aeronautical information security aeronautical information security atn conference september 24-25...
TRANSCRIPT
Aeronautical Information Aeronautical Information SecuritySecurity
ATN ConferenceSeptember 24-25 2002
HoneywellAdvanced Systems Technology Group7000 Columbia Gateway DriveColumbia, MD 21046
Aeronautical Information Security2002 ATN Conference, London UK
2
AgendaAgendaAgendaAgenda
•What is Information Security
•Overview of Cryptography
•ATN Security
•Secure ACARS
Aeronautical Information Security2002 ATN Conference, London UK
3
What is Information Security?What is Information Security?What is Information Security?What is Information Security?
Information security is concerned with providing:
• Confidentiality,• Authentication,• Integrity, and• Availability
of data (during both storage and communication).
Aeronautical Information Security2002 ATN Conference, London UK
4
Critical Considerations for Aeronautical INFOSECCritical Considerations for Aeronautical INFOSECCritical Considerations for Aeronautical INFOSECCritical Considerations for Aeronautical INFOSEC
• Thorough Vulnerability analysis to identify relevant risks
• Bandwidth and computation constraints
• Standardization – use of proven security solutions
• Cost of implementation,deployment and maintenance
Aeronautical Information Security2002 ATN Conference, London UK
5
Vulnerability and Risk AnalysisVulnerability and Risk AnalysisVulnerability and Risk AnalysisVulnerability and Risk Analysis
Privacy Authentication
Integrity
Monitoring Spoofing
Modification
Data Corruption
Virus Viruses
Aeronautical Information Security2002 ATN Conference, London UK
6
Overview of CryptographyOverview of CryptographyOverview of CryptographyOverview of Cryptography
Aeronautical Information Security2002 ATN Conference, London UK
7
Overview of Cryptography [1/5]Overview of Cryptography [1/5]Overview of Cryptography [1/5]Overview of Cryptography [1/5]
Symmetric Cryptography– a.k.a., Secret Key Cryptography
– A single shared secret key () is used to both encrypt and decrypt a message
– Common algorithms DES, Triple-DES, IDEA, AES
– Strengths Excellent performance (fast) Very strong security
– Weaknesses Secret key management
requires sending and receiving parties to obtain shared secret key via secure means
Not practical for digital signing or authentication
Scalability
EncryptionEncryption
Encrypt
Decrypt
Bob
Alice
Aeronautical Information Security2002 ATN Conference, London UK
8
Overview of Cryptography [2/5]Overview of Cryptography [2/5]Overview of Cryptography [2/5]Overview of Cryptography [2/5]
Asymmetric Cryptography– a.k.a., Public Key Cryptography– Keys come in pairs -- one
private ( ), one public () Operation “done” with one key
is “undone” with other– Common algorithms
RSA, DSA, ECC– Strengths
Minimizes exposure of keys– Only public keys are shared– Knowing public key provides
no information about private key
Enables digital signatures– Weaknesses
Computationally slow compared to symmetric key
Requires “trust” in public keys
Encryption
Digital Signature
Encryption
Digital Signature
Encrypt
Bob
Decrypt
Bob
Bob
Alice
Sign
Alice
Verify
Alice
Bob
Alice
+
+
Aeronautical Information Security2002 ATN Conference, London UK
9
Overview of Cryptography [3/5]Overview of Cryptography [3/5]Overview of Cryptography [3/5]Overview of Cryptography [3/5]
Hybrid Cryptography– Takes advantage of symmetric and asymmetric strengths – Encrypt messages using high performance symmetric algorithms– Securely manage message encryption keys and digitally sign messages
using slower asymmetric algorithms
Encrypt
Bob
Alice
Encrypt
Bob
Hash & Sign
Alice
Hash &Verify
Decrypt
Alice
Decrypt
Bob
Note: is a public key certificate which
contains Alice’s public key signed by a trusted Certificate Authority (CA).
Confidentiality and Authentication
Confidentiality Only
Aeronautical Information Security2002 ATN Conference, London UK
10
Overview of Cryptography [4/5]Overview of Cryptography [4/5]Overview of Cryptography [4/5]Overview of Cryptography [4/5]
Session Key Derivation– Shared secret key is derived independently from parameters that are
exchanged in the open– Mathematical properties ensure that session keys generated
independently by both parties are identical– Conserves system resources
Sign
Bob
Alice
DeriveKey
Alice
Alice Bob
Note: Alice generates some session Parameters and sends them to Bob. Her signature ensures authenticity.
