The integration of Information and Communication Technology (ICT) tools into mechanical devices found in aviation industry has raised security concerns. The more integrated the system, the more vulnerable due to the inherent vulnerabilities found in ICT tools and software that drives the system. The security concerns have become more heightened as the concept of electronic-enabled aircraft and smart airports get refined and implemented underway. In line with the above, this paper undertakes a review of cyber-security incidence in the aviation sector over the last 20 years. The essence is to understand the common threat actors, their motivations, the type of attacks, aviation infrastructure that is commonly attacked and then match these so as to provide insight on the current state of the cyber-security in the aviation sector. The review showed that the industry’s threats come mainly from Advance Persistent Threat (APT) groups that work in collaboration with some state actors to steal intellectual property and intelligence, in order to advance their domestic aerospace capabilities as well as possibly monitor, infiltrate and subvert other nations’ capabilities. The segment of the aviation industry commonly attacked is the Information Technology infrastructure, and the prominent type of attacks is malicious hacking activities that aim at gaining unauthorised access using known malicious password cracking techniques such as Brute force attacks, Dictionary attacks and so on. The review further analysed the different attack surfaces that exist in aviation industry, threat dynamics, and use these dynamics to predict future trends of cyber-attacks in the industry. The aim is to provide information for the cyber-security professionals and aviation stakeholders for proactive actions in protecting these critical infrastructures against cyber-incidence for an optimal customer service oriented industry.

[1]  Ibrahimov G. Bayram,et al.  Cyber-Security , a new challenge for the aviation and automotive industries , 2016 .

[2]  Neeli R. Prasad,et al.  A Threat Analysis Methodology for Security Evaluation and Enhancement Planning , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[3]  Jon Haass,et al.  Aviation and Cybersecurity: Opportunities for Applied Research , 2016 .

[4]  Shankar Lal,et al.  Testbed for security orchestration in a network function virtualization environment , 2017, 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[5]  Hyrum S. Anderson,et al.  DeepDGA: Adversarially-Tuned Domain Generation and Detection , 2016, AISec@CCS.

[6]  Alejandro Correa Bahnsen,et al.  DeepPhish : Simulating Malicious AI , 2018 .

[7]  Dimitris Gritzalis,et al.  Implementing Cyber-Security Measures in Airports to Improve Cyber-Resilience , 2018, 2018 Global Internet of Things Summit (GIoTS).

[8]  Wayne Smith Cyber security in airports , 2015 .

[9]  Ahmet Efe,et al.  Air Traffic Security against Cyber Threats , 2019 .

[10]  Ying Tan,et al.  Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN , 2017, DMBD.

[11]  Thomas M. Chen,et al.  Lessons from Stuxnet , 2011, Computer.

[12]  Chun-Ying Huang,et al.  Decapitation via digital epidemics: a bio-inspired transmissive attack , 2016, IEEE Communications Magazine.

[13]  Fernando Pérez-Cruz,et al.  PassGAN: A Deep Learning Approach for Password Guessing , 2017, ACNS.

[14]  Xiao Chen,et al.  Using AI to Hack IA: A New Stealthy Spyware Against Voice Assistance Functions in Smart Phones , 2018, ArXiv.

[15]  Xiaojiang Du,et al.  Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city , 2020, Future Gener. Comput. Syst..

[16]  Priyadarsi Nanda,et al.  Testbed evaluation of Lightweight Authentication Protocol (LAUP) for 6LoWPAN wireless sensor networks , 2018, Concurr. Comput. Pract. Exp..

[17]  F. N. Ugwoke,et al.  Security QoS profiling against cyber terrorism in airport network systems , 2015, 2015 International Conference on Cyberspace (CYBER-Abuja).

[18]  Ali Dehghantanha,et al.  MODELLING BASED APPROACH FOR RECONSTRUCTING EVIDENCE OF VOIP MALICIOUS ATTACKS , 2012 .

[19]  M. A. Ben Farah,et al.  An image encryption scheme based on a new hybrid chaotic map and optimized substitution box , 2019, Nonlinear Dynamics.

[20]  Busyairah Syd Ali,et al.  Evaluation of the Capability of Automatic Dependent Surveillance Broadcast to Meet the Requirements of Future Airborne Surveillance Applications , 2017 .

[21]  Chirag Modi,et al.  Designing an efficient security framework for detecting intrusions in virtual network of cloud computing , 2019, Comput. Secur..

[22]  Raj Bridgelall,et al.  Machine Learning Approach to Cyber Security in Aviation , 2018, 2018 IEEE International Conference on Electro/Information Technology (EIT).

[23]  Alex R Mathew Airport Cyber Security and Cyber Resilience Controls , 2019, ArXiv.

[24]  Arnab Majumdar,et al.  A safety assessment framework for the Automatic Dependent Surveillance Broadcast (ADS-B) system , 2015 .

[25]  Monika Eisenhower,et al.  Encyclopedia Of Physical Science And Technology , 2016 .

[26]  Yi Yang,et al.  Artificial Intelligence-Based Password Brute Force Attacks , 2018 .

[27]  Maria Fazio,et al.  An approach for the secure management of hybrid cloud-edge environments , 2019, Future Gener. Comput. Syst..

[28]  Busyairah Syd Ali A safety assessment framework for Automatic Dependent Surveillance Broadcast (ADS-B) and its potential impact on aviation safety , 2013 .

[29]  Naresh Malla,et al.  Real-time cyber physical system testbed for power system security and control , 2017 .

[30]  Ren Ping Liu,et al.  Capacity of blockchain based Internet-of-Things: Testbed and analysis , 2019, Internet Things.

[31]  Dac-Nhuong Le,et al.  A Performance Analysis of OpenStack Open-Source Solution for IaaS Cloud Computing , 2016 .

[32]  Konstantinos Markantonakis,et al.  Challenges of security and trust in Avionics Wireless Networks , 2015, 2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC).

[33]  Seungwon Shin,et al.  SODA: A software-defined security framework for IoT environments , 2019, Comput. Networks.

[34]  Martin Moser,et al.  Information Technology Security Threats to Modern e-Enabled Aircraft: A Cautionary Note , 2014, J. Aerosp. Inf. Syst..

[35]  Yves Deswarte,et al.  Potential Attacks on Onboard Aerospace Systems , 2012, IEEE Security & Privacy.

[36]  Radek Fujdiak,et al.  Communication Model of Smart Substation for Cyber-Detection Systems , 2019, CN.

[37]  Timea Pahi,et al.  Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education , 2017, 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[38]  Praveen Gauravaram,et al.  A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports , 2020, IEEE Access.

[39]  Gary C. Kessler,et al.  Aviation Cybersecurity: An Overview , 2018 .

[40]  Jon R. Lindsay,et al.  Stuxnet and the Limits of Cyber Warfare , 2013 .

[41]  Dimitris Gritzalis,et al.  Smart Airport Cybersecurity: Threat Mitigation and Cyber Resilience Controls † , 2018, Sensors.

[42]  Aditya Ashok,et al.  Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid , 2013, IEEE Transactions on Smart Grid.

[43]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[44]  Mo-Yuen Chow,et al.  The Development and Application of a DC Microgrid Testbed for Distributed Microgrid Energy Management System , 2018, IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society.

[45]  George Suciu,et al.  Cyber-Attacks - The Impact Over Airports Security and Prevention Modalities , 2018, WorldCIST.

[46]  Daniel L. Marino,et al.  Cyber and Physical Anomaly Detection in Smart-Grids , 2019, 2019 Resilience Week (RWS).

[47]  Yuval Elovici,et al.  Security Testbed for the Internet of Things , 2016, ArXiv.

[48]  Alain Pirovano,et al.  An adaptive security architecture for future aircraft communications , 2010, 29th Digital Avionics Systems Conference.

[49]  Charles Morisset,et al.  A multi-modelling based approach to assessing the security of smart buildings , 2018, IoT 2018.

[50]  A. Srivastava,et al.  Integrated simulation to analyze the impact of cyber-attacks on the power grid , 2015, 2015 Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES).

[51]  Jingyue Li,et al.  The AI-Based Cyber Threat Landscape , 2020, ACM Comput. Surv..

[52]  M. Martellini Cyber Security: Deterrence and IT Protection for Critical Infrastructures , 2013 .

[53]  Naima Kaabouch,et al.  Analysis of vulnerabilities, attacks, countermeasures and overall risk of the Automatic Dependent Surveillance-Broadcast (ADS-B) system , 2017, Int. J. Crit. Infrastructure Prot..

[54]  Serge Chaumette,et al.  An efficient, secure and trusted channel protocol for avionics wireless networks , 2016, 2016 IEEE/AIAA 35th Digital Avionics Systems Conference (DASC).

[55]  Ruwantissa Abeyratne Aviation and Cybersecurity in the Digital World , 2020 .

[56]  Prathamesh P. Churi,et al.  Cybersecurity in Aviation : An Intrinsic Review , 2019, 2019 5th International Conference On Computing, Communication, Control And Automation (ICCUBEA).

[57]  Konstantinos Markantonakis,et al.  A secure and trusted boot process for Avionics Wireless Networks , 2016, 2016 Integrated Communications Navigation and Surveillance (ICNS).

[58]  Paul Rad,et al.  Implementation of deep packet inspection in smart grids and industrial Internet of Things: Challenges and opportunities , 2019, J. Netw. Comput. Appl..

[59]  C. Viveros,et al.  Analysis of the Cyber Attacks against ADS-B Perspective of Aviation Experts , 2016 .

[60]  Ivan Martinovic,et al.  Analyzing Privacy Breaches in the Aircraft Communications Addressing and Reporting System (ACARS) , 2017, ArXiv.

