The growing need for an efficient worldwide airspace system management, generated by an increasing traffic load, requires new capabilities for air-ground data communication technologies. In order to cope with these requirements, the Federal Aviation Administration (FAA), EUROCONTROL, and the International Civil Aviation Organization (ICAO) have jointly made specific recommendations for candidate technologies for the airport surface communication network. In the SESAR project, the Aeronautical Mobile Airport Communication System (AeroMACS) technology is being developed in such a way to provide next generation broadband and wireless data communications for airport surface applications (i.e. Air Traffic Control ? ATC, Airline Operational Communications ? AOC, and surface vehicles services). As the airport surface communication system involves many heterogeneous application flows, digital information security has been considered as among the highest priority concerns in the air transport industry. Indeed, since AeroMACS is based on IEEE 802.16e/802.16-2009 standards, it inherits some security flaws specific to the WIMAX technology. Thus, a network risk analysis should be conducted in order to properly design and deploy a secure airport surface communication system, where interconnected aircraft, pilots, air traffic controllers, airline and airport operators can reliably communicate. To mitigate these security issues, the European Sky ATM Research (SESAR) technological and operational program is working under the 15.2.7 Work Package to study the AeroMACS network security using an original risk propagation based quantitative assessment methodology. Indeed, risk assessment has been considered as an essential technique in evaluating the security of network information systems. Many proposals have been made in this area to design new approaches allowing administrators and engineers to analyze the impact of any attack that could target their systems. Nevertheless, there is a lack of quantitative techniques and methods which take into account the inherent characteristics of a network such as interconnection between nodes. Besides, those standards and methods are related to information security in general and thus, are not entirely appropriate for the specific context of aeronautical communications. As an example, Aeronautical Radio Incorporated (ARINC) introduced in 2005 the ARINC 811 report which presents a commercial aircraft information security concepts of operation and process framework, but the presented risk assessment approach is static and evaluates damages produced by threats qualitatively, making results somewhat subjective. Thus, in this paper, we present a new approach for network security assessment that measures quantitatively the network risk level based on critical aspects such as the impact of a successful attack on a node and the risk propagation of that attack within the AeroMACS network. Rigorous validation experiments have been conducted using real statistics and vulnerability data from the National Vulnerability Database (NVD) and the network vulnerability scanning tool NESSUS. We specifically focused on AeroMACS vulnerabilities, and a network risk study was conducted for different predefined scenarios. Finally, a comparison between network risks for each scenario is made and some security guidance is given either to enhance the AeroMACS security features or to improve the end to end security using some additional mechanisms such as certificate-based authentication.

Presenter
Mohamed Slim Ben Mahmoud