Upload
daveedwards12
View
395
Download
1
Embed Size (px)
DESCRIPTION
New realities in aviation security remotely gaining control of aircraft systems
Citation preview
Transport Security
AIR TRANSPORT● 2.8 billion
– People flown in 2011.
● 38 million
– Number of flights in 2011
MARITIME TRANSPORT● 30,936
– Transport ships in 2011
● 8,7 billion tons
– Seaborne trade on 2012
Safety is NOT Security
New technologies, new threats......new requirements:
● IT Security profile– New systems– Automation
● Aviation profile– Specific knowledge– Own technologies– Standards
Part I– Traditional technologies
Part II– New risks and attack vectors
Agenda
Traditional technologies
Good old days
Older technologiesPrimary Surveillance
Radars (PSR)
✈ Detects presence of planes via the reflection of radio waves by the planes.
Secondary Surveillance Radars (SSR)
✈ Detects and measures the position of aircrafts, requests additional information from them.
Legacy systems Glass cockpit
Older technologies
New technologies
Risks and attacks
Attack overview
DISCOVERY
✈ ADS-B
GATHERING
✈ ACARS
EXPLOITATION
✈ Systems
THE TARGET
SOFTWARE
DISCOVERY - ADS-B
Automatic Dependent Surveillance-Broadcast
✈ Radar substitute
✈ Position, velocity, identification
GATHERING - ACARS
Aircraft Communications Addressing and Reporting System
✈ Digital data link for transmission of messages between aircraft and ground stations
EXPLOITATION - FMS✈Flight Management System– Typically consists of two units:
» A computer unit
» A control display unit
✈Control Display Unit (CDU or MCDU) provides the primary human/machine interface for data entry and information display.
✈FMS provides:
» Navigation
» Flight planning
» Trajectory prediction
» Performance computations
» Guidance
EXPLOITATION - Attack deliveryGround Service providers
● The “glue” of the aviation ecosystem
house
Software Defined Radio● A radio communication
system where hardware components are implemented by means of software.
Unmanned Aircraft Systems
COMMUNICATIONS– SATCOM
● Iridium● Ku-Band● C/S-Band
– VHF● :-)
NON-SEGREGATED AIRSPACE
● Civil aviation systems– COTS/MOTS– Vulnerable:
● Protocols● Systems
RemediationWhere to start from?
– ✈ NextGen Security● On-board systems security
audit
– ✈ Who is affected?● Manufacturers● Ground Service Providers● Airlines/Operators
Remember: Safety is NOT Security
Additional resources
– RootedCon 2012● Slides: http://x90.es/7e4● Video: http://x90.es/7e5
– HITB 2013● Slides: http://x90.es/7e6● Video: http://x90.es/7e7