By Ofer Hofman, Founder and CTO of Sital Technology, August 2023.

 

Over our 28 years of delivering MIL-STD-1553 IP cores, components, and cards, we have provided solutions for critical systems such as:

1. MIL-STD-1553 for weapon delivery in jet fighters.
2. MIL-STD-1553 for avionic system control in aircraft.
3. MIL-STD-1553 for nuclear plants control.
4. MIL-STD-1553 for satellites and space vehicles.

 

It is a robust communication standard used for controlling various machines and systems. For this article, we assume the reader is familiar with this standard and operation, if not, please read this resource about MIL-STD-1553.

 

If an attacking hacker gains control over such critical 1553 buses, they can undermine missions by preventing weapon delivery or crippling the system’s operation.

 

For those criticalities, it is important to protect 1553 systems from possible attacks.

It is also common to hear from operators that 1553 buses are not on the internet, and therefore attackers cannot gain access to attack. We, at Sital Technology, believe that attackers do find their way in, especially when the 1553 system operators are indifferent to the risk, and that closing those attack holes today, would send the potential attackers a clear message and turn them to try elsewhere.

 

Disclaimer: we do not attempt to know all types of Cyber-attacks. If you think we are missing something to improve this article, kindly send me a note to ofer.ZZ@sitaltech.com (replace ZZ with ‘h’).

 

In this article we would like to explore the possible attack types on 1553 buses:

 

• DoS – Denial of Service attack
• BC Impersonation attack
• RT Impersonation attack
• Wiring failures

 

In addition, explore the optional attack vectors from which they penetrate the 1553 network (cyber):

 

• Online, through internet connected 1553 modules
• Through supply chain
• LRU service cycle
• Intermittent wiring failures
  

DoS – Denial of Service attack

A Denial of Service attack is achieved when an attacker floods the 1553 bus, preventing the BC from completing its transmissions. The BC works with both Bus A and Bus B. If one bus is blocked, the BC will retry on the other. As a result, a DoS attack is likely expected to block both buses.

 

The DoS might simply involve non-1553 noise or sine waves.

 

The DoS can be achieved by legit 1553 messages. They can be standard messages or Broadcast and/or mode codes. A single command word such as broadcast reset RT mode code, sent every 4 milliseconds would cause all RTs to mute for 5 milliseconds on both buses, and would consequently be offline, re, denied.

 

The DoS attack can start at power-up, or worse, triggered-on by some kind of event that would paralyze the bus at specific time slots or locations during the mission.

BC Impersonation attack

MIL-STD-1553 bus calls for a single Bus Controller (BC) at a time. The BC starts every one of the messages on the bus. No other can, only the BC. All RTs wait for the BC command to potentially react and respond.

 

An attacker employs an additional BC, and sends messages to the bus. These messages can be of DoS in nature, such as explained above, or worse, send falsified data and instructions to the Remote Terminals (RT/s) to jeopardize the mission. Such data as GPS information would cripple weapon release and or weapon delivery accuracy.

 

This impersonating BC can be an RT that is SW programmed to become a BC for an attack, as we recorded in one of the squadrons with one of the munitions, or an attacking LRU added to the 1553 bus.

 

For example, hijacking an aircraft and routing it to a wrong destination can be achieved by an attacker if the impersonating BC distributes falsified GPS information.

RT Impersonation attack

RT impersonating is a bit more complex to achieve by an attacker. RTs on a bus serve as either actuators or sensors. Actuators such as relay controllers and displays, or sensors such as Navigation or Radar. An attacker would want to replace the reply to the BC command instead of the legit RT. It would want to reply with falsified data.

 

The challenge is that in MIL-STD-1553B an RT is required to responds to the BC command within 4 to 12 microseconds (uSec) from the end of the command word. If the legit RT responds in 7 uSec, the attacking RT should respond faster, say within 4 uSec. Some attacked RTs would see that the bus is busy (by the attacker response), and would back-off completely. But for most RTs out there, if there was some bus dead time after the BC command, the legit RT would respond even if the attacking RT responded very fast.

 

In most cases we see that RTs do respond even if the bus is already busy by the attacking RT.

 

If the attacking RT snicks in and responds, concurrent to the legit RT response, that would make a mess on the bus, because two transmitters are transmitting at the same time. The actual attacker achievement would be that the responses from the attacked RT are erroneous rather than valid and falsified. The actual result of these overlapped responses would be RT DoS, and the attacker would not be able to inject falsified data, but rather error out data from that RT.

 

So RT impersonation is actually in most cases be RT DoS. Would the attacker take the risk?

Wiring failures

Most aircrafts fly for decades. They age under their intensive environmental conditions. So do their 1553 buses. Sometimes 1553 buses get disconnected, or shorted, or couplers fail, or transformers short, plugs get pin push-backs, and connecters get disconnected. These are damages to the Cyber medium.

 

All of these failures degrade the MIL-STD-1553 reliability, and cause communication failures.

 

These communication failures impact very much like DoS attacks, they deny RT/s from the bus and from live data.

 

In MIL-STD-1553 there are two buses, bus A and B redundancy in order to provide backup, and the BC can automatically retry the message on the other bus. Each bus has 2 termination resistors. The 1553 is so robust that it can operate with 1 bus and 1 resistor on it.

 

Normally on the aircraft, the Signal to Noise Ratio (SNR) in 1553 signal is at least 1:10, i.e., SnR > 10. But when there is a missing terminator resistor, or other bus faults, the SNR can drop down to 1:1. In this case, most messages would finish Ok, and some fail. However, in flight, when environmental conditions are worse, SNR drops below 1, and two things can happen:

 

1. Messages fail with error – This is equivalent to DoS.
2. Messages pass with 2-bit flip. 2-bit change is not detected by a parity error.

 

The latter is where it starts to get scary. MIL-STD-1553 uses 1-bit parity as word validation. Parity can detect 1, 3, 5… bit flips, but if there are even bit flips such as 2, 4, 6… bits, parity can’t find it, and the message would be considered Ok. Obviously the receiver would receive wrong data! – which is exactly what a cyber-attacker is trying to achieve…

 

For example, when it gets to weapon delivery, the GPS information loaded to a weapon might be corrupted by these wiring issues, and the bomb release might suffer from one of:

 

1. Least significant bits flipped – The weapon would be released but to a slight wrong destination!!
2. Most significant bits flipped – The weapon rejects the released since the corrupted GPS target is way off…

 

For all these reasons and more, weapon buses use MIL-STD-1760 which is based on 1553 but with extra CRC testing, and higher bus voltages.

 

CRC would error out many more messages, and the pilots would experience lots of weapons not releasing…

 

Scary even further, we encountered weapons that ignore CRC data to assure delivery…

 

Ground maintenance crews would not be able to find and locate these issues since they occur during flight. As a result, we see that every squadron has a blacklist of certain tail number aircraft which are tagged “sick”. They would be used in training, but avoided for critical missions.

Common Attack Vectors

How do the attackers find their way in to the 1553 bus sub-systems?

 

Online attack – An aircraft LRU that has both an external wireless data connection as well as a 1553 bus connection. The attacker remotely injects or triggers malicious SW program that causes the LRU to execute 1553 transmissions on both 1553 bus A and B with damaging contents.

 

Supply chain attack – The LRU manufacture, tier 1 supplier, supplies a unit that has malicious SW built in to it. That malicious attack can wait for a predefined trigger to attack which could be a zero-day attack.

 

LRU Service Cycle – An LRU is removed from the aircraft for maintenance. Taken to service. Fixed, and returns to service. During this service cycle, an attacker can inject the malicious SW. These kind of attacks are more common with maintenance crew that recruited for money, ideology, or blackmail.

 

Wiring failures – The aircraft attacks itself. The very high SNR of 1553, combined with aging and environmental extreme conditions with the in-ability of common 1553 maintenance tools to detect wiring degradation lead to 1553 communication failures during a mission, without the ability to detect, nor solve it on the ground, post flight.

