On the security of aeronautical datalink communications: Problems and solutions

Numerous protocols allow modern aircraft to communicate with ground entities over wireless networks, including the so-called Datalink digital communications protocols such as ACARS and FANS-1/A. Among other benefits, they greatly enhance automation and allow communication between embedded avionics and aircraft components with ground infrastructure. Unfortunately, none of these protocols incorporate any form of message authentication or confidentiality. To date, no security counter-measures have been proposed to address this with the exception of the ARINC 823 ACARS Message Security (AMS) standard currently employed by the US Air Force to communicate with the Federal Aviation Authority (FAA) air traffic controllers. In this paper, we present a threat analysis of the security flaws in the context of modern usage Datalink communications in aviation. To do so, we first describe how Software Defined Radios (SDR) have made easy to mount impersonation and message spoofing attack on both ACARS and FANS1/A datalink protocols. We then evaluate the potential impact of such attacks on both aircraft safety and air traffic management. To lend credence to our analysis, we describe a proof-of-concept implementation of this attack with a Universal Software Radio Project (USRP) SDR. Finally, we studied the viability of widely adopting AMS as an authentication solution by analyzing its real-world impact in terms of frequency congestion. We show that the widespread adoption of AMS, or an equivalent solution, by all commercial aircrafts would be sustainable.