research-article

Open access

Cyber Threat Impact Analysis to Air Traffic Flows Through Dynamic Queue Networks

Authors:

Sandip RoyAuthors Info & Claims

ACM Transactions on Cyber-Physical Systems, Volume 4, Issue 3

Article No.: 26, Pages 1 - 22

https://doi.org/10.1145/3377425

Published: 12 March 2020 Publication History

All formats PDF

Abstract

Air traffic control (ATC) increasingly depends on information and communication technology to manage traffic flow through highly congested and increasingly interdependent airspace regions. Although these systems are critical to ensuring the efficiency and safety of our airspace, they are also increasingly vulnerable to cyber threats that could potentially lead to reduction in capacity and/or reorganization of traffic flows. In this article, we model various cyber threats to ATC systems and analyze how these attacks could impact the flow of aircraft through the airspace. To perform this analysis, we consider a model for wide-area air traffic based on a dynamic queuing network model. Then we introduce three different attacks (Route Denial of Service, Route Selection Tampering, and Sector Denial of Service) to the ATC system and explore how these attacks manipulate the sector flows by evaluating the queue backlogs for each sector’s outflows. Furthermore, we explore graph-level vulnerability metrics to identify the sectors that are most vulnerable to various flow manipulations and compare them to case-study simulations of the various attacks. The results suggest that Route Denial of Service attacks have a significant impact on the target sector and lead to the largest degradation to the overall air traffic flows. Furthermore, the impact of Sector Denial of Service attack impacts are primarily confined to the target sector, whereas Route Selection Tampering impacts are mostly confined to certain aircraft.

References

[1]

Federal Aviation Administration. 2019. Air Traffic By the Numbers. Retrieved February 10, 2020 from https://www.faa.gov/air_traffic/by_the_numbers/.

[2]

Federal Aviation Administration. 2013. Air Route Traffic Control Centers (ARTCC). Retrieved February 10, 2020 from https://www.faa.gov/about/office_org/headquarters_offices/ato/service_units/air_traffic_services/artcc/.

[3]

Alexandre M. Bayen, Robin L. Raffard, and Claire J. Tomlin. 2004. Eulerian network model of air traffic flow in congested areas. In Proceedings of the 2004 American Control Conference, Vol. 6. IEEE, Los Alamitos, CA, 5520--5526.

[4]

Akshay Belle, Dominic McConnachie, and Philippe Bonnefoy. 2015. A methodology for environmental and energy assessment of operational improvements. In Proceedings of the 11th USA/Europe Air Traffic Management Research and Development Seminar.

[5]

Andrei Costin and Aurélien Francillon. 2012. Ghost in the air (traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices. In Proceedings of Black Hat USA 2012. 1--12.

[6]

Gerald L. Dillingham, Gregory C. Wilshusen, and Nabajyoti Barkakati. 2015. GAO-15-221: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen. Retrieved February 10, 2020 from https://www.gao.gov/assets/670/669627.pdf.

[7]

Claus Gwiggner and Sakae Nagaoka. 2008. 2B10 Recent Models in the Analysis of Air Traffic Flow. Retrieved February 20, 2020 from https://lix.polytechnique.fr/∼gwiggner/Pubs/JSASS08.pdf.

[8]

K. C. Khurana. 2009. Aviation Management: Global Perspectives. Global India Publications.

[9]

Donald McCallie, Jonathan Butts, and Robert Mills. 2011. Security analysis of the ADS-B implementation in the Next Generation Air Transportation System. International Journal of Critical Infrastructure Protection 4, 2 (2011), 78--87.

[10]

P. K. Menon, G. D. Sweriduk, T. Lam, G. M. Diaz, and Karl D. Bilimoria. 2006. Computer-aided Eulerian air traffic flow modeling and predictive control. Journal of Guidance, Control, and Dynamics 29, 1 (2006), 12--19.

[11]

D. Morgan. 2016. Hackers Attack Air Traffic Control. Retrieved February 10, 2020 from http://abcnews.go.com/US/story?id=959938page=1.

[12]

Michael Nolan. 2010. Fundamentals of Air Traffic Control. Cengage Learning.

[13]

The National Academy of Sciences. 2015. A Review of the Next Generation Air Transportation System: Implications and Importance of System Architecture. National Academies Press, Washington, DC.

[14]

U.S. Department of Transportation. Federal Aviation Administration. 2016. The Future of the NAS. Retrieved February 10, 2020 from https://www.faa.gov/nextgen/media/futureofthenas.pdf.

[15]

Pangun Park and Claire Tomlin. 2012. Investigating communication infrastructure of next generation air traffic management. In Proceedings of the IEEE/ACM 3rd International Conference on Cyber-Physical Systems (ICCPS’12). IEEE, Los Alamitos, CA, 35--44.

Digital Library

[16]

Pangun Park and Claire Tomlin. 2015. Performance evaluation and optimization of communication infrastructure for the Next Generation Air Transportation System. IEEE Transactions on Parallel and Distributed Systems 26, 4 (2015), 1106--1116.

Digital Library

[17]

Leon Purton, Hussein Abbass, and Sameer Alam. 2010. Identification of ADS-B system vulnerabilities and threats. In Proceedings of the Australian Transport Research Forum, Canberra. 1--16.

[18]

Sandip Roy and Banavar Sridhar. 2016. Cyber-threat assessment for the air traffic management system: A network controls approach. In Proceedings of the 16th AIAA Aviation Technology, Integration, and Operations Conference. 4354.

[19]

Sandip Roy, Banavar Sridhar, and George C. Verghese. 2003. An aggregate dynamic stochastic model for an air traffic system. In Proceedings of the 5th Eurocontrol/Federal Aviation Agency Air Traffic Management Research and Development Seminar.

[20]

Sandip Roy, Ali Tamimi, Adam Hahn, Mengran Xue, Sajal Das, Amirkhosro Vosughi, and Sean Warnick. 2018. A modeling framework for assessing cyber disruptions and attacks to the National Airspace System. In Proceedings of the 2018 AIAA Modeling and Simulation Technologies Conference. 0109.

[21]

Sandip Roy, Mengran Xue, and Banavar Sridhar. 2017. Vulnerability metrics for the airspace system. In Proceedings of the 12th USA/Europe Air Traffic Management Research and Development Seminar (ATM’17).

[22]

Neha Rungta, Eric G. Mercer, Franco Raimondi, Bjorn C. Krantz, Richard Stocker, and Andrew Wallace. 2016. Modeling complex air traffic management systems. In Proceedings of the IEEE/ACM 8th International Workshop on Modeling in Software Engineering (MiSE’16). IEEE, Los Alamitos, CA, 41--47.

Digital Library

[23]

Matthias Schäfer, Vincent Lenders, and Ivan Martinovic. 2013. Experimental analysis of attacks on next generation air traffic communication. In Proceedings of the International Conference on Applied Cryptography and Network Security. 253--271.

Digital Library

[24]

Daniel A. Spielman and Shang-Hua Teng. 2007. Spectral partitioning works: Planar graphs and finite element meshes. Linear Algebra and Its Applications 421, 2–3 (2007), 284--305.

[25]

Banavar Sridhar, Shon R. Grabbe, and Avijit Mukherjee. 2008. Modeling and optimization in traffic flow management. Proceedings of the IEEE 96, 12 (2008), 2060--2080.

[26]

Kjetil Stormark. 2016. Sweden issued cyber attack alert. Aldrimer. Retrieved February 10, 2020 from https://www.aldrimer.no/sweden-issued-cyber-attack-alert-as-its-air-traffic-reeled/.

[27]

Martin Strohmeier. 2016. Security in Next Generation Air Traffic Communication Networks. Ph.D. Dissertation. University of Oxford.

