Figure 3 - uploaded by Martin Strohmeier
Content may be subject to copyright.
2: Overview of the ADS-B system architecture. Aircraft receive positional data that is transmitted via the ADS-B Out subsystem over the 1090ES or the UAT data link. It is then received and processed by ground stations and by other aircraft via the ADS-B In subsystem.
Source publication
![Figure 3.3: ADS-B protocol hierarchy [13]. The 1090 MHz Extended...](profile/Martin-Strohmeier-3/publication/313376223/figure/fig3/AS:670000444620817@1536751962798/ADS-B-protocol-hierarchy-13-The-1090-MHz-Extended-Squitter-is-based-on-the_Q320.jpg)
![Figure 3.4: 1090 ES Data Link [13].](profile/Martin-Strohmeier-3/publication/313376223/figure/fig4/AS:670000444633119@1536751962811/1090-ES-Data-Link-13_Q320.jpg)
A multitude of wireless technologies are used by air traffic communication systems during different flight phases. From a conceptual perspective, all of them are insecure as security was never part of their design and the evolution of wireless security in aviation did not keep up with the state of the art.
Recent contributions from academic and ha...
Citations
... Martin Strohmeier and Kellogg College in [10] interviewed 242 international aviation experts aiming to analyze the community's knowledge regarding the awareness and potential impact to aviation due to insecure wireless system technologies. This systematic analysis would result in proposing novel mechanisms to improve the security and safety of air traffic communication networks. ...
Aircraft are complex systems that rely heavily on monitoring and real-time communications with the base station. During aviation and flight operations, diverse data are gathered from different sources, including the Cockpit Voice Recorder (CVR), Flight Data Recorder (FDR), logbook, passenger data, passenger manifest etc. Given the high sensitivity of flight data, it is an attractive target for adversaries which could result in operational, financial and safety related incidents. Communications between aircraft pilots and air traffic controllers are all unencrypted. The data, mainly audio communication files, are placed openly within data centers on the ground stations which could lead to a serious compromise in security and privacy. One may rely on the cloud owing to its on-demand features but to thwart possible attacks, the data need to be encrypted first, giving rise to the issue of conducting search over encrypted data. This research presents a novel approach for data security in aviation industry by introducing a semantic-based searchable encryption scheme over the cloud. The designed system has proven to be extraordinarily effective for semantic-based searchable encryption at the word and the text level. The rigorous security and complexity analysis shows that the proposed solution provides a high level of security and efficiency and can be effectively deployed in the aviation sector. The designed scheme is tested through a real-world aviation dataset collected to demonstrate the significance of this research. The proof of concept proves to be secure, privacy-preserving and lightweight while resisting distinguishability attacks.
... Likewise, Wernberg discovered the cyber-threats on CPDLC and suggested preventive measures [10]. Joshua et al. [11] discussed the impact of the MITM attack on the handover phase in the CPDLC drove ground-air communication. The successful MITM can allow the attacker to hijack the communication link between the pilot and the ATC, thereby enabling the attacker to send arbitrary malicious CPDLC commands towards the target without alerting the legitimate controller. ...
... Strohmeier in [11] investigated the aviation ecosystem and identified various possible threats (e.g., jamming, eavesdropping, message injection, message deletion) to ground-air communications and vice versa. Eskilsson et al. [12] demonstrated several cyber-attacks using software-defined radio (SDR) that can compromise the confidentiality and integrity of communications besides giving unauthorized access to ADS-B and CPDLC systems. ...
The safety of the passengers and goods in airplanes depends upon a number of combined factors. An airplane’s condition and the pilot’s experience are pivotal but another very crucial element is the synchronization among the pilots and the air traffic controller (ATC). The communication link between the two carries many uncertain aspects. The aviation sector often tends to give more priority to safety rather than cybersecurity. Although the controller-pilot data communication link (CPDLC) system has been proposed for consistent and reliable communication recently, it has some serious drawbacks. In this paper, we highlight the shortcomings of the CPDLC system from a cyber security perspective. We propose a federated learning-based privacypreserving intrusion detection system (IDS) to protect the CPDLC from uplink and downlink cyber attacks. To ensure a realistic and viable solution, we created our own training dataset by eavesdropping on the air-ground communication at a site near Arlanda airport, Sweden. The anomaly detection model constructed through federated learning has achieved higher accuracy, precision, recall and F1 score as compared to the centrally and locally trained models, enabling higher security. Due to the lower training loss and time, the proposed approach is highly suitable for the sensitive aviation communications.
... This situation notably affects the operator's working capacity and lowers their efficiency and response time. Fatigue is one of the frequently occurring factors in operation issues and approximately 21% of accidents in aviation (Strohmeier, 2016). Another key skill to discuss is decisionmaking, decision making is how individuals with expertise in a certain field utilize their knowledge and experience to make decisions within a limited time and almost certainly in a dynamic, stressful and safety decisive environment (Orasanu-Engel and Mosier, 2019). ...
Purpose – Technological advances and the adaption of higher levels of automation serve as a potential cause of aviation incidents and accidents.
This study aims to investigate the effect of automated systems on the operator’s performance total load (work, task, information, communication
and mental) in highly advanced systems.
Design/methodology/approach – A questionnaire was designed for aviation operators (Pilots, ATCOs) to understand the intensity to which
automation has affected their working environment and personal behavior. In total, 115 responses were received from 44 countries worldwide.
Approximately, 66% of respondents were pilots, 27% Air traffic controllers and 7% were both pilots and ATCOs with various experience levels.
Findings – Based on the results of this questionnaire, this study suggests the following: creating a total load management model to understand the
best load balance an operator could perform at providing rapidly updated aviation training methods and approaches investigating the influence and
consequences of adding new tools to the operator’s working station and redesigning it to achieve top operator-machine equilibrium redesigning
information and alerting systems.
Practical implications – Intrinsic limitations include an implicit expression of bias in the way questions are phrased, ambiguity in question phrasing
that leads to incorrect conclusions and challenges regarding articulating complex concepts.
Originality/value – In this paper, the authors aimed to assess and investigate factors leading to current and future incidents and accidents resulting
from human factors, specifically caused or developed because of highly automated systems.
... CPDLC is a two-way message-based air traffic network between ATCOs and pilots. It allows the pilots to send predefined messages asking for clearances and other requests (Strohmeier, 2016). Similarly, ATCOs can send predefined instructions to pilots. CPDLC is primarily used for non-time-critical communication. ...
Purpose
Ineffective communication consequences can be life-threatening and drastic. Communication misunderstandings are frequently reported in incidents, accidents and occurrences. This research paper aims to evaluate operator communication load in highly automated systems; distinguish and highlight the communication error factors during flight operations from different perspectives; and provide suggestions to operators to decrease the rate of misunderstandings in aviation communication.
Design/methodology/approach
This study is based on a questionnaire that investigated the critical communication load, including aviation training, standard phraseology, operators’ native language and cultural background. In addition to the effect of using controller–pilot data link communications will be discussed widely. In this research, 110 responses were obtained from pilots and air traffic controller (ATCOs) that vary in 44 countries; approximately 20% were ATCOs, and 75% were pilots.
Findings
This study was designed to assess the level of aviation operators communication load in highly automated systems, identify and illustrate the factors that contribute to communication errors during flight operations from multiple viewpoints, and offer recommendations to operators to minimize the rate of misunderstandings in aviation communication.
Originality/value
This research deals with evaluating the operators’ communication load, which is crucial for the air traffic safety and efficiency.
... Air traffic communication systems make the most prominent use-case for satellite-UE communications. The wireless technologies in most of air traffic communication systems are insecure from a general perspective, as discussed in a study on security of next generation air traffic communication networks [35]. The author outlines that since most of the technologies were developed without proper consideration to security, most of the aviation communication is insecure. ...
... The broadcast nature of communications make it fairly easy to eavesdrop on the communications. A variety of security attacks that can be used in the aviation communication have been discussed in [35], ranging from jamming to message insertion and deletion, to mounting attacks on information and control systems. Researchers revealed that on-board WiFi for passengers can enable access to the airplane SatCom equipment on the same network [36]. ...
