JETS Defense Security Testing: An Example from ADS-B

By: Darren Cummings, DoD/Cyber Leader

Automatic Dependent Surveillance-Broadcast (ADS-B), a new collection of standards and technologies for aircraft position reporting, has seen widespread adoption in the global aviation industry in advance of U.S. and EU mandates which take effect next year. In 2020, with limited exceptions (mostly for unpowered, experimental, and historic aircraft), ADS-B will be required for all aircraft operating in U.S. airspace. ADS-B “Out” capability includes the transmission of aircraft identification, GPS-derived position information, altitude, and velocity. In addition, a range of ADS-B “In” features include anti-collision and weather information. As a result, most glass cockpit and advanced avionics systems will integrate ADS-B capabilities directly into their products.

ADS-B promises improved safety through better pilot and controller awareness of the airspace and environment, but the design of ADS-B presents several security challenges for avionics developers and integrators. ADS-B signals are not encrypted and are not expected to be, given the complexity in implementing a key infrastructure across the airspace system. This means, however, that anyone can theoretically transmit false information, which can be received and misinterpreted by airborne or ground-based systems. This problem invites a wide array of “worst-case scenarios,” including denial-of-service attacks against planes or towers, transmissions intended to disguise illicit activity, and even exploitation of security vulnerabilities in ADS-B systems themselves. Avionics developers, who are not accustomed to this level of potentially malicious activity directed against their systems, need to adopt new security testing strategies in order to keep their systems and the flying public that depends on them, safe.

One strategy that must be employed in the development of ADS-B-capable aviation systems is fuzz testing. In fuzz testing, false and malicious inputs are directed against the system’s various interfaces to observe their effect on the software. Results could include crashes, race conditions, denial of service, or, in rare instances, introduce new behaviors specially formulated by an attacker. Fuzz testing is critical for ADS-B “In” systems such as the Universal Access Transceiver (UAT) because they rely on unencrypted signals to convey relatively complex weather and traffic information. Whenever complex data is introduced from arbitrary or unreliable sources, there is a strong potential for buffer overflows and other format-type vulnerabilities. Developer tools such as JETS Defense have built-in fault injection capabilities that can test both external data interfaces and internal system boundaries, using virtualization-based introspection to identify potential vulnerabilities.

JETS Defense’s virtualization capabilities are also useful in measuring and enforcing limitations on data flows between different subsystems. Because ADS-B information is less “trusted” than internal flight control and telemetry information, a well-designed system-of-systems will impose a certain level of isolation between these systems to ensure that bogus ADS-B information will have no negative impact on aircraft operation. JETS Defense is capable of fully virtualizing most aircraft systems and data interfaces. In testing, this means that the interactions between ADS-B subsystems and core avionics systems can be thoroughly evaluated. In a fielded system, virtualization can also enable additional safety and security monitoring that runs “beneath” the system’s application code, and which is immune from external attacks.

ADS-B promises to open a wide range of new capabilities in the cockpit and in the control tower. It is important for the aviation community to remember that the added complexity and interactive nature of ADS-B means significant testing is required to ensure systems operate free of vulnerability. Special care should be paid to legacy systems that were not designed with external inputs in mind; here the industry should learn from the mistakes of the SCADA community, which incurred costly failures and high-profile attacks when integrating older systems with machine-to-machine (M2M) communications technologies.

To learn more about JETS Defense and how it can help with your system’s security testing, contact Performance Software today.