Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Transport Security
AIR TRANSPORT●2.8 billion– People flown in 2011.●38 million– Number of flights in 2011MARITIME TRANSPORT●30,936– Transport...
Safety is NOT Security
New technologies, new threats......new requirements:●IT Security profile– New systems– Automation●Aviation profile– Specif...
Part I– Traditional technologiesPart II– New risks and attack vectorsAgenda
TraditionaltechnologiesGood old days
Older technologiesPrimary SurveillanceRadars (PSR)✈ Detects presence ofplanes via the reflection ofradio waves by the plan...
Legacy systems Glass cockpitOlder technologies
NewtechnologiesRisks and attacks
Attack overviewDISCOVERY✈ ADS-BGATHERING✈ ACARSEXPLOITATION✈ Systems
THE TARGETSOFTWARE
DISCOVERY - ADS-BAutomatic Dependent Surveillance-Broadcast✈ Radar substitute✈ Position, velocity, identification
GATHERING - ACARSAircraft Communications Addressing andReporting System✈ Digital data link for transmission of messagesbet...
EXPLOITATION - FMS✈Flight Management System– Typically consists of two units:» A computer unit» A control display unit✈Con...
EXPLOITATION - Attack deliveryGround Service providers●The “glue” of the aviationecosystemhouseSoftware Defined Radio●A ra...
Unmanned Aircraft SystemsCOMMUNICATIONS– SATCOM●Iridium●Ku-Band●C/S-Band– VHF●:-)NON-SEGREGATEDAIRSPACE●Civil aviation sys...
RemediationWhere to start from?– ✈ NextGen Security●On-board systems securityaudit– ✈ Who is affected?●Manufacturers●Groun...
Remember: Safety is NOT Securityhugo.teso@nruns.comAdditional resources– RootedCon 2012●Slides: http://x90.es/7e4●Video: h...
Upcoming SlideShare
Loading in …5
×

New realities in aviation security remotely gaining control of aircraft systems

569 views

Published on

New realities in aviation security remotely gaining control of aircraft systems

Published in: Technology, Business
  • Be the first to comment

New realities in aviation security remotely gaining control of aircraft systems

  1. 1. Transport Security
  2. 2. AIR TRANSPORT●2.8 billion– People flown in 2011.●38 million– Number of flights in 2011MARITIME TRANSPORT●30,936– Transport ships in 2011●8,7 billion tons– Seaborne trade on 2012
  3. 3. Safety is NOT Security
  4. 4. New technologies, new threats......new requirements:●IT Security profile– New systems– Automation●Aviation profile– Specific knowledge– Own technologies– Standards
  5. 5. Part I– Traditional technologiesPart II– New risks and attack vectorsAgenda
  6. 6. TraditionaltechnologiesGood old days
  7. 7. Older technologiesPrimary SurveillanceRadars (PSR)✈ Detects presence ofplanes via the reflection ofradio waves by the planes.Secondary SurveillanceRadars (SSR)✈ Detects and measures theposition of aircrafts, requestsadditional information fromthem.
  8. 8. Legacy systems Glass cockpitOlder technologies
  9. 9. NewtechnologiesRisks and attacks
  10. 10. Attack overviewDISCOVERY✈ ADS-BGATHERING✈ ACARSEXPLOITATION✈ Systems
  11. 11. THE TARGETSOFTWARE
  12. 12. DISCOVERY - ADS-BAutomatic Dependent Surveillance-Broadcast✈ Radar substitute✈ Position, velocity, identification
  13. 13. GATHERING - ACARSAircraft Communications Addressing andReporting System✈ Digital data link for transmission of messagesbetween aircraft and ground stations
  14. 14. EXPLOITATION - FMS✈Flight Management System– Typically consists of two units:» A computer unit» A control display unit✈Control Display Unit (CDU orMCDU) provides the primaryhuman/machine interface for dataentry and information display.✈FMS provides:» Navigation» Flight planning» Trajectory prediction» Performance computations» Guidance
  15. 15. EXPLOITATION - Attack deliveryGround Service providers●The “glue” of the aviationecosystemhouseSoftware Defined Radio●A radio communicationsystem where hardwarecomponents areimplemented by meansof software.
  16. 16. Unmanned Aircraft SystemsCOMMUNICATIONS– SATCOM●Iridium●Ku-Band●C/S-Band– VHF●:-)NON-SEGREGATEDAIRSPACE●Civil aviation systems– COTS/MOTS– Vulnerable:●Protocols●Systems
  17. 17. RemediationWhere to start from?– ✈ NextGen Security●On-board systems securityaudit– ✈ Who is affected?●Manufacturers●Ground Service Providers●Airlines/Operators
  18. 18. Remember: Safety is NOT Securityhugo.teso@nruns.comAdditional resources– RootedCon 2012●Slides: http://x90.es/7e4●Video: http://x90.es/7e5– HITB 2013●Slides: http://x90.es/7e6●Video: http://x90.es/7e7

×