Validating an ATM security prototype — First results

Abstract

Since years it is known that radio communication used by ATC can easily be intruded and is therefore subject to recurrent attacks. Nevertheless the voice communication between pilots and controllers is still the most flexible and efficient medium especially in a busy traffic environment, in non-standard situations or simply when exchanging air-ground messages in plain language is needed. As vulnerability seems not dominant compared to the number of crucial damages, voice communication is still the basic and most important communication method within the aeronautical mobile service. This motivated the development of a prototype for secure ATC communications (SACom) within the frame of the Global ATM Security Management Project (GAMMA). The challenge when designing a security management prototype for ATM is not only to find out if the concept is appropriate to minimize the expected impact of possible attacks. In fact the benefit for the participating stakeholders has to be evaluated and proven by appropriate evidence. The need for evidence leads to the understanding that there is a clear lack existing between the theoretically defined outlines by NextGen and SESAR and the measures at hand to validate prototypes in the area of ATM security. The document highlights the approach to validate the proposed system to secure ATC communication. Therefore the paper describes the intended prototype to secure ATC voice communication and the different modules it consists of. Moreover the surrounding validation environment and the dedicated validation platform for investigating the prototype is elaborated and described in detail. To achieve this, reader’s mindset will be sharpened for the idea of validation platform subsets and validation environment building blocks Within the project the prototype for secure ATC communication has been designed and developed. The verification of the prototype has been conducted in the Air Traffic Management Validation Center of the DLR in 2015/2016, whereas the first validation exercises were conducted in late spring of 2016. During the exercises the benefit of each single module as the benefit of the correlated value of all indicators will be validated. The prototype is not only been verified and validated as a single system. Moreover, during the preparatory work for the validation exercises a small scale experimental setup was used together with partners in the project in order to elaborate added value of the presented prototype already as a pre-production sample. The results obtained already demonstrate the general feasibility of the developed prototype. A detailed discussion of the preliminary validation results will be done in the full paper. This research-in-progress paper presents the initial findings from the validation and initial implementation of the security management prototype for secure ATC communications. The recent work supports the current security engineering needs and offers an iteratively deployable capability to complement the current ATM/CNS system and future deployment activities under SESAR or NextGen. The applied approach for the validation of this single prototype provides a mature basis for setting up a distinct methodology for validation of other ATM security oriented systems.