You are on page 1of 14

Electronic Flight Bag Security Use Case and Aircraft Security Simulator

Presented by: Chris Riley, CISSP (DOT/Volpe)

Photos: Corel, Photodisk; Photodisk; Photodisk; Comstock; DOT

Electronic Flight Bag Threat Assessment

Volpe/UK Communications and Electronics Security Group (CESG) EFB Project Objectives
Identify Security Threats to the EFB Environment using classic software techniques and tools

Define a repeatable process to associate security architectures within a systems functional model
Produce security related requirements from identified threats Produce commonly understood artifacts o Information Asset Characterization (FIPS 199) o Use Case and Mis-Use Case (UML2) o Risk Assessment (NIST 800-30)

Analysis Approach
Develop an EFB Reference Implementation as a basis of Threat Assessment

Hold SME Workshops to:


o Identify Function Thread of Interest (Performance Calculation) o Identify Functional Requirements of the thread within the context of the reference implementation. o Identify Information Assets for Functional Thread

Develop a Threat Assessment Approach leveraging UML Tools

Applying Security Controls to UML Use Case Modeling


Use case is designed as a simple method to identify functional requirements. Security controls overly complicates the diagrams Security controls introduce technology into a functional model clouding functional objectives System decomposition requires a Domain Specific Language for Security to communicate requirements throughout the model Model must be easily understood by functional SMEs while containing enough detail for security experts to assess threats

EFB Risk Assessment Findings Summary


Description Information Integrity and Authenticity - Third party information providers should provide different strength of controls based on the criticality of information to EFB Operations and timeliness of delivery COTS Security Baseline Configuration and Management- Several paths to the EFB could make the Windows Environment un-reliable. Adopt Security Baselines, integrity tools (e.g. virus scan) and patch management to ensure reliability. Device Authentication / Trust Paths - Operations such as Data Load have specific trust relationships with EFB. Additional controls should augment ARINC 615a to ensure software or data is not loaded from an unauthorized device Platform Integrity / Application Authorization Checksum technology verifies integrity of a source, it does not imply the application is authorized. Example Mitigations Digital Signatures, Virus Scanning, Transfer over authenticated/encrypted channels, Media Handling and Authenticity Procedures such as signature verification and media destruction Center for Internet Security COTS Baselines, NIST Security Configuration Checklists Repository; Standardized Provisioning and Patch Management.

Transfer software and data via a digital authenticated point to point channel such as a VPN, Consider hostbased firewalls

AntiVirus and Integrity Checkers can verify the integrity of the platform. Signed Applications can ensure applications are authorized to operate on the platform.

Airborne Network Security Simulator (ANSS)

Phase 2: Airborne Network Security Simulator (ANSS) Goals


Identify potential information security threats in synthetic environment by simulating next generation aircraft communications systems. Share knowledge, tools and methodologies with academia and other interested stakeholders to extend research value. Act as coordinating authority for cyber security risk mitigation within the international aerospace & aviation community. Recommend appropriate technical & procedural standards for security risks to aid in the development of regulatory guidelines and policies. Influence industry bodies on cyber security best practice with respect to specifications, procedures, and recommendations used by the industry.

Current Situation
Air Traffic Service Providers

Airline

Airline 3rd Party Providers

PassengerAccessed 3rd Party Providers

C L O S E D

Aircraft Control Domain

Control the Aircraft Controlled

AirGround Network Interface

Flight & Embedded Control Systems

Cabin Core Devices

VHF / HF / SatCom

Air/Ground Datalink Service (e.g. ACARS) Airport Network (e.g. Gatelink)

Airline Info Services Domain AirGround Network Interface Admin Functions Flight Support Cabin Support

P R I V A T E

Maintenance Support

Operate the Aircraft

Wireless LAN

Passenger Info & Entertainment Services Domain


Air-Ground Network Interface IFE Passenger Internet Access On-Board Web Access Passenger Device Interface

Relatively Uncontrolled
P U B L I C

Broadband / Cellular

Air/Ground Broadband Network (e.g. INMARSAT)

Passenger-Owned Devices

Passenger Use

Computers

Wireless Devices

Gaming Devices

Mission-critical aircraft systems have increased in complexity & bandwidth requirements, in some cases accessing the Internet

ANSS Functional Components


Class 3 Electronic Flight Bag Used as an Application Platform for realistic capability

Gatelink Realistic Aircraft to Gate Connectivity


OPNet Synthetic component development platform

AviationSimNet Standards based approach to real-time linkage of external simulators

10

Interfacing Standards - AviationSimNet

AviationSimNet is a distributed simulation bridging environment in that it allows dissimilar simulation environments to operate together in a single simulation domain. To accomplish this, AviationSimNet hosts voice and data communications that allow facilities to interoperate within the same domain. AviationSimNet is focused towards supporting real-time human-in-the-loop Air Traffic Management simulations which can include a wide range of simulation components.

11

Demonstration Scenario; Airline AOC to AviationSimNet Aircraft Via


Performance Calculation

Internet
Load & Balance Data Performance Calculation

Firewall Flight Mngt System Sim

Operations Sim

OPS Controller

Control Domain

Information Domain
Gatelink

External Training Simulator

TWLU

EFB

Passenger Domain
ANSS Operational Enclave

Aircraft Network

ANSS at WSU

12

Demonstration Scenario
Hacker

Final Pre-Flight Data

Man-in-theMiddle device captures data and sends it to the Internet

Modified Pre-Flight Data

13

Contact Information
Kevin Harnett, Volpe Center Cyber Security Program Manger Email: kevin.harnett@dot.gov Email: Phone: 617-699-7086 Chris Riley, Volpe Center Cyber Security Researcher Email: riley@info-tools.com Email: Phone: 508-672-6032

14

You might also like