On Perception and Reality in Wireless Air Traffic Communication Security

Strohmeier, Martin; Schäfer, Matthias; Pinheiro, Rui; Lenders, Vincent; Martinovic, Ivan

doi:10.1109/tits.2016.2612584

Cited by 69 publications

(74 citation statements)

References 61 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There have been many previous efforts exploring both the cybersecurity vulnerabilities within ATC system, along with work exploring the vulnerability of ATC sectors and flows to traditional disruptions (e.g., weather). Key efforts that explored the cybersecurity of air traffic control include work by Strohmeier [24,26] which introduces a survey of the communication devices used in ATC and identifies vulnerabilities for each device. Further work in [4], explores cyber vulnerabilities within the NEXTGEN platform, specifically the ADS-B communications and then explores potential threat impacts based on the aircraft locations and attacker goals.…”

Section: Related Workmentioning

confidence: 99%

Cyber Threat Impact Analysis to Air Traffic Flows Through Dynamic Queue Networks

Tamimi

Hahn

Roy

2020

ACM Trans. Cyber-Phys. Syst.

View full text Add to dashboard Cite

Air traffic control increasingly depends on information and communication technology (ICT) to manage traffic flow through highly congested and increasingly interdependent airspace regions. While these systems are critical to ensuring the efficiency and safety of our airspace, they are also increasingly vulnerable to cyber threats that could potentially lead to reduction in capacity and/or reorganization of traffic flows. In this paper, we model various cyber threats to air traffic control systems, and analyze how these attacks could impact the flow of aircraft through the airspace. To perform this analysis, we consider a model for wide-area air traffic based on a dynamic queuing network model. Then we introduce three different attacks (Route Denial of Service, Route Selection Tampering, and Sector Denial of Service) to the air traffic control system, and explore how these attacks manipulate the sector flows by evaluating the queue backlogs for each sector's outflows. Furthermore, we then explore graph-level vulnerability metrics to identify the sectors that are most vulnerable to various flow manipulations, and compare them to case-study simulations of the various attacks. The results suggest that Route Denial of Service attacks have a significant impact on the target sector and lead to the largest degradation to the overall air traffic flows. Furthermore, the impact of Sector Denial of Service attack impacts are primarily confined to the target sector, while the Route Selection Tampering impacts are mostly confined to certain aircraft.

show abstract

Section: Related Workmentioning

confidence: 99%

Cyber Threat Impact Analysis to Air Traffic Flows Through Dynamic Queue Networks

Tamimi

Hahn

Roy

2020

ACM Trans. Cyber-Phys. Syst.

View full text Add to dashboard Cite

show abstract

“…Air-ground voice communication was recently described again to be one of the most endangered communication means for spoofing and/or spamming [11]. In particular, the SACom aims at improving the security of air-ground voice communication between pilots and air traffic control.…”

Section: An Example: the Sacom Prototypementioning

confidence: 99%

A practical example for validation of ATM security prototypes

Finke

Stelkens-Kobsch

2018

CEAS Aeronaut J

View full text Add to dashboard Cite

The insights presented in this article are outcomes of a security research project that was initiated to collate and interpret the latest findings gathered in the domain of air traffic management security. The concept of a holistic approach to security management has been evaluated. Due to the large scope of the project, only an excerpt of the findings is provided in this article. This article focuses on a brief description of a security prototype validation methodology, developed within the project. To provide tangible application of the methodology, the adoption to a security prototype is developed, which is intended to enhance security of the air traffic control voice communication system.

show abstract

“…Anyone can listen in on current ATC voice communication with the help of equipment easy to access. It is also relatively easy to record and decode unencrypted air-ground data transmissions [21], [22], [24]. In voice based ATC no attempt has been made to keep the communications confidential and neither is there any intent to make the existing ATC datalink confidential [7], [31].…”

Section: A Confidentialitymentioning

confidence: 99%

“…Even though the security threat picture in future ATM is severe, some mitigating factors already exist [24]. Safety has always been the primary concern of the aviation community and many of the safety mechanisms that are in place in today's aircraft and ground systems will also reduce the risks of security incidents.…”

Section: Mitigating Factorsmentioning

confidence: 99%

Security requirements for SATCOM datalink systems for future air traffic management

Bernsmed

Frøystad

Meland

et al. 2017

2017 IEEE/AIAA 36th Digital Avionics Systems Conference (DASC)

View full text Add to dashboard Cite

Abstract-Aircraft equipped with satellite communication (SATCOM) systems will enable advanced Air Traffic Management (ATM) operations over datalink on a global basis. A key concept of future ATM is 4D trajectory management, which aims to ensure an optimal path and designated arrival time for the flight by integrating time as a fourth dimension into the aircraft trajectory. However, the increase reliance on digital information exchange needed for implementing 4D implies that cyber security will be a key concern. The goal of the Iris Service Evolution programme is to provide a secure and reliable datalink for airground communication in oceanic and remote environment based on satellite. This paper provides an overview over ongoing work on cyber security in the Iris programme. We discuss the need for security for future datalink services in the aircraft control domain and, based on a security risk and threat analysis, provide a number of security requirements that future SATCOM datalink systems for ATM should fulfil.

show abstract

On Perception and Reality in Wireless Air Traffic Communication Security

Cited by 69 publications

References 61 publications

Cyber Threat Impact Analysis to Air Traffic Flows Through Dynamic Queue Networks

Cyber Threat Impact Analysis to Air Traffic Flows Through Dynamic Queue Networks

A practical example for validation of ATM security prototypes

Security requirements for SATCOM datalink systems for future air traffic management

Contact Info

Product

Resources

About