Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication

Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication

Tässä kyberturvallisuuden pro gradu -tutkielmassa esitellään koeasetelma langattomien ACARS, ADS-B ja AIS -tietoliikenneprotokollien tutkimiseen käyttäen ohjelmistoradioita ja avoimen lähdekoodin ohjelmistoja. Protokollia käytetään hyökkäysreittinä Apache Log4j2 Java-ohjelmakirjaston haavoittuvuuksi...

Full description

Bibliographic Details
Main Author: Juvonen, Artturi
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2022
Subjects:
Apache Log4j2
ACARS
ADS-B
AIS
telecommunication
exploitation
log4shell
Kyberturvallisuus
601
kyberturvallisuus
tietoliikenneverkot
ohjelmistoradio
cyber security
data communications networks
software-defined radio
Online Access: https://jyx.jyu.fi/handle/123456789/82892
_version_ 1826225750983835648
author Juvonen, Artturi
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Juvonen, Artturi Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Juvonen, Artturi Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Juvonen, Artturi
datasource_str_mv jyx
description Tässä kyberturvallisuuden pro gradu -tutkielmassa esitellään koeasetelma langattomien ACARS, ADS-B ja AIS -tietoliikenneprotokollien tutkimiseen käyttäen ohjelmistoradioita ja avoimen lähdekoodin ohjelmistoja. Protokollia käytetään hyökkäysreittinä Apache Log4j2 Java-ohjelmakirjaston haavoittuvuuksien hyväksikäytölle. Kirjallisuuskatsauksessa käsitellään tutkielman taustat sekä aiemmat tutkimustulokset. Artikkeliosuudessa kuvaillaan menetelmiä kriittisen CVE-2021-44228 "log4shell" haavoittuvuuden sekä muiden siihen liittyvien haavoittuvuuksien tutkimiseen hyödyntäen tietoisesti haavoittuvaksi tehtyä ohjelmistoa. Valittujen protokollien kyvykkyyttä CVE-2021-44228-haavoittuvuuden vaatimien merkkijonojen siirtämiseen tutkitaan niiden määrittelydokumentteihin perustuen. Skenaarioita, joissa turvallisuuden kannalta kriittiset tietoliikennejärjestelmät voisivat olla haavoittuvia, osoitetaan kokeellisesti mahdolliseksi. Tutkielman keskeinen löydös on, että kaikki tutkitut protokollat mahdollistavat log4shell-kyberhyökkäysten toteuttamisen langattomasti, kun tunnetut ennakkoehdot täyttyvät. Lisäksi tutkielman artikkeliosuudessa tuodaan ilmi merkittäviä uusia löydöksiä Log4j2-ohjelmakirjaston haavoittuvuudesta, joka mahdollistaa vakavien palvelunestohyökkäysten toteuttamisen. In this master’s thesis on cyber security accessible methodology for over-the-air experiments using ACARS, ADS-B, and AIS telecommunication protocols is proposed, using software-defined radios, and utilising open-source and freeware software. The protocols are used as attack vectors for exploitation of Apache Log4j2 Java-library’s vulnerabilities. Methods for studying CVE-2021-44228 "log4shell" remote code execution and related vulnerabilities using intentionally vulnerable software are presented. The telecommunication protocols’ capabilities in transmitting CVE-2021-44228 and related cyberattack strings are evaluated by studying protocol specifications to identify probable attack vectors. Practical scenarios, in which mission critical and safety-of-life information systems could be exploitable, are experimentally demonstrated. All three studied protocols are found to be susceptible for wireless log4shell-cyberattacks, when identified preconditions are met. Moreover, novel findings concerning a high-severity Log4j2 denial of service vulnerability are presented.
first_indexed 2024-09-11T08:50:30Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Costin, Andrei", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Juvonen, Artturi", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2022-08-31T06:21:28Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2022-08-31T06:21:28Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2022", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/82892", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 kyberturvallisuuden pro gradu -tutkielmassa esitell\u00e4\u00e4n koeasetelma langattomien ACARS, ADS-B ja AIS -tietoliikenneprotokollien tutkimiseen k\u00e4ytt\u00e4en ohjelmistoradioita ja avoimen l\u00e4hdekoodin ohjelmistoja. Protokollia k\u00e4ytet\u00e4\u00e4n hy\u00f6kk\u00e4ysreittin\u00e4 Apache Log4j2 Java-ohjelmakirjaston haavoittuvuuksien hyv\u00e4ksik\u00e4yt\u00f6lle. Kirjallisuuskatsauksessa k\u00e4sitell\u00e4\u00e4n tutkielman taustat sek\u00e4 aiemmat tutkimustulokset. Artikkeliosuudessa kuvaillaan menetelmi\u00e4 kriittisen CVE-2021-44228 \"log4shell\" haavoittuvuuden sek\u00e4 muiden siihen liittyvien haavoittuvuuksien tutkimiseen hy\u00f6dynt\u00e4en tietoisesti haavoittuvaksi tehty\u00e4 ohjelmistoa. Valittujen protokollien kyvykkyytt\u00e4 CVE-2021-44228-haavoittuvuuden vaatimien merkkijonojen siirt\u00e4miseen tutkitaan niiden m\u00e4\u00e4rittelydokumentteihin perustuen. Skenaarioita, joissa turvallisuuden kannalta kriittiset tietoliikennej\u00e4rjestelm\u00e4t voisivat olla haavoittuvia, osoitetaan kokeellisesti mahdolliseksi. Tutkielman keskeinen l\u00f6yd\u00f6s on, ett\u00e4 kaikki tutkitut protokollat mahdollistavat log4shell-kyberhy\u00f6kk\u00e4ysten toteuttamisen langattomasti, kun tunnetut ennakkoehdot t\u00e4yttyv\u00e4t. Lis\u00e4ksi tutkielman artikkeliosuudessa tuodaan ilmi merkitt\u00e4vi\u00e4 uusia l\u00f6yd\u00f6ksi\u00e4 Log4j2-ohjelmakirjaston haavoittuvuudesta, joka mahdollistaa vakavien palvelunestohy\u00f6kk\u00e4ysten toteuttamisen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "In this master\u2019s thesis on cyber security accessible methodology for over-the-air experiments using ACARS, ADS-B, and AIS telecommunication protocols is proposed, using software-defined radios, and utilising open-source and freeware software. The protocols are used as attack vectors for exploitation of Apache Log4j2 Java-library\u2019s vulnerabilities. Methods for studying CVE-2021-44228 \"log4shell\" remote code execution and related vulnerabilities using intentionally vulnerable software are presented. The telecommunication protocols\u2019 capabilities in transmitting CVE-2021-44228 and related cyberattack strings are evaluated by studying protocol specifications to identify probable attack vectors. Practical scenarios, in which mission critical and safety-of-life information systems could be exploitable, are experimentally demonstrated. All three studied protocols are found to be susceptible for wireless log4shell-cyberattacks, when identified preconditions are met. Moreover, novel findings concerning a high-severity Log4j2 denial of service vulnerability are presented.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2022-08-31T06:21:28Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2022-08-31T06:21:28Z (GMT). No. of bitstreams: 0\n Previous issue date: 2022", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "51", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "Apache Log4j2", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ACARS", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ADS-B", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "AIS", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "telecommunication", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "exploitation", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "log4shell", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202208314429", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoliikenneverkot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjelmistoradio", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data communications networks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "software-defined radio", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_82892
language eng
last_indexed 2025-02-18T10:56:29Z
main_date 2022-01-01T00:00:00Z
main_date_str 2022
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/94a88a9e-9e2f-4b8c-b517-e132047e3558\/download","text":"URN:NBN:fi:jyu-202208314429.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2022
record_format qdc
source_str_mv jyx
spellingShingle Juvonen, Artturi Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication Apache Log4j2 ACARS ADS-B AIS telecommunication exploitation log4shell Kyberturvallisuus 601 kyberturvallisuus tietoliikenneverkot ohjelmistoradio cyber security data communications networks software-defined radio
title Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication
title_full Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication
title_fullStr Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication
title_full_unstemmed Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication
title_short Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication
title_sort apache log4j2 exploitation in aeronautical maritime and aerospace communication
title_txtP Apache Log4j2 exploitation in aeronautical, maritime, and aerospace communication
topic Apache Log4j2 ACARS ADS-B AIS telecommunication exploitation log4shell Kyberturvallisuus 601 kyberturvallisuus tietoliikenneverkot ohjelmistoradio cyber security data communications networks software-defined radio
topic_facet 601 ACARS ADS-B AIS Apache Log4j2 Kyberturvallisuus cyber security data communications networks exploitation kyberturvallisuus log4shell ohjelmistoradio software-defined radio telecommunication tietoliikenneverkot
url https://jyx.jyu.fi/handle/123456789/82892 http://www.urn.fi/URN:NBN:fi:jyu-202208314429
work_keys_str_mv AT juvonenartturi apachelog4j2exploitationinaeronauticalmaritimeandaerospacecommunication

Similar Items