You are here

Tools to Enable Systematic Testing of Avionics Cyber Security

Description:

TECHNOLOGY AREA(S): Info Systems 

OBJECTIVE: Develop tools and techniques to enable the rapid cyber assessment of avionics systems & air platforms 

DESCRIPTION: Avionics on modern military aircraft are often composed of a variety of “black box” systems that carry out a specific function and work together to form a cohesive system-of-systems that enables the warfighter to fly, fight and win. Even if the individual systems themselves are assumed to be cyber resilient, which is rarely the case, the integration of systems together can lead to new classes of vulnerabilities that are created by the interaction of multiple systems. Current practices for performing cyber tests on target platforms are disjointed and often involve “one-off” tools and instrumentation techniques. An effective toolset is needed to enable the rapid and systematic testing of avionics systems to assess their resiliency to cyber-attack prior to fielding. To be effective, the tool must (1) provide flexible capabilities to quickly instrument and both (2) monitor relevant buses/interfaces during normal operational testing and (3) interact with/fuzz a wide variety of avionics under test. Such a tool must be able to interact with avionics systems using a variety of interfaces and protocols including MIL-STD-1553, RS-232/422, ARINC-429, CAN bus, Ethernet/TCP/IP, etc. A strong, intuitive, flexible and capable user interface (UI) is a key enabler for this technology. Efforts that provide a strong consideration of how hardware can be assembled to support/enable systematic and flexible instrumentation are preferred. Hardware used should be commercially obtainable and cost-effective. 

PHASE I: Describe, design, and implement a limited software prototype tool demonstrating (1) the ability to appropriately monitor and interact with a pre-determined interface/bus architecture (2) with an effective and intuitive user interface. (3) Consider and describe enabling hardware requirements (interface, processing, storage). Tools with immediate applicability to common avionics architectures are most relevant. Implementations that include a strong, capable fuzzing component are particularly interesting. 

PHASE II: Develop and implement a full-featured tool that is applicable to a wide range of interface/bus standards with functional interface, monitoring and fuzzing capabilities. Fully define supporting hardware requirements and provide an example implementation. The final product should be demonstrated on one or more realistic and relevant avionics architectures. 

PHASE III: The bus architectures noted under this topic are present on a wide range of systems, including automobiles, satellites and aircraft. A capable tool for systematic cyber testing would have broad applicability across a range of industries. Rigorous cyber testing is becoming a requirement across both civilian and military platforms for land, sea, air and space. The tools and techniques developed under this effort will have immediate relevance for both civilian and military applications. 

REFERENCES: 

1: "Cybersecurity Test and Evaluation Guidebook", U.S. Department of Defense, http://www.acq.osd.mil/dte-trmc/docs/Cybersecurity%20TE%20Guidebook%20July%201%202015%20v1_0.pdf

2:  "Introduction to Information Security Testing and Assessment", Richard L. Metzer D.Sc., Lockheed Martin, http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-6_kscarfone-rmetzer_security-testing-assessment.pdf

KEYWORDS: Avionics, Fuzzing, MIL-STD-1553, Ethernet, ARINC-429, CAN Bus, Serial, Cyber, Testing, Evaluation, Assessment 

CONTACT(S): 

Joshua D. McCamey (AFRL/RYWA) 

(937) 713-8152 

joshua.mccamey@us.af.mil 

US Flag An Official Website of the United States Government