Targeted Detection for Attacks on the MIL-STD-1553 Bus

Over the last decade we have observed a renewed focus on weapon systems security. Particularly the MIL-STD-1553 protocol, which was designed for military aircraft. In it, computers known as remote terminals (RTs) share information across a common serial data bus. Similarly to the well researched controller area network (CAN) bus, MIL-STD-1553 features no authentication, such that an attacker can manipulate the system by spoofing the bus controller (BC) and transmitting a single malicious message. These malicious messages are particularly bad in the MIL-STD-1553 context, where a single message can disable an RT, or engage a weapon system. To address these issues, this article proposes an intrusion detection system (IDS). While previous work utilizes the same techniques as used on the CAN bus, this leads to unnecessary complexity, inaccuracy, and poor efficiency. We take advantage of the protocol to detect an attacker spoofing the BC with 100% accuracy. In addition, we use standardized error flags to detect an attacker spoofing RT responses. The result of this work is an accurate and easy to implement detection system for all MIL-STD-1553 systems.