CN103139779A - Denial service attack penetration testing method aiming at aircraft communication addressing and reporting system (ACARS) data chain - Google Patents

Abstract

The ACARS data link is a very high frequency data link, mainly used for communication between aircraft and the ground. The invention proposes an ACARS data link security penetration testing method. A denial of service attack is simulated mainly based on the security loopholes in the ACARS data link without encryption and authentication. In the ACARS system, there is no identity verification mechanism, and an entity can easily pretend to be an airborne communication terminal and send a large number of forged messages to the DSP, hindering the normal operation of the DSP system. In the present invention, through simple equipment, a computer is disguised as an airborne communication terminal, and sends an illegal control message to the ground DSP. The DSP cannot verify the legality of the identity, so it responds to the illegal message, exhausts its own resources, and then loses control over the illegal message. The ability to respond to legal packets. Using the technical scheme of the invention, the potential safety hazards of the ACARS data chain can be excavated, and it has a positive effect on protecting the safety of the ACARS data chain.

Description

Denial of service attack penetration testing method for ACARS data link

technical field

The present invention relates to an aviation VHF data link security technology, especially for the penetration test of the denial of service attack on the Aircraft Communication Addressing and Reporting System (ACARS) data link, which can dig deep into the security risks of ACARS, It plays an active role in ensuring the security of the ACARS data link.

Background technique

ACARS is an acronym for ARINC Communications Addressing Reporting System. The system is designed to reduce voice communication requirements by automatically reporting aircraft arrival and departure times and other mission flight data. The system uses a designated airborne VHF frequency to transmit and receive data from an identically equipped ground station.

ACARS is now operating smoothly day in and day out in commercial aviation around the world. The civil aviation system uses the ACARS system for air traffic control over oceanic areas that cannot be covered by radar. Automatic position reports transmitted through the ACARS system allow air traffic controllers to accurately monitor the aircraft's position. In addition, controllers can send air traffic management messages to pilots to actively control the flight of the aircraft. Likewise, ACARS has made an important contribution to the reduction of separation standards in oceanic airspace.

By analyzing the ACARS message, the aircraft model, external environment, location, scheduled route, cargo content and detailed operation of the flight can be obtained. Aviation personnel want to protect this information to maintain a competitive advantage, to ensure flight safety and reduce operational risk.

U.S. military aircraft are generally required to obey air traffic rules when flying in civilian airspace. Since ACARS was applied to air traffic control in the South Pacific region, the U.S. Air Force began to equip their transport aircraft with ACARS to comply with civil aviation regulations. The availability of the ACARS system also brings additional benefits to the US Air Force, because ACARS can be used for routine unclassified communications, thereby preserving the high-priority capability of military communication systems for traffic. In terms of security, it will take a long time for military operators to adapt to the existing civilian ACARS system. If information can be exchanged more securely via ACARS, the Air Force will allow fleets to use ACARS data links to exchange information with any aircraft in the world in real time, increasing their operational efficiency.

ACARS information is transmitted in clear text on a public RF channel. As long as the cost is very low, anyone can monitor and process ACARS information with detection equipment. In addition, if the messages sent by the air force aircraft equipped with the ACARS system are intercepted by the enemy during the execution of the mission, it may bring devastating consequences to the execution of the mission. After the "9.11" incident, various countries have paid more attention to anti-terrorist attacks. However, if the ACARS data link is attacked or used by terrorists, it will have a huge impact on national security. Therefore, airlines, national special aviation, and the military all urgently need a secure ACARS network system to ensure the safe transmission of sensitive or secret information.

The ACARS system, as the ground application system of the ground-air data link, has become the production system of various airlines. So far, more than 70% of the 100-seat passenger planes have been equipped with ACARS airborne equipment. All airlines rely more and more on the ACARS system. On the one hand, it can ensure the flight safety of the aircraft, and on the other hand, it can significantly improve the company's operating efficiency. This puts forward high requirements for the safe and stable operation of the ACARS system. At the same time, according to the regulations of the Civil Aviation Administration of China, all aircraft must be equipped with ACARS airborne electronic equipment, and the application range of the ACARS system will continue to expand. Effectively ensuring the safety of the ACARS system can avoid bringing harm to the country, airlines and network operators. huge loss. Therefore, ensuring the information security of ACARS system has important economic and political significance.

Contents of the invention

In the ACARS system, the attacker can send a large amount of false information to the ground station, so that the ground station cannot respond to normal aircraft communication, causing the ground station to deny service. Or the attacker pretends to be a terminal and sends a large amount of useless ACARS information to the data link, causing the server of the information processing center to be overloaded and resources exhausted, unable to respond to normal information, thus causing the server to deny service. Denial of service attacks will cause interruption of normal communication and seriously threaten the safety of flight.

According to the needs of ACARS data link information security research, the present invention uses C++ and C# languages to build an ACARS data link information security guarantee system demonstration platform. The platform for ACARS data link security research includes: 1 aircraft route demonstration, 1 airborne analog communication management unit (Communication Management Unit, CMU), 2 remote ground stations (Remote Ground Station, RGS) (1 reliable, 1 illegal), 1 DSP, 1 message parser, 1 data link end user (airline), 1 attack end (with air-to-ground communication capability). The purpose of the present invention is to verify possible security threats in the ACARS system and demonstrate the effect according to the transmission rules of the ACARS system messages.

CMU is an important part of the ACARS safety simulation system. This module implements the functions and characteristics of the simulated airborne CMU, including automatic/manual transmission of ACARS messages, human-computer interaction interface (route management and aircraft operation status display) and standard interface. simulation implementation.

RGS is the ground node of the VHF data link system, which is used to connect the aircraft and the ground data communication network, and can realize data communication between nodes of the ground data communication network. He can provide two-way data communication between the aircraft and the ground network. The function of the RGS station is to process and monitor the uplink and downlink data information, and can effectively, quickly and accurately distribute the data to the aircraft and the ground data communication network.

DSP mainly includes two major core modules: first, to realize two-way mutual conversion between ARINC618 and ARINC620 message formats; second, to realize two-way information routing.

Message parser module When the system receives the message sent by DSP, it will automatically analyze it, convert the message into meta format (using XML format) according to the ARINC 620 protocol, and automatically send it to its lower computer to notify that it has been accepted to the message.

The attack module is an important part of the ACARS safety demonstration system. It has the function of monitoring normal air-ground communications, including all message communications between the aircraft and DSP, and displays the received uplink and downlink messages in the interface. Display original text and hexadecimal. At the same time, the attacker also has the ability to carry out denial of service attacks.

The airline module is used to simulate the airline's use of messages. The operation of the message is distributed on two interfaces, namely: the message editing and input interface and the message output display interface.

Description of drawings

Figure 1 is the ACARS simulation system network architecture.

Figure 2 is ARINC618 uplink and downlink data format.

Figure 3 shows the effect of denial of service attack.

Detailed ways

1. According to the system architecture simulated in Figure 1, click the route management module on the onboard CMU to start, and the aircraft starts to fly.

2. On the attack end, pretend to be a legitimate aircraft and send a message to the DSP, and click the attack end denial of service icon.

3. Click Send to start disguising the airborne terminal to send information to the DSP.

4. In the DSP module, it can be seen that the DSP has received the request normally and responded.

5. The downlink message of the normal aircraft reaches the DSP, but the DSP cannot respond, and the normal message is resent.

Claims (3)

1. The ACARS data link is a wireless network, which is more vulnerable to attacks than wired networks. ACARS information is completely transmitted in the form of plain text, without encryption mechanism and message authentication mechanism, anyone can easily obtain almost all ACARS information as long as they have a computer, sound card, radio frequency antenna and available free software, and there are already The software can simulate an aircraft terminal or a controller terminal, and communicate with a real terminal. Due to the limited service capability that the DSP can provide, when an attacker sends a large number of forged messages, the DSP faces the security threat of resource exhaustion, resulting in the inability to provide services for legal airborne terminals. 2. according to the potential safety hazard that ACARS data chain exists according to claim 1, invent a kind of denial of service penetration testing method for ACARS data chain system, it is characterized in that described testing method comprises the following steps: 1) Taking ARINC618 protocol and ARINC620 protocol as reference, simulate an ACARS data link system, including airborne terminal, RGS remote ground station, DSP data link service provider, and ground terminal user. The system has air-to-ground communication capability. 2) Simulate an ACARS data link attack end, which has the function of communication monitoring for normal air-ground communication, including all message communication between aircraft and DSP. 3) The attack end steals the uplink and downlink messages and obtains relevant information, including flight number, tail number, etc. 4) After the attack end steals relevant information, it simulates a normal airborne terminal and sends a large number of forged messages to the DSP. 5) DSP receives the forged message, cannot distinguish its legitimacy, and processes a large number of forged messages, exhausting its own resources. DSP denies service to normal aircraft. 3. according to the ACARS data link denial of service attack test method described in 2, it is characterized in that: 1) The data format of the normal air-ground data link conforms to the ARINC618 standard, and the DSP communicates with the ground data link user, and the data format conforms to the ARINC620 standard. 2) The attack end simulates the airborne terminal and has the ability to send and receive air-ground data. It can extract useful fields of legal information to generate illegal messages, and can actively send downlink forged data. 3) The ground communication terminal cannot identify illegal information, and normally handles illegal messages, including displaying and responding to illegal messages. The airborne terminal cannot get a response from the DSP, and sends the same message repeatedly.

Images