Additional Cyber protection topics

Eavesdropping prevention – In most buses there is an intentional monitor that records the entire flight communication. Sometimes it is critical for highly classified equipment, and their associated 1553 messages, not to be recorded, since the team that have access to the monitored data do not have the sufficient clearance.

 

In those cases, a Cyber filter module should prevent the unwanted messages from reaching the monitor. It is commonly seen that man-in-the-middle module would be placed between the coupler and the monitor, to filter out the classified messages.

 

Same goes for prevention of eavesdropping. In that scenario, place a man-in-the-middle filter on each stub, allowing only the messages that are intended for that stub’s LRU.

 

Schematic and components cyber-attack – We have seen complete squadrons with 1553 buses having a single termination resistor, instead of two.

 

In one event, a UAV, a “3-stub with termination” coupler was wrongly replaced with a “3-stub without terminator” coupler, and the entire fleet suffered from a single termination, with very low SNR, causing multiple communication failures during flight, and no issue detection on ground.

 

In a second event, a fighter jet, was upgraded to include an additional LRU to the 1553 bus. During this add-on, a coupler was added to the bus. The coupler has 2 bus ports, and a single stub port. In the upgrade schematic, the stub port and the bus port were swapped, leaving the terminator on the stub, and added LRU on the 2^nd bus port of the coupler. This degraded the SNR dramatically, but not enough to be detected on ground.

Sital Technology offers a unique solution for integrating our IP and software on Xilinx SoC/MPSoC FPGAs, called Integrated 1553. It leverages Xilinx’s Vivado and Vitis tools, allowing customers to reduce FPGA system integration times and focus on their areas of higher-level hardware and software value-add.

By using our Intergrated 1553 service, customers can benefit from Sital’s efficient integration of hardware firmware and software for our data bus interfaces, saving more than 1 man year of engineering time.

Intrigued? great! Click Here For More Info.

For real-time updates, check out our LinkedIn page!

 

 

MIL-STD-1553 has set the standard for reliability in military digital communication, ensuring seamless, error-free data exchange. This robust framework facilitates the integration of weapons, radars, and other critical systems, significantly enhancing military operations’ efficacy and strategic capability.

 

The adaptability and reliability of MIL-STD-1553 not only boost operational performance and serve as a vital link in the command-and-control chain, ensuring that complex information is accurately and swiftly conveyed.

 

Sital Technology specializes in providing advanced DataBus communication technologies and solutions tailored specifically for the avionics, aerospace, and automotive sectors. Our MIL-STD-1553 solutions are at the heart of our offerings.

 

We deliver Airborne Interface Cards, Testers, High-Reliability Components, and customized IP cores designed to meet the rigorous demands of MIL-STD-1553, EBR-1553, ARINC-429, ARINC-825, CAN, and Space Grade applications. Our solutions are engineered to elevate the operational efficiency of your projects, enhancing system integration and reliability.

MIL-STD-1553 Increases System Reliability in Harsh Military Environments

The robustness of MIL-STD-1553 is evident in its ability to maintain consistent communication under extreme conditions. This standard is designed with hardiness in mind, guaranteeing that data transfer is not only swift but also uninterrupted, regardless of external factors. Such reliability is paramount in military operations where the cost of communication failure can be exceptionally high.

 

The architecture of MIL-STD-1553 is such that it supports redundant pathways for data transmission. This means that if one path encounters a problem, the system automatically reroutes the data, thus maintaining a steady flow of information. This redundancy is a critical feature, ensuring that operations can continue smoothly without significant delays or data loss.

 

Moreover, the consistent improvement of MIL-STD-1553 test equipment has played a substantial role in enhancing system reliability. These advancements enable early detection and resolution of potential issues before they escalate, further bolstering the standard’s robustness in challenging environments.

Enhancing Data Security Through MIL-STD-1553‘s Built-In Encryption Features

Data security is a paramount concern for military operations, where the risk of sensitive information falling into the wrong hands can have dire consequences. MIL-STD-1553 addresses this concern with integrated encryption capabilities, ensuring that data remains protected throughout its transmission.

