Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.791629
Title: Measuring operational realities of security and privacy for deployed avionics
Author: Smith, Matthew
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
Despite being renowned as an exceptionally safety-conscious industry, aviation has been slow to address the cyber security threat. A critical point has been reached whereby systems which were designed many years ago are in wide use, but lack meaningful security measures. Meanwhile, it has become easy to acquire and use tools which enable potential attackers to listen to---and even tamper with---these systems. Like many safety-critical industries, aviation lacks the ability to rapidly redeploy systems. This creates a situation where known-vulnerable systems must be kept and, even worse, heavily relied upon. The work in this thesis focusses on two topics: analysis of a well-established and heavily used general-purpose avionic communication system, and a first look at a method to analyse and prepare for attacks caused by a lack of security measures on avionics. For the former, we focus on the Aircraft Communications Addressing and Reporting System (ACARS). We show that it has very few deployed security solutions, and the instances such solutions have been used are weak. As a consequence, we demonstrate the impact of the lack of meaningful confidentiality protection for non-commercial aviation actors---military, government and business aircraft. We show that even when efforts are made to protect privacy elsewhere, they stand a significant chance of leaking data via normal ACARS usage. Moving to the cockpit, the second topic attempts to begin to address one of the current unknowns in the area of aviation cyber security - how attacks on avionic systems might affect the way the aircraft is flown. In this, we used a flight simulator to create the cockpit-based effects of attacks on three important systems. Using these, we created scenarios in which the aircraft was under attack and invited 30 Airbus A320 pilots to take part. Whilst the current state of security and privacy in aviation is far from ideal, we believe that methods to provide security in the near- and long-term are achievable. Privacy in the near-term is somewhat harder, but steps towards it in the longer term are underway.
Supervisor: Martinovic, Ivan Sponsor: Engineering and Physical Sciences Research Council
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.791629  DOI: Not available
Keywords: Cyber security ; Computer science
Share: