A new research study has shown that “moving target defense”, a cybersecurity technique that shuffles network addresses, can effectively confuse hackers seeking control of military jets, commercial airliners, or spacecraft. This technique resembles a blackjack dealer shuffling playing cards to prevent gamblers from winning.
Many aircraft and spacecraft have an onboard computer network known as military standard 1553, commonly referred to as MIL-STD-1553, or even just 1553. The network is an established protocol for enabling systems like radar, flight controls, and the heads-up display to communicate with each other. Securing these networks against cyberattacks is a national security priority because of the potentially catastrophic impact of a successful hack.
Chris Jenkins, a Sandia National Laboratories cybersecurity scientist, has stated that if a hacker takes over 1553 midflight, the pilot could lose control of critical aircraft systems, and the impact could be devastating. Many researchers across the country have systems that use the MIL-STD-1553 protocol for command and control.
Jenkins and his team at Sandia partnered with researchers at Purdue University in West Lafayette, Indiana, to test an idea that could secure these crucial networks. Their research showed that moving target defense can protect MIL-STD-1553 networks against a machine-learning algorithm when designed correctly. The team’s findings were recently published in the IEEE Transactions on Dependable and Secure Computing scientific journal. The research was funded by Sandia’s Laboratory Directed Research and Development program.
Researchers needed to know whether a moving target defense would work to change network addresses, unique numbers assigned to each device on the network. Moving target defense, like the game of three-card monte, requires randomness to be effective. MIL-STD-1553’s address space is small, making it difficult to randomize. However, the Sandia team found a way to surreptitiously shuffle 31 numbers in a way that couldn’t easily be decoded.
The challenge with randomizing a small set of numbers is that everything must be programmed, and there’s always a hidden pattern that can be discovered. Machine learning algorithms can spot the pattern of a randomization routine much faster than a human. However, cybersecurity designers can write a program that changes the randomization pattern before a machine can catch on.
Sandia’s team partnered with Bharat Bhargava, a computer science professor at Purdue University, to test the effectiveness of their defense. They set up two devices to communicate back and forth on a 1553 network. Occasionally, one device would slip in a coded message that would change both devices’ network addresses. The Purdue team used this data to train a long short-term memory machine-learning algorithm to predict the next set of addresses.
The first randomization routine was not very effective. The algorithm scored 0.9 out of a perfect 1.0 on a Matthews correlation coefficient, which rates how well a machine-learning algorithm performs. However, the second set of logs, which used a more dynamic routine, resulted in a radically different story. The algorithm only scored 0.2. “0.2 is pretty close to random, so it didn’t really learn anything,” says Sandia computer scientist Indu Manickam.
The test showed that moving target defense can fundamentally work. Still, more importantly, it gave both teams insights into how cybersecurity engineers should design these defenses to withstand a machine-learning-based assault, a concept the researchers call threat-informed code design.
The findings could help improve the security of other small, cyber-physical networks beyond MIL-STD-1553, such as those used in critical infrastructure.
“Being able to do this work for me, personally, was somewhat satisfying because it showed that given the right type of technology and innovation, you can take a constrained problem and still apply moving target defense to it.”