Technical study on ACARS "encryption"
Thread Starter
Join Date: Aug 2013
Location: PA
Age: 59
Posts: 30
Likes: 0
Received 0 Likes
on
0 Posts
Technical study on ACARS "encryption"
Interesting study for those who are interested!
"Abstract. Recent research has shown that a number of existing wireless avionic systems lack encryption and are thus vulnerable to eavesdropping
and message injection attacks. The Aircraft Communications Addressing and Reporting System (ACARS) is no exception to this rule with 99%
of the trac being sent in plaintext. However, a small portion of the trac coming mainly from privately-owned and government aircraft is
encrypted, indicating a stronger requirement for security and privacy by those users. In this paper, we take a closer look at this protected
communication and analyze the cryptographic solution being used. Our results show that the cipher used for this encryption is a mono-alphabetic
substitution cipher, broken with little effort. We assess the impact on privacy and security to its unassuming users by characterizing months
of real-world data, decrypted by breaking the cipher and recovering the keys. Our results show that the decrypted data leaks privacy sensitive
information including existence, intent and status of aircraft owners."
http://fc17.ifca.ai/preproceedings/paper_17.pdf
"Abstract. Recent research has shown that a number of existing wireless avionic systems lack encryption and are thus vulnerable to eavesdropping
and message injection attacks. The Aircraft Communications Addressing and Reporting System (ACARS) is no exception to this rule with 99%
of the trac being sent in plaintext. However, a small portion of the trac coming mainly from privately-owned and government aircraft is
encrypted, indicating a stronger requirement for security and privacy by those users. In this paper, we take a closer look at this protected
communication and analyze the cryptographic solution being used. Our results show that the cipher used for this encryption is a mono-alphabetic
substitution cipher, broken with little effort. We assess the impact on privacy and security to its unassuming users by characterizing months
of real-world data, decrypted by breaking the cipher and recovering the keys. Our results show that the decrypted data leaks privacy sensitive
information including existence, intent and status of aircraft owners."
http://fc17.ifca.ai/preproceedings/paper_17.pdf
I recall having discussions several years ago with Rockwell-Collins about data-mining based on transmissions from client airlines using their ACARS network. The consensus was that there was/is no imminent prospect of air carriers encrypting their ACARS transmissions. Obviously the situation with corporate and government aviation is different.
Not too dissimilar to the outcry from some "professional" pilots about the invasion of privacy when it was revealed ACARS transmissions were being published on the interweb in this Prune thread.
Most aviation-related communication is unsecure, and has always been. Probably always will be too, unfortunately, given the difficulty of replacing such widespread existing technology.
Most aviation-related communication is unsecure, and has always been. Probably always will be too, unfortunately, given the difficulty of replacing such widespread existing technology.
Thread Starter
Join Date: Aug 2013
Location: PA
Age: 59
Posts: 30
Likes: 0
Received 0 Likes
on
0 Posts
I dont think interception is the issue, the issue is far more interjection.
I just depends on how much airlines or other systems want to broadcast and/or rely on ACARS to send/relay information.
I just depends on how much airlines or other systems want to broadcast and/or rely on ACARS to send/relay information.
