What is ACARS? Aircraft Communications Addressing and Reporting - - PowerPoint PPT Presentation

what is acars
SMART_READER_LITE
LIVE PREVIEW

What is ACARS? Aircraft Communications Addressing and Reporting - - PowerPoint PPT Presentation

Dec 27, 2022 572 likes •864 views

M odern jets, retro ciphers: How monoalphabetic substitution ciphers are still in use Matthew Smith*, Daniel Moser $ , Martin Strohmeier*, Vincent Lenders , Ivan Martinovic* *University of Oxford $ ETH Zurich armasuisse

slide-1
SLIDE 1

Real World Crypto 2018, January 10-12, Zurich

Matthew Smith*, Daniel Moser$, Martin Strohmeier*, Vincent Lenders¥, Ivan Martinovic*

Modern jets, retro ciphers:

How monoalphabetic substitution ciphers are still in use

*University of Oxford first.last@cs.ox.ac.uk

$ETH Zurich

first.last@inf.ethz.ch

¥armasuisse

first.last@armasuisse.ch

slide-2
SLIDE 2

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

What is ACARS?

  • Aircraft Communications Addressing

and Reporting System (ACARS) is a widely-used avionic data link on both commercial and non-commercial aircraft

  • Around since late 1970’s, it is now used

for vastly different purposes to its

  • riginal intention
  • Since then, it has become multi-medium

and multi-purpose

  • Easily collectible with $10 hardware

2

slide-3
SLIDE 3

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

What is ACARS?

3

slide-4
SLIDE 4

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

What is ACARS?

3

Service provider handles messages - like cell networks

slide-5
SLIDE 5

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

What is ACARS?

3

ATC use ACARS to control aircraft without requiring voice

slide-6
SLIDE 6

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

What is ACARS?

3

AOC communications allow administration in-flight, e.g. passenger updates, gate information

slide-7
SLIDE 7

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

What is ACARS?

3

Software defined radios collected from one location over 9 months - ~1 million messages

slide-8
SLIDE 8

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Security in ACARS

  • A number of ACARS applications clearly require some

authentication or confidentiality - but ACARS has no security as standard

  • ‘Post-hoc’ solutions exist (e.g. Secure ACARS)
  • However, it costs extra on top of existing ACARS - this

deters users - no use thus far

4

slide-9
SLIDE 9

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Security in ACARS

  • A number of ACARS applications clearly require some

authentication or confidentiality - but ACARS has no security as standard

  • ‘Post-hoc’ solutions exist (e.g. Secure ACARS)
  • However, it costs extra on top of existing ACARS - this

deters users - no use thus far

4

Many users require privacy but don’t want to pay

slide-10
SLIDE 10

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Analysing messages

  • We collected over a million VHF and SATCOM ACARS messages, and

noticed that some business aircraft were sending scrambled messages

5

07*?X.0)Emk.;M].;4;Dm)m..) Y(*)]s($).M4U).U;;).MmD)..D+0 07*?X.0)EmUmkm]..D00M)4k.)]rr6) Y-\).k.<);4<k);000).;;+U 07*?X.0)EmUmUU]..D0Mk)m;.)]E{-) 6-r).k.;);;;;);4;;)..U+.

slide-11
SLIDE 11

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Analysing messages

  • We collected over a million VHF and SATCOM ACARS messages, and

noticed that some business aircraft were sending scrambled messages

5

07*?X.0)Emk.;M].;4;Dm)m..) Y(*)]s($).M4U).U;;).MmD)..D+0 07*?X.0)EmUmkm]..D00M)4k.)]rr6) Y-\).k.<);4<k);000).;;+U 07*?X.0)EmUmUU]..D0Mk)m;.)]E{-) 6-r).k.;);;;;);4;;)..U+.

Key identifier

08,suL}Zq`cLLK=LLa`aLZ`YLZP\,0ZPf0,ZLaLYZLKeeZLc}KZLLc[` 08,suL}Zq`tee}=LLaL}KZ}vvZ=yy~ZPuAfZLaYYZYevLZY}eLZLLc[t 08,suL}Zq`KYev=LLK}aKZ}tLZbZbZLaYYZYevvZY`YvZbbbbb 09|\L46c+Ns6,,G4418,hcN84cGeodc-r!Lc4Bh1c8B4hc8BBBc44Z5Z 09|\L46c+N,BZ,G44BBZNc614c-r|Gc-W|Pc4BhZc48hNc48BZcbbbbb 09|\L46c+Ns8NhG44s6,,c6B4c-W|Pc-r.-c4B68c888Bc88NZc44B5,

slide-12
SLIDE 12

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Cipher & usage properties

  • 9 static keys were used by all

aircraft using the cipher

  • Using frequency analysis (and

some deduction), we could recover ~76% of the substitutions for the 9 keys using 2690 messages

  • All aircraft used the Honeywell

Primus avionics suite

6

Bombardier Learjet 45 Gulfstream G650

slide-13
SLIDE 13

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Aircraft type

7

Manuf. A B C D E Model A-1 A-2 A-3 B-1 B-2 B-3 C-1 D-1 E-1

  • Avg. Manuf.