 

The encryption features of MIL-STD-1553 are sophisticated, yet they operate seamlessly within the system, adding an essential layer of security without compromising the speed or efficiency of data transfer. This ensures that even if data interception occurs, the information remains inaccessible to unauthorized parties.

 

The standard also supports the implementation of various encryption algorithms, allowing organizations to choose the best option that suits their specific security needs. This flexibility is invaluable, given the evolving nature of cyber threats and the need for military operations to stay one step ahead.

Streamlining Communication Among Diverse Military Equipment with MIL-STD-1553

One of the standout benefits of MIL-STD-1553 is its ability to facilitate cohesive communication between different types of military equipment. This interoperability is crucial for the integrated operations that define modern military strategy.

 

MIL-STD-1553 standardizes the communication protocol, ensuring that all devices, regardless of manufacturer, can exchange data smoothly. This uniform approach eliminates compatibility issues that can otherwise arise, streamlining the integration of new technologies into existing systems.

 

Furthermore, the standard simplifies the development process for new military equipment. Manufacturers can design their products with the assurance that they will operate harmoniously within the MIL-STD-1553 ecosystem, allowing for quicker deployment and reduced costs.

Ensuring Real-Time Data Exchange Accuracy in Mission-Critical Operations

Accuracy in data transmission is vital in mission-critical military operations, where decisions depend on the reliable exchange of information. MIL-STD-1553 ensures precision in communication, enabling real-time operational performance. This high level of accuracy is achieved through rigorous protocol specifications, which mandate exact timing and data formatting.

 

With MIL-STD-1553, messages are delivered within a predictable timeframe, which is indispensable for applications requiring synchronized timing. The standard’s sophisticated error-checking mechanisms detect and correct any anomalies, preserving data integrity. This process minimizes the risk of misinterpretation or delays in command execution, contributing to successful mission outcomes.

 

For military operations, the consequences of inaccurate data can be significant. MIL-STD-1553 addresses this by providing a stable, dependable platform where each piece of data can be trusted. This trust is the backbone of coordinated efforts across multiple systems and is a testament to the standard’s value.

MIL-STD-1553 Facilitates Efficient Multiple Device Integration and Control

The integration of multiple devices within military systems can be daunting, but MIL-STD-1553 simplifies this process. By offering a common communication standard, it allows for the efficient management and control of various devices. This enables seamless interaction between components that need to work in harmony for operational efficiency.

 

With its clear-cut message formats and communication protocols, MIL-STD-1553 facilitates the addition and integration of new devices without the need for extensive customization. This plug-and-play functionality saves time and reduces the risk of errors during system upgrades or expansions.

 

The use of this standard provides operators with a central point of control. With every device speaking the same ‘language,’ the complexity of managing a diverse array of technologies is significantly reduced. This centralized control leads to better coordination, quicker responses, and a more cohesive operation of military systems.

Reducing System Complexity and Maintenance Costs with MIL-STD-1553 Standards

MIL-STD-1553 has a profound impact on the simplification of system architectures. The standard’s streamlined approach to data bus design reduces the need for multiple wires and connections necessary in complex systems. This simplification plays a significant role in enhancing system durability and reliability, while also making maintenance tasks more manageable.

 

The cost of system upkeep is a critical consideration, and MIL-STD-1553 helps in this regard by decreasing the need for frequent overhauls. Its robust design means less wear and tear on components and a longer operational life for the overall system. This longevity translates into lower replacement and repair expenses over time.

Your Trusted Partner for a Reliable MIL-STD-1553 System

Sital Technology stands as your ideal partner for integrating a MIL-STD-1553 system into your aerospace, avionics, or automotive projects. Our dedication to innovation, combined with our extensive range of high-quality components and bespoke IP cores, ensures that your systems communicate efficiently and reliably under any circumstances. Our team of experts is committed to providing you with the cutting-edge solutions needed to stay ahead in the fast-paced aerospace, avionics, and automotive technology industries.

 

Our proven expertise in MIL-STD-1553 solutions is your gateway to integrating the most advanced and reliable communication technologies into your operations. Contact us, and let’s work together to bring your projects to new heights.