2006 ieee aerospace conference – big sky, montana 1 modular, cost-effective, extensible avionics...

12006 IEEE Aerospace Conference – Big Sky, Montana

Modular, Cost-Effective, Extensible Avionics Architecture for Secure, Mobile Communications over Aeronautical Data Links

2006 IEEE Aerospace ConferenceBig Sky, Montana

Will IvancicNASA Glenn Research Center

[email protected]

mailto:[email protected]


NASA’s Request for Comments on theGlobal Air Space System Requirements


Current View of the Global Airspace System

Current Global and National Airspace System Stove-piped communication systems Disjoint set of networks

Currently not globally network centric Evolved over time with limited concern for network security

Security by obscurity Closed systems Insufficient bandwidth to support security measures

Safe and Secure Air Traffic Control methods have evolved in reaction to changes in

technology, capacity and use Current methods are reaching limit of scalability

FAA - Bringing Safety to America’s Skies Mission is to provide the safest, most efficient aerospace system in the world. Responsible National Airspace System, not funded to address global issues.

Movement toward Network Centric Operations Cross network security Authentication, Authorization, Accounting and Encryption Required changes in Policy!


Global Airspace System Requirements

1. Must be value added Cannot add cost without a return on investment that meets or exceeds those costs.

2. Must be capable of seamless global operation.3. Must be capable of operating independently of available communications link. Must

support critical Air Traffic Management (ATM) functions over low-bandwidth links with required performance.

4. Must use same security mechanisms for Air Mobile and Ground Infrastructure (surface, terminal, en router, oceanic and space)

Critical ATM messages must be authenticated. Must be capable of encryption when deemed necessary Security mechanisms must be usable globally

Must not violate International Traffic in Arms Regulations5. Must operate across networks owned and operated by various entities

Must be able to share network infrastructure6. Must make maximum use of standard commercial technologies (i.e. core networking

hardware and protocols) 7. Must enable sharing of information with proper security, authentication, and

authorization Situational Awareness Passenger Lists Aircraft Maintenance

8. Same network must accommodate both commercial, military and general aviation.


Design Concepts Must be IPv6 based. Must be capable of a prioritized mixing of traffic

over a single RF link (e.g. ATM, maintenance, onboard security, weather and entertainment).

Must utilize IPsec-based security with Security Associations (SAs) bound to permanent host identities (e.g. certificates) and not ephemeral host locators (e.g. IP addresses).

Must be capable of accommodating mobile networks.

Must be capable of multicasting Must be scalable to tens of thousands of aircraft


Consensus on Six Major Points

It is critical that any new technologies being deployed provide a positive return on investment (ROI).

Network Centric Operations (NCO) will be a major technology in future airspace systems and the next generation Internet Protocol, IPv6 will be the protocol of choice.

Links should be shared, and the system should be provider-independent. This makes QoS a requirement.

A common global security structure must be developed and IPsec is probably the best choice. Some work still needs to be done regarding IPsec multicast, envisioning a certificate-based security architecture, and figuring out how exactly to do QoS with respect to wireless links and encryption.

The system must be able to share network infrastructure.

The system must be extensible to meet future needs.


Aircraft Communications Addressing and Reporting System (ACARS) and the

Aeronautical Telecommunication Network (ATN)


Current Avionics Architecture

ACARS is based upon an all-in-one communications management unit.

Origin can be traced back to global teleprinter network, telex, established in the 1920s!

Point-to-point telex network where all messages come to a central processing location

Today ACARS is widely deployed in commercial airlines. ATN network is an attempt to modernize ACARS,

using most of the existing radio technologies with limited modifications.

Deployed in a closed, aeronautics-only network Limited flexibility

Cannot adapt easily to new technologies, new communication protocols, and new communication links

Security currently is extremely limited at best; however, specifications have been updated in an attempt to rectify this

Limited bandwidth makes security difficult


Communication Management Unit (CMU)

SATCOM AERO-1 System

SATCOM AERO-H/H+ System

VHF Voice/DATA System

HF Voice/DATA System

GateLink

File Server Subsystem

Printer

ARINC 741

ARINC 761

ARINC 740/744

ARINC 719

ARINC 753

ARINC 716

ARINC 750

Terminal

Ethernet

(Optional)

Typical ACARS Onboard Network


Future Air Navigation System (FANS)

In 1983, FANS originated as study of the current air traffic infrastructure and recommend changes to support the anticipated growth in air traffic over the next 25 years

The FANS committee identified these needs: Replacement of the current analog radios with digital air/ground

communications; Use of satellite and HF communication systems to provide

communication where deployment of line-of-sight systems is not practical such as in the oceanic domain;

Global Interoperability; Network-enabled systems to support automation in the airplanes

and on the ground; Transition to a Global Positioning System (GPS)-based navigation

and landing systems; and, Installation of flight service automation to enable pilots to plan

and file flight plans without reliance on flight service specialists. Widely Deployed over ACARS as FANS-1/A

It is now 2005 – 22 years later, and only an extremely small portion of FANS has been deployed using ATN


ATN and Mobility

Uses the Inter-Domain Routing Protocol (IDRP) Using a routing protocol to handle mobility effectively

requires one to own the entire infrastructure because one generally is not permitted to inject routes into another’s infrastructure.

If the radio access is not secure and ATN secure routing is not implemented, the system is extremely vulnerable

A distributed IDRP directory using Boundary Intermediate Systems (BISs) is implemented along with a two level directory approach

Uses an ATN Island concept consisting of backbone BISs and a home BISs concept

This is done to limit the convergence time or route updates.

If the routing structure were to become to large, convergence times would become unacceptable.

ATN Island Routing Domain Confederation

ATN TRD ATN TRD

ATN Backbone RDC

ATN TRDATN ERD

ATN ERD

ATN Island RDC

Mobile RD

Mobile RDMobile RD

AnotherATN Island

ERD – End Routing DomainRD – Routing DomainRDC – Routing Domain ConfederationTRD – Transit Routing Domain


Typical ATN Onboard Network

Similar to CMU in ACARS Network


Mobile-IP Based Architecture


Features of Mobile-IP Based Mobile Networking

Commercial-Off-The-Shelf technology IETF NEtwork MObility (nemo)

Base functionality is standardized Currently working on route optimization

Rapid Convergence Time Link independent (Multihoming) Does not inject routes into the infrastructure

Allows for use of shared infrastructure. One does not have to own the infrastructure

Allows for insertion of new link technologies as they mature.

Enables competition which should reduce cost Policy-based Routing (Currently in

development) IETF Mobile Nodes and Multiple Interfaces in IPv6

(monami6)

Communication Management Unit (CMU)

SATCOM AERO-1

SATCOM AERO-HH

VHF Voice/DAT

A

HF Voice/DAT

A

GateLink

INMARSAT Swift 64

Connexion by Boeing

WiFi Max

Cellular

Future Links

Mobile Router

Cryptography and Firewall

Traditional Avionics

Display

Passenger Services

IP-Based Transitional Architecture

SATCOM AERO-1

SATCOM AERO-HH

VHF Voice/DAT

A

HF Voice/DAT

A

GateLink

INMARSAT Swift 64

Connexion by Boeing

WiFi Max

Cellular

Future Links

Mobile Router



Operations LAN

(Avionics)

Communication and Display

Passenger Services

Air Traffic Managemen

t LAN

Sensor Controller (Optional Display)

IP-Based Architecture with ATC and AOC Separate


Mobile Router


Operations LAN

(Avionics)

Communications Sensor Controller

and Display

Passenger Services

Air Traffic Managemen

t LAN

Radio Link 1

Radio Link 2

Radio Link 3

Radio Link 4

Radio Link N

IP-Based Architecture with ATC and AOC Combined

IP-Based Architecture with ATC and AOC Combined


High speed link

int2

int3

Routing Policy

Routing Policy

int1Low latency link

Reliable linkATC

ATCATC

ATC

AOC

AOCAOC

AOC

P-DATA

P-DATA

P-DATA

P-DATA

P-DATAP-DATAHomeAgent

Policy-Based Routing, All Links Active

ATC

AOC

P-DATA


High speed link

int2

int3

Routing Policy

Routing Policy

int1Low latency link

Reliable linkATC

ATCATC

ATCAOC

AOC

P-DATA

P-DATA

P-DATAHomeAgent

Policy-Based Routing, Critical Link Active

ATC


High speed link

int2

int3

Routing Policy

Routing Policy

HomeAgentint1

Low latency link

Reliable link

ATC

ATC

ATC

AOC

AOCAOC

P-DATA

P-DATA

P-DATA

P-DATA

P-DATAP-DATA

Policy-Based Routing, Passengers Link Active


Achieving Positive Return on Investment


Internet Protocol Value Added Features

Lower Telecommunication Costs of IP-based networks as compared to dedicated point-to-point links

Competition among information providers Economies of scale Lower development costs for new applications

and maintenance due to standardization of interfaces


Link Independence

Most important considerations for this is not technical, but related to cost, safety, and politics

Facilitates globalization and supports positive ROI

Requires change in policy Change in use of spectrum

World Radio Conference to allow use of other frequencies for air traffic control messages

Air Traffic Controller is now networked. These are some very different modes of operation from what the aeronautics community is comfortable with.


Airplanes and Automobiles

Commercial airlines make up only 4% of the active civil aircraft – approximately 15,000 out of a total of 215,000

aircraft “Airbus forecasts that of this total, 16,600 new

passenger aircraft of more than 100 seats will be needed in the coming 20-year period

Today, 700 million cars are globally deployed for a human population of 6 billion. Toyota expects to produce 9.2 million vehicles in

2006. General Motors produce approximately 9.1 million

vehicles in 2005


Applications for Mobile Platforms

Car-to-car communication (plane-to-plane) Driver assistance information ITS taxi service where the taxi company runs a system to distribute the

best taxi based on the locations, idle/operation information. (Air Operations)

Probe servers collects and distributes information gathered by various probes

Car inspection information and maintenance log Preventative maintenance (Air Operations)

Probe data analysis and synthesis where time/location data among various probe data can be integrated to create traffic information. (Air Traffic Management)

Vending machine networks where vending machines can become wireless LAN access points, to offer broadband wireless communication infrastructure. (Surface Area)

Large volume content distribution service (Electronic Flight Bag) Encrypted data contents can be downloaded onto car-equipped devices and

decryption key can be sent later to enable a new type of distribution, which lowers communication cost and makes download operation transparent.

Next-generation road service where computer-assisted road service automates the process of locating and failure of a broken-down car and towing it to a desired destination. (Air Operations)


Backup Slides


Car-to-Car Communications

Mission and Objectives Create and establish an open

European industry standard for Car2Car communication systems based on wireless LAN components

Guarantee European-wide inter-vehicle operability

Enable the development of active safety applications by specifying, prototyping and demonstrating the Car2Car system

Promote the allocation of a royalty free European wide exclusive frequency band for Car2Car applications

Push the harmonization of Car2Car Communication standards worldwide

Develop realistic deployment strategies and business models to speed-up the market penetration

Technical Approach Use of IPv6 Utilize 802.11 wireless LAN

technology Ad hoc routing capable of

handling rapid changes in topology

Source: Car2Car Communication Consortium


Security Mechanisms Encryption mechanisms should be limited to

those that are free of ITAR restrictions Other counties also have regulations restricting

the exportation of cryptography technology These regulations may limit the ability to realize cost

and schedule advantages that could be gained by using a single set of proven security infrastructure software throughout the world.

Multicast and current IPSec implementations do not necessarily work well together.

Support for IPSec-base security with Security Associations bound to permanent host (multicast group) identities (e.g. certificates)

Location, control, and responsiveness of the authentication authority servers is critical.

2006 ieee aerospace conference – big sky, montana 1 modular, cost-effective, extensible avionics...

Documents

network security security

onboard security

proper security

efficient aerospace

necessary security mechanisms

ipsecbased security

security measures safe

security associations