On Perception and Reality in Wireless Air Traffic Communications Security

TL;DR

This paper analyzes the security vulnerabilities of wireless air traffic communication technologies, bridging the gap between academic research and aviation industry perspectives through systematization, expert surveys, and attack analysis.

Contribution

It provides a comprehensive systematization of wireless aviation applications, analyzes vulnerabilities and countermeasures, and surveys aviation experts to align security research with industry needs.

Findings

Wireless technologies in aviation are inherently insecure due to design limitations.

Aviation experts show limited awareness of wireless security vulnerabilities.

Categorization of short-term and long-term security approaches.

Abstract

More than a dozen wireless technologies are used by air traffic communication systems during different flight phases. From a conceptual perspective, all of them are insecure as security was never part of their design. Recent contributions from academic and hacking communities have exploited this inherent vulnerability to demonstrate attacks on some of these technologies. However, not all of these contributions have resonated widely within aviation circles. At the same time, the security community lacks certain aviation domain knowledge, preventing aviation authorities from giving credence to their findings. In this paper, we aim to reconcile the view of the security community and the perspective of aviation professionals concerning the safety of air traffic communication technologies. To achieve this, we first provide a systematization of the applications of wireless technologies upon which civil aviation relies. Based on these applications, we comprehensively analyze vulnerabilities, attacks, and countermeasures. We categorize the existing research on countermeasures into approaches that are applicable in the short term and research of secure new technologies deployable in the long term. Since not all of the required aviation knowledge is codified in academic publications, we additionally examine existing aviation standards and survey 242 international aviation experts. Besides their domain knowledge, we also analyze the awareness of members of the aviation community concerning the security of wireless systems and collect their expert opinions on the potential impact of concrete attack scenarios using these technologies.