... The authors claim that most of the communication happen in plain text leaving room for confidentiality and integrity threats, besides other security challenges in communication between pilots and aviation traffic control (ATC) systems and persons. Interested readers are referred to [35] for detailed information these topics. ...
p>The integration of satellite and terrestrial networks have become inevitable in the next generations of communications networks due to emerging needs of ubiquitous connectivity of remote locations. New and existing services and critical infrastructures in remote locations in sea, land and space will be seamlessly connected through a diverse set of terrestrial and non-terrestrial communication technologies. However, the integration of terrestrial and non-terrestrial systems will open both systems to unique security challenges that can arise due to the migration of security challenges from one to another. Similarly, security challenges can also arise due to the incompatibility of distinct systems or incoherence of security policies. The resulting security implications, thus, can be highly consequential due to the criticality of the infrastructures such as space stations, autonomous ships, and aeroplanes, for instance. Therefore, in this article we study existing security challenges in satellite-terrestrial communication systems and discuss potential solutions for those challenges. Furthermore, we provide important research directions to stir future research on existing security gaps in this direction.</p
... Air traffic communication systems make the most prominent use-case for satellite-UE communications. The wireless technologies in most of air traffic communication systems are insecure from a general perspective, as discussed in a study on security of next generation air traffic communication networks [35]. The author outlines that since most of the technologies were developed without proper consideration to security, most of the aviation communication is insecure. ...
... The broadcast nature of communications make it fairly easy to eavesdrop on the communications. A variety of security attacks that can be used in the aviation communication have been discussed in [35], ranging from jamming to message insertion and deletion, to mounting attacks on information and control systems. Researchers revealed that on-board WiFi for passengers can enable access to the airplane SatCom equipment on the same network [36]. ...
... The authors claim that most of the communication happen in plain text leaving room for confidentiality and integrity threats, besides other security challenges in communication between pilots and aviation traffic control (ATC) systems and persons. Interested readers are referred to [35] for detailed information these topics. ...
p>The integration of satellite and terrestrial networks have become inevitable in the next generations of communications networks due to emerging needs of ubiquitous connectivity of remote locations. New and existing services and critical infrastructures in remote locations in sea, land and space will be seamlessly connected through a diverse set of terrestrial and non-terrestrial communication technologies. However, the integration of terrestrial and non-terrestrial systems will open both systems to unique security challenges that can arise due to the migration of security challenges from one to another. Similarly, security challenges can also arise due to the incompatibility of distinct systems or incoherence of security policies. The resulting security implications, thus, can be highly consequential due to the criticality of the infrastructures such as space stations, autonomous ships, and aeroplanes, for instance. Therefore, in this article we study existing security challenges in satellite-terrestrial communication systems and discuss potential solutions for those challenges. Furthermore, we provide important research directions to stir future research on existing security gaps in this direction.</p
... Having surveyed 242 aviation experts, Strohmeier et al. [57] conclude that ''VHF is an increasingly common communications signal to be maliciously emulated by non-involved parties. [...] Anyone can buy an aviation transceiver without licence''. ...
... At a first glance, with a multitude of common security measures available for all layers, one may assume this to be a very rare circumstance. Still, attacking such system has been multiply demonstrated, e.g., in [6,9,[12][13][14][15]28,38,57,63,92,127,191,[193][194][195][196]. The question that remains unanswered is: Table 7 Aeronautical communication services: Summary of existence of security properties as specified in requirements, specification or scientific literature. ...
... Especially older systems (i.e., specified before the 2000s) do not specify any security by modern standards. Basically, everyone with appropriate equipment and the knowledge of the correct frequency and aeronautical phraseology can participate in aeronautical communications [28,57]. However, also more recent communication datalinks, such as AeroMACS, LDACS or the newer SatCOM links (c.f., Table 5), and networks like ATN/OSI or ATN/IPS (c.f., 6) do specify security properties. ...
Aeronautical communications still heavily depend on analog radio systems, despite the fact that digital communication has been introduced to aviation in the 1990’s. Since then, the digitization of civil aviation has been continued, as considerable pressure to rationalize the aeronautical spectrum has built up. In any modern digital communications system, the threat of digital attacks needs to be considered carefully. This is especially true for safety-critical infrastructure, which aviation’s operational communication services clearly are. In this article, we reverse the traditional approach in the aeronautical industry of looking at a system from the safety perspective and assume a security-oriented point of view. We use the lens of security properties to review the requirements and specifications of aeronautical communications infrastructure as of 2021 and observe that most standards lack cybersecurity as a key requirement. Furthermore, we review the academic literature to identify possible solutions for the lack of cybersecurity measures in aeronautical communications system. We observe that most systems have been thoroughly analyzed within the academic security community, some for decades even, with many papers proposing concrete solutions to missing cybersecurity features. We conclude that there is a systematic problem in the design process of aeronautical communication systems. We provide a list of eight key findings and recommendations to improve the process of specifying such systems in a secure manner.
... Based on Strohmeier's "Security in Next Generation Air Traffic Communication Networks" study, we can say that; The need for protection of air traffic management (ATM) and related technologies from possible cyber attacks is clear, the measures to be taken for this situation should be implemented as soon as possible. (Strohmeier, 2016) With the use of software defined radios (SDR) as an easy-to-find and inexpensive tool, ACARS and CPDLC were adversely affected and left them vulnerable to cyber -attacks. Now anyone with SDR can access and manage this data by decrypting data link communications. ...
The purpose of this article is to provide an overview of Controller Pilot Data Link Communications (CPDLC). It defines the essential ideas, the various data link services, and the fundamentals of CPDLC operations, as well as associated phraseology. The goal is to provide context for comprehending the safety risks around this technology.
... The means of the attacker to conduct FDIAs against ADS-B communications have already been detailed in previous work ( Manesh and Kaabouch, 2017;Strohmeier, 2016 ). Considering the attacker has the necessary equipment, they can perform three malicious basic operations: ...
The Automatic Dependent Surveillance-Broadcast protocol is one of the latest compulsory advances in air surveillance. While it supports the tracking of the ever-growing number of aircraft in the air, it also introduces cybersecurity issues that must be mitigated e.g., false data injection attacks where an attacker emits fake surveillance information. The recent data sources and tools available to obtain flight tracking records allow the researchers to create datasets and develop Machine Learning models capable of detecting such anomalies in En-Route trajectories. In this context, we propose a novel multivariate anomaly detection model called Contextual Auto-Encoder (CAE). It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase (e.g. climbing, cruising or descending) during its training. To illustrate the CAE’s efficiency, an evaluation dataset was created using real-life anomalies as well as realistically crafted trajectory modifications, with which the CAE as well as three anomaly detection models from the literature were evaluated. Results show that the CAE achieves better results in both accuracy and speed of detection. The dataset, the models implementations and the evaluation results are available in an online repository, thereby enabling replicability and facilitating future experiments.
... The means of the attacker to conduct FDIAs against ADS-B communications have already been detailed in previous work (Strohmeier, 2016;Manesh and Kaabouch, 2017). Considering the attacker has the necessary equipment, they can perform three malicious basic operations: ...
The Automatic Dependent Surveillance Broadcast protocol is one of the latest compulsory advances in air surveillance. While it supports the tracking of the ever-growing number of aircraft in the air, it also introduces cybersecurity issues that must be mitigated e.g., false data injection attacks where an attacker emits fake surveillance information. The recent data sources and tools available to obtain flight tracking records allow the researchers to create datasets and develop Machine Learning models capable of detecting such anomalies in En-Route trajectories. In this context, we propose a novel multivariate anomaly detection model called Discriminatory Auto-Encoder (DAE). It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase (e.g. climbing, cruising or descending) during its training.To illustrate the DAE's efficiency, an evaluation dataset was created using real-life anomalies as well as realistically crafted ones, with which the DAE as well as three anomaly detection models from the literature were evaluated. Results show that the DAE achieves better results in both accuracy and speed of detection. The dataset, the models implementations and the evaluation results are available in an online repository, thereby enabling replicability and facilitating future experiments.
