A report from the US Government’s Accountability Office suggested that very latest aircraft – such as Boeing’s 787 Dreamliner and the A350 and the A380 aircraft from Airbus – were vulnerable due to the advanced technology being deployed in their cockpits, which tend to be wired into the same Wi-Fi system used by passengers.
The report warned ‘Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorised individuals might be able to access and compromise aircraft avionics systems’.
While commercial aircraft will have redundancy mechanisms built into their systems, allowing problems to be corrected, the report suggested that, theoretically, it could be possible for someone with a laptop to access the aircraft’s systems to commandeer the aircraft, infect it with a virus or seize control of various systems – for example, its warning or navigation systems.
But it’s not just aircraft that could be more vulnerable; experts have also warned that as air traffic control systems are upgraded with Internet-based technology, they could also become more vulnerable.
According to Asaf Ashkenazi, ?senior director of product management at Rambus subsidiary Cryptography Research, pictured: “There is a growing convergence between the security traditionally developed and deployed in the defence sector with that now required by the commercial sector.
“In the aerospace sector, the move from older traditional closed systems to more open ones means the industry is having to be more aware of different types of attacks – for example, from passengers – which it hadn’t needed to consider in the past.
“Any system, from a security perspective, is going to be vulnerable,” he suggests. “You can make a phone secure by limiting its functionality, but if you want it to be usable, you end up adding more functionality, which then adds vulnerabilities. Commercial aircraft are no different.”
The firewalls used in commercial aircraft and their software components are vulnerable to being hacked and become more vulnerable as wireless connectivity is offered to passengers – a passenger visiting a site in which a virus or malware has been planted could provide a malicious attacker with a route into the aircraft’s systems.
Another route is via a physical connection, such as a USB plug in a passenger seat, should it link to the aircraft’s avionics in any way.
Aviation authorities are becoming increasingly aware of the threats posed by these types of attacks and efforts are increasing to focus on aircraft certification standards that prevent such occurences.
Among aircraft manufacturers, Boeing has ensured that any changes to flight plans pre-loaded into the aircraft’s systems will need to be reviewed and approved by the pilot. According to the company, it deploys multiple security measures and flight deck operating procedures to ensure safe and secure operations.
Cracking the system
As with other sectors, aerospace platforms tend to be protected through encryption.
While it is difficult to break the cryptographic algorithm itself, devices can reveal information during operation from such factors as power consumption, heat dissipation, time of computation or electromagnetic leaks.
“This type of information is referred to as side channel information,” explains Ashkenazi. “The attacker can use this to determine the keys and break the cryptosystem. It’s breaking the system by going through the back door.”
One type of side channel attack is differential power analysis (DPA), which involves monitoring variations in the electrical power consumption or EM emissions from the target device. These measurements can then be used to derive cryptographic keys and other sensitive information in order to reverse engineer or exploit critical technologies built into aircraft.
“Recently, Boeing signed a license agreement with Rambus for the inclusion of advanced DPA countermeasures in its products,” says Ashkenazi.
Concerns about DPA security attacks originated in the smart card market, but these attacks have been spreading into other segments, including aerospace and defence.
“The threat of DPA attacks is on the rise and companies like Boeing will need security solutions to safeguard high-value data. Electronic circuits are inherently leaky – producing a variety of emissions as by products that make it possible for an attacker to deduce how the circuit works and what data it is processing.”
Various cryptographic computations will take different times to execute and if an attacker can access information regarding the time taken for computation of various inputs, it is possible, via statistical analysis to use that data to get the key.
Electromagnetic radiation is another source of information. By observing the electromagnetic radiation of the cryptographic device, its relationship with the cryptographic computation can be better understood.
“All of these types of attacks can be recorded and reveal a surprising amount of information,” says Ashkenazi, “especially if these attacks are combined.
“Neither do hackers need expensive equipment to do this. Pay a visit to the Dark Net and you can download the necessary software to carry out these attacks.”
An attacker can also inject faults into the cryptographic devices or send corrupted data to observe how this affects the system’s behaviour. They can also use the acoustic sounds produced at the time of cryptographic computation of the physical device to break the cryptosystem.
Countermeasures are available, including blinding, which randomly adds a delay to any cryptographic computations. A random number is encrypted and added to the cyphertext. The decryption algorithm is then applied on the combined component and the random number eliminated after the decryption. As a result, it becomes difficult for the attackers to then extract the key by observing the time of execution of various cryptographic computations.
Another countermeasure is to add some delay and design the cryptosystem in such a way that every cryptographic computation takes the same amount of time; special shielding can also be applied to lessen the electromagnetic emissions, while power line conditioning and filtering can reduce power-monitoring attacks.
“We have developed a technology that ensures that signals emitted from any cryptographic operation are unreadable; any information generated will not make sense. Essentially, we are hiding the data and, while the standard algorithm stays the same, the way in which it is implemented is changed.
“The risks are real,” Ashkenazi believes. “Snowden revealed that British Intelligence had hacked into the drones used by the Israeli defence forces. Weak encryption? Keys leaking enabling the system to be reverse engineered?
“This was a passive attack, but just think if, having hacked those drones, alternatives commands had been sent?
“While the motivation varies, these types of attack are increasing,” he concludes. “The risk is, at the very least, a significant cost to a company’s reputation; at worse, a terrorist could be capable of bringing down a fully loaded passenger airliner.”