An increasing number of airlines offers „On-Board Wi-Fi“ to their passengers with connectivity improvements to the aircraft while it is on the ground (3G/4G LTE) and in-flight (air-to-ground and air-to-satellite). This development was basically just a question of time. Just think how timesaving it is for every frequent (business) traveler to quickly check and answer a few mails while being above the clouds. Not to forget about all the other stuff from Facebook to YouTube that can sweeten the journey time. And the wireless technology is also dramatically expanding traditional in-flight entertainment (IFE) features like new onboard services – ranging from online shopping and reservations to destination information, real-time travel information and seat-to-seat chat capabilities. What a brave new world –if there wouldn’t be the well-known safety concerns.
Recent events underline the concerns
In this summer, computer experts have succeeded in wirelessly hack into a car. They made their way into to car by the infotainment system and paralyzed the engine from several miles away. With the hack they wanted to shake up the automotive industry to better protect the infotainment systems against attacks. But what about aircraft security? A considerable number of media outlets reported that the same Wi-Fi systems passengers use in the sky on planes could allow a hacker to bring down a plane. Does this mean that every time someone has a laptop in the cabin or maybe even on the ground, there was the potential that they could breach the avionics of the aircraft? Even if this may not be an imminent threat, it’s a potential one. Currently no aircraft had been attacked like this. But such attacks are not absolutely absurd: In 2013 a security officer has gained control of the navigation system and was in contact with the air traffic control with a Smartphone. But don’t worry on this: The security issue used for this hack has been closed already.
Onboard an aircraft there are two different aspects of security to consider: security on the aircraft and security within the wireless IFE system. Let’s have to look at Kontron’s strategies:
Security on the aircraft
When an IFE system is deployed onto the aircraft, it is typically certified to Design Assurance Level (DAL) E or D per the FAA’s DO-254 (hardware) and DO-178 (software) guidance for airborne systems. Level E is the least stringent with a Failure condition listed as no safety affect to the aircraft, Level D is classified as Minor safety affect to the aircraft. In this manner, the IFE system is installed and certified onto the aircraft without being physically connected to the rest of the aircraft sub-systems. This eliminates any possibility to tamper with or corrupt aircraft equipment to which the IFE system is connected. For example, a physical connection to the ARINC 429 data bus can be setup to the read-only transceiver of the avionics equipment connected to the IFE server. This allows access to data such as altitude and location of the aircraft, which can then be used in a moving map application. In this case, any security compromise of the IFE system on the aircraft would be limited to reading data from these avionics sub-systems, and preventing any ability to transmit commands or misinformation to avionics sub-systems.
Security on the IFE Wireless Access Point
The other aspect of security is then the isolated IFE system itself, as any wireless connectivity system is prone to network attacks. To defend against this, the Kontron Cab-n-Connect A100 CWAP features the latest in enterprise-level wireless security based on the WiNG 5 operating system. This operating system provides a highly robust distributed architecture that extends QoS, security and mobility services to the CWAPs on the aircraft for better direct routing and network resilience. This functionality includes an intelligent virtual controller that optimizes the wireless network to ensure no degradation in streaming video, while simultaneously creating a fortress around the aircraft wireless network, protecting it from unauthorized access. The Layer 2 firewall on the wireless access points adds an additional extra layer of protection as the data travels from sender to recipient. The CWAPs automatically detect and respond instantly to any wireless threat, from rogue devices to network vulnerabilities. For example, the integrated AirDefense Wireless Intrusion Detection and Protection (WIPS) help contain an attack on the network. The WIPS is capable of detecting MAC address spoofing that occurs when the adversary pretends to be an authorized device during an attack. The AirDefense WIPS can also detect replay attacks and trigger a response if a configurable number of injections exceed a programmable threshold within a set window of time. It can also generate an alarm or send SNMP traps to notify various security event management systems. The system can also be configured so that an off ending device can be blacklisted, ensuring all further frames from it are ignored for the blacklist timeout period. Other active security features on the A100 include IP Filtering, Network Address Translation (NAT), Port-Based Access Control, IPSec (Point-to-Point Ethernet Packet Encryption), and AAA Security Protocol Implementation (RADIUS).
High time to create national standards
Recent events underscore why the aviation industry must remain ever vigilant. Not to leave them alone there should also be a legal framework in order to ensure certain security standards. A Government Accountability Office (GAO) report for example recommends that the US Federal Aviation Administration (FAA) should develop a more comprehensive approach to address cyber security and that the Secretary of Transportation should instruct the FAA administrator to develop a plan to fund and implement National Institute of Standards and Technology (NIST) revisions. However, it is high time to really attend to the matter as security is a growing concern for any IoT connected system.
You can get more information on wireless IFE in Kontron’s Application Note “BEYOND WIRELESS IFE – CONNECTED AIRCRAFT ADVANCES“.
What about you? Do you worry about your safety or just enjoy the comfort of On-Board Wi-Fi?