Is CPDLC Secure and Can Identity-Defined Networking help? 2019 Keynot… · • IEEE 802.15.9 Key Management Protocols – IEEE 802.15.4 link properties similar to VLD2 • In-turn

Is CPDLC Secure and Can Identity-Defined Networking help?Andrei Gurtov

Introduction: Prof. Andrei Gurtov

• Department of Computer and Information Sciences, LiU, Sweden

• Cybersecurity, wireless networks, IoT, IETF

• ACM Distinguished Scientist, IEEE Distinguished Lecturer

• https://gurtov.com

2019-06-26 2

Outline• Controller Pilot Data Link Communication (CPDLC)

in practice

• Security analysis

• Passive monitoring for intrusion detection

• Key exchange for active protection

• Joint work with T. Polishchuk, M. Wernberg, A. Lehto, I. Sestorp

2019-06-26 3CPDLC Security/Andrei Gurtov

CPDLC• ATN-B1

implementation

• Very High Frequency Digital Link Mode 2 (VDL2)

• Log in

• Handover

• Message format

• Security

2019-06-26CPDLC Security/Andrei Gurtov 4

Motivation

Growing air traffic● 3000 daily departures● Estimated double at 2037● UAVs● Offload voice VHF channels to CPDLC

Software-defined radio● Cheap, readily available, open-source tools● VDL2 decoder public January 2019

Common attacks to Cyberphysical systems


State of The Art• In Aviation the focus is on safety rather than security

• Known vulnerabilities in ADS-B

– Security in NG ATM (Strohmeier, 2016)

– Holistic Air Protection (Braeken, 2019)

• CPDLC

– Simulated attack (Marco, 2016)

– Security analysis (Gurtov, 2018)

• DEFCON demos ’17 ’20 ’21

– E.g. “All Your RFz Are Belong to Me”

• ARINC 823P1: DATALINK SECURITY (2007)


Controller-Pilot Data Link Communications (CPDLC)● Standard data flight communication● Air Traffic Network (ATN)

○ Flight Controller ○ Airplane

● Uses datalink mode VDL2● Non-critical communication● Mostly pre-formatted messages● ATN-B1 and FANS-1/A standard● Vs ACARS (aircraft communications addressing and

reporting system)


ATN-B1 Deployment


Handover● CDA (Current Data

Authority)● NDA (Next Data

Authority)● Contact

(request/response/complete)○ CONTACT

● Termination (request/confirmation)○ WILCO


CDA NDA

CDA

Experiment in Arlanda• Recording ACARS/CPDLC traffic for an hour

• April 5th, 2019 10-11 am

• Collecting and decoding radio traffic on frequencies 136,725, 136,975, 136,955, 136,775 and 136,975 MHz.


Software Defined Radio


Dumpvdl2● GitHub (Tomasz Lemiech)● Decoding● Eavesdroping● Filtrering● Logging

CPDLC/ACARS Messages in an Hour


Sample Aircraft


Login


● Aircraft identificationSAS571

● Aircraft registration and/or address Part of TSAP

● Departure and destination aerodromes ESSA - ArlandaLFPG - Paris-Charles-de-Gaulle

Handover


ESMM - Malmö● NDA is ESMM ● VHF frequency to ESMM● CDA becomes ESMM

Clearance to Proceed to a Point


Timestamps of Sent Messages


Attack Prevention

Cyclic Redundancy Check (CRC)● Application Message Integrity Check (AMIC)

Potential attacks● Eavesdropping● Jamming● Flooding● Injection ● Replay● Masquerading


CPDLC Insecurity• Confidentiality

– All data in plain text, maybe soon broadcasted over Internet like VHF voice

• Integrity

– Modification and insertion attacks are possible since CRC is trivial to recompute

• Availability

– Jamming or connection resets are possible


Passive Monitoring• Intrusion Detection System IDS

– Internet Examples: Snort, Bro

– Need to write open-source modules for CPDLC traffic

• Deploy in control towers to alert Controllers of inconsistencies, fake messages


Public Keys and Diffie-Hellman Exchange


Public/Private key 2



Encryption using symmetric key 1

Encryption using symmetric key 2

Trust Anchor for Airplane (SHA-1, 160 bits)


U/43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8:b4:78:c6:da

Trust Anchor for Aerodromes• IAIP – ESSA STOCKHOLM/Arlanda• IAIP->AIP->AD->AD 2->ESSA

• https://aro.lfv.se/Editorial/View/5930/ES_AD_2_ESSA_en

• ESSA 2.17 ATS AIRSPACE

• 6. Remarks

• Add ”Public key fingerprint”


SHA1("The quick brown fox jumps over the lazy dog")gives hexadecimal: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 gives Base64 binary to ASCII text encoding: L9ThxnotKPzthJ7hu3bnORuT6xI=

https://aro.lfv.se/Editorial/View/IAIP

https://aro.lfv.se/Editorial/View/IAIP?folderId=79



https://aro.lfv.se/Editorial/View/5930/ES_AD_2_ESSA_en

https://en.wikipedia.org/wiki/Base64

https://en.wikipedia.org/wiki/ASCII

Potential Issues– Overload of CPDLC capacity due to large messages

– Use of modern efficient cryptography based on Elliptic Curves (ECC)

– Modern fingerprints require long hashes of at least 256 bits – usability problem for entry

– Cannot communicate if key is incorrect due to human error

• Fall back to insecure mode or voice VHF


Identity-Defined Networking for Security


Advice for ATM/ANSP• Treat ADS-B as advisory info only

– Use primary&secondary radar for verification

• Make sure CPDLC is non-critical

– Max load handled with voice VHF

• Perform drills with fake ADS-B reports and CPDLC spam

– E.g. ATM screen filled with bogus planes

• Make sure pilots are not dependent on electronics

– Have paper maps and non-GPS navigation

• Demand security from future versions of ADS/CPDLC


www.liu.se

Thanks for Attention! Questions?

Future Work• Model maximum capacity of CDPLC/ACARS

messages in a given location

– Medium Access Control efficiency

• Produce active attacks to CPDLC in a safe isolated environment

– Need for real Control Display Unit (CDU)

• Test key exchange over CPDLC

• Side channel authentication


Identity-Defined Networking (IDN) at a Glance

Current Data Authority: ESOS Arlanda


Data Link Initiation Capability (DLIC)

● CMLogonRequest○ Aircraft identification (7)○ Aircraft registration and/or

address (18) part of CMLongTSAP

○ Departure and destination aerodromes (13 & 16)

● CMLogonResponse○ Status of the response


Re-Use Existing Security Protocols• Designing new protocols takes years and error prone

• IEEE 802.15.9 Key Management Protocols

– IEEE 802.15.4 link properties similar to VLD2

• In-turn based on IETF protocols

– Host Identity Protocol

– Internet Key Exchange IKEv2, 802.1X

– No classical TCP/IP present

• 6lowpan, COAP, ROFL


Base Exchange of Host Identity Protocol


Encryption is Easy, Trust is hard• Establish a common symmetric key between the Controller and

Airplane for encryption and authentication

• Option 1: Use certificates to proof aerodrome and airplane Ids

– Similar system like DNSSEC with Certificate Authorities, Certificate Revocation Lists, Transparency Logs, etc

• Option 2: Reuse current infrastructure with FlightPlan and AIP for carrying Trust Anchors (public key finger print)


Pre-coded CPDLC Messages


Message Message Identification Number (MIN)

Message Reference Number (MRN)

DM 6 REQUEST FL350 8 0

UM 1 STANDBY 12 8

UM 20 CLIMB TO FL350or CLIMB TO AND MAINTAIN FL350

UM 129 REPORT MAINTAINING[level]or REPORT LEVEL FL350

13 8

DM 0 WILCO 9 13

DM 37 MAINTAINING FL350 or LEVEL FL350 10 -

Very High Frequency Digital Link Mode 2 (VDL2)118 - 136,975 MHz

Lager 1 – Physical layer● Frequency control● Encoding for bit errors

Lager 2 – Datalink layer● Send data● Framing● Status● Error detection

Lager 3 – Network layer

● Data-packet flow


Transmission Capability• HackRF One/Universal Software Radio Peripheral

(USRP) + analog VHF radio?


Documents

Is CPDLC Secure and Can Identity-Defined Networking help? 2019 Keynot… · • IEEE 802.15.9 Key Management Protocols – IEEE 802.15.4 link properties similar to VLD2 • In-turn