Offensive MIL-1553 Exploitation Training
MIL-STD-1553 is a military standard that defines the physical and logical layers, and a command/response time division multiplexing of a communication bus used in military and aerospace avionic platforms for more than 40 years.
A MIL-STD-1553 multiplex data bus system consists of a Bus Controller (BC) controlling multiple Remote Terminals (RT) all connected together by a data bus providing a single data path between the Bus Controller and all the associated Remote Terminals.
A Bus Controller initiates all messages, traffic and commands the remote terminals to transmit/receive data.
MIL-STD-1553B also introduced the concept of optional broadcast transfers, in which data is sent to all RTs that implement the option, but to which no RTs respond, as this would cause conflicts on the bus.
These can be used where the same data is sent to multiple RTs, to reduce the number of transactions and thus reduce the loading on the data bus. However, the lack of explicit responses by the RTs receiving these broadcasts means that these transfers cannot be automatically re-tried in the event of an error in the transaction.
Overall, there are four categories of broadcast transactions permitted between all capable RTs and the BC.
- Controller to RT(s) Transfer
- RT to RT(s) Transfers
- Mode Command Without Data Word (Broadcast)
- Mode Command With Data Word (Broadcast)
As a legacy platform, MIL-STD-1553 was designed for high level of fault tolerance while less attention was taken with regard to security.
The attack types available to an attacker exploiting the 1553 network depend on the specific foothold they achieve on a platform.
Offensive MIL-1553 Exploitation Training Course by Tonex
Offensive MIL-1553 Exploitation Training is a 2-day training program address MIL-1553 security issues.
“Offensive MIL-1553 Exploitation Training” is a unique training course which offers pentesters the ability to assess and exploit the security of MIL-1553 enabled systems. The training will cover different varieties of MIL-STD-1553 systems, devices, assessing their attack surfaces, analyzing cybersecurity test and evaluation, risk assessment with RMF and analyzing exploits for them. The 2-day (or 3-day) class will be based on theatrical systems.
Participants will learn about architecture of MIL-1553 BC/RT/BM devices, and then analyzing software, hardware, firmware. We will identify attack surface, finding vulnerabilities and then finally exploiting the vulnerabilities.
Who Should Attend
This course is designed for systems engineers, hardware and software design engineers, managers, analysts, security professionals and penetration testers, embedded developers and employees with little or no MIL-STD-1553 or security experience. The course is also useful for those who have experience with MIL-STD-1553 but have never had any formal security training.
Learn about MIL-STD-1553 systems, analysis and design, architecture, protocols, applications, cyber security and Offensive MIL-1553 Exploitation issues.
Upon completion of this course, the attendees are be able to:
- Understand MIL-STD-1553 protocol, architecture and functional characteristics
- Explain the architecture of MIL-STD-1553
- Describe MIL-STD-1553 functional characteristics
- Explain technical components, design, operations and, testing aspects of MIL-STD-1553
- Describe the key cyber security concepts in MIL-STD-1553
- List the requirements and capabilities of MIL-STD-1553 security
- Explore vulnerabilities and weaknesses of MIL-STD-1553 applied to aircraft and weapons
- Learn how MIL-STD-1553 bus works and its attack surfaces
- Illustrate Keys design process steps of a MIL-STD-1553 system and cybersecurity issues
- Learn how to extract and analyze MIL-155e device firmwares and software
Overview of MIL-STD-1553
- Overview of MIL-STD-1553 standard
- MIL-STD-1553 systems, tools and applications
- Characteristics of MIL-STD-1553-capable systems
- MIL-STD-1553 Network and System Security
- Security Definitions
- Equipment originating or terminating classified plain text language
- Wirelines, equipment, and the interconnecting lines
- Wirelines, components, equipment, and systems
- Encrypted or unclassified signals
- Electrical circuits components, equipment, systems
- Classified plain language data in electrical form
- Investigations and studies of compromising emanations
- System Security Policy
- MIL-STD-1553 design (system, hardware, and software)
- Operational, maintenance, and logistic
- Security policy of the aircraft, ship, or system
MIL-STD-1553 Advanced Network System Security
- Cyber security and cyber war analysis of multiplex data bus networks to military aircraft systems, aircraft carriers and smart weapons
- Classification of data across MIL-STD-1553
- Maintenance of data security within this integrated MIL-1553-STD avionics system for both flight and ground operations
- RED, BLACK, and RED/BLACK designation of MIL-STD-1553
- TEMPEST tests, TEMPEST inspections and TEMPEST control plan
- MIL-STD-1553 System Security Policy
MIL-STD-1553 System Security Architecture
- Compromising emanations (i.e., TEMPEST)
- Encryption and Ciphering
- Trusted message routing and control across MIL-STD-1553 bus
- All BLACK bus – No RED data or RED data processor
- ALL RED bus
- RED/BLACK Gateway
- RED/BLACK Composite
- TEMPEST Design
- Hybrid MIL-STD-1553 and Link 16 Cyber Security Analysis
- MIL-STD-1760 Interconnect Standard for Aircraft Stores
- MIL-1553-B/C Signals in MIL-1760A/B/C/D/E
- MIL-STD-1553 and MIL-1760 Analysis
- Application of NACSIM-5100 and NACSIM-5112 for U.S. Military Systems
- Encryption Designs
- Cryptographic key management, coordination, distribution, and zeroize techniques, circuitry and software
- Synchronization and timing protocols
- Encryption alarm and alarm check techniques
- Trusted Message Routing and Control Design
- Store Station Utilizing Primary Signal Set
MIL-STD-1553 Offensive Exploitations
- Exploit Bus Controller (BC), Remote Terminal (RT) and Bus Monitor (BM)
- Dump firmware through various techniques
- Debug hardware and software
- Conventional and Un-conventional attack techniques
- Side Channel Attacks (Clock, Vcc glitching, breaking crypto)
- Write exploits for the platforms