< draft-ietf-raw-ldacs-03.txt   draft-ietf-raw-ldacs-04.txt >
RAW N. Maeurer, Ed. RAW N. Maeurer, Ed.
Internet-Draft T. Graeupl, Ed. Internet-Draft T. Graeupl, Ed.
Intended status: Informational German Aerospace Center (DLR) Intended status: Informational German Aerospace Center (DLR)
Expires: 30 April 2021 C. Schmitt, Ed. Expires: 2 May 2021 C. Schmitt, Ed.
Research Institute CODE, UniBwM Research Institute CODE, UniBwM
27 October 2020 29 October 2020
L-band Digital Aeronautical Communications System (LDACS) L-band Digital Aeronautical Communications System (LDACS)
draft-ietf-raw-ldacs-03 draft-ietf-raw-ldacs-04
Abstract Abstract
This document provides an overview of the architecture of the L-band This document provides an overview of the architecture of the L-band
Digital Aeronautical Communications System (LDACS), which provides a Digital Aeronautical Communications System (LDACS), which provides a
secure, scalable and spectrum efficient terrestrial data link for secure, scalable and spectrum efficient terrestrial data link for
civil aviation. LDACS is a scheduled, reliable multi-application civil aviation. LDACS is a scheduled, reliable multi-application
cellular broadband system with support for IPv6. LDACS shall provide cellular broadband system with support for IPv6. LDACS shall provide
a data link for IP network-based aircraft guidance. High reliability a data link for IP network-based aircraft guidance. High reliability
and availability for IP connectivity over LDACS are therefore and availability for IP connectivity over LDACS are therefore
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 30 April 2021. This Internet-Draft will expire on 2 May 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 28 skipping to change at page 2, line 28
5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 8 5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 8
5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 8 5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 8
5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 8 5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 8
5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 9 5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 9
5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 9 5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 9
5.2.1. Air-to-Ground Multilink . . . . . . . . . . . . . . . 9 5.2.1. Air-to-Ground Multilink . . . . . . . . . . . . . . . 9
5.2.2. Air-to-Air Extension for LDACS . . . . . . . . . . . 9 5.2.2. Air-to-Air Extension for LDACS . . . . . . . . . . . 9
5.2.3. Flight Guidance . . . . . . . . . . . . . . . . . . . 10 5.2.3. Flight Guidance . . . . . . . . . . . . . . . . . . . 10
5.2.4. Business Communication of Airlines . . . . . . . . . 11 5.2.4. Business Communication of Airlines . . . . . . . . . 11
5.2.5. LDACS Navigation . . . . . . . . . . . . . . . . . . 11 5.2.5. LDACS Navigation . . . . . . . . . . . . . . . . . . 11
6. Requirements to LDACS . . . . . . . . . . . . . . . . . . . . 12 6. Requirements to LDACS . . . . . . . . . . . . . . . . . . . . 11
7. Characteristics of LDACS . . . . . . . . . . . . . . . . . . 13 7. Characteristics of LDACS . . . . . . . . . . . . . . . . . . 13
7.1. LDACS Sub-Network . . . . . . . . . . . . . . . . . . . . 13 7.1. LDACS Sub-Network . . . . . . . . . . . . . . . . . . . . 13
7.2. Topology . . . . . . . . . . . . . . . . . . . . . . . . 14 7.2. Topology . . . . . . . . . . . . . . . . . . . . . . . . 14
7.3. LDACS Physical Layer . . . . . . . . . . . . . . . . . . 15 7.3. LDACS Physical Layer . . . . . . . . . . . . . . . . . . 14
7.4. LDACS Data Link Layer . . . . . . . . . . . . . . . . . . 15 7.4. LDACS Data Link Layer . . . . . . . . . . . . . . . . . . 15
7.5. LDACS Mobility . . . . . . . . . . . . . . . . . . . . . 15 7.5. LDACS Mobility . . . . . . . . . . . . . . . . . . . . . 15
8. Reliability and Availability . . . . . . . . . . . . . . . . 15 8. Reliability and Availability . . . . . . . . . . . . . . . . 15
8.1. Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . 16 8.1. Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . 15