[28]

Martin Strohmeier, Vincent Lenders, and Ivan Martinovic. 2015. On the security of the Automatic Dependent Surveillance-Broadcast protocol. IEEE Communications Surveys 8 Tutorials 17, 2 (2015), 1066--1087.

Digital Library

[29]

M. Strohmeier, M. Schafer, R. Pinheiro, V. Lenders, and I. Martinovic. 2016. On perception and reality in wireless air traffic communication security. IEEE Intelligent Transportation Systems Society 18, 6 (Oct. 2016), 1338--1357.

[30]

Christine Taylor, Craig Wanke, Yan Wan, and Sandip Roy. 2012. A decision support tool for flow contingency management. In Proceedings of the AIAA Guidance, Navigation, and Control Conference. 4976.

[31]

Armin Teymouri, Ali Mehrizi-Sani, and Chen-Ching Liu. 2018. Cyber security risk assessment of solar PV units with reactive power capability. In Proceedings of the 44th Annual Conference of the IEEE Industrial Electronics Society (IECON’18). IEEE, Los Alamitos, CA, 2872--2877.

[32]

Anusha Thudimilla and Bruce McMillin. 2017. Multiple security domain nondeducibility air traffic surveillance systems. In Proceedings of the IEEE 18th International Symposium on High Assurance Systems Engineering (HASE’17). IEEE, Los Alamitos, CA, 136--139.

[33]

Federal Aviation Administration. 2015. En route operations. In Instrument Procedures Handbook. Federal Aviation Administration.

[34]

Yan Wan, Christine Taylor, Sandip Roy, Craig Wanke, and Yi Zhou. 2013. Dynamic queuing network model for flow contingency management. IEEE Transactions on Intelligent Transportation Systems 14, 3 (2013), 1380--1392.

Digital Library

[35]

Chao Wang, Jing Ge, and Xiaohao Xu. 2009. Analysis of air traffic flow control through agent-based modeling and simulation. In Proceedings of the International Conference on Computer Modeling and Simulation (ICCMS’09). IEEE, Los Alamitos, CA, 286--290.

Digital Library

[36]

James Williams and T. L. Signore. 2010. National Airspace System Security Cyber Architecture. Retrieved February 10, 2020 from https://www.mitre.org/sites/default/files/publications/10_4169.pdf.

[37]

Gregory C. Wilshusen, Nabajyoti Barkakati, and Gerald L. Dillingham. 2015. GAO-15-370: FAA Needs to Address Weaknesses in Air Traffic Control Systems. Government Accountability Office, Washington, DC.

[38]

Mustafa Harun Yılmaz, Ertuğrul Güvenkaya, Haji M. Furqan, Selçuk Köse, and Hüseyin Arslan. 2017. Cognitive security of wireless communication systems in the physical layer. Wireless Communications and Mobile Computing 2017 (2017).

Cited By

Bolbot VXiang LBrunou PKiviharju MDing YBanda O(2024)Cybersecurity risk assessment of a marine dual-fuel engine on inland waterways shipProceedings of the Institution of Mechanical Engineers, Part M: Journal of Engineering for the Maritime Environment10.1177/14750902241265173Online publication date: 28-Jul-2024
https://doi.org/10.1177/14750902241265173
Sampigethaya KWilkerson K(2024)Crew Role in CNS-ATM Cyber Security: Cyber Readiness of Air Traffic Controllers2024 Integrated Communications, Navigation and Surveillance Conference (ICNS)10.1109/ICNS60906.2024.10550798(1-15)Online publication date: 23-Apr-2024
https://doi.org/10.1109/ICNS60906.2024.10550798
Kamaruzzaman MHossain MTaenaka YKadobayashi Y(2023)Mitigation of ADS-B Spoofing Attack Impact on Departure Sequencing Through Modulated Synchronous Taxiing ApproachIEEE Open Journal of Intelligent Transportation Systems10.1109/OJITS.2023.32868814(720-739)Online publication date: 2023
https://doi.org/10.1109/OJITS.2023.3286881
Show More Cited By

Index Terms

Cyber Threat Impact Analysis to Air Traffic Flows Through Dynamic Queue Networks

Recommendations

Threat impact analysis to air traffic control systems through flight delay modeling
Highlights
- Modeling the air traffic control system from the perspectives of air and ground.
Abstract
Air traffic control (ATC) systems increasingly rely on communication, navigation, and other emerging digital technologies, making them more susceptible to external threats. To better analyze the different impacts, this paper proposes a ...
The AI-Based Cyber Threat Landscape: A Survey

Recent advancements in artificial intelligence (AI) technologies have induced tremendous growth in innovation and automation. Although these AI technologies offer significant benefits, they can be used maliciously. Highly targeted and evasive attacks in ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Cyber-Physical Systems

ACM Transactions on Cyber-Physical Systems Volume 4, Issue 3

Special Issue on User-Centric Security and Safety for CPS

July 2020

279 pages

ISSN:2378-962X

EISSN:2378-9638

DOI:10.1145/3388234

Editor:
Tei-Wei Kuo
City University of Hong Kong and National Taiwan University, Taiwan

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 12 March 2020

Accepted: 01 December 2019

Revised: 01 November 2019

Received: 01 October 2018

Published in TCPS Volume 4, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
1,355
Total Downloads

Downloads (Last 12 months)264
Downloads (Last 6 weeks)25

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bolbot VXiang LBrunou PKiviharju MDing YBanda O(2024)Cybersecurity risk assessment of a marine dual-fuel engine on inland waterways shipProceedings of the Institution of Mechanical Engineers, Part M: Journal of Engineering for the Maritime Environment10.1177/14750902241265173Online publication date: 28-Jul-2024
https://doi.org/10.1177/14750902241265173
Sampigethaya KWilkerson K(2024)Crew Role in CNS-ATM Cyber Security: Cyber Readiness of Air Traffic Controllers2024 Integrated Communications, Navigation and Surveillance Conference (ICNS)10.1109/ICNS60906.2024.10550798(1-15)Online publication date: 23-Apr-2024
https://doi.org/10.1109/ICNS60906.2024.10550798
Kamaruzzaman MHossain MTaenaka YKadobayashi Y(2023)Mitigation of ADS-B Spoofing Attack Impact on Departure Sequencing Through Modulated Synchronous Taxiing ApproachIEEE Open Journal of Intelligent Transportation Systems10.1109/OJITS.2023.32868814(720-739)Online publication date: 2023
https://doi.org/10.1109/OJITS.2023.3286881
Atkins GSampigethaya K(2023)Air Traffic Control System Cyber Security Using Humans and Machine Learning2023 Integrated Communication, Navigation and Surveillance Conference (ICNS)10.1109/ICNS58246.2023.10124305(1-14)Online publication date: 18-Apr-2023
https://doi.org/10.1109/ICNS58246.2023.10124305
Kamaruzzaman MFall DHossain MTaenaka YKadobayashi Y(2022)Modulated Synchronous Taxiing: Mitigating Uncertainties Amid Ads-B Spoofing2022 Integrated Communication, Navigation and Surveillance Conference (ICNS)10.1109/ICNS54818.2022.9771477(1-13)Online publication date: 5-Apr-2022
https://doi.org/10.1109/ICNS54818.2022.9771477
Bin Kamaruzzaman MSane BFall DTaenaka YKadobayashi Y(2021)Analyzing Cascading Effects of Spoofing Attacks on ADS-B Using a Discrete Model of Air Traffic Control Responses and AGMOD Dynamics2021 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR51186.2021.9527914(241-248)Online publication date: 26-Jul-2021
https://doi.org/10.1109/CSR51186.2021.9527914
Zeng LWang BTian JWang Z(2021)Threat Impact Analysis to Air Traffic Control Systems Through Flight Delay ModelingComputers & Industrial Engineering10.1016/j.cie.2021.107731(107731)Online publication date: Oct-2021
https://doi.org/10.1016/j.cie.2021.107731

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents