Undermining Privacy in the Aircraft Communications Addressing and Reporting System (ACARS)

Authors: Matthew Smith, Daniel Moser, Martin Strohmeier, Vincent Lenders, and Ivan Martinovic
Proceedings on Privacy Enhancing Technologies

Abstract

Despite the Aircraft Communications, Addressing and Reporting System (ACARS) being widely deployed for over twenty years, little scrutiny has been applied to it outside of the aviation community. Whilst originally utilized by commercial airlines to track their flights and provide automated timekeeping on crew, today it serves as a multi-purpose air-ground data link for many aviation stakeholders including private jet owners, state actors and military. Such a change has caused ACARS to be used far beyond its original mandate; to date no work has been undertaken to assess the extent of this especially with regard to privacy and the various stakeholder groups which use it. In this paper, we present an analysis of ACARS usage by privacy sensitive actors-military, government and business. We conduct this using data from the VHF (both traditional ACARS, and VDL mode 2) and satellite communications subnetworks. Based on more than two million ACARS messages collected over the course of 16 months, we demonstrate that current ACARS usage systematically breaches location privacy for all examined aviation stakeholder groups, explaining the types of messages used to cause this problem.We illustrate the challenges with three case studies-one for each stakeholder group-to show how much privacy sensitive information can be constructed with a handful of ACARS messages. We contextualize our findings with opinions on the issue of privacy in ACARS from 40 aviation industry professionals. From this, we explore recommendations for how to address these issues, including use of encryption and policy measures.

People

Dr. Daniel Moser
Doctoral Student (2016 – 2021)
armasuisse

BibTex

@ARTICLE{smith2018undermining,
	copyright = {Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International},
	doi = {10.3929/ethz-b-000294042},
	year = {2018-04},
	volume = {2018},
	type = {Journal Article},
	journal = {Proceedings on Privacy Enhancing Technologies},
	author = {Smith, Matthew and Moser, Daniel and Strohmeier, Martin and Lenders, Vincent and Martinovic, Ivan},
	abstract = {Despite the Aircraft Communications, Addressing and Reporting System (ACARS) being widely deployed for over twenty years, little scrutiny has been applied to it outside of the aviation community. Whilst originally utilized by commercial airlines to track their flights and provide automated timekeeping on crew, today it serves as a multi-purpose air-ground data link for many aviation stakeholders including private jet owners, state actors and military. Such a change has caused ACARS to be used far beyond its original mandate; to date no work has been undertaken to assess the extent of this especially with regard to privacy and the various stakeholder groups which use it. In this paper, we present an analysis of ACARS usage by privacy sensitive actors-military, government and business. We conduct this using data from the VHF (both traditional ACARS, and VDL mode 2) and satellite communications subnetworks. Based on more than two million ACARS messages collected over the course of 16 months, we demonstrate that current ACARS usage systematically breaches location privacy for all examined aviation stakeholder groups, explaining the types of messages used to cause this problem.We illustrate the challenges with three case studies-one for each stakeholder group-to show how much privacy sensitive information can be constructed with a handful of ACARS messages. We contextualize our findings with opinions on the issue of privacy in ACARS from 40 aviation industry professionals. From this, we explore recommendations for how to address these issues, including use of encryption and policy measures.},
	issn = {2299-0984},
	keywords = {aviation privacy; ACARS; avionic systems},
	language = {en},
	address = {Warsaw, Poland},
	publisher = {De Gruyter},
	number = {3},
	title = {Undermining Privacy in the Aircraft Communications Addressing and Reporting System (ACARS)},
	PAGES = {105 - 122}
}

Research Collection: 20.500.11850/294042