ucaat2013 presentation - mbt for ads-b attack scenario ... for... · google earth sbs-3 basestation...
TRANSCRIPT
![Page 1: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/1.jpg)
Model-‐based test genera/on of aircra3 traffic a5ack scenarios using ADS-‐B standard signals
1
Julien Botella (Smartes2ng) Phong Cao (THALES) Cédric Civeit (Thales Raytheon Systems) Daniel Gidoin (THALES) Fabien Peureux (FEMTO-‐ST /CNRS; Smartes2ng)
UCAAT 2013 22 – 24 October -‐ Paris
![Page 2: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/2.jpg)
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example
• Conclusion and future work
![Page 3: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/3.jpg)
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example
• Conclusion and future work
![Page 4: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/4.jpg)
Automa/c dependent surveillance-‐broadcast – ADS-‐B
• Context – To test air ADS-‐based Air Traffic Management systems
using ADS-‐B Protocol – Radar control security tes2ng:
• ADS-‐B radio protocol • Flight informa2on sent from plane to control tower
• Mo/va/ons – To address applica2on security vulnerabili2es that cannot be detected by the
sta2c tests – To reduce cost of tes2ng and the 2me taken for industrializa2on – To be able to demonstrate the resilience of Air Traffic Management systems – To absorb the growth in air traffic and improve the security
• Objec/ves – Live traffic capture with SBS-‐3 sta2on – Malicious scenario genera2on to check the detec2on efficiency from the
control tower (logical anomalies) • Wrong coordinates • Fake planes • …
• SBS-‐3 sta/on descrip/on hPp://www.homepages.mcb.net/bones/SBS/Ar2cle/Barebones42_Socket_Data.htm 4
![Page 5: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/5.jpg)
SBS Specifica2on extracts
5
![Page 6: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/6.jpg)
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example
• Conclusion and future work
![Page 7: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/7.jpg)
MBT for func2onal tes2ng
7
Smartesting CertifyIt
Model (Behavioral /
environmental )
Requirement Management
Requirements
or
Iterative Process
Test scripts
Adapta/on layer
Requirement links
![Page 8: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/8.jpg)
8
Test Purposes
Smartesting CertifyIt
Model (Behavioral /
environmental )
Security Test Patterns
SBS-3 BaseStation
Specs
Real Traffic recording (SBS-3)
DAST SBS-3 importer
Malicious Scenarios
SBS-‐3 Simulator
Google Earth
KML Publisher for Google Earth
SBS-3 BaseStation
logs publisher
MBT process for ADS-‐B
![Page 9: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/9.jpg)
Test genera2on for ADS-‐B traces
• APack scenarios are generated using real traces and aPack paPerns
• APack paPerns capture the know-‐how of security engineers
Generated model
A5ack pa5ern
![Page 10: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/10.jpg)
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example (demo)
• Conclusion and future work
![Page 11: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/11.jpg)
• Goals – To measure the resilience of Air Traffic Management Systems of against
aPacks using ADS_B protocol – The training of air traffic controllers in cri2cal situa2ons (i.e. ar2ficial air
space satura2on)
• Process – Automated real traffic acquisi2on (model elements genera2on) – Automa2c malicious scenarios genera2on from test paPerns
– First paPern : DAST trajectory
– Scenarios export (altered traffic) – KML forGoogle earth – SBS-‐3 formaPed logs
• Live Demo
Project results
11
![Page 12: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/12.jpg)
Simula2ng aPack scenarios in Google Earth
![Page 13: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/13.jpg)
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example (demo)
• Conclusion and future work
![Page 14: UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation logs publisher MBT!process!for!ADSJB! Testgeneraon!for!ADSJB!traces! ... – KML!forGoogle!earth!](https://reader034.vdocument.in/reader034/viewer/2022052102/603d16dad243be120e1dffcb/html5/thumbnails/14.jpg)
Future work • Check injected data consistency • Anomalie defini2ons to create new malicious scenarios
– Vulnerability paPerns (Q4 2013) • Fighter ac2ng as an airliner • 4 grouped fighters, ac2ng as an airliner then spliing • Helicopter, drone • Duplicate an airliner and make it diverge from its original trajectory • …
• KML/SBS exports improvements • Improving tool integra2on (from generated aPack
scenarios to test execu2on, verdict and repor2ng)
14
14