Hardware Fingerprinting for the ARINC 429 Avionic Bus

03/27/2020
by   Nimrod Gilboa Markevich, et al.
0

ARINC 429 is the most common data bus in use today in civil avionics. However, the protocol lacks any form of source authentication. A technician with physical access to the bus is able to replace a transmitter by a rogue device, and the receivers will accept its malicious data as they have no method of verifying the authenticity of messages. Updating the protocol would close off security loopholes in new aircraft but would require thousands of airplanes to be modified. For the interim, until the protocol is replaced, we propose the first intrusion detection system that utilizes a hardware fingerprinting approach for sender identification for the ARINC 429 data bus. Our approach relies on the observation that changes in hardware, such as replacing a transmitter or a receiver with a rogue one, modify the electric signal of the transmission. Because we rely on the analog properties, and not on the digital content of the transmissions, we are able to detect a hardware switch as soon as it occurs, even if the data that is being transmitted is completely normal. Thus, we are able to preempt the attack before any damage is caused. In this paper we describe the design of our intrusion detection system and evaluate its performance against different adversary models. Our analysis includes both a theoretical Markov-chain model and an extensive empirical evaluation. For this purpose, we collected a data corpus of ARINC 429 data traces, which may be of independent interest since, to the best of our knowledge, no public corpus is available. We find that our intrusion detection system is quite realistic: e.g., it achieves near-zero false alarms per second, while detecting a rogue transmitter in under 50ms, and detecting a rogue receiver in under 3 seconds. In other words, technician attacks can be reliably detected during the pre-flight checks, well before the aircraft takes off.

READ FULL TEXT
research
07/25/2019

Mitigating Vulnerabilities of Voltage-based Intrusion Detection Systems in Controller Area Networks

Data for controlling a vehicle is exchanged among Electronic Control Uni...
research
02/06/2021

Convolutional Neural Network-based Intrusion Detection System for AVTP Streams in Automotive Ethernet-based Networks

Connected and autonomous vehicles (CAVs) are an innovative form of tradi...
research
10/06/2022

LGTBIDS: Layer-wise Graph Theory Based Intrusion Detection System in Beyond 5G

The advancement in wireless communication technologies is becoming more ...
research
06/27/2018

PIDS - A Behavioral Framework for Analysis and Detection of Network Printer Attacks

Nowadays, every organization might be attacked through its network print...
research
07/25/2018

Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks

This paper presents a new masquerade attack called the cloaking attack a...
research
10/05/2009

Statistical Decision Making for Authentication and Intrusion Detection

User authentication and intrusion detection differ from standard classif...
research
02/01/2021

Zero-Error Sum Modulo Two with a Common Observation

This paper investigates the classical modulo two sum problem in source c...

Please sign up or login with your details

Forgot password? Click here to reset