Cyber security in aviation : automationsprogrammet II del II : report C
Publication details: Linköping : Linköpings universitet, 2025Description: 38 sSubject(s): Online resources: Summary: The aviation industry is undergoing a transformative phase, driven by the rapid growth in global air traffic and the increasing complexity of airspace management. With the number of flights expected to double by 2030, the demand for advanced communication, navigation, and surveillance systems has never been greater. Traditional air traffic management systems, which rely heavily on voice-based communication and outdated technologies, are struggling to cope with the increasing volume of air traffic and the need for real-time data exchange. This has led to significant challenges in ensuring aviation operations’ safety, efficiency, and security, particularly in congested airspace where communication delays and errors can have catastrophic consequences. One of the key advancements in modern aviation communication is the adoption of Controller Pilot Data Link Communications (CPDLC), which replaces traditional voice transmissions with digital messages over Very High Frequency radio systems. CPDLC enhances communication resilience by providing clear, text-based instructions, reducing misunderstandings, and increasing bandwidth efficiency. However, the plain-text nature of CPDLC messages makes them vulnerable to cyber- attacks such as eavesdropping, message injection, and man-in-the-middle attacks. These vulnerabilities can be exploited using inexpensive devices like Software-Defined Radio, posing significant risks to aviation safety. For instance, attackers can intercept and manipulate CPDLC messages, leading to unauthorized aircraft control or the dissemination of false information, which could result in fatal incidents. To address these security challenges, we have proposed a robust security framework that implements mutual authentication, secure key establishment, and handover mechanisms to protect CPDLC communications from cyber threats. This framework leverages Physical Unclonable Functions for mutual authentication and Elliptic Curve Cryptography for secure key generation, ensuring the system remains resilient against attacks while maintaining operational efficiency. The proposed framework has been validated through hardware testing, demonstrating its effectiveness in real-world scenarios.The aviation industry is undergoing a transformative phase, driven by the rapid growth in global air traffic and the increasing complexity of airspace management. With the number of flights expected to double by 2030, the demand for advanced communication, navigation, and surveillance systems has never been greater. Traditional air traffic management systems, which rely heavily on voice-based communication and outdated technologies, are struggling to cope with the increasing volume of air traffic and the need for real-time data exchange. This has led to significant challenges in ensuring aviation operations’ safety, efficiency, and security, particularly in congested airspace where communication delays and errors can have catastrophic consequences. One of the key advancements in modern aviation communication is the adoption of Controller Pilot Data Link Communications (CPDLC), which replaces traditional voice transmissions with digital messages over Very High Frequency radio systems. CPDLC enhances communication resilience by providing clear, text-based instructions, reducing misunderstandings, and increasing bandwidth efficiency. However, the plain-text nature of CPDLC messages makes them vulnerable to cyber- attacks such as eavesdropping, message injection, and man-in-the-middle attacks. These vulnerabilities can be exploited using inexpensive devices like Software-Defined Radio, posing significant risks to aviation safety. For instance, attackers can intercept and manipulate CPDLC messages, leading to unauthorized aircraft control or the dissemination of false information, which could result in fatal incidents. To address these security challenges, we have proposed a robust security framework that implements mutual authentication, secure key establishment, and handover mechanisms to protect CPDLC communications from cyber threats. This framework leverages Physical Unclonable Functions for mutual authentication and Elliptic Curve Cryptography for secure key generation, ensuring the system remains resilient against attacks while maintaining operational efficiency. The proposed framework has been validated through hardware testing, demonstrating its effectiveness in real-world scenarios.