Abstract
Recent research has shown that a number of existing wireless avionic systems lack encryption and are thus vulnerable to eavesdropping and message injection attacks. The Aircraft Communications Addressing and Reporting System (ACARS) is no exception to this rule with 99% of the traffic being sent in plaintext. However, a small portion of the traffic coming mainly from privately-owned and government aircraft is encrypted, indicating a stronger requirement for security and privacy by those users. In this paper, we take a closer look at this protected communication and analyze the cryptographic solution being used. Our results show that the cipher used for this encryption is a mono-alphabetic substitution cipher, broken with little effort. We assess the impact on privacy and security to its unassuming users by characterizing months of real-world data, decrypted by breaking the cipher and recovering the keys. Our results show that the decrypted data leaks privacy sensitive information including existence, intent and status of aircraft owners.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
Labels ‘41’ and ‘42’ are primarily used in SATCOM and label ‘44’ is most common in VHF—as such we focus our analysis in this way.
References
Adams, C.: Securing ACARS: Data Link in the Post 9/11 Environment. Avionics Magazine, 24–26 June 2006
Aeronautical Radio Inc. (ARINC): 618–7: Air/Ground Character-Oriented Protocol Specification. Technical Standard (2013)
Aeronautical Radio Inc. (ARINC): 620–8: Datalink Ground System Standard and Interface Specification. Technical Standard (2014)
Aeronautical Radio Inc. (ARINC): 823–P1: DataLink Security, Part 1 - ACARS Message Security. Technical Standard (2007)
Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MobiCom) (2001)
Federal Aviation Administration: Access to Aircraft Situation Display (ASDI) and National Airspace System Status Information (NASSI) (2011). https://www.federalregister.gov/documents/2011/03/04/2011-4955/access-to-aircraft-situation-display-asdi-and-national-airspace-system-status-information-nassi. Accessed 11 Nov 2016
Federal Aviation Administration: Access to Aircraft Situation Display to Industry (ASDI) and National Airspace System Status Information (NASSI) Data (2012). https://www.federalregister.gov/documents/2012/05/09/2012-11251/access-to-aircraft-situation-display- to-industry-asdi-and-national-airspace-system-status. Accessed 11 Nov 2016
Federal Aviation Administration: Access to Aircraft Situation Display to Industry (ASDI) and National Airspace System Status Information (NASSI) Data (2013). https://www.federalregister.gov/documents/2013/08/21/2013-20375/access-to-aircraft-situation-display-to-industry-asdi-and-national-airspace-system-status. Accessed 11 Nov 2016
Federal Aviation Administration: Limiting Aircraft Data Displayed via Aircraft Situation Display to Industry (ASDI) (Formerly the Block Aircraft Registration Request (BARR) Program) (2016). https://www.fly.faa.gov/ASDI/asdi.html. Accessed 11 Nov 2016
Gloven, D., Voreacos, D.: Dream Insider Informant Led FBI From Galleon to SAC (2012). http://www.bloomberg.com/news/articles/2012-12-03/dream-insider-informant-led-fbi-from-galleon-to-sac. Accessed 11 Nov 2016
International Civil Aviation Organization: Global Air Navigation Plan, Fourth Edition. Technical rep., International Civil Aviation Organization, Montreal, p. 120 (2013). http://www.icao.int/publications/Documents/97504eden.pdf
Kloth, R.D.: Airframes.org (2016). http://www.airframes.org/. Accessed 11 Nov 2016
Oishi, R.T., Heinke, A.: Air-ground communication. In: Spitzer, C.R., Ferrell, U., Ferrell, T. (eds.) Digital Avionics Handbook, 3rd edn., pp. 2.1–2.3. CRC Press (2015)
Oishi, R.T., Heinke, A.: Data communications. In: Spitzer, C.R., Ferrell, U., Ferrell, T. (eds.) Digital Avionics Handbook, 3rd edn., pp. 2.7–2.13. CRC Press (2015)
Risley, C., McMath, J., Payne, B.: Experimental encryption of Aircraft Communications Addressing and Reporting System (ACARS) Aeronautical Operational Control (AOC) Messages. In: 20th Digital Avionic Systems Conference. IEEE, Daytona Beach (2001)
Roy, A.: Secure Aircraft Communications Addressing and Reporting System (ACARS). US Patent 6,677,888, January 2004
Roy, A.: Security strategy for US Air Force to use commercial data link. In: 19th Digital Avionics Systems Conference. IEEE, Philadephia (2000)
Smith, M., Strohmeier, M., Lenders, V., Martinovic, I.: On the security and privacy of ACARS. In: Integrated Communications Navigation and Surveillance Conference (ICNS), Herndon (2016)
Storck, P.E.: Benefits of commercial data link security. In: Integrated Communications, Navigation and Surveillance Conference (ICNS). IEEE, Herndon (2013)
Strohmeier, M., Schäfer, M., Pinheiro, R., Lenders, V., Martinovic, I.: On perception and reality in wireless air traffic communication security. IEEE Trans. Intell. Transp. Syst. 18(6), 1338–1357 (2017)
Strohmeier, M., Smith, M., Schäfer, M., Lenders, V., Martinovic, I.: Assessing the impact of aviation security on cyber power. In: 8th International Conference on Cyber Conict (CyCon). NATO CCD COE, Tallinn (2016)
Teso, H.: Aircraft hacking: practical aero series. Presented at the fourth annual hack in the box security conference in Europe (HITB), Amsterdam, NL, April 2013
Yue, M., Wu, X.: The approach of ACARS data encryption and authentication. In: International Conference on Computational Intelligence and Security (CIS). IEEE (2010)
Acknowledgements
This work has been funded by armasuisse under the Cyberspace and Information research program. Matthew Smith has been supported by the Engineering and Physical Sciences Research Council UK (EPSRC UK), as part of the Centre for Doctoral Training for Cyber Security at the University of Oxford. Daniel Moser has been supported by the Zurich Information Security and Privacy Center. It represents the views of the authors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Smith, M., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I. (2017). Economy Class Crypto: Exploring Weak Cipher Usage in Avionic Communications via ACARS. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-70972-7_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70971-0
Online ISBN: 978-3-319-70972-7
eBook Packages: Computer ScienceComputer Science (R0)