RADIOELECTRONIC AND COMPUTER SYSTEMS

The subject of this study is the radio frequency cyber vulnerability of information and control interaction technology in the wireless smart systems (WSS). WSS is the cyber-physical systems, that operate within the OSI model. The specificity and specialization of these systems are determined by radio technologies of the physical layer. For example, the Internet of Things (IoT, including medical IoMT), the Internet of Drones (IoD), systems for aviation monitoring ADS-B and traffic management ATM, and, in the future, the Internet of Everything (IoE) - all are types of WSS. The aim is to analyze the radio frequency parameters of information and control interaction in the WSS to identify possible radio frequency cyber vulnerabilities in the WSS. Objectives: summarize and systematize the physical and functional parameters of wireless technologies in the ISM (Industrial Scientific & Medical Band) and SRD (Short range devices) ranges, which are significant from the WSS radiofrequency cyber vulnerability perspective, including navigation technologies; analyze trends and methods of successful cyber attacks on the WSS; carry out expert assessments of potential WSSs cyber vulnerabilities depending on their architecture and application area. The methods used: analysis of trends in known radiofrequency incidents and expert assessments of the cyber vulnerability of the WSS information and control interaction channels. The following results were obtained: 12 actual WSS radio technologies were analyzed. 6 types of possible radio frequency cyber attacks on the WSS were typified. The expert assessment of the probability of exploiting vulnerabilities by ranges, radio technologies, and attack type was made. The special danger of high-tech targeted APT attacks, as well as the high potential radio vulnerability of cyber-physical systems, was shown. The cyber vulnerability of ADS-B aircraft systems was especially noted. Conclusions. The scientific novelty of the results obtained is as follows: a trend of APT attacks cost reduction and an increase in the probability of their implementation through the new capabilities of SDR technology (Software Defined Radio) were revealed. The possibility of a controlled SDR compromising of the security parameters of WSS channels in any radio range was shown. A promising direction of research was proposed - SDR-penetration testing of WSS.

wireless smart system; radio frequency information and control interaction; radio frequency cyber vulnerability; aviation cyber security; software-defined radio; SDR-pentesting

802.XX And The IoE. Available at: https://semiengineering.com/802-xx-for-the-ioe. (accessed 3.07.2020).

Humayed A., Lin, J., Li, F. and Luo, B. Cyber-Physical Systems Security – A Survey. IEEE Internet of Things Journal, 2017, vol. 4, no. 6, pp. 1802-1831. DOI: 10.1109/JIOT.2017.2703172.

Abdulmunem Al-Sudani Mustafa Qahtan, Al-Khafaji Ahmed Waleed, Kharchenko, V. S. The Method Of IMECA-Based Security Assessment: Case Study For Building Automation System. Systemy obrobky informatsiyi – Systems of information processing, 2016, vol. 1 (138), pp. 138-144.

Kharchenko, V., Torianyk, V. Cybersecurity of the Internet of Drones: Vulnerabilities analysis and IMECA based assessment. Conference Proceedings of 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), 2018, pp. 372-377. DOI: 10.1109/DESSERT.2018.8409160.

New Type Of GPS Spoofing Attack In China Creates "Crop Circles" Of False Location Data. Available at: https://www.thedrive.com/the-war-zone/31092/new-type-of-gps-spoofing-attack-in-china-creates-crop-circles-of-false-location-data. (accessed 3.07.2020).

IKAO - Strategija v oblasti aviacionnoj bezopasnosti, oktjabr' 2019 [ICAO - Aviation Security Strategy, October 2019]. Available at: https://www.icao.int/cybersecurity/Pages/Cybersecurity-Strategy.aspx. (accessed 13.06.2020).

EUROCONTROL - Cyber Security in aviation, October 2019. Available at: https://www.eurocontrol.int /sites/default/files/2020-01/eurocontrol-think-paper-3-cybersecurity-aviation.pdf. (accessed 13.06.2020).

Kacem, T., Wijesekera, D., Costa, P., Barreto, A. Security Requirements Analysis of ADS-B Networks. Available at: http://ceur-ws.org/Vol-1304/STIDS2014_T06_KacemEtAl.pdf. (accessed 13.06.2020).

Sylla, I. T. The ISM Revolution: The Next Big Thing. Available at: https://www.eetimes.com/the-ism-revolution-the-next-big-thing. (accessed 13.06.2020).

ISM diapason. Available at: https://ru.qwe.wiki/wiki/ISM_band. (accessed 3.07.2020).

Rishennya NKRZI #18 vid 12.01.2012 Pro sxvalennya uzagal`neny`x umov zastosuvannya radioelektronny`x zasobiv ta vy`prominyuval`ny`x pry`stroyiv. [Decision of the NCRCI №18 of 12.01.2012 On approval of generalized conditions for the use of radio-electronic means and radiating devices]. Available at: https://nkrzi.gov.ua/index.php?r=site/index&pg=38&id=805&language=uk. (accessed 3.07.2020).

Short range devices. Available at: https://www.etsi.org/technologies/short-range-devices?jjj=1598607192016. (accessed 3.07.2020).

Bluetooth. Available at: https://www.sciencedirect.com/topics/engineering/bluetooth. (accessed 3.07.2020)

Z-Wave. Available at: https://uk.wikipedia.org/wiki/Z-wave. (accessed 3.07.2020).

Near Field Communication Technology Standards. http://nearfieldcommunication.org/technology.html. (accessed 3.07.2020).

