15.air Security (dr. John Sutherland)

Network Security and Airline Data Networks Presented by Dr. John Sutherland

Who am I ?  Network

Security consultant for several Fortune 500 (Boeing, Microsoft, Starbucks, Deloitte & Touche, etc…)  PhD in Computer Science  Several Certifications: CISSP, CISM, CBCP, CCNA, MCSE, MCT, GSEC, etc…

Acronyms         

ADN – Aircraft Data Network ACARS - Aircraft Communications Addressing and Reporting System AOC – Airline Operational Control or Airline Operations Center LAN – Local Area Network RF – Radio Frequency COTS – Commercial off the shelf RTCA - Radio Technical Commission for Aeronautics ARINC - Aeronautical Radio, Inc. EUROCAE - European Organisation for Civil Aviation Equipment (regulatory agency for certifying aviation equipment in Europe)

What are we talking about ?  Aircraft

data networks  Traditionally have used radio links, future is broadband TCP/IP based  Wireless hacking

ACARS - An Example  ACARS

(Aircraft Communications Addressing and Reporting System)

messages are transferred over open RF channels in human readable forms.  Vulnerability: Low cost easily available equipment to view sensitive aircraft data

How to view ACARS Data

PC with free ACARS decoder software

Radio Scanner

Vietnam Airlines tracked via ACARS Reg

IATA/ICAO Sign

Aircraft type

Flightnumber

last contacts (max 30)

VN-A150

VN / HVN

B777-2Q8 (ER)

VN0532

08. Dec 2006 18:08

VN-A141

VN / HVN

B777-2Q8 (ER)

VN0544

08. Dec 2006 16:14

VN-A141

VN / HVN

B777-2Q8 (ER)

VN0545

08. Dec 2006 06:30

VN-A150

VN / HVN

B777-2Q8 (ER)

VN0533

08. Dec 2006 06:13

VN-A345

VN / HVN

A321-231

VN0941

08. Dec 2006 03:09

VN-A345

VN / HVN

A321-231

000000

08. Dec 2006 02:47

VN-A143

VN / HVN

B777-26K (ER)

VN0951

08. Dec 2006 02:33

VN-A145

VN / HVN

B777-26K (ER)

VN0782

08. Dec 2006 02:16

VN-A144

VN / HVN

B777-2K6 (ER)

VN0968

07. Dec 2006 23:11

VN-A145

VN / HVN

B777-26K (ER)

VN0783

07. Dec 2006 22:51

VN-A345

VN / HVN

A321-231

VN0940

07. Dec 2006 22:41

VN-A143

VN / HVN

B777-26K (ER)

VN0950

07. Dec 2006 22:35

VN-A142

VN / HVN

B777-2Q8 (ER)

VN0542

07. Dec 2006 15:48

VN-A142

VN / HVN

B777-2Q8 (ER)

VN0543

07. Dec 2006 06:20

VN-A149

VN / HVN

B777-2Q8 (ER)

VN0955

07. Dec 2006 03:55

VN-A144

VN / HVN

B777-2K6 (ER)

VN0951

07. Dec 2006 03:16

VN-A144

VN / HVN

B777-2K6 (ER)

VN0951

07. Dec 2006 03:16

VN-A150

VN / HVN

B777-2Q8 (ER)

VN0941

07. Dec 2006 03:15

VN-A145

VN / HVN

B777-26K (ER)

VN0780

07. Dec 2006 01:53

Why be concerned? 

2002 wireless LAN systems

• Denver International Airport and San Jose International Airport.



American Airlines Inc.

•

totally in the clear without any encryption

American's curbside check-in operations could be monitored  Southwest's networks were issuing information from back-end systems…. 

* IDG article, January 18, 2002. Wireless LANs: Trouble in the air By Bob Brewin, Dan Verton and Jennifer Disabatino

Why be concerned? (cont.)  

Joe Weiss, Vice President ARINC Unprotected wireless LAN could allow access to core airline operational systems

• •



flight operations, bag matching and passenger reservations (Flight operations systems manage such vital functions as refueling, maintenance and flight dispatch)

Possible compromise: Indicate luggage belongs to someone on the flight when it really doesn’t

E-enabled 

Means connectivity to real-time high speed Internet and/or airline networks to increase efficiency and speed of communications for passengers and crew



New generation aircraft will include a new Aircraft Data Network design which will introduce new cyber security vulnerabilities to the aircraft



Cabin Network application software crew & maintenance use 802.11 on handheld and laptops

•Airbus A380 entered production 2002 and the planned first flight was 2006. * Boeing 787 plans to enter production in 2007 and the planned first flight is 2008

ADN A rc hit ectiure Broadband

802.11 (Gatelink or other)

ADN gateway

IFE 802.11 802.11

Aircraft Controls Cabin Services

VHF/HF Radio SATCOM

Crew Devices

Maintenance Laptop

Passenger Devices

Power, Weight, Volume & Flight Certification  Can’t

put everything we want on an airplane  Must maximize the security features of existing network equipment  Power, weight & volume limitations  Solution is integrated software solutions prevail (firewall software, etc…)

Wireless networking security  On

aircraft no different than Internet café or airline club,…  Security of customers personal laptops is their responsibility  Initially a legal issue that concerned airlines  Can’t stop bad people from doing bad things  Contributing factors, layovers, cancelled flights, 12 hour flight to California, etc…

Wireless anywhere…everywhere Wireless at 30,000 feet  Can it interfere with flight deck controls, navigation, other ?  Mobile banking….from cell phones 

• •



Bill payments Online purchases

Hacking/Security is major concern

Legal Issues related to hacking  

  



In 2006 about 230 Vietnamese government & private enterprises were compromised by foreign hackers Recent case: the defacing of the Ministry of Education & Training Web site , student replaced minister’s picture with his own (27 Nov 2006) Punishment…is it illegal? Within Vietnam’s borders vs. outside Vietnam Extradition

• •

Bi-lateral agreements (with 192+ countries/entities) Or Multi-lateral

•

Terrorism Act 2000

UK treats hackers as terrorists

Do hackers provide a benefit?  Improving

software by pointing out security holes (if your front door was unlocked….)

 Information

wants to be free!  Bottom line…. ….They are criminals

Why do Hackers hack?  Economic  Political

or social agenda

• “Hactivism” • their aim is to vandalize high-profile computers to make a statement

 Boredom

is the root of all evil

• some do it for the sheer thrill

 State

sponsored – Information Warfare

Dangerous person?

The First Internet Worm 

Robert Tappan Morris, Jr.

• • •



Effect of worm

• • •

 

Graduate student at Cornell Released worm onto Internet in 1988 When caught (due to a bug in the program), he claimed he was just testing how long it would take for a worm to travel through the network Spread to 6,000 Unix computers Infected computers kept crashing or became unresponsive Took a day for fixes to be published

Even after fixes were released, it took many system administrators a lot of time to eradicate the worm. It was estimated that the cost of repair for the damage caused by the worm at each system ranged from $200 to more than $53,000.

The First Internet Worm – results 

Impact on Morris

• • • • •



Suspended from Cornell 3 years’ probation + 400 hours community service Tried under the US Computer Fraud and Abuse Act Had $150,000 in legal fees and fines Later finished his PhD in CS and is now associate professor at MIT

He is the son of Robert Morris, the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA).

Conclusion Next generation of airplanes will utilize TCP/IP based networks  Security is a concern for airlines as well as all organizations that utilize e-commerce  International organizations need to cooperate ARINC, RTCA, EUROCAE…for airlines  Cooperation needed between ASEAN, European Union, United States, etc…  Education of users 