A Case Study in Safety, Security, and Availability of - - PowerPoint PPT Presentation

a case study in safety security and availability of
SMART_READER_LITE
LIVE PREVIEW

A Case Study in Safety, Security, and Availability of - - PowerPoint PPT Presentation

Aug 16, 2022 443 likes •862 views

Motivation Safety Security Availability A Case Study in Safety, Security, and Availability of Wireless-Enabled Aircraft Communication Networks Rohit Dureja, Eric W.D. Rozier, and Kristin Yvonne Rozier Iowa State University

slide-1
SLIDE 1

Motivation Safety Security Availability

A Case Study in Safety, Security, and Availability of Wireless-Enabled Aircraft Communication Networks

Rohit Dureja, Eric W.D. Rozier, and Kristin Yvonne Rozier

Iowa State University http://laboratory.temporallogic.org

June 5, 2017

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-2
SLIDE 2

Motivation Safety Security Availability

A380-800 has about 100,000 wires, 470 km long, 5700kg of weight + additional 30% weight for wiring harnesses

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-3
SLIDE 3

Motivation Safety Security Availability

Cost of Aircraft Weight

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-4
SLIDE 4

Motivation Safety Security Availability

The War on Wiring!

1984 Boeing 767: 140km wiring → Boeing 787: 500km wiring Prediction: shed 1,800kg wiring:

1

non-avionics controls & health management

2

safety systems, sensors, avionics

3

communications, commands for fly-by-wire

WAIC: Wireless Avionics Intra-Communications

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-5
SLIDE 5

Motivation Safety Security Availability

Wired → Wireless

Wireless Network Trade-offs Scale Cost Setup Maintenance Weight Reconfigurability Security Complexity

Bottom Line: Wired-Wireless Hybrid Networks are the Future

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-6
SLIDE 6

Motivation Safety Security Availability

Wired → Wireless

Wireless Network Trade-offs Scale Cost Setup Maintenance Weight Reconfigurability Security Complexity

Bottom Line: Wired-Wireless Hybrid Networks are the Future

. . . So how do we do that?

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-7
SLIDE 7

Motivation Safety Security Availability

Hybrid Networks That Can Be Flight-Certified

Need: Comparative analysis of network configurations:

with respect to requirements with respect to fault tolerance

Validation across system models Analysis of different network protocols Reliability and trustworthiness of wireless communication Requirements: “The new wireless networks needs to be at least as safe, and secure, as the existing wired network.”

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-8
SLIDE 8

Motivation Safety Security Availability

Hybrid Networks That Can Be Flight-Certified

Need: Comparative analysis of network configurations:

with respect to requirements with respect to fault tolerance

Validation across system models Analysis of different network protocols starting with ZigBee Reliability and trustworthiness of wireless communication Requirements: “The new wireless networks needs to be at least as safe, and secure, as the existing wired network.”

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-9
SLIDE 9

Motivation Safety Security Availability

Hybrid Networks That Can Be Flight-Certified

Need: Comparative analysis of network configurations:

with respect to requirements with respect to fault tolerance

Validation across system models Analysis of different network protocols starting with ZigBee Reliability and trustworthiness of wireless communication by extension to ZigBee Requirements: “The new wireless networks needs to be at least as safe, and secure, as the existing wired network.”

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-10
SLIDE 10

Motivation Safety Security Availability

System Model: ZigBee Wireless Communication Protocol

(a) (b)

(a) Mesh topology of ZigBee networks (b) Layered architecture of the ZigBee 802.15.4 protocol stack

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-11
SLIDE 11

Motivation Safety Security Availability

Requirements for Analysis

Abstracted, layered ZigBee communication network model: data flows across layers Sending data now → data reaches target within time-bound, uncorrupted

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-12
SLIDE 12

Motivation Safety Security Availability

A Natural Logic for Operational Timelines: Linear Temporal Logic

Linear Temporal Logic (LTL) formulas reason about linear timelines: finite set of atomic propositions {p q} Boolean connectives: ¬, ∧, ∨, and → temporal connectives: Xp next time p p always p p p p p p p p p ♦p eventually p pUq until p p p p q pRq release q q q q p,q

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-13
SLIDE 13

Motivation Safety Security Availability

Automata-Theoretic Approach to Model Checking

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-14
SLIDE 14

Motivation Safety Security Availability

Model Checking Process: Nominal Case Analysis

Model Creation

System Information

Verification: Model Checking

Candidate Counter− example

Counterexample valid?

Spurious Counterexample System Model System OK yes yes Problem Found

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-15
SLIDE 15

Motivation Safety Security Availability

Compositional, Contract-Based Models

Contract based design allows easy re-use of components from a library provided the contracts of the swapped components are the same.

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-16
SLIDE 16

Motivation Safety Security Availability

Extensible System Model: Wired/Wireless

Nominal framework model for the ZigBee wireless communication system

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-17
SLIDE 17

Motivation Safety Security Availability

Differentiating Passing Models with Fault Trees

Model Checking Pass → Fault Annotations → Fault Tree Analysis

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-18
SLIDE 18

Motivation Safety Security Availability

Adding Faults: Wired Network Components

Faults associated with wired network analyzed (S: sensor, R: cockpit) Fault Description Mode Authority W1 Physical medium breaks Permanent Physical Medium C1 Error recovery mechanism fails Transient Protocol (S/R) S2 Sensor fails Permanent Data Layer (S)

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-19
SLIDE 19

Motivation Safety Security Availability

Fault Tree/Minimal Cut Sets: Extended Wired System

CutSets = ({W1, S2, R.C1, S2, R.C1, W1}, {W1, R.C1, S2, R.C1, W1}, {S2, R.C1, S2, R.C1, W1}, W1, S2, {R.C1, S2}, {R.C1, W1} . . . ) Min Cut Set = (W1, S2, {R.C1, S2}, {R.C1, W1})

