Information Technology Security Threats to Modern e-Enabled Aircraft: A Cautionary Note

Most passengers, airlines, and the aircraft industry in general are used to very high safety standards and precautions surrounding aircraft systems. As the computerization of aircraft steadily progresses, the question of security (that is, the protection against intentional manipulations) becomes increasingly relevant. This paper focuses on these security challenges. In particular, it adds the following contributions: It assesses the current state of public research on aircraft information technology security and contrasts it with an evaluation of the threat level through a discussion of recent attacks and vulnerabilities. This shows that many attack vectors are not protected against by the state-of-the-art technology implemented in today’s aircraft. In addition, increasing digitalization, connectivity, and similar developments have led to so-called 'e-enabled' aircraft with an ever larger attack surface. This results in challenges to the aircraft industry and lead to a requirement for additional technica...

[1]  Basel Alomair,et al.  Towards Trustworthy Cryptographic Protection of Airplane Information Assets , 2009 .

[2]  Radha Poovendran,et al.  Secure Operation, Control, and Maintenance of Future E-Enabled Airplanes , 2008, Proceedings of the IEEE.

[3]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[4]  Panagiotis Papadimitratos,et al.  Secure Vehicular Communication Systems , 2011, Encyclopedia of Cryptography and Security.

[5]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[6]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[7]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[8]  N. Thanthry,et al.  Security, Internet connectivity and aircraft data networks , 2005, Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology.

[9]  Todd E. Humphreys,et al.  Drone Hack: Spoofing Attack Demonstration on a Civilian Unmanned Aerial Vehicle , 2012 .

[10]  Robert C. Seacord The CERT C Secure Coding Standard , 2008 .

[11]  Radha Poovendran,et al.  Electronic Distribution of Airplane Software and the Impact of Information Security on Airplane Safety , 2007, SAFECOMP.

[12]  Bashar Nuseibeh,et al.  Securing the Skies: In Requirements We Trust , 2009, Computer.

[13]  Georg Sigl,et al.  Decreasing System Availability on an Avionic Multicore Processor Using Directly Assigned PCI Express Devices , 2013 .

[14]  Peter Skaves Cyber security issues related to aircraft systems, paper #260 , 2011 .

[15]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[16]  Radha Poovendran,et al.  Future E-Enabled Aircraft Communications and Security: The Next 20 Years and Beyond , 2011, Proceedings of the IEEE.

[17]  Alain Pirovano,et al.  An adaptive security architecture for future aircraft communications , 2010, 29th Digital Avionics Systems Conference.

[18]  M. Sparkes Securing the skies , 2006 .

[19]  M.L. Olive,et al.  Commercial Aircraft Information Security-an Overview of ARINC Report 811 , 2006, 2006 ieee/aiaa 25TH Digital Avionics Systems Conference.

[21]  Peter Skaves,et al.  Information for cyber security issues related to aircraft systems REV-A , 2011, 2013 IEEE/AIAA 32nd Digital Avionics Systems Conference (DASC).

[22]  KoushanfarFarinaz,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010 .

[23]  Karen A. Scarfone,et al.  Guide to General Server Security , 2008 .

[24]  Jason Bock,et al.  NET security , 2002 .

[25]  Andrei Costin,et al.  Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices , 2012 .

[26]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..