MULTI-LAYER SECURITY MECHANISM FOR COMMERCIAL AIRCRAFT SOFTWARE DISTRIBUTION SYSTEM: CASE OF AIRLINES

Abstract

Aircraft avionics systems are one of the most critical components of an airplane due to their criticality for safe flight operations. These systems rely on loadable software aircraft parts to perform functions previously handled manually or by analog systems. When a new or update to an existing software is needed to be installed on the aircraft, the software parts are transferred from the manufacturer/supplier to operators. Operators should have a software management process that includes adequate protections from software tampering while the software is in storage and during transfers. Currently, there is no security mechanism that can prevent installation of software from non-official sources for the previous design airplanes that did not adapt technology advancements. The attackers could take advantage of this vulnerability and tamper the software parts, which could negatively affect the safe operation of the airplane. To solve this problem, this study employed the design science research methodology, which is a rigorous research framework that creates and evaluates information technology (IT) artifacts, to solve the identified security problems. This study performed a comprehensive security analysis of the aircraft software distribution systems by applying the systems approach called Systems Theoretic Process Analysis for Security. This study found out two critical security vulnerabilities in the aircraft software distribution system: (1) there is no security mechanism for the previous design airplanes to authenticate the identity of the sender of the software and to ensure that the original content of the document is unchanged and (2) password-based single-factor authentication is used for accessing the ground-based software servers as well as maintenance laptops. Finally, this study demonstrated that the identified vulnerabilities could be eliminated or prevented from being exploited by applying the proposed solutions. Therefore, the major contribution of this study is applying a multi-layer security mechanism for the aircraft software distribution system, which enhances the existing security mechanisms and provides adequate security protection.