控制器导频数据链路通信的安全性测试

2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI:10.1109/ARES.2016.104

Doris di Marco, Alessandro Manzo, M. Ivaldi, J. Hird

{"title":"控制器导频数据链路通信的安全性测试","authors":"Doris di Marco, Alessandro Manzo, M. Ivaldi, J. Hird","doi":"10.1109/ARES.2016.104","DOIUrl":null,"url":null,"abstract":"A security testing method and a supporting toolset were developed to evaluate the robustness of communication protocols, application end-points and other system components. Using a packet injection and manipulation test case it was demonstrated that, due to weaknesses in authentication mechanisms, the CPDLC protocol is subject to threats affecting data integrity. In order to mitigate the risks, recommendations are made for a holistic approach to implementing security controls at the Network, System, Application, Procedural, and Physical levels.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Security Testing with Controller-Pilot Data Link Communications\",\"authors\":\"Doris di Marco, Alessandro Manzo, M. Ivaldi, J. Hird\",\"doi\":\"10.1109/ARES.2016.104\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A security testing method and a supporting toolset were developed to evaluate the robustness of communication protocols, application end-points and other system components. Using a packet injection and manipulation test case it was demonstrated that, due to weaknesses in authentication mechanisms, the CPDLC protocol is subject to threats affecting data integrity. In order to mitigate the risks, recommendations are made for a holistic approach to implementing security controls at the Network, System, Application, Procedural, and Physical levels.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.104\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

开发了一种安全测试方法和支持工具集，用于评估通信协议、应用端点和其他系统组件的鲁棒性。使用数据包注入和操作测试用例证明，由于身份验证机制的弱点，CPDLC协议受到影响数据完整性的威胁。为了降低风险，建议采用整体方法在网络、系统、应用程序、过程和物理层实现安全控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security Testing with Controller-Pilot Data Link Communications

A security testing method and a supporting toolset were developed to evaluate the robustness of communication protocols, application end-points and other system components. Using a packet injection and manipulation test case it was demonstrated that, due to weaknesses in authentication mechanisms, the CPDLC protocol is subject to threats affecting data integrity. In order to mitigate the risks, recommendations are made for a holistic approach to implementing security controls at the Network, System, Application, Procedural, and Physical levels.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 11th International Conference on Availability, Reliability and Security (ARES)

自引率

0.00%

发文量