News headlines about hackers trying to find vulnerabilities in inflight entertainment (IFE) and communications systems on board aircraft may have died down for now, but behind the scenes the aviation industry has been doubling down on security for some time, and certain stakeholders are willing to discuss their efforts to counter cyber crime.
Multinational company Kontron is among the firms opening the proverbial kimono. Its integrated cabin wireless access points (CWAPs) currently support myriad streaming video and connectivity solutions on aircraft (and on the market). In launching its next generation CWAP – the so-called Kontron 802.11ac Cab-n-Connect A100 – the company has also published a white paper that provides deeper detail about system security and functionality.
Did the FBI’s highly publicized investigation into security researcher Chris Roberts’ alleged IFE hacking efforts directly spur Kontron to become so vocal in its white paper? “No,” says Kontron avionics business line manager Alan Manns, explaining, “As wireless becomes the backbone on the plane, the discussion becomes less about whether passengers will use it, but what other ways will they use it. Security is going to come to the forefront; this is something we’ve been talking about [doing] for at least a year.”
The A100 CWAP capitalizes on the latest IEEE 802.11 specification, and is billed as capable of “significantly” increasing data throughput – which in turn improves the passenger experience – in contrast to earlier generation solutions based on 802.11n. To defend against attacks, explains Kontron, A100 features the latest in enterprise-level wireless security based on the WiNG 5 operating system.
“For example, the integrated AirDefense Wireless Intrusion Detection and Protection (WIPS) help contain an attack on the network. The WIPS is capable of detecting MAC address spoofing that occurs when the adversary pretends to be an authorized device during an attack. The AirDefense WIPS can also detect replay attacks and trigger a response if a configurable number of injections exceed a programmable threshold within a set window of time. It can also generate an alarm or send SNMP traps to notify various security event management systems.”
Kontorn notes that the system can also be configured so that an offending device can be blacklisted, ensuring all further frames from it are ignored for the blacklist timeout period. Other active security features on the A100 include IP Filtering, Network Address Translation (NAT), Port-Based Access Control, IPSec (Point-to-Point Ethernet Packet Encryption), and AAA Security Protocol Implementation (RADIUS).
At present, major Hollywood movie studios disallow the streaming of early window movie content to passengers’ devices due to content piracy concerns. Kontron and others would like to see Hollywood relent, and permit EW streaming. Says Manns, “At this point, that’s what we’re looking at as the Holy Grail; is there a security feature in wireless that would give the studios comfort?”
Kontron’s avionics work is just one small portion of a company that designs and manufactures embedded computer modules, boards and systems and serves OEMs, system integrators and application providers of different market segments. But security is a growing concern for any IoT connected system, “and is certainly a high area of concern onboard an aircraft”, notes the firm. Recent events underscore why the aviation industry must remain ever vigilant.