Torianyk, V. V. Urazlyvist' suchasnykh tekhnolohiy radiochastotnoyi identyfikatsiyi [Vulnerability of modern technologies of radio frequency identification]. Zastosuvannya informatsiynykh tekhnolohiy u pravookhoronniy diyal'nosti. Materialy nauk.-prakt. seminaru. Kharkiv, KhNUVS Publ., 2015, pp. 66-68. (In Ukrainian).

LPD433. Available at: https://uk.wikipedia.org/wiki/LPD433. (accessed 3.07.2020).

PRM446. Available at: https://uk.wikipedia.org/wiki/PRM446. (accessed 3.07.2020).

L-band. Available at: https://en.wikipedia.org/wiki/L-band. (accessed 3.07.2020).

Global Positioning System Standard Positioning Service Performance Standard. Available at: https://www.gps.gov/technical/ps/2020-SPS-performance-standard.pdf. (accessed 5.07.2020).

Steigenberger, P., Thoelert, S., Montenbruck, O. GPS and GLONASS Satellite Transmit Power: Update for IGS repro3. Available at: https://elib.dlr.de/129734/1/TX_Power_20191021.pdf. (accessed 5.07.2020).

Automatic Dependent Surveillance Broadcast (ADS-B). Available at: https://www.skybrary.aero/index.php/Automatic_Dependent_Surveillance_Broadcast_(ADS-B). (accessed 5.07.2020).

Postanova KMU vid 19 chervnya 2019 r. # 518 «Pro zatverdzhennya Zahal'nykh vymoh do kiberzakhystu ob"yektiv krytychnoyi infrastruktury» [Resolution of the Cabinet of Ministers of Ukraine of June 19, 2019 № 518 "On approval of the General requirements for cyber-protection of critical infrastructure"]. Available at: https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF#top. (accessed 7.07.2020).

IoT and Smart Infrastructures. Available at: https://www.enisa.europa.eu/topics/iot-and-smart-infrastructures/smart-infrastructure?tab=details. (accessed 8.07.2020).

Kiberbezopasnost' 2019-2020. Trendy i prognozy [Cybersecurity 2019-2020. Trends and forecasts]. Available at: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-2019-2020. (accessed 8.07.2020).

Alguliev, R., Imamerdiev, Ja., Suhostat, L. Obespechenie informacionnoj bezopasnosti kiberfizicheskih system [Ensuring of information security of cyber-physical systems]. Available at: https://www.researchgate.net/publication/317634995. (accessed 8.07.2020). DOI: 10.25045/NCSoftEng.2017.07.

Cyber-Physical Attacks are Finally for Real. Available at: https://symantec-enterprise-blogs.security.com/blogs/feature-stories/cyber-physical-attacks-are-finally-real. (accessed 8.07.2020).

Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025. Available at: https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide. (accessed 8.07.2020).

Cyberattacks On IOT Devices Surge 300% In 2019. Available at: https://www.forbes.com/sites/zakdoffman/2019/09/14/dangerous-cyberattacks-on-iot-devices-up-300-in-2019-now-rampant-report-claims/#56aff7955892. (accessed 8.07.2020).

Warning: Your IoT devices are at risk of cyber-attack. Available at: https://wire19.com/warning-iot-devices-at-risk. (accessed 8.07.2020).

The 2020 Spotlight Report on Healthcare. Available at: https://www.vectra.ai/resources/2020-spotlight-report-on-healthcare. (accessed 8.07.2020).

Strategic Principles for Securing the IoT. Available at: https://us-cert.cisa.gov/ncas/current-activity/2016/11/15/Strategic-Principles-Securing-IoT. (accessed 8.07.2020).

7 Connected Car Trends Fueling the Future. Available at: https://medium.com/iotforall/7-connected-car-trends-fueling-the-future-946b05325531. (accessed 10.07.2020).

Can your flight be hacked? Available at: https://www.ft.com/content/2e416eca-4e3d-11e8-ac41-759eee1efb74. (accessed 10.07.2020).

Strohmeier, M., Lenders, V., Martinovic, I. On the Security of the Automatic Dependent Surveillance-Broadcast Protocol. Available at: https://www.cs.ox.ac.uk/files/7239/1307.3664v2.pdf. (accessed 10.07.2020).

Kim, Y., Jo, Ju-Y., Lee, S. ADS-B vulnerabilities and a security solution with a timestamp. Available at: https://www.researchgate.net/publication/321736587. (accessed 10.07.2020).

Zegzhda, D. P. Issledovanie kiberbezopasnosti bortovogo oborudovanija vozdushnogo sudna [Study of the cybersecurity of aircraft on-board equipment]. Available at: http://www.modern-avionics.ru/Files/14-SPbPU-Zegzhda-29.08.2019.pdf. (accessed 10.07.2020).

Zybin, E. Ju. Koncepcija obespechenija informacionnoj bezopasnosti bortovogo oborudovanija vozdushnogo sudna [The concept of ensuring of information security of aircraft onboard equipment]. Available at: https://www.gosniias.ru/pages/d/akb-2018-1-zybin.pdf. (accessed 10.07.2020).

Johnson, P. New research LAB leads to unique radio receiver. E-Systems Team, 1985, vol. 5, no. 4, pp. 6-8.

Picod, J.-M., Lebrun, A., Demay, J.-C. Bringing Software Defined Radio to the Penetration Testing Community. Available at: http://lib.21h.io/library/N6I45ECV. (accessed 10.07.2020).

Kharchenko, V., Kor, A.-L., Rucinski, A. (editors). Dependable IoT for Human and Industry: Modeling, Architecting, Implementation. River Publishers, Series in Information Science and Technology, Denmark. 2018. 450 p.