Security Testing with Controller-Pilot Data Link Communications

Abstract

A security testing method and a supporting toolset were developed to evaluate the robustness of communication protocols, application end-points and other system components. Using a packet injection and manipulation test case it was demonstrated that, due to weaknesses in authentication mechanisms, the CPDLC protocol is subject to threats affecting data integrity. In order to mitigate the risks, recommendations are made for a holistic approach to implementing security controls at the Network, System, Application, Procedural, and Physical levels.