Exploring the Vulnerabilities of Traffic Collision Avoidance Systems (TCAS) Through Software Defined Radio (SDR) Exploitation
Berges, Paul Martin
MetadataShow full item record
Traffic Collision Avoidance Systems (TCAS) are safety-critical systems that are deployed on most commercial aircraft in service today. However, TCAS transactions were not designed to account for malicious actors. While in the past it may have been infeasible for an attacker to craft arbitrary radio signals, attackers today have access to open-source digital signal processing software like GNU Radio and inexpensive Software Define Radios (SDR). Therefore, this thesis presents motivation through analytical and experimental means for more investigation into TCAS from a security perspective. Methods for analyzing TCAS both qualitatively and quantitatively from an adversarial perspective are presented, and an experimental attack is developed in GNU Radio to perform an attack in a well-defined threat model.
General Audience Abstract
Since 1993, the Federal Aviation Administration (FAA) requires that many commercial turbine-powered aircraft to be outfitted with an on-board mid-air collision mitigation system. This system is known as the Traffic Collision Avoidance System (TCAS) in the United States, and it is known as the Airborne Collision Avoidance System (ACAS) in other parts of the world. TCAS/ACAS is a type of safety-critical system, which means that implementations need to be highly tolerant to system failures because their operation directly affects the safety of the on-board passengers and crew. However, while safety-critical systems are tolerant to failures, the designers of these systems only account for failures that occur in a cooperative environment; these engineers fail to account for “bad actors” who want to attack the weaknesses of these systems, or they assume that attacking such a system is infeasible. Therefore, to demonstrate how safety-critical systems like TCAS/ACAS are vulnerable to such bad actors, this thesis presents a method for manipulating the TCAS/ACAS in the favor of a bad actor. To start, a method for qualitatively and quantitatively analyzing the system’s vulnerabilities is presented. Then, using Software Defined Radio (SDR), which is a free and open-source effort to combine the flexibility of software with the power of wireless communication, this thesis shows how an actor can craft wireless signals such that they appear to look like an aircraft on a collision course with a target.
- Masters Theses