Skip to main content
SpringerLink
Log in

Economy Class Crypto: Exploring Weak Cipher Usage in Avionic Communications via ACARS

  • Conference paper
Book cover Financial Cryptography and Data Security (FC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10322))

Included in the following conference series:

Abstract

Recent research has shown that a number of existing wireless avionic systems lack encryption and are thus vulnerable to eavesdropping and message injection attacks. The Aircraft Communications Addressing and Reporting System (ACARS) is no exception to this rule with 99% of the traffic being sent in plaintext. However, a small portion of the traffic coming mainly from privately-owned and government aircraft is encrypted, indicating a stronger requirement for security and privacy by those users. In this paper, we take a closer look at this protected communication and analyze the cryptographic solution being used. Our results show that the cipher used for this encryption is a mono-alphabetic substitution cipher, broken with little effort. We assess the impact on privacy and security to its unassuming users by characterizing months of real-world data, decrypted by breaking the cipher and recovering the keys. Our results show that the decrypted data leaks privacy sensitive information including existence, intent and status of aircraft owners.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://sourceforge.net/projects/acarsdec/.

  2. 2.

    https://github.com/jontio/JAERO.

  3. 3.

    https://www.flightradar24.com/.

  4. 4.

    http://www.acarsd.org/.

  5. 5.

    https://www.avdelphi.com.

  6. 6.

    Labels ‘41’ and ‘42’ are primarily used in SATCOM and label ‘44’ is most common in VHF—as such we focus our analysis in this way.

References

  1. Adams, C.: Securing ACARS: Data Link in the Post 9/11 Environment. Avionics Magazine, 24–26 June 2006

    Google Scholar 

  2. Aeronautical Radio Inc. (ARINC): 618–7: Air/Ground Character-Oriented Protocol Specification. Technical Standard (2013)

    Google Scholar 

  3. Aeronautical Radio Inc. (ARINC): 620–8: Datalink Ground System Standard and Interface Specification. Technical Standard (2014)

    Google Scholar 

  4. Aeronautical Radio Inc. (ARINC): 823–P1: DataLink Security, Part 1 - ACARS Message Security. Technical Standard (2007)

    Google Scholar 

  5. Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MobiCom) (2001)

    Google Scholar 

  6. Federal Aviation Administration: Access to Aircraft Situation Display (ASDI) and National Airspace System Status Information (NASSI) (2011). https://www.federalregister.gov/documents/2011/03/04/2011-4955/access-to-aircraft-situation-display-asdi-and-national-airspace-system-status-information-nassi. Accessed 11 Nov 2016

  7. Federal Aviation Administration: Access to Aircraft Situation Display to Industry (ASDI) and National Airspace System Status Information (NASSI) Data (2012). https://www.federalregister.gov/documents/2012/05/09/2012-11251/access-to-aircraft-situation-display- to-industry-asdi-and-national-airspace-system-status. Accessed 11 Nov 2016

  8. Federal Aviation Administration: Access to Aircraft Situation Display to Industry (ASDI) and National Airspace System Status Information (NASSI) Data (2013). https://www.federalregister.gov/documents/2013/08/21/2013-20375/access-to-aircraft-situation-display-to-industry-asdi-and-national-airspace-system-status. Accessed 11 Nov 2016

  9. Federal Aviation Administration: Limiting Aircraft Data Displayed via Aircraft Situation Display to Industry (ASDI) (Formerly the Block Aircraft Registration Request (BARR) Program) (2016). https://www.fly.faa.gov/ASDI/asdi.html. Accessed 11 Nov 2016

  10. Gloven, D., Voreacos, D.: Dream Insider Informant Led FBI From Galleon to SAC (2012). http://www.bloomberg.com/news/articles/2012-12-03/dream-insider-informant-led-fbi-from-galleon-to-sac. Accessed 11 Nov 2016

  11. International Civil Aviation Organization: Global Air Navigation Plan, Fourth Edition. Technical rep., International Civil Aviation Organization, Montreal, p. 120 (2013). http://www.icao.int/publications/Documents/97504eden.pdf

  12. Kloth, R.D.: Airframes.org (2016). http://www.airframes.org/. Accessed 11 Nov 2016

  13. Oishi, R.T., Heinke, A.: Air-ground communication. In: Spitzer, C.R., Ferrell, U., Ferrell, T. (eds.) Digital Avionics Handbook, 3rd edn., pp. 2.1–2.3. CRC Press (2015)

    Google Scholar 

  14. Oishi, R.T., Heinke, A.: Data communications. In: Spitzer, C.R., Ferrell, U., Ferrell, T. (eds.) Digital Avionics Handbook, 3rd edn., pp. 2.7–2.13. CRC Press (2015)

    Google Scholar 

  15. Risley, C., McMath, J., Payne, B.: Experimental encryption of Aircraft Communications Addressing and Reporting System (ACARS) Aeronautical Operational Control (AOC) Messages. In: 20th Digital Avionic Systems Conference. IEEE, Daytona Beach (2001)

    Google Scholar 

  16. Roy, A.: Secure Aircraft Communications Addressing and Reporting System (ACARS). US Patent 6,677,888, January 2004

    Google Scholar 

  17. Roy, A.: Security strategy for US Air Force to use commercial data link. In: 19th Digital Avionics Systems Conference. IEEE, Philadephia (2000)

    Google Scholar 

  18. Smith, M., Strohmeier, M., Lenders, V., Martinovic, I.: On the security and privacy of ACARS. In: Integrated Communications Navigation and Surveillance Conference (ICNS), Herndon (2016)

    Google Scholar 

  19. Storck, P.E.: Benefits of commercial data link security. In: Integrated Communications, Navigation and Surveillance Conference (ICNS). IEEE, Herndon (2013)

    Google Scholar 

  20. Strohmeier, M., Schäfer, M., Pinheiro, R., Lenders, V., Martinovic, I.: On perception and reality in wireless air traffic communication security. IEEE Trans. Intell. Transp. Syst. 18(6), 1338–1357 (2017)

    Google Scholar 

  21. Strohmeier, M., Smith, M., Schäfer, M., Lenders, V., Martinovic, I.: Assessing the impact of aviation security on cyber power. In: 8th International Conference on Cyber Conict (CyCon). NATO CCD COE, Tallinn (2016)

    Google Scholar 

  22. Teso, H.: Aircraft hacking: practical aero series. Presented at the fourth annual hack in the box security conference in Europe (HITB), Amsterdam, NL, April 2013

    Google Scholar 

  23. Yue, M., Wu, X.: The approach of ACARS data encryption and authentication. In: International Conference on Computational Intelligence and Security (CIS). IEEE (2010)

    Google Scholar 

Download references

Acknowledgements

This work has been funded by armasuisse under the Cyberspace and Information research program. Matthew Smith has been supported by the Engineering and Physical Sciences Research Council UK (EPSRC UK), as part of the Centre for Doctoral Training for Cyber Security at the University of Oxford. Daniel Moser has been supported by the Zurich Information Security and Privacy Center. It represents the views of the authors.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Oxford, Oxford, UK

    Matthew Smith, Martin Strohmeier & Ivan Martinovic

  2. Department of Computer Science, ETH Zürich, Zürich, Switzerland

    Daniel Moser

  3. armasuisse, Bern, Switzerland

    Vincent Lenders

Authors
  1. Matthew Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Moser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Strohmeier
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Lenders
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ivan Martinovic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matthew Smith .

Editor information

Editors and Affiliations

  1. University of Edinburgh, Edinburgh, UK

    Aggelos Kiayias

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

Smith, M., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I. (2017). Economy Class Crypto: Exploring Weak Cipher Usage in Avionic Communications via ACARS. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70972-7_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70971-0

  • Online ISBN: 978-3-319-70972-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation