Aircraft and their ground counterparts have been communicating via the ACARS data-link protocol for more than five decades. Like many legacy protocols, ACARS was not designed with security in mind. As many ACARS users still have a need to secure their messages, proprietary, often insecure, solutions abound. For instance, researchers discovered through manual inspection that some actors encrypt ACARS messages using an insecure, easily reversible encryption method. A first step towards improving the security of ACARS communications would be to identify and contact all users of such insecure ciphers. A large-scale analysis of ACARS messages, however, is a challenging and time-consuming task that requires substantial expertise on both aircraft communications and encryption methods.
In this project, we propose BRUTUS, a decision-support system that support human analysts to detect the use of insecure ciphers in the ACARS network in an efficient and scalable manner. We propose and evaluate three different methods to automatically label ACARS messages that are likely to be encrypted with insecure ciphers. We show that our labelling methods effectively filter out messages that with a high likelihood are insecure ciphertexts. We apply our system to a sample of real-world ACARS messages and show the labels produced by \name enable a human analyst to identify the use of nine new (and potentially insecure) ciphers in the ACARS network.