E-Enabled Aircraft - Requirements, Implications and Solutions

The next-generation air transportation systems needs to employ technologies and processes for enhancing airspace capacity and aircraft operation. The e-enabled aircraft is, therefore, envisioned to play a key role with its advanced sensing, computing and communications features. Reason? The skies have become more crowded and the current air traffic management infrastructures are close to their life’s end because of Software, Hardware, Architectures and Network links not processing the growth capacity to meet demands of future aviation.

===========================

New aircraft designs use TCP/IP technology for the main aircraft backbone, connecting flight-critical avionics and passenger information and entertainment systems in a manner that virtually makes the aircraft an airborne, interconnected network domain server. What are the implications? Are there or should there be security concerns? 

=======================

The new aircraft design (e-enabled) use TCP/IP data links to link in-flight and on-ground transfer and receive critical control, navigation, operations and maintenance information. Aircraft have multiple data networks on board to serve a variety of functions. There are networks that - Control the movement of the aircraft (control the engines and control surfaces) - Provide navigation and maintenance information to the crew and to an airline’s operations center. - Control the inflight service and entertainment systems. - Support crew communications, passenger Wi-Fi, data links to airport services, and many others This all brings a higher level of efficiency to flight and business operations, however, with the multitude of all these networks there are bound to be lapses and vulnerabilities in some areas of the code or system and that is inherent with any internet protocol-based (IP) architecture. Some implications and Requirements can be summarized as below: 1. Security Threats - Manipulation of Positioning Systems Readings: Attackers may attempt to disrupt and prevent onboard readings, for instance that of the GPS unit, and impact the accuracy or availability of position data in the traffic - Manipulation of Traffic Data: Attackers may attempt to intentionally engineer errors in surveillance by corrupting traffic data or spoofing positions. For instance, creating false conflicts by broadcasting bogus aircraft positions using virtual transmitters. - Exploitation of Traffic Data: Eavesdropper may passively use the traffic information broadcasts from ground controllers for further attacks like Denial of Service (DoS) - Liability: Person in the air traffic controller (ATC) system could deny having broadcast any false traffic data after detection of the manipulation. 2. Security Requirements - Integrity and Authenticity. For preventing adversarial manipulation of traffic data, the contents of the broadcast must be verifiable to be the same as at the source. - Confidentiality. Unauthorized access to traffic information broadcasts from ground controllers whose contents may provide leverage for adversary’s personal gain must be prevented. - Availability: Traffic data must be available in time to enable highly accurate and dependable surveillance. A backup mechanism must be available along with related processes to ensure no complete loss of minimum operating conditions for the ATC system. - Non-repudiation. For establishing liability in the ATC system, each traffic broadcast must be undeniably associated with at least one authentic entity in the system. - Early and Correct Detection Any manipulation of traffic data must be detected as soon as possible so as to not disrupt the pre-established time for flight, while also eliminating or reducing false alarms in the detection of manipulation.