[61]  Martti Lehto,et al.  Cyber Security in Aviation, Maritime and Automotive , 2020 .

[62]  Serge Chaumette,et al.  Security and performance comparison of different secure channel protocols for Avionics Wireless Networks , 2016, 2016 IEEE/AIAA 35th Digital Avionics Systems Conference (DASC).

[63]  Ivan Martinovic,et al.  On the Security of the Automatic Dependent Surveillance-Broadcast Protocol , 2013, IEEE Communications Surveys & Tutorials.

[64]  Alan Oliveira de Sá,et al.  Bio-inspired Active Attack for Identification of Networked Control Systems , 2017 .

[65]  Ivan Martinovic,et al.  Undermining Privacy in the Aircraft Communications Addressing and Reporting System (ACARS) , 2018, Proceedings on Privacy Enhancing Technologies.

[66]  Qassim Nasir,et al.  Design and implementation of automated IoT security testbed , 2020, Comput. Secur..

[67]  Guevara Noubir,et al.  Hyperdrive: A flexible cloud testbed for research and education , 2017, 2017 IEEE International Symposium on Technologies for Homeland Security (HST).

[68]  Sridhar Adepu,et al.  EPIC: An Electric Power Testbed for Research and Training in Cyber Physical Systems Security , 2018, CyberICPS/SECPRE@ESORICS.

[69]  Radha Poovendran,et al.  Future E-Enabled Aircraft Communications and Security: The Next 20 Years and Beyond , 2011, Proceedings of the IEEE.

[70]  Raj Jain,et al.  Effect of Imbalanced Datasets on Security of Industrial IoT Using Machine Learning , 2018, 2018 IEEE International Conference on Intelligence and Security Informatics (ISI).

[71]  Mladen Kezunovic,et al.  Testbed for Timing Intrusion Evaluation and Tools for Lab and Field Testing of Synchrophasor System , 2019, 2019 International Conference on Smart Grid Synchronized Measurements and Analytics (SGSMA).

[72]  Frederick T. Sheldon,et al.  ISAAC: The Idaho CPS Smart Grid Cybersecurity Testbed , 2019, 2019 IEEE Texas Power and Energy Conference (TPEC).

[73]  Hyrum S. Anderson,et al.  The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation , 2018, ArXiv.

[74]  David Brosset,et al.  From Cyber-Security Deception To Manipulation and Gratification Through Gamification , 2019, HCI.

[75]  Ali Saman Tosun,et al.  Time Inference Attacks on Software Defined Networks: Challenges and Countermeasures , 2018, 2018 IEEE 11th International Conference on Cloud Computing (CLOUD).

[76]  Abdallah Farraj,et al.  Implementation and development of an offline co-simulation testbed for studies of power systems cyber security and control verification , 2019, International Journal of Electrical Power & Energy Systems.

[77]  Antonio F. Gómez-Skarmeta,et al.  Enhancing IoT security through network softwarization and virtual security appliances , 2018, Int. J. Netw. Manag..

[78]  Preeti Mishra,et al.  KVMInspector: KVM Based introspection approach to detect malware in cloud environment , 2020, J. Inf. Secur. Appl..

[79]  Seokjun Lee,et al.  Design and implementation of cybersecurity testbed for industrial IoT systems , 2017, The Journal of Supercomputing.

[80]  Levente Buttyán,et al.  Embedded systems security: Threats, vulnerabilities, and attack taxonomy , 2015, 2015 13th Annual Conference on Privacy, Security and Trust (PST).

[81]  Michail Maniatakos,et al.  FLEP-SGS2: a Flexible and Low-cost Evaluation Platform for Smart Grid Systems Security , 2019, 2019 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT).

[82]  Fred Cohen,et al.  Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[83]  Yong Peng,et al.  Cyber-Physical Systems Testbed Based on Cloud Computing and Software Defined Network , 2015, 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP).

[84]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[85]  Ben Y. Zhao,et al.  Automated Crowdturfing Attacks and Defenses in Online Review Systems , 2017, CCS.

[86]  MARIAM ELNOUR,et al.  A Dual-Isolation-Forests-Based Attack Detection Framework for Industrial Control Systems , 2020, IEEE Access.

[87]  Byung-Seo Kim,et al.  Design and Implementation of an Open Source Framework and Prototype For Named Data Networking-Based Edge Cloud Computing System , 2019, IEEE Access.

[88]  Radha Poovendran,et al.  Secure Operation, Control, and Maintenance of Future E-Enabled Airplanes , 2008, Proceedings of the IEEE.

[89]  Xiaoqing Frank Liu,et al.  Remote Monitoring and Online Testing of Machine Tools for Fault Diagnosis and Maintenance Using MTComm in a Cyber-Physical Manufacturing Cloud , 2018, 2018 IEEE 11th International Conference on Cloud Computing (CLOUD).