Note: is a public key certificate which
contains Alice’s public key signed by a trusted Certificate Authority (CA).
Verify
Bob
Derive Key HMAC
TAG
Alice
Alice
Note: Alice and Bob derives the session key from parameters exchanged between them, their respective addresses, and their public/private key pairs.
Aeronautical Information Security2002 ATN Conference, London UK
11
Overview of Cryptography [5/5]Overview of Cryptography [5/5]Overview of Cryptography [5/5]Overview of Cryptography [5/5]
Basic Contents of a Public Key Certificate
Public Key Certificate
Distinguished Name: cn= Identifier ou= ATN-Aircraft o= Honeywell c= USSerial No.: 12345678Valid Not Before: Date/TimeValid Not After: Date/TimePublic Key: Key Usage: SigningIssuing CA Distinguished Name: cn= ‘State’-CA ou= ATN o= Honeywell c= US
Unique name of public key owner
Unique public key certificate number
Certificate validity dates
Public keyKey Usage (signing or encryption)
Name of certificate issuer
Certificate issuer’s digital signature
Aeronautical Information Security2002 ATN Conference, London UK
12
ATN SecurityATN SecurityATN SecurityATN Security
Aeronautical Information Security2002 ATN Conference, London UK
13
Security in ATNSecurity in ATNSecurity in ATNSecurity in ATN
• Risk analysis performed by Eurocontrol has identified the following threats:– Masquerade/modification/replay of air-ground application
communications.– Denial of service by flooding ground IDRP databases.
• Airlines desire to ensure the confidentiality of operational data.
• ATN SARPs (Edition 3) provides the following security services:– Authentication and integrity of air-ground applications.– Authentication and integrity of IDRP communications.– Supporting Public Key Infrastructure (PKI).
• ATNP WG-B/Sub-Group 3 is enhancing the ATN SARPs to add confidentiality services
Aeronautical Information Security2002 ATN Conference, London UK
14
ATN Security SolutionATN Security SolutionATN Security SolutionATN Security Solution
• Uses both symmetric & public-key cryptography.
• Based on ISO Generic Upper Layer Security (GULS) standard.
• Mutual authentication during initial CM contact is provided by Elliptic Curve Digital Signature Algorithm (ECDSA).
• Initial CM contact also establishes shared public value using (EC Diffie-Hellman)
• Required public keys of applications are delivered to aircraft during initial CMA exchange.
• Application (and location) specific session keys derived by applications from their key pairs and shared public value.
• Subsequent application communications secured by Hashed Message Authentication Code (HMAC) under session key
• Message Counter and source included to prevent replay.
Aeronautical Information Security2002 ATN Conference, London UK
15
Secure Session Establishment ProcessSecure Session Establishment ProcessSecure Session Establishment ProcessSecure Session Establishment Process
Ground
CMA V
Derive MacKeyU,V, XU,V
D S
Ground
App W
D_Data MACed
MACed D-Start request
Signed CMA login request, & application address W
MACed CMA login response including V’s cert, W’s public key, etc
Signed CMA data response incl time and XU,V
Cert request U, V
Certs & CRLs
Cert request U, W
Certs & CRLs
U’s private key, W’s public key, XU,V
CMA data request
MACed D-Start response
Derive MacKeyY,W
App Y Aircraft CMA U Derive MacKeyU,V, XU,V Derive MacKeyY,W
Aeronautical Information Security2002 ATN Conference, London UK
16
ATN PKIATN PKIATN PKIATN PKI
• Major components: Certificate Authorities (CA) and Certificate Delivery Services.
• Each State is required to establish and maintain a CA and Delivery Services.
• Aircraft operators may maintain subordinate CAs.
• CAs issue X.509 certificates and CRLs.
• Sharing of CAs among States is recommended to reduce cross certification.
• Delivery Services deliver certificates and CRLs to ATN entities.
Aeronautical Information Security2002 ATN Conference, London UK
17
Relationship of ATN CAsRelationship of ATN CAsRelationship of ATN CAsRelationship of ATN CAs
State CA State CA State CA
Ground CMAAOE CAs Ground Apps Ground Routers
Aircraft CMAs Aircraft Routers
Aeronautical Information Security2002 ATN Conference, London UK
18
Certificate Delivery ServicesCertificate Delivery ServicesCertificate Delivery ServicesCertificate Delivery Services
• May use X.500 directories for automated certificate delivery.
• Ground scenarios:– All applications and routers have directory access.– CMA has directory access and provides certificates and
CRLs as needed to other applications.– Certificates may be cashed locally or pre-stored.
• Air scenarios:– Short-lived certificates for CMA/routers sent to aircraft.– Certificate fields known by aircraft in advance not sent
on RF. Certificate reconstructed by aircraft before verification.
– CMA certificates may be pre-stored.
Aeronautical Information Security2002 ATN Conference, London UK
19
Secure ACARSSecure ACARSSecure ACARSSecure ACARS
Aeronautical Information Security2002 ATN Conference, London UK
20
Secure ACARS OverviewSecure ACARS OverviewSecure ACARS OverviewSecure ACARS Overview
• US Air Force Dual Use Science and Technology (DUS&T) Program– Objective of DUS&T: Leverage Commercial Know-how,
Investments, and Markets for Dual Commercial and Military Use
– Cooperative Agreement Between Government and Contractor
– 50/50 Cost Share between Honeywell and USAF
• Phase 1: Extend ACARS protocol to support standard-based security solution– Honeywell, Columbia MD
– Expected completion of laboratory prototype by 2/2003
Aeronautical Information Security2002 ATN Conference, London UK
21
System CapabilitiesSystem CapabilitiesSystem CapabilitiesSystem Capabilities
• Security Services– Authentication: Provide strong authentication of the terrestrial and airborne
communicating peer entities
– Data Integrity: Provide data integrity for the ACARS payload
– Data Confidentiality: Provide data confidentiality for the ACARS payload
• Migration to ATN– Implements cryptographic primitives, functions, and Public Key Infrastructure
(PKI) specified in the ATN SARPs, Security Services (ICAO Doc 9705, SV 8)
• Compatibility/Interoperability– Support full backward compatibility with the existing ACARS message traffic
when operating in non-secure mode– Permit the DSP to route ACARS security message traffic in the same manner
as current non-secure message traffic– Ensure media independence to facilitate operation over VHF, HF, SATCOM or
other future communication links
• Data Compression to preserve ACARS bandwidth
Aeronautical Information Security2002 ATN Conference, London UK
22
Proposed Security Framework for ACARSProposed Security Framework for ACARSProposed Security Framework for ACARSProposed Security Framework for ACARS
Mechanism Notes
Note 2
Note 1
ITU-T X.509
ECDSAFIPS-186-2
SHA-1FIPS-180-1
AESFIPS-197
ATN SARPs
ECDHANSI X9.63
HMAC-SHA-1RFC2104
Notes:1. HMAC is published as FIPS-198, as of 6 Mar 2002.2. Currently there is no FIPS for key exchange; however for Elliptic Curve
Cryptosystems, ANSI X9.63 is likely to be the basis for FIPS.
Security Service
PK Certificates
Digital Signature
Hash
Encryption
Key Exchange
MessageAuthentication
Data Integrity /Authentication
Confidentiality
KeyManagement
Cryptographic Algorithms
ITU-T X.509
ECDSAFIPS-186-2
SHA-1FIPS-180-1
AESFIPS-197
S-ACARS
ECDHANSI X9.63
HMAC-SHA-1RFC 2104
Standards-based, COTS-supported Security FrameworkStandards-based, COTS-supported Security Framework
Aeronautical Information Security2002 ATN Conference, London UK
23
Secure ACARS Overhead AnalysisSecure ACARS Overhead AnalysisSecure ACARS Overhead AnalysisSecure ACARS Overhead Analysis
Based on Proposed ACARS Security Framework• Session Establishment
Key Establishment Downlink: ~ 60 bytes Uplink: ~ 21 bytes
• Data Exchange Confidentiality, Data Authentication/Integrity Services Down/Uplink: Single-block or Multi-block ACARS message
+ Security Overhead (7 bytes)
• Session Termination Data Authentication/Integrity
– Explicit Downlink: ~ 10 bytes Uplink: ~ 10 bytes
– Implicit Down/Uplink: 0 bytes
Compression can negate overhead and achieve savings!Compression can negate overhead and achieve savings!
Aeronautical Information Security2002 ATN Conference, London UK
24
ContactContactContactContact
Aloke RoyHoneywell International
Phone #: +1-410-964-7341, Fax #: +1-410-964-7322Email: [email protected]
www.honeywell.com