Avionic bus cyber attack identification

Avishai Wool; Gabi Shugul (Astronautics C. A. Ltd); Raz Tikochinski (Astronautics C. A. Ltd)


Avionics bus cyber attack identification is an embedded cyber solution research project, designed to detect and protect common military avionic buses, in use onboard transport a/c, helicopters, trainers and fighter aircraft around the world.

 Existing avionics are based on system architectures dated 10-25 years back, and lack the required cyber protection of today's computing world. For years the concept of the avionics system designer was based on the fact that the avionics are not connected to the IT world and networks; therefore, it does not require special protection against threats from the outside world. However, avionics systems have evolved and currently include Ethernet buses, connected to many systems, either wired or wirelessly, including data-link and satellite communication data exchanges, modernized data and software loading via maintenance loaders and even modern wireless data links to the ground. Therefore, cyber security measures are required throughout the entire chain – from the maintenance repair shops and up to the aircraft, with means to detect and block any cyber threat while loading data, but also onboard, detecting and protecting any cyber threat that is already resident within the avionics and may damage the system or its' operational use. We focus on the most common military avionic bus, known as the MIL-STD-1553B bus. This bus is the main communications bus onboard military aircraft, used as the major data exchange vehicle for all military avionics systems (total existing worldwide military aircraft fleet using this type of bus is estimated to be close to 50,000 aircraft).

The research hypothesis is that the characteristics of the low-level electrical signals generated by the various bus elements are unique, and can be used to reliably identify the transmitting element, independently from any protocol-level information regarding the identity of a message source. The scope of the research is to evaluate this hypothesis, by developing a “fingerprint” for each of the devices connected to the bus based on normative electrical and timing behavior of each device, and to evaluate the fingerprint’s performance. Specifically, Astronautics would like to take an initial concept of analyzing the electrical characteristics of the MIL-STD-1553B bus, and establishing an electronic “fingerprint” for each of the devices connected to the bus, helping to identify anomalies in the bus "behavior" that will indicate a possible cyber attack. A successful outcome of this research will allow us to detect different kinds of spoofing cyber attacks and misuse of the bus by malicious devices. To the best of our knowledge, no existing MIL-STD-1553 cyber attack detection currently exists. Astronautics' avionics cyber lab enables the creation of various attack vectors, evaluating their impact on avionic systems, before and after implementing various detection and protection algorithms. Thus, Astronautics' cyber lab shall support the development and implementation of cyber security solutions, and will allow testing of these solutions' effectiveness in various scenarios. Astronautics will develop the MIL-STD-1553B bus front end high frequency sampling device for digitizing the signals and will build the environment of the bus, devices and cyber attack demonstrations. Prof. Wool and his students will develop the algorithms to study the fingerprints and detect bus anomalies.

Tel Aviv University, P.O. Box 39040, Tel Aviv 6997801, Israel
UI/UX Basch_Interactive