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-20
SLIDE 20

Motivation Safety Security Availability

Adding Faults: Wireless Network Components

Faults associated with wired network analyzed (S: sensor, R: cockpit) Fault Description Mode Authority Z1 Signal interference Transient Physical Medium Z2 End-Device not discoverable Transient Network Layer (S) Z3 Coordinator cannot accept new connections Transient Network Layer (R) Z4 Coordinator fails to set up network Permanent Application Layer (R) C1 Error recovery mechanism fails Transient Protocol (S/R) S2 Sensor fails Permanent Data Layer (S)

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-21
SLIDE 21

Motivation Safety Security Availability

Fault Trees/Minimal Cut Sets: Extended Hybrid Network

(a) Sample fault tree 1 (b) Sample fault tree 2

Fault trees using minimal cut sets for the extended wired system.

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-22
SLIDE 22

Motivation Safety Security Availability

Need to Avoid Accidental & Intentional Interference

A B C D

Pitot Tube (A) transmitting to Cockpit (C) by relay through (B), avoiding spoofing (D)

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-23
SLIDE 23

Motivation Safety Security Availability

Frame Control Destination Endpoint Group Address Cluster Identifier Profile Identifier Source Endpoint APS Counter Frame Payload Octets 1 0/1 0/2 Variable 0/1 0/2 0/2 1 Payload Size Octets 1 Frame Payload Variable Payload Index 0/1

Modified format of ZigBee packet as part of a burst.

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-24
SLIDE 24

Motivation Safety Security Availability

...

{

Payload

{

P Q

{

...

... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...

Expected Overhead from Encrypted Search

Anatomy of a file transmitted using secure, and reliable, packet bursts

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-25
SLIDE 25

Motivation Safety Security Availability

Original Data

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-26
SLIDE 26

Motivation Safety Security Availability

Data Chunked into Zigbee Packets

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-27
SLIDE 27

Motivation Safety Security Availability

Packets Divided into Bursts of Size 3

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-28
SLIDE 28

Motivation Safety Security Availability

XOR Syndromes Computed for Bursts

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-29
SLIDE 29

Motivation Safety Security Availability

Galois Field Syndromes Computed for Bursts

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-30
SLIDE 30

Motivation Safety Security Availability

Block Losses During Transmission

X X X

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-31
SLIDE 31

Motivation Safety Security Availability

XOR Recomputation

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-32
SLIDE 32

Motivation Safety Security Availability

Galois Field Recomputation

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-33
SLIDE 33

Motivation Safety Security Availability

Double Packet Loss from a Single Burst

X X

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-34
SLIDE 34

Motivation Safety Security Availability

Galois Field Recomputation

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-35
SLIDE 35

Motivation Safety Security Availability

Galois Field Recomputation

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-36
SLIDE 36

Motivation Safety Security Availability

Galois Field Recomputation

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-37
SLIDE 37

Motivation Safety Security Availability

Restored Original Dataset

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-38
SLIDE 38

Motivation Safety Security Availability

Impact of Burst Size on Failures & Bandwidth Utilization

2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 Data Packets per Burst 0.0000 0.0005 0.0010 0.0015 0.0020 0.0025 % Untolerated Burst Failures % Untolerated Burst Failures % Bandwidth Utilization for Data 0.0 0.2 0.4 0.6 0.8 % Bandwidth Utilization for Data Untolerated Burst Failures and Bandwidth Utilization for Data as a Function of Data Packets per Burst for a packet failure rate of 0.005

(a) Per Packet Failure Rate µ = 0.005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Data Packets per Burst 0.0000 0.0005 0.0010 0.0015 0.0020 0.0025 % Untolerated Burst Failures % Untolerated Burst Failures % Bandwidth Utilization for Data 0.0 0.2 0.4 0.6 0.8 % Bandwidth Utilization for Data Untolerated Burst Failures and Bandwidth Utilization for Data as a Function of Data Packets per Burst for a packet failure rate of 0.01

(b) Per Packet Failure Rate µ = 0.01

1 2 3 4 5 6 7 8 9 10 11 Data Packets per Burst 0.000 0.005 0.010 0.015 0.020 0.025 % Untolerated Burst Failures % Untolerated Burst Failures % Bandwidth Utilization for Data 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 % Bandwidth Utilization for Data Untolerated Burst Failures and Bandwidth Utilization for Data as a Function of Data Packets per Burst for a packet failure rate of 0.05

(c) Per Packet Failure Rate µ = 0.05

1 2 3 4 5 Data Packets per Burst 0.000 0.005 0.010 0.015 0.020 0.025 0.030 0.035 % Untolerated Burst Failures % Untolerated Burst Failures % Bandwidth Utilization for Data 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 % Bandwidth Utilization for Data Untolerated Burst Failures and Bandwidth Utilization for Data as a Function of Data Packets per Burst for a packet failure rate of 0.1

(d) Per Packet Failure Rate µ = 0.1

Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks

slide-39
SLIDE 39

Motivation Safety Security Availability

Summary1

Contributions: Proof of concept

Comparative analysis of multiple hybrid network models Nominal and fault analysis Extensible framework: plug-and-play, COTS-compatible

ZigBee security extension Trade-off exploration

Adaptive burst configuration

Future Work: Quantitative failure probability assessment Common Cause Analysis (CCA) Adding more wireless communication protocols

1Thanks to NASA’s Efficient Reconfigurable Cockpit Design and Fleet Operations using Software Intensive, Networked and Wireless Enabled Architecture (ECON) Grant NNX15AQ84G for supporting this work. Laboratory for

Temporal Logic

Kristin Yvonne Rozier Wireless-Enabled Aircraft Communication Networks