aeronautical information security atn conference september 24-25 2002

Aeronautical Information Aeronautical Information SecuritySecurity

ATN ConferenceSeptember 24-25 2002

HoneywellAdvanced Systems Technology Group7000 Columbia Gateway DriveColumbia, MD 21046

Aeronautical Information Security2002 ATN Conference, London UK

2

AgendaAgendaAgendaAgenda

•What is Information Security

•Overview of Cryptography

•ATN Security

•Secure ACARS


3

What is Information Security?What is Information Security?What is Information Security?What is Information Security?

Information security is concerned with providing:

• Confidentiality,• Authentication,• Integrity, and• Availability

of data (during both storage and communication).


4

Critical Considerations for Aeronautical INFOSECCritical Considerations for Aeronautical INFOSECCritical Considerations for Aeronautical INFOSECCritical Considerations for Aeronautical INFOSEC

• Thorough Vulnerability analysis to identify relevant risks

• Bandwidth and computation constraints

• Standardization – use of proven security solutions

• Cost of implementation,deployment and maintenance


5

Vulnerability and Risk AnalysisVulnerability and Risk AnalysisVulnerability and Risk AnalysisVulnerability and Risk Analysis

Privacy Authentication

Integrity

Monitoring Spoofing

Modification

Data Corruption

Virus Viruses


6

Overview of CryptographyOverview of CryptographyOverview of CryptographyOverview of Cryptography


7

Overview of Cryptography [1/5]Overview of Cryptography [1/5]Overview of Cryptography [1/5]Overview of Cryptography [1/5]

Symmetric Cryptography– a.k.a., Secret Key Cryptography

– A single shared secret key () is used to both encrypt and decrypt a message

– Common algorithms DES, Triple-DES, IDEA, AES

– Strengths Excellent performance (fast) Very strong security

– Weaknesses Secret key management

requires sending and receiving parties to obtain shared secret key via secure means

Not practical for digital signing or authentication

Scalability

EncryptionEncryption

Encrypt

Decrypt

Bob

Alice


8


Asymmetric Cryptography– a.k.a., Public Key Cryptography– Keys come in pairs -- one

private ( ), one public () Operation “done” with one key

is “undone” with other– Common algorithms

RSA, DSA, ECC– Strengths

Minimizes exposure of keys– Only public keys are shared– Knowing public key provides

no information about private key

Enables digital signatures– Weaknesses

Computationally slow compared to symmetric key

Requires “trust” in public keys

Encryption

Digital Signature

Encryption

Digital Signature

Encrypt

Bob

Decrypt

Bob

Bob

Alice

Sign

Alice

Verify

Alice

Bob

Alice

+

+


9


Hybrid Cryptography– Takes advantage of symmetric and asymmetric strengths – Encrypt messages using high performance symmetric algorithms– Securely manage message encryption keys and digitally sign messages

using slower asymmetric algorithms

Encrypt

Bob

Alice

Encrypt

Bob

Hash & Sign

Alice

Hash &Verify

Decrypt

Alice

Decrypt

Bob

Note: is a public key certificate which

contains Alice’s public key signed by a trusted Certificate Authority (CA).

Confidentiality and Authentication

Confidentiality Only


10


Session Key Derivation– Shared secret key is derived independently from parameters that are

exchanged in the open– Mathematical properties ensure that session keys generated

independently by both parties are identical– Conserves system resources

Sign

Bob

Alice

DeriveKey

Alice

Alice Bob

Note: Alice generates some session Parameters and sends them to Bob. Her signature ensures authenticity.

Note: is a public key certificate which

contains Alice’s public key signed by a trusted Certificate Authority (CA).

Verify

Bob

Derive Key HMAC

TAG

Alice

Alice

Note: Alice and Bob derives the session key from parameters exchanged between them, their respective addresses, and their public/private key pairs.


11


Basic Contents of a Public Key Certificate

Public Key Certificate

Distinguished Name: cn= Identifier ou= ATN-Aircraft o= Honeywell c= USSerial No.: 12345678Valid Not Before: Date/TimeValid Not After: Date/TimePublic Key: Key Usage: SigningIssuing CA Distinguished Name: cn= ‘State’-CA ou= ATN o= Honeywell c= US

Unique name of public key owner

Unique public key certificate number

Certificate validity dates

Public keyKey Usage (signing or encryption)

Name of certificate issuer

Certificate issuer’s digital signature


12

ATN SecurityATN SecurityATN SecurityATN Security


13

Security in ATNSecurity in ATNSecurity in ATNSecurity in ATN

• Risk analysis performed by Eurocontrol has identified the following threats:– Masquerade/modification/replay of air-ground application

communications.– Denial of service by flooding ground IDRP databases.

• Airlines desire to ensure the confidentiality of operational data.

• ATN SARPs (Edition 3) provides the following security services:– Authentication and integrity of air-ground applications.– Authentication and integrity of IDRP communications.– Supporting Public Key Infrastructure (PKI).

• ATNP WG-B/Sub-Group 3 is enhancing the ATN SARPs to add confidentiality services


14

ATN Security SolutionATN Security SolutionATN Security SolutionATN Security Solution

• Uses both symmetric & public-key cryptography.

• Based on ISO Generic Upper Layer Security (GULS) standard.

• Mutual authentication during initial CM contact is provided by Elliptic Curve Digital Signature Algorithm (ECDSA).

• Initial CM contact also establishes shared public value using (EC Diffie-Hellman)

• Required public keys of applications are delivered to aircraft during initial CMA exchange.

• Application (and location) specific session keys derived by applications from their key pairs and shared public value.

• Subsequent application communications secured by Hashed Message Authentication Code (HMAC) under session key

• Message Counter and source included to prevent replay.


15

Secure Session Establishment ProcessSecure Session Establishment ProcessSecure Session Establishment ProcessSecure Session Establishment Process

Ground

CMA V

Derive MacKeyU,V, XU,V

D S

Ground

App W

D_Data MACed

MACed D-Start request

Signed CMA login request, & application address W

MACed CMA login response including V’s cert, W’s public key, etc

Signed CMA data response incl time and XU,V

Cert request U, V

Certs & CRLs

Cert request U, W

Certs & CRLs

U’s private key, W’s public key, XU,V

CMA data request

MACed D-Start response

Derive MacKeyY,W

App Y Aircraft CMA U Derive MacKeyU,V, XU,V Derive MacKeyY,W


16

ATN PKIATN PKIATN PKIATN PKI

• Major components: Certificate Authorities (CA) and Certificate Delivery Services.

• Each State is required to establish and maintain a CA and Delivery Services.

• Aircraft operators may maintain subordinate CAs.

• CAs issue X.509 certificates and CRLs.

• Sharing of CAs among States is recommended to reduce cross certification.

• Delivery Services deliver certificates and CRLs to ATN entities.


17

Relationship of ATN CAsRelationship of ATN CAsRelationship of ATN CAsRelationship of ATN CAs

State CA State CA State CA

Ground CMAAOE CAs Ground Apps Ground Routers

Aircraft CMAs Aircraft Routers


18

Certificate Delivery ServicesCertificate Delivery ServicesCertificate Delivery ServicesCertificate Delivery Services

• May use X.500 directories for automated certificate delivery.

• Ground scenarios:– All applications and routers have directory access.– CMA has directory access and provides certificates and

CRLs as needed to other applications.– Certificates may be cashed locally or pre-stored.

• Air scenarios:– Short-lived certificates for CMA/routers sent to aircraft.– Certificate fields known by aircraft in advance not sent

on RF. Certificate reconstructed by aircraft before verification.

– CMA certificates may be pre-stored.


19

Secure ACARSSecure ACARSSecure ACARSSecure ACARS


20

Secure ACARS OverviewSecure ACARS OverviewSecure ACARS OverviewSecure ACARS Overview

• US Air Force Dual Use Science and Technology (DUS&T) Program– Objective of DUS&T: Leverage Commercial Know-how,

Investments, and Markets for Dual Commercial and Military Use

– Cooperative Agreement Between Government and Contractor

– 50/50 Cost Share between Honeywell and USAF

• Phase 1: Extend ACARS protocol to support standard-based security solution– Honeywell, Columbia MD

– Expected completion of laboratory prototype by 2/2003


21

System CapabilitiesSystem CapabilitiesSystem CapabilitiesSystem Capabilities

• Security Services– Authentication: Provide strong authentication of the terrestrial and airborne

communicating peer entities

– Data Integrity: Provide data integrity for the ACARS payload

– Data Confidentiality: Provide data confidentiality for the ACARS payload

• Migration to ATN– Implements cryptographic primitives, functions, and Public Key Infrastructure

(PKI) specified in the ATN SARPs, Security Services (ICAO Doc 9705, SV 8)

• Compatibility/Interoperability– Support full backward compatibility with the existing ACARS message traffic

when operating in non-secure mode– Permit the DSP to route ACARS security message traffic in the same manner

as current non-secure message traffic– Ensure media independence to facilitate operation over VHF, HF, SATCOM or

other future communication links

• Data Compression to preserve ACARS bandwidth


22

Proposed Security Framework for ACARSProposed Security Framework for ACARSProposed Security Framework for ACARSProposed Security Framework for ACARS

Mechanism Notes

Note 2

Note 1

ITU-T X.509

ECDSAFIPS-186-2

SHA-1FIPS-180-1

AESFIPS-197

ATN SARPs

ECDHANSI X9.63

HMAC-SHA-1RFC2104

Notes:1. HMAC is published as FIPS-198, as of 6 Mar 2002.2. Currently there is no FIPS for key exchange; however for Elliptic Curve

Cryptosystems, ANSI X9.63 is likely to be the basis for FIPS.

Security Service

PK Certificates

Digital Signature

Hash

Encryption

Key Exchange

MessageAuthentication

Data Integrity /Authentication

Confidentiality

KeyManagement

Cryptographic Algorithms

ITU-T X.509

ECDSAFIPS-186-2

SHA-1FIPS-180-1

AESFIPS-197

S-ACARS

ECDHANSI X9.63

HMAC-SHA-1RFC 2104

Standards-based, COTS-supported Security FrameworkStandards-based, COTS-supported Security Framework


23

Secure ACARS Overhead AnalysisSecure ACARS Overhead AnalysisSecure ACARS Overhead AnalysisSecure ACARS Overhead Analysis

Based on Proposed ACARS Security Framework• Session Establishment

Key Establishment Downlink: ~ 60 bytes Uplink: ~ 21 bytes

• Data Exchange Confidentiality, Data Authentication/Integrity Services Down/Uplink: Single-block or Multi-block ACARS message

+ Security Overhead (7 bytes)

• Session Termination Data Authentication/Integrity

– Explicit Downlink: ~ 10 bytes Uplink: ~ 10 bytes

– Implicit Down/Uplink: 0 bytes

Compression can negate overhead and achieve savings!Compression can negate overhead and achieve savings!


24

ContactContactContactContact

Aloke RoyHoneywell International

Phone #: +1-410-964-7341, Fax #: +1-410-964-7322Email: [email protected]

www.honeywell.com

aeronautical information security atn conference september 24-25 2002

Documents

london uk

public key certificate

sharedknowing public

alices public key

public key cryptographykeys

publicprivate key pairs

public operation

session keys