Year 2008 2008 2014 2014 2010 2012 2010 2002 2011 No./Model 118 56 12 11 3 2 1 1 1 No./Manuf. 186 16 1 1 1

slide-14
SLIDE 14

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Aircraft type

7

Manuf. A B C D E Model A-1 A-2 A-3 B-1 B-2 B-3 C-1 D-1 E-1

  • Avg. Manuf.

Year 2008 2008 2014 2014 2010 2012 2010 2002 2011 No./Model 118 56 12 11 3 2 1 1 1 No./Manuf. 186 16 1 1 1

slide-15
SLIDE 15

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Aircraft type

7

Manuf. A B C D E Model A-1 A-2 A-3 B-1 B-2 B-3 C-1 D-1 E-1

  • Avg. Manuf.

Year 2008 2008 2014 2014 2010 2012 2010 2002 2011 No./Model 118 56 12 11 3 2 1 1 1 No./Manuf. 186 16 1 1 1

slide-16
SLIDE 16

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Aircraft type

7

Manuf. A B C D E Model A-1 A-2 A-3 B-1 B-2 B-3 C-1 D-1 E-1

  • Avg. Manuf.

Year 2008 2008 2014 2014 2010 2012 2010 2002 2011 No./Model 118 56 12 11 3 2 1 1 1 No./Manuf. 186 16 1 1 1

slide-17
SLIDE 17

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Hidden aircraft

8

  • A significant proportion of aircraft using this cipher also used a

block, so do not appear on flight trackers.

slide-18
SLIDE 18

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Hidden aircraft

8

  • A significant proportion of aircraft using this cipher also used a

block, so do not appear on flight trackers.

Flightradar24

slide-19
SLIDE 19

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Hidden aircraft

8

  • A significant proportion of aircraft using this cipher also used a

block, so do not appear on flight trackers.

Flightradar24

slide-20
SLIDE 20

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Hidden aircraft

8

  • A significant proportion of aircraft using this cipher also used a

block, so do not appear on flight trackers.

  • This implies that they are privacy sensitive - and so are being

undermined by the weak cipher

slide-21
SLIDE 21

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Hidden aircraft

8

Data Set Not Blocked Blocked Total VHF 5 (10%) 44 (90%) 49 SATCOM 10 (6%) 146 (94%) 156

  • A significant proportion of aircraft using this cipher also used a

block, so do not appear on flight trackers.

  • This implies that they are privacy sensitive - and so are being

undermined by the weak cipher

slide-22
SLIDE 22

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Message content

  • 29% of messages were status reports, revealing position,

departure and arrival airports

9

slide-23
SLIDE 23

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Message content

  • 29% of messages were status reports, revealing position,

departure and arrival airports

9

Arrival Airport - Farnborough, UK, ETA 14:19 Departure Airport - Instanbul, Turkey Position Report 1 - 12:57 Position Report 2 - 13:27

From Google Maps

slide-24
SLIDE 24

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Message content

  • 29% of messages were status reports, revealing position,

departure and arrival airports

9

Arrival Airport - Farnborough, UK, ETA 14:19 Departure Airport - Instanbul, Turkey Position Report 1 - 12:57 Position Report 2 - 13:27

From Google Maps

slide-25
SLIDE 25

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Message content

  • 29% of messages were status reports, revealing position,

departure and arrival airports

  • Blocked aircraft sent 90% of all status reports

9

slide-26
SLIDE 26

Modern Jets, Retro Ciphers: How monoalphabetic substitution ciphers are still in use

Responsible disclosure

10

“Obfuscation becomes encryption when a high level of confidentiality is assured. The confidentiality assurance of the substitution cipher is low.”

  • Reported to Honeywell prior to publication and met with a

resounding ‘it’s not a problem’

  • Cipher isn’t encryption but obfuscation thus not a security risk
slide-27
SLIDE 27

*University of Oxford first.last@cs.ox.ac.uk

$ETH Zurich

first.last@inf.ethz.ch

¥armasuisse

first.last@armasuisse.ch Real World Crypto 2018, January 10-12, Zurich

Matthew Smith*, Daniel Moser$, Martin Strohmeier*, Vincent Lenders¥, Ivan Martinovic*

Questions

Full paper: Economy Class Crypto: Exploring Weak Cipher Usage in Avionic Communications via ACARS - FC2017