15.Air Security (Dr. John Sutherland)
-
Upload
nguyen-phan-anh -
Category
Documents
-
view
217 -
download
0
Transcript of 15.Air Security (Dr. John Sutherland)
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 1/22
Network Security and Airline Data Networks
Presented by
Dr. John Sutherland
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 2/22
Who am I ?
Network Security consultant for severalFortune 500 (Boeing, Microsoft,
Starbucks, Deloitte & Touche, etc…)PhD in Computer Science
Several Certifications: CISSP, CISM,
CBCP, CCNA, MCSE, MCT, GSEC,etc…
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 3/22
Acronyms
ADN – Aircraft Data Network ACARS - Aircraft Communications Addressing and
Reporting System AOC – Airline Operational Control or Airline Operations
Center LAN – Local Area Network RF – Radio Frequency COTS – Commercial off the shelf RTCA - Radio Technical Commission for Aeronautics ARINC - Aeronautical Radio, Inc. EUROCAE - European Organisation for Civil Aviation
Equipment (regulatory agency for certifying aviation equipment in Europe)
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 4/22
What are we talking about ?
Aircraft data networks
Traditionally have used radio links, future
is broadband TCP/IP basedWireless hacking
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 5/22
ACARS - An Example
ACARS (Aircraft Communications
Addressing and Reporting System)
messages are transferred over open RFchannels in human readable forms.
Vulnerability: Low cost easily available
equipment to view sensitive aircraft data
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 6/22
How to view ACARS Data
PC with free
ACARS decoder
software
Radio Scanner
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 7/22
Vietnam Airlines tracked via ACARS
07. Dec 2006 01:53VN0780B777-26K (ER)VN / HVNVN-A145
07. Dec 2006 03:15VN0941B777-2Q8 (ER)VN / HVNVN-A150
07. Dec 2006 03:16VN0951B777-2K6 (ER)VN / HVNVN-A144
07. Dec 2006 03:16VN0951B777-2K6 (ER)VN / HVNVN-A144
07. Dec 2006 03:55VN0955B777-2Q8 (ER)VN / HVNVN-A149
07. Dec 2006 06:20VN0543B777-2Q8 (ER)VN / HVNVN-A142
07. Dec 2006 15:48VN0542B777-2Q8 (ER)VN / HVNVN-A142
07. Dec 2006 22:35VN0950B777-26K (ER)VN / HVNVN-A143
07. Dec 2006 22:41VN0940A321-231VN / HVNVN-A345
07. Dec 2006 22:51VN0783B777-26K (ER)VN / HVNVN-A145
07. Dec 2006 23:11VN0968B777-2K6 (ER)VN / HVNVN-A144
08. Dec 2006 02:16VN0782B777-26K (ER)VN / HVNVN-A14508. Dec 2006 02:33VN0951B777-26K (ER)VN / HVNVN-A143
08. Dec 2006 02:47000000A321-231VN / HVNVN-A345
08. Dec 2006 03:09VN0941A321-231VN / HVNVN-A345
08. Dec 2006 06:13VN0533B777-2Q8 (ER)VN / HVNVN-A150
08. Dec 2006 06:30VN0545B777-2Q8 (ER)VN / HVNVN-A141
08. Dec 2006 16:14VN0544B777-2Q8 (ER)VN / HVNVN-A141
08. Dec 2006 18:08VN0532B777-2Q8 (ER)VN / HVNVN-A150
last contacts (max 30)Flightnumber Aircraft typeIATA/ICAO SignReg
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 8/22
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 9/22
Why be concerned?
2002 wireless LAN systems
• Denver International Airport and San JoseInternational Airport.
American Airlines Inc.• totally in the clear without any encryption
American's curbside check-in operationscould be monitored
Southwest's networks were issuinginformation from back-end systems….
* IDG article, January 18, 2002. Wireless LANs: Trouble in the air By Bob Brewin, DanVerton and Jennifer Disabatino
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 10/22
Why be concerned? (cont.)
Joe Weiss, Vice President ARINC Unprotected wireless LAN could allow access
to core airline operational systems
• flight operations, bag matching and passenger reservations
• (Flight operations systems manage such vital functionsas refueling, maintenance and flight dispatch)
Possible compromise: Indicate luggagebelongs to someone on the flight when it reallydoesn’t
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 11/22
E-enabled
Means connectivity to real-time high speed Internet and/or airline networks to increase efficiency and speed of communications for passengers and crew
New generation aircraft will include a new Aircraft DataNetwork design which will introduce new cyber securityvulnerabilities to the aircraf t
Cabin Network application software crew & maintenanceuse 802.11 on handheld and laptops
• Airbus A380 entered production 2002 and the planned first flight was 2006.
* Boeing 787 plans to enter production in 2007 and the planned first flight is 2008
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 12/22
ADN A rchit ectiure
ADN
gateway
Cabin
Services
Aircraft
Controls
IFE
Passenger
Devices
802.11
Crew
Devices
802.11
VHF/HF Radio
SATCOM
Broadband802.11
(Gatelink or other)
Maintenance
Laptop
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 13/22
Power, Weight, Volume
& Flight Certification
Can’t put everything we want on anairplane
Must maximize the security features of existing network equipment
Power, weight & volume limitations
Solution is integrated software solutionsprevail (firewall software, etc…)
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 14/22
Wireless networking security
On aircraft no different than Internet café or airline club,…
Security of customers personal laptops istheir responsibility
Initially a legal issue that concerned airlines
Can’t stop bad people from doing bad thingsContributing factors, layovers, cancelled
flights, 12 hour flight to California, etc…
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 15/22
Wireless anywhere…everywhere
Wireless at 30,000 feet
Can it interfere with flight deck controls, navigation,other ?
Mobile banking….from cell phones
• Bill payments
• Online purchases
Hacking/Security is major concern
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 16/22
Legal Issues related to hacking
In 2006 about 230 Vietnamese government & private enterpriseswere compromised by foreign hackers
Recent case: the defacing of the Ministry of Education & TrainingWeb site , student replaced minister’s picture with his own (27 Nov2006)
Punishment…is it illegal? Within Vietnam’s borders vs. outside Vietnam Extradition
• Bi-lateral agreements (with 192+ countries/entities)
• Or Multi-lateral
UK treats hackers as terrorists• Terrorism Act 2000
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 17/22
Do hackers provide a benefit?
Improving software by pointing outsecurity holes (if your front door was
unlocked….) Information wants to be free!
Bottom line….
….They are criminals
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 18/22
Why do Hackers hack?
EconomicPolitical or social agenda
• “Hactivism”• their aim is to vandalize high-profile
computers to make a statement
Boredom is the root of all evil
• some do it for the sheer thrillState sponsored – Information Warfare
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 19/22
Dangerous person?
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 20/22
The First Internet Worm
Robert Tappan Morris, Jr.
• Graduate student at Cornell• Released worm onto Internet in 1988
• When caught (due to a bug in the program), he claimed he was just testing how long it would take for a worm to travel through thenetwork
Effect of worm• Spread to 6,000 Unix computers
• Infected computers kept crashing or became unresponsive
• Took a day for fixes to be published Even after fixes were released, it took many system
administrators a lot of time to eradicate the worm. It was estimated that the cost of repair for the damage
caused by the worm at each system ranged from $200to more than $53,000.
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 21/22
The First Internet Worm – results
Impact on Morris• Suspended from Cornell
• 3 years’ probation + 400 hours community service
• Tried under the US Computer Fraud and Abuse Act• Had $150,000 in legal fees and fines
• Later finished his PhD in CS and is now associateprofessor at MIT
He is the son of Robert Morris, the former chief scientist at the National Computer Security Center, adivision of the National Security Agency (NSA).
8/14/2019 15.Air Security (Dr. John Sutherland)
http://slidepdf.com/reader/full/15air-security-dr-john-sutherland 22/22
Conclusion
Next generation of airplanes will utilizeTCP/IP based networks
Security is a concern for airlines as well as allorganizations that utilize e-commerce
International organizations need to cooperateARINC, RTCA, EUROCAE…for airlines
Cooperation needed between ASEAN,European Union, United States, etc… Education of users