1. Economy Class Crypto: Exploring Weak Cipher Usage in Avionic Communications via ACARS 2017 Attacks FinancialCryptography PhysicalSystems
    Matthew Smith, Daniel Moser, Martin Strohmeier, Vincent Lenders, Ivan Martinovic
    [View PDF on fc17.ifca.ai]
    [Show BibTex Citation]

    @inproceedings{DBLP:conf/fc/0006MSLM17,
    author = {Matthew Smith and
    Daniel Moser and
    Martin Strohmeier and
    Vincent Lenders and
    Ivan Martinovic},
    editor = {Aggelos Kiayias},
    title = {Economy Class Crypto: Exploring Weak Cipher Usage in Avionic Communications
    via {ACARS}},
    booktitle = {Financial Cryptography and Data Security - 21st International Conference,
    {FC} 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers},
    series = {Lecture Notes in Computer Science},
    volume = {10322},
    pages = {285--301},
    publisher = {Springer},
    year = {2017},
    url = {https://doi.org/10.1007/978-3-319-70972-7\_15},
    doi = {10.1007/978-3-319-70972-7\_15},
    timestamp = {Tue, 14 May 2019 10:00:38 +0200},
    biburl = {https://dblp.org/rec/bib/conf/fc/0006MSLM17},
    bibsource = {dblp computer science bibliography, https://dblp.org}
    }

Recent research has shown that a number of existing wireless avionic systems lack encryption and are thus vulnerable to eavesdropping and message injection attacks. The Aircraft Communications Addressing and Reporting System (ACARS) is no exception to this rule with 99% of the traffic being sent in plaintext. However, a small portion of the traffic coming mainly from privately-owned and government aircraft is encrypted, indicating a stronger requirement for security and privacy by those users. In this paper, we take a closer look at this protected communication and analyze the cryptographic solution being used. Our results show that the cipher used for this encryption is a mono-alphabetic substitution cipher, broken with little effort. We assess the impact on privacy and security to its unassuming users by characterizing months of real-world data, decrypted by breaking the cipher and recovering the keys. Our results show that the decrypted data leaks privacy sensitive information including existence, intent and status of aircraft owners.

  1.