Airborne Network Security Simulator (ANSS) Master Plan Overview Presented by: Chris Riley (DOT/Volpe) November 3, 2010 Photos: Corel, Photodisk; Comstock; DOT 1
Agenda • ANSS Experiment 1 • ANSS Experiment 2 • ANSS Master Plan 2
Airborne Network Security Simulator (ANSS) Goals • Identify potential information security threats in synthetic environment by simulating next generation aircraft communications systems • Share knowledge, tools and methodologies with academia and other interested stakeholders to extend research value • Act as coordinating authority for cyber security risk mitigation within the international aerospace & aviation community • Recommend appropriate technical & procedural standards for security risks to aid in the development of regulatory guidelines and policies • Influence industry bodies on cyber security best practices with respect to specifications, procedures, and recommendations used by the industry 3
Master Plan Overview – Phase 1 • Inside Aircraft Network – Simulates a standard airborne network architecture including real and synthetic components – Interconnects with disparate aviation simulators to include real-world information in its experiments – Engages industry, academia and government in its experiments and recommendations – Design experiments to explore stakeholder identified issues and concerns 4
Demonstration Scenario; Airline AOC to Aircraft Performance Calculation IEEE HLA /RTI Via Internet Load & Balance Data Performance Calculation Firewall Control Domain OPS Controller La. Tech Ops-Center Simulator Information Domain Gatelink EFB TWLU Passenger Domain ANSS Operational Enclave Aircraft Network ANSS at WSU 5
Experiment 1 Scenario Hacker Final Pre-Flight Data Man-in-the. Middle device captures data and sends it to the Internet 6 Modified Pre-Flight Data
ANSS Experiment 2 7
ANSS Phase 1 Experiment 2 • Working with several aviation vendors to add Experiment 2 Functionality – Aircraft Control Domain (ACD) – Pratt & Whitney (P&W) • FAST (Flight-data Acquisition, Storage and Transmission ) -- Engine Wireless Maintenance Toolset – ACD – General Electric (GE) Intelligent Platforms • AFDX (Avionics Full Duplex Network, Switched Ethernet) simulated configuration – In Flight Entertainment (IFE) – Panasonic Inc. • Simulated 3 seat suite of Wi-Fi equipment • • 8 Developing operational scenarios/uses cases, e. g. – Intrusion Detection, Wireless data transfer, Engine Data/Gatelink interfaces UK Partners to provide Penetration Testing support
Aircraft Data Network (ADN) ANSS Phase 1 – Experiment 2 Aircraft control Flight and Embedded Control Systems Airline Information Services Admin Passenger Information and Entertainment Services Passenger. Owned Devices EFB/Gatelink AFDX (GE) FAST (P&W) Cabin Core Passenger Support Control the Airplane Closed Operate the Airline Private IFE(Panasonic) Entertain the Passengers Public Source –ARINC 664, Aircraft Data Network, Part 5, Network Domain Characteristics and Interconnection 9
ANSS Master Plan 10
Master Plan Overview – Phase 2 • External Interconnections – Include a SOA interface based on current Nextgen Standards – Build synthetic capabilities to evaluate cyber issues when the aircraft is both a SOA provider and consumer – Participate in FAA/DOD experiments to understand the commercial impact of cyber security in this environment – Identify issues and restrictions of global trust in the AN environment – Identity issues associated with centralized auditing, intrusion detection/prevention and a global view of the operation’s theater. 11
ANSS Phase 2 NEXTGEN Simulations s je Ac ctory kn /cle ow ar le an ts dgm ce c en hang e Tr a RMA Delivery (e. g. best effort) Latency • International usage based on reach of service provider • User designed/directed controls and displays • User specified FMS integration 12 TDLS Situational awareness - advisory Commercial spectrum Limited or No source Authentication Low or no design assurance User specified Qo. S – – – ests nts TFM Characteristics • • • requ gme NOTAMS NNE W ation wled Airspace status ERA M Devi o Ackn Weather ERA M TFM Characteristics • • • Command Control – safety critical Protected spectrum Source Authentication High safety assurance levels Qo. S dictated by safety case – – – High reliability, maintainability & availability Guaranteed delivery Low latency • Harmonization based on International agreements • Standardized controls and displays • FMS integration
Master Plan Overview – Phase 3 • Virtual World Training, Modeling and Simulation – Skill development plays a critical role in the cyber protection. Special skills will be needed to address the mobility, public safety and critical infrastructure components of this environment. – Gaming technology is successfully used to build virtual worlds and train the workforce through realistic scenarios. Scenario based training also allows researcher to observe student attack strategies in anticipation of the next level of attack. Learning attack approaches and exploits in a controlled environment feeds the development of predictive and adaptive defense strategies – Leveraging all of these assets, ANSS would develop a gaming environment where security teams from government, academia and industry will compete in “capture the flag” type scenarios. First line defenders, modes, methods and approaches captured in the experiments would prove invaluable to researchers in proactively protecting the AN environment 13
ANSS Phased Approach 2010 J F M A M J J 2011 A S O N D J F M A M J 2012 J A S O N D J F M A M J J A S O N D Phase 1 External Interconnections Experiment 1 – EFB/Gatelink (June 2010) Experiment 2 – Databuses, Wireless Maintenance, and In Flight Entertainment (Spring 2011) Phase 2 Next. Gen Simulations Experiment 1 - TBD Experiment 2 - TBD Phase 3 Virtual World Training, Modeling and Simulation Experiment 1 - TBD Experiment 2 - TBD 14
Contributing Organizations to the ANSS Demonstration/Technical Workshop Astronautics Corporation of America 15
Contact Information • • 16 Kevin Harnett, Volpe Center Cyber Security Program Manger – Email: kevin. harnett@dot. gov – Email: Phone: 617 -699 -7086 Chris Riley, Volpe Center Cyber Security Researcher – Email: riley@info-tools. com – Email: Phone: 508 -672 -6032
Скачать презентацию Airborne Network Security Simulator ANSS Master Plan Overview
525697409f8cf990ef381a754287c6b6.ppt