Advanced avionics in general aviation: issues, advantages, and disadvantages

¶ … network vulnerabilities that avionics are exposed to as well as propose improved designs that can help in securing the avionics from unauthorized access. The main solution is the use of an integrated security gateway coupled with an appropriate air gap to isolate the passenger-centric network from the plane's critical avionics infrastructure.

The recent revelations that hackers and cyber terrorists can easily gain access into the avionics of commercial and military aircrafts has made it necessary for aircraft avionics designers to rethink on better ways of securing the avionics networks to secure then from these unwarranted attacks that may compromise data confidentiality, integrity and availability . Perfect examples include the hack attack on U.S. Drones by Iraqi insurgent who managed to intercept live video feeds from the pilotless spy planes (Heussner and Martinez,2009) as well as the discovery of a vulnerability on 787 Dreamliner's avionics that could allow a hacker to gain access to plane's computer system and then commandeer the plane (Harwood,2008). As noted by FAA (2008) the proposed architecture of the Boeing 787 Dreamliner allowed a new kind of connectivity for the passengers different from the previously isolated data networks. The new passenger connectivity was noted to be capable of creating security vulnerabilities that could emanate from the intentional corruption of data as well as systems that are critical to the plane's safety. In this paper, we explore the forms of network vulnerabilities that avionics are exposed to as well as propose improved designs that can help in securing the avionics from unauthorized access. The main solution is the use of an integrated security gateway coupled with an appropriate air gap to isolate the passenger-centric network from the plane's critical avionics infrastructure.

Aims

The aim of this paper is to explore the forms of network vulnerabilities that avionics are exposed to as well as propose improved designs that can help in securing the avionics from unauthorized access.

Methodology

The methodology used in this paper is a critical review of extant literature in order to identify the knowledge gap that exists as pertain the network infrastructure as well as avionic network securing technologies. The identified gaps are then used in the formulation of suitable solutions for solving the possible points of vulnerability.

Data sources

The information to be used in this paper is to be extracted from various online libraries such as IEEE, ACM Digital library and FAA. Online Newspapers, Magazines and other technical blogs are also used in the completion of this work.

Integrated security gateway

A review of literature has indicated that while the reliance on Internet Protocol (IP)-based networks in the aviation industry has allowed for the launching of several cutting-edge technologies, application and unparalleled benefits, It is very open to several security risks as well as network attacks (Mostafa, El Kalam and Fraboul, 2010,p.1). Several security mechanisms as well as solutions have been continuously developed in an attempt to mitigate the ever rising number of incidents of network attacks. Some of the solutions have been effective in solving some of the problems but some security holes have persisted. The process of securing and open and yet extremely complex systems such as airplane avionics has become a daunting task for the security engineers. This is in fact worsened by the false sense of security which is propagated by the over dependence on the conventional security mechanisms that provide s a false sense of security and hence providing n opening for hackers and attackers.

In order to ensure that the networks are secured, it is important for all of the existing mechanisms to operate together in harmony. This harmonic multilayered operation which was suggested by Mostafa, El Kalam and Fraboul (2010) can be coupled with air gap techniques to build a ubiquitous, secured and scalable avionic system capable of detecting intrusion, deterring intrusion and well as operating seamlessly while providing the pilots and passengers safety and convenience thorough he flight period. The proposed solution partly involves the implementation of an architecture that takes into account the Quality of Service (QoS) requirements. The solution is therefore a security gateway that is QoS capable as well as an air gap for data traffic isolation.

The most probable points of attack

A review of literature indicates that several services on the plane avionics are susceptible to hacker and cyber terrorist attacks. The current commercial airline carrier data networks are based on IP systems (Thantry, Ali and Pendse,2006). This has enabled passengers to easily access the internet as well as enjoy other benefits. The e-enabled networks has made it possible for certain ground breaking applications such as Electronic Flight Bag (EFB), video surveillance, In-Flight Entertainment (IFE) and VoIP to become part and parcel of the contemporary aircraft avionics experience. However, the adoption of TCP/IP/UDP, TFTP as well as SNMP protocols into the aircraft network has exposed this sensitive system to a totally new forms of attacks (Reinhart et al.,2004). Several security mechanisms as well as solutions have been presented in order to help in taking care of the growing lists of attacks against the aircraft avionic systems. Even though the conventional approaches have managed to mitigate some of the security problems, they have also been noted to leave some gaping security holes (Zuccato,2004).

Most of the security holes fail to be noticed and even sealed when the existing solutions are combined ineffectively. Other than that, the overdependence on traditional security mechanisms like firewalls are ineffective in the provision of properly secured network. What makes the situation worse is the fact that hackers have come up with sophisticated methods of attack that can easily compromise the traditional security systems and mechanisms. In light of this facts, this paper proposes an integrated security architecture that used an integrated security gateway as well as air gap technologies in ensuring that the avionics communication system is not compromised. The proposed solution should be able to ensure that the performance requirements are met as well as the availability of the systems being at par for the critical traffic to be maintained at the required levels.

Findings

The security mechanisms

Fire walls

Firewalls are special network devices that are used in filtering of network traffic. They are used for filtering traffic at either one or more of the7 network layers that are certified by ISO. The most common layers where they work include the network layer, transport layer as well as the application layer (Ingham and Forrest,2002).

Ideally, there are 4 basic firewall types. These are;

Packet filtering firewalls (PFs), application proxies firewalls (APFs), circuit proxy firewalls (CPFs) and Stateful packet filtering firewalls (SPFs).

Packet filtering firewalls

The packet filtering firewalls form the very first generation of firewalls. They work in a similar way as screening routers (Zwicky, Cooper and Chapman,2000).

It works by controlling the data flowing in and out of a given network by the analysis of specific fields that are part of the packet header.

The field that they analyze includes;

IP address of the source, Port number of the source, Port number of the Destination as well as IP address of the Destination

Advantages

The PF firewall works by inspecting all of the incoming as well as outgoing packets of data and the then applying a specified policy for dropping, rejecting or accepting the data packets.

The PF firewalls was for a long time considered to be fast, efficient as well as cost effective since it is a single router that effectively protects the entire network

The PF router does however suffer from Disadvantages

The PF firewall is noted to suffer from several limitations

The device is based on the IP address system and has no form of authentication. The lack of authentication makes the system lack the ability to defend the network against man-in-the-middle attacks as well as forged packets emanating from spoofed IP addresses. The system depends on port numbers for the identification of the communicating devices. This is considered to be an unreliable indicator since the existing protocols like the network file system (NFS) employs varying port numbers.

The most important disadvantages of this system that is worth noting are the difficulty that it faces in the writing of the correct and appropriate filters (Al-shaer, Hamed, Boutaba and Hasan,2005) for the rather complex as well as rapidly evolving information systems.

The filter rules are noted to be inefficient in the provision of perfect data security against vulnerabilities in the PF.

Stateful Inspection Packet Filtering Firewall (SPF):

The PF firewall works by the statistical analysis of the incoming and outgoing data packets against a set of policies. The SPF on the other hand works by the inspection of packet headers as well as by correlating them (incoming traffic).

What SPF does is to build a dynamic session table that is used for recording the relevant information to be used for each communication in order to trace each packet going through the connection.

Diasadvantages

The SPF opens and closes the ports dynamically in accordance to the demands and needs of the connection. In this manner, it makes network management and filtering a lot easier. Even though SPF can protect the network infrastructure against certain attacks that are known to exploit the weaknesses that are inherent in the various network level protocols, it can never provide protection at application level. The application defense needs more awareness of the content of the payload.

Circuit Proxy Firewall (CPF)

This type of firewall operates by relying as an relaying agent that exists between the external and internal hosts (Stephen, 2004). The whole idea is to protect the network's internal hosts from direct exposure to the outside environments.

The CPF firewall operates by accepting various requests from the internal hosts for the sake of establishing the connection to the external world. It then destroys the device's initial IP address as well as the header of the network layer.

Disadvantages of CPF

The payload is then encapsulated in the new header with its own unique IP address and then sent to the outside servers. It is worth noting that the CPF requires some form of authentication prior to establishing the connection. CPFs are capable of supporting a very large number of protocols since they don't have to comprehend the application level protocols. They are sources of system vulnerability since they can never provide adequate defense for the system against certain application level attacks. They are also noted to be prone to malicious content because they can allow them to pass through without any form of filtering.

Application Proxy Firewall (APF)

The APFs are application-level gateways that operate on the seventh layer of the OSI model. Just like the CPF, the APF operates as an intermediary between the external and internal hosts (Panko, 2004).

The APF firewall is aware of the application level. Therefore, it is capable of inspecting the application level commands as well as appropriately discarding the malformed commands.

Disadvantage

The main disadvantage of this system is that there is a need for a separate application proxy to be written for each type of application that is being proxied.

Additionally, the specific application must be appropriately decoded.

Additionally, the specific application must be appropriately modified in order to operate with the APF. The APF system is also never efficient against malwares.

Network Address Translation (NAT)

Network Address Translation (NAT) is a special kind of IETF (Egevang & Francis,1994) standard which allows a local area network (LAN) to effectively modify the port numbers and network IP address in the datagram packets' headers for the sake of remapping a specific address space onto another. The main advantage of the Network Address Translation (NAT)

System is that is provides a solution to the scalability problems if there is a limitation to the number of IP addresses that are allowed to provide access. In light of security, the NAT system can be regarded to be a device which hides the internal private network addresses of a given network from outsiders, while enforcing control on the outbound connections while restricting the incoming traffic.

Disadvantages

NAT is noted to be less effective since it can never provide adequate defense against packets that are malfunctioned, malwares and application level attacks.

Virtual Private Network (VPN)

A Virtual Private Network (VPN) (RFC 2764, 2000) is a method of connecting to a private network via a tunnel which rides on the backbone of a public network like the internet. A Virtual Private Network (VPN) can employ authenticated links in order to ensure that the only authorized entities (hosts) are the ones that successfully connect to the resources located on the private network.