8.2. Beyond Layer 2 . . . . . . . . . . . . . . . . . . . . . 18 8.2. Beyond Layer 2 . . . . . . . . . . . . . . . . . . . . . 18
9. Protocol Stack . . . . . . . . . . . . . . . . . . . . . . . 19 9. Protocol Stack . . . . . . . . . . . . . . . . . . . . . . . 18
9.1. Medium Access Control (MAC) Entity Services . . . . . . . 20 9.1. MAC Entity Services . . . . . . . . . . . . . . . . . . . 19
9.2. Data Link Service (DLS) Entity Services . . . . . . . . . 21 9.2. DLS Entity Services . . . . . . . . . . . . . . . . . . . 21
9.3. Voice Interface (VI) Services . . . . . . . . . . . . . . 22 9.3. VI Services . . . . . . . . . . . . . . . . . . . . . . . 22
9.4. LDACS Management Entity (LME) Services . . . . . . . . . 22 9.4. LME Services . . . . . . . . . . . . . . . . . . . . . . 22
9.5. Sub-Network Protocol (SNP) Services . . . . . . . . . . . 22 9.5. SNP Services . . . . . . . . . . . . . . . . . . . . . . 22
10. Security Considerations . . . . . . . . . . . . . . . . . . . 23 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22
10.1. Reasons for Wireless Digital Aeronautical 10.1. Reasons for Wireless Digital Aeronautical
Communications . . . . . . . . . . . . . . . . . . . . . 23 Communications . . . . . . . . . . . . . . . . . . . . . 22
10.2. Requirements for LDACS . . . . . . . . . . . . . . . . . 24 10.2. Requirements for LDACS . . . . . . . . . . . . . . . . . 23
10.3. Security Objectives for LDACS . . . . . . . . . . . . . 24 10.3. Security Objectives for LDACS . . . . . . . . . . . . . 24
10.4. Security Functions for LDACS . . . . . . . . . . . . . . 25 10.4. Security Functions for LDACS . . . . . . . . . . . . . . 24
10.5. Security Architectural Details for LDACS . . . . . . . . 25 10.5. Security Architectural Details for LDACS . . . . . . . . 24
10.5.1. Entities in LDACS Security Model . . . . . . . . . . 25 10.5.1. Entities in LDACS Security Model . . . . . . . . . . 25
10.5.2. Matter of LDACS Entity Identification . . . . . . . 25 10.5.2. Matter of LDACS Entity Identification . . . . . . . 25
10.5.3. Matter of LDACS Entity Authentication and Key 10.5.3. Matter of LDACS Entity Authentication and Key
Negotiation . . . . . . . . . . . . . . . . . . . . . 26 Negotiation . . . . . . . . . . . . . . . . . . . . . 25
10.5.4. Matter of LDACS Message-in-transit Confidentiality, 10.5.4. Matter of LDACS Message-in-transit Confidentiality,
Integrity and Authenticity . . . . . . . . . . . . . 27 Integrity and Authenticity . . . . . . . . . . . . . 26
10.6. Security Architecture for LDACS . . . . . . . . . . . . 27 10.6. Security Architecture for LDACS . . . . . . . . . . . . 26
11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27
14. Normative References . . . . . . . . . . . . . . . . . . . . 28 14. Normative References . . . . . . . . . . . . . . . . . . . . 27
15. Informative References . . . . . . . . . . . . . . . . . . . 28 15. Informative References . . . . . . . . . . . . . . . . . . . 27
Appendix A. Selected Information from DO-350A . . . . . . . . . 31 Appendix A. Selected Information from DO-350A . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32
1. Introduction 1. Introduction
One of the main pillars of the modern Air Traffic Management (ATM) One of the main pillars of the modern Air Traffic Management (ATM)
system is the existence of a communication infrastructure that system is the existence of a communication infrastructure that
enables efficient aircraft control and safe separation in all phases enables efficient aircraft control and safe separation in all phases
of flight. Current systems are technically mature but suffering from of flight. Current systems are technically mature but suffering from
the VHF band's increasing saturation in high-density areas and the the VHF band's increasing saturation in high-density areas and the
limitations posed by analogue radio communications. Therefore, limitations posed by analogue radio communications. Therefore,
aviation globally and the European Union (EU) in particular, strives aviation globally and the European Union (EU) in particular, strives
skipping to change at page 4, line 4 skipping to change at page 4, line 4
same frequency band. same frequency band.
Since LDACS shall be used for aircraft guidance, high reliability and Since LDACS shall be used for aircraft guidance, high reliability and
availability for IP connectivity over LDACS are essential. availability for IP connectivity over LDACS are essential.
2. Terminology 2. Terminology
The following terms are used in the context of RAW in this document: The following terms are used in the context of RAW in this document:
A2A Air-to-Air A2A Air-to-Air
LDACS A2A LDACS Air-to-Air
AeroMACS Aeronautical Mobile Airport Communication System AeroMACS Aeronautical Mobile Airport Communication System
A2G Air-to-Ground A2G Air-to-Ground
ACARS Aircraft Communications Addressing and Reporting System ACARS Aircraft Communications Addressing and Reporting System
ADS-C Automatic Dependent Surveillance - Contract ADS-C Automatic Dependent Surveillance - Contract
AM(R)S Aeronautical Mobile (Route) Service AM(R)S Aeronautical Mobile (Route) Service
ANSP Air traffic Network Service Provider ANSP Air Traffic Network Service Provider
AOC Aeronautical Operational Control AOC Aeronautical Operational Control
AS Aircraft Station AS Aircraft Station
ATC Air-Traffic Control ATC Air-Traffic Control
ATM Air-Traffic Management ATM Air-Traffic Management
ATN Aeronautical Telecommunication Network ATN Aeronautical Telecommunication Network
ATS Air Traffic Service ATS Air Traffic Service
CCCH Common Control Channel CCCH Common Control Channel
COTS IP Commercial Off-The-Shelf COTS IP Commercial Off-The-Shelf
CM Context Management CM Context Management
CNS Communication Navigation Surveillance CNS Communication Navigation Surveillance
CPDLC Controller Pilot Data Link Communication CPDLC Controller Pilot Data Link Communication
DCCH Dedicated Control Channel DCCH Dedicated Control Channel
DCH Data Channel DCH Data Channel
DLL Data Link Layer DLL Data Link Layer
DLS Data Link Service DLS Data Link Service
DME Distance Measuring Equipment DME Distance Measuring Equipment
DSB-AM Double Side-Band Amplitude Modulation DSB-AM Double Side-Band Amplitude Modulation
FAA Federal Aviation Administration
FCI Future Communication Infrastructure FCI Future Communication Infrastructure
FDD Frequency Division Duplex
FL Forward Link FL Forward Link
GANP Global Air Navigation Plan
GNSS Global Navigation Satellite System GNSS Global Navigation Satellite System
GS Ground Station GS Ground-Station
GSC Ground-Station Controller GSC Ground-Station Controller
G2A Ground-to-Air G2A Ground-to-Air
HF High Frequency HF High Frequency
ICAO International Civil Aviation Organization ICAO International Civil Aviation Organization
IP Internet Protocol IP Internet Protocol
kbit/s kilobit per second kbit/s kilobit per second
LDACS L-band Digital Aeronautical Communications System LDACS L-band Digital Aeronautical Communications System
LLC Logical Link Layer LLC Logical Link Control
LME LDACS Management Entity LME LDACS Management Entity
MAC Medium Access Layer MAC Medium Access Layer
MF Multi Frame MF Multi Frame
OFDM Orthogonal Frequency-Division Multiplexing OFDM Orthogonal Frequency-Division Multiplexing
OFDMA Orthogonal Frequency-Division Multiplexing Access OFDMA Orthogonal Frequency-Division Multiplexing Access
OSI Open Systems Interconnection OSI Open Systems Interconnection
PDU Protocol Data Units
PHY Physical Layer PHY Physical Layer
QoS Quality of Service
RL Reverse Link RL Reverse Link
SARPs Standards And Recommended Practices
SDR Software Defined Radio
SESAR Single European Sky ATM Research
SF Super-Frame SF Super-Frame
SNP Sub-Network Protocol SNP Sub-Network Protocol
SSB-AM Single Side-Band Amplitude Modulation
TBO Trajectory-Based Operations
TDM Time Division Multiplexing
TDMA Time-Division Multiplexing-Access TDMA Time-Division Multiplexing-Access
VDLM1 VHF Data Link mode 1 VDLM1 VHF Data Link mode 1
VDLM2 VHF Data Link mode 2 VDLM2 VHF Data Link mode 2
VHF Very High Frequency VHF Very High Frequency
VI Voice Interface VI Voice Interface
3. Motivation and Use Cases 3. Motivation and Use Cases
Aircraft are currently connected to Air-Traffic Control (ATC) and Aircraft are currently connected to Air-Traffic Control (ATC) and
Aeronautical Operational Control (AOC) via voice and data Aeronautical Operational Control (AOC) via voice and data
skipping to change at page 5, line 48 skipping to change at page 5, line 36
working in the High Frequency (HF) or Very High Frequency (VHF) working in the High Frequency (HF) or Very High Frequency (VHF)
frequency band or satellite-based. All VHF and HF voice frequency band or satellite-based. All VHF and HF voice
communications is operated via open broadcast channels without communications is operated via open broadcast channels without
authentication, encryption or other protective measures. The use of authentication, encryption or other protective measures. The use of
well-proven communication procedures via broadcast channels helps to well-proven communication procedures via broadcast channels helps to
enhance the safety of communications by taking into account that enhance the safety of communications by taking into account that
other users may encounter communication problems and may be other users may encounter communication problems and may be
supported, if required. The main voice communications media is still supported, if required. The main voice communications media is still
the analogue VHF Double Side-Band Amplitude Modulation (DSB-AM) the analogue VHF Double Side-Band Amplitude Modulation (DSB-AM)
communications technique, supplemented by HF Single Side-Band communications technique, supplemented by HF Single Side-Band
Amplitude Modulation (SSB-AM) and satellite communications for remote Amplitude Modulation and satellite communications for remote and
and oceanic areas. DSB-AM has been in use since 1948, works reliably oceanic areas. DSB-AM has been in use since 1948, works reliably and
and safely, and uses low-cost communication equipment. These are the safely, and uses low-cost communication equipment. These are the
main reasons why VHF DSB-AM communications is still in use, and it is main reasons why VHF DSB-AM communications is still in use, and it is
likely that this technology will remain in service for many more likely that this technology will remain in service for many more
years. This however results in current operational limitations and years. This however results in current operational limitations and
impediments in deploying new Air-Traffic Management (ATM) impediments in deploying new Air-Traffic Management (ATM)
applications, such as flight-centric operation with Point-to-Point applications, such as flight-centric operation with Point-to-Point
communications. communications.
3.2. Data Communications Today 3.2. Data Communications Today
Like for voice, data communications into the cockpit is currently Like for voice, data communications into the cockpit is currently
provided by ground-based equipment operating either on HF or VHF provided by ground-based equipment operating either on HF or VHF
radio bands or by legacy satellite systems. All these communication radio bands or by legacy satellite systems. All these communication
systems are using narrowband radio channels with a data throughput systems are using narrowband radio channels with a data throughput
capacity in order of kilobits per second. While the aircraft is on capacity in order of kilobits per second. While the aircraft is on
ground some additional communications systems are available, like ground some additional communications systems are available, like the
Aeronautical Mobile Airport Communication System (AeroMACS; as of now Aeronautical Mobile Airport Communication System (AeroMACS) or public
not widely used) or public cellular networks, operating in the cellular networks, operating in the Airport (APT) domain and able to
Airport (APT) domain and able to deliver broadband communication deliver broadband communication capability.
capability.
The data communication networks used for the transmission of data The data communication networks used for the transmission of data
relating to the safety and regularity of the flight must be strictly relating to the safety and regularity of the flight must be strictly
isolated from those providing entertainment services to passengers. isolated from those providing entertainment services to passengers.
This leads to a situation that the flight crews are supported by This leads to a situation that the flight crews are supported by
narrowband services during flight while passengers have access to narrowband services during flight while passengers have access to
inflight broadband services. The current HF and VHF data links inflight broadband services. The current HF and VHF data links
cannot provide broadband services now or in the future, due to the cannot provide broadband services now or in the future, due to the
lack of available spectrum. This technical shortcoming is becoming a lack of available spectrum. This technical shortcoming is becoming a
limitation to enhanced ATM operations, such as Trajectory-Based limitation to enhanced ATM operations, such as Trajectory-Based
Operations (TBO) and 4D trajectory negotiations. Operations and 4D trajectory negotiations.
Satellite-based communications are currently under investigation and Satellite-based communications are currently under investigation and
enhanced capabilities are under development which will be able to enhanced capabilities are under development which will be able to
provide inflight broadband services and communications supporting the provide inflight broadband services and communications supporting the
safety and regularity of flight. In parallel, the ground-based safety and regularity of flight. In parallel, the ground-based
broadband data link technology LDACS is being standardized by ICAO broadband data link technology LDACS is being standardized by ICAO
and has recently shown its maturity during flight tests [SCH20191]. and has recently shown its maturity during flight tests [SCH20191].
The LDACS technology is scalable, secure and spectrum efficient and The LDACS technology is scalable, secure and spectrum efficient and
provides significant advantages to the users and service providers. provides significant advantages to the users and service providers.
It is expected that both - satellite systems and LDACS - will be It is expected that both - satellite systems and LDACS - will be
deployed to support the future aeronautical communication needs as deployed to support the future aeronautical communication needs as
envisaged by the ICAO Global Air Navigation Plan (GANP). envisaged by the ICAO Global Air Navigation Plan.
4. Provenance and Documents 4. Provenance and Documents
The development of LDACS has already made substantial progress in the The development of LDACS has already made substantial progress in the
Single European Sky ATM Research (SESAR) framework, and is currently Single European Sky ATM Research framework, short SESAR, and is
being continued in the follow-up program, SESAR2020 [RIH2018]. A key currently being continued in the follow-up program SESAR2020
objective of the SESAR activities is to develop, implement and [RIH2018]. A key objective of the this activities is to develop,
validate a modern aeronautical data link able to evolve with aviation implement and validate a modern aeronautical data link able to evolve
needs over long-term. To this end, an LDACS specification has been with aviation needs over long-term. To this end, an LDACS
produced [GRA2019] and is continuously updated; transmitter specification has been produced [GRA2019] and is continuously
demonstrators were developed to test the spectrum compatibility of updated; transmitter demonstrators were developed to test the
LDACS with legacy systems operating in the L-band [SAJ2014]; and the spectrum compatibility of LDACS with legacy systems operating in the
overall system performance was analyzed by computer simulations, L-band [SAJ2014]; and the overall system performance was analyzed by
indicating that LDACS can fulfil the identified requirements computer simulations, indicating that LDACS can fulfil the identified
[GRA2011]. requirements [GRA2011].
LDACS standardization within the framework of the ICAO started in LDACS standardization within the framework of the ICAO started in
December 2016. The ICAO standardization group has produced an December 2016. The ICAO standardization group has produced an
initial Standards and Recommended Practices (SARPs) document initial Standards and Recommended Practices document [ICA2018]. It
[ICA2018]. The SARPs document defines the general characteristics of defines the general characteristics of LDACS. The ICAO
LDACS. The ICAO standardization group plans to produce an ICAO standardization group plans to produce an ICAO technical manual - the
technical manual - the ICAO equivalent to a technical standard - ICAO equivalent to a technical standard - within the next years.
within the next years. Generally, the group is open to input from Generally, the group is open to input from all sources and develops
all sources and develops LDACS in the open. LDACS in the open.
Up to now LDACS standardization has been focused on the development Up to now LDACS standardization has been focused on the development
of the physical layer and the data link layer, only recently have of the physical layer and the data link layer, only recently have
higher layers come into the focus of the LDACS development higher layers come into the focus of the LDACS development
activities. There is currently no "IPv6 over LDACS" specification activities. There is currently no "IPv6 over LDACS" specification
publicly available; however, SESAR2020 has started the testing of publicly available; however, SESAR2020 has started the testing of
IPv6-based LDACS testbeds. IPv6-based LDACS testbeds.
The IPv6 architecture for the aeronautical telecommunication network The IPv6 architecture for the aeronautical telecommunication network
is called the Future Communications Infrastructure (FCI). FCI shall is called the Future Communications Infrastructure (FCI). FCI shall
skipping to change at page 8, line 9 skipping to change at page 8, line 9
In addition to standardization activities several industrial LDACS In addition to standardization activities several industrial LDACS
prototypes have been built. One set of LDACS prototypes has been prototypes have been built. One set of LDACS prototypes has been
evaluated in flight trials confirming the theoretical results evaluated in flight trials confirming the theoretical results
predicting the system performance [GRA2018] [SCH20191]. predicting the system performance [GRA2018] [SCH20191].
5. Applicability 5. Applicability
LDACS is a multi-application cellular broadband system capable of LDACS is a multi-application cellular broadband system capable of
simultaneously providing various kinds of Air Traffic Services simultaneously providing various kinds of Air Traffic Services
(including ATS-B3) and Aeronautical Operational Control (AOC) (including ATS-B3) and AOC communications services from deployed
communications services from deployed Ground Stations (GS). The Ground-Stations (GS). The LDACS A2G sub-system physical layer and
LDACS A2G sub-system physical layer and data link layer are optimized data link layer are optimized for data link communications, but the
for data link communications, but the system also supports digital system also supports digital air-ground voice communications.
air-ground voice communications.
LDACS supports communication in all airspaces (airport, terminal LDACS supports communication in all airspaces (airport, terminal
maneuvering area, and en-route), and on the airport surface. The maneuvering area, and en-route), and on the airport surface. The
physical LDACS cell coverage is effectively de-coupled from the physical LDACS cell coverage is effectively de-coupled from the
operational coverage required for a particular service. This is new operational coverage required for a particular service. This is new
in aeronautical communications. Services requiring wide-area in aeronautical communications. Services requiring wide-area
coverage can be installed at several adjacent LDACS cells. The coverage can be installed at several adjacent LDACS cells. The
handover between the involved LDACS cells is seamless, automatic, and handover between the involved LDACS cells is seamless, automatic, and
transparent to the user. Therefore, the LDACS A2G communications transparent to the user. Therefore, the LDACS A2G communications
concept enables the aeronautical communication infrastructure to concept enables the aeronautical communication infrastructure to
skipping to change at page 8, line 44 skipping to change at page 8, line 43
available in some of the current data link deployments. Thus, LDACS available in some of the current data link deployments. Thus, LDACS
guarantees bandwidth, low latency, and high continuity of service for guarantees bandwidth, low latency, and high continuity of service for
safety critical ATS applications while simultaneously accommodating safety critical ATS applications while simultaneously accommodating
less safety-critical AOC services. less safety-critical AOC services.
5.1.2. Security 5.1.2. Security
LDACS is a secure data link with built-in security mechanisms. It LDACS is a secure data link with built-in security mechanisms. It
enables secure data communications for ATS and AOC services, enables secure data communications for ATS and AOC services,
including secured private communications for aircraft operators and including secured private communications for aircraft operators and
ANSPs (Air Navigation Service Providers). This includes concepts for ANSPs (Air Traffic Network Service Providers). This includes
key and trust management, mutual authenticated key exchange concepts for key and trust management, mutual authenticated key
protocols, key derivation measures, user and control message-in- exchange protocols, key derivation measures, user and control
transit confidentiality and authenticity protection, secure logging message-in-transit confidentiality and authenticity protection,
and availability and robustness measures [MAE20181], [MAE20191], secure logging and availability and robustness measures [MAE20181],
[MAE20192]. [MAE20191], [MAE20192].
5.1.3. High Data Rates 5.1.3. High Data Rates
The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the
forward link (Ground-to-Air), and 294 kbit/s to 1390 kbit/s on the forward link (FL) for the connection Ground-to-Air (G2A), and 294
reverse link (Air-to-Ground), depending on coding and modulation. kbit/s to 1390 kbit/s on the reverse link (RF) for the connection
This is 50 times the amount terrestrial digital aeronautical A2G, depending on coding and modulation. This is 50 times the amount
communications systems such as VDLM2 provide [SCH20191]. terrestrial digital aeronautical communications systems such as VDLM2
provide [SCH20191].
5.2. Application 5.2. Application
LDACS shall be used by several aeronautical applications ranging from LDACS shall be used by several aeronautical applications ranging from
enhanced communication protocol stacks (multi-homed mobile IPv6 enhanced communication protocol stacks (multi-homed mobile IPv6
networks in the aircraft and potentially ad-hoc networks between networks in the aircraft and potentially ad-hoc networks between
aircraft) to classical communication applications (sending GBAS aircraft) to classical communication applications (sending GBAS
correction data) and integration with other service domains (using correction data) and integration with other service domains (using
the communication signal for navigation). the communication signal for navigation).
5.2.1. Air-to-Ground Multilink 5.2.1. Air-to-Ground Multilink
It is expected that LDACS together with upgraded satellite-based It is expected that LDACS together with upgraded satellite-based
communications systems will be deployed within the Future communications systems will be deployed within the FCI and constitute
Communication Infrastructure (FCI) and constitute one of the main one of the main components of the multilink concept within the FCI.
components of the multilink concept within the FCI.
Both technologies, LDACS and satellite systems, have their specific Both technologies, LDACS and satellite systems, have their specific
benefits and technical capabilities which complement each other. benefits and technical capabilities which complement each other.
Especially, satellite systems are well-suited for large coverage Especially, satellite systems are well-suited for large coverage
areas with less dense air traffic, e.g. oceanic regions. LDACS is areas with less dense air traffic, e.g. oceanic regions. LDACS is
well-suited for dense air traffic areas, e.g. continental areas or well-suited for dense air traffic areas, e.g. continental areas or
hot-spots around airports and terminal airspace. In addition, both hot-spots around airports and terminal airspace. In addition, both
technologies offer comparable data link capacity and, thus, are well- technologies offer comparable data link capacity and, thus, are well-
suited for redundancy, mutual back-up, or load balancing. suited for redundancy, mutual back-up, or load balancing.
Technically the FCI multilink concept shall be realized by multi- Technically the FCI multilink concept shall be realized by multi-
homed mobile IPv6 networks in the aircraft. The related protocol homed mobile IPv6 networks in the aircraft. The related protocol
stack is currently under development by ICAO and SESAR. stack is currently under development by ICAO and the Single European
Sky ATM Research framework.
5.2.2. Air-to-Air Extension for LDACS 5.2.2. Air-to-Air Extension for LDACS
A potential extension of the multi-link concept is its extension to A potential extension of the multi-link concept is its extension to
ad-hoc networks between aircraft. ad-hoc networks between aircraft.
Direct Air-to-Air (A2A) communication between aircrafts in terms of Direct A2A communication between aircrafts in terms of ad-hoc data
ad-hoc data networks is currently considered a research topic since networks is currently considered a research topic since there is no
there is no immediate operational need for it, although several immediate operational need for it, although several possible use
possible use cases are discussed (digital voice, wake vortex cases are discussed (digital voice, wake vortex warnings, and
warnings, and trajectory negotiation) [BEL2019]. It should also be trajectory negotiation) [BEL2019]. It should also be noted that
noted that currently deployed analog VHF voice radios support direct currently deployed analog VHF voice radios support direct voice
voice communication between aircraft, making a similar use case for communication between aircraft, making a similar use case for digital
digital voice plausible. voice plausible.
LDACS direct A2A is currently not part of standardization. LDACS direct A2A is currently not part of standardization.
5.2.3. Flight Guidance 5.2.3. Flight Guidance
The FCI (and therefore LDACS) shall be used to host flight guidance. The FCI (and therefore LDACS) shall be used to host flight guidance.
This is realized using three applications: This is realized using three applications:
1. Context Management (CM): The CM application shall manage the 1. Context Management (CM): The CM application shall manage the
automatic logical connection to the ATC center currently automatic logical connection to the ATC center currently
skipping to change at page 11, line 11 skipping to change at page 10, line 44
CM, CPDLC, and ADS-C are available on legacy datalinks, but not CM, CPDLC, and ADS-C are available on legacy datalinks, but not
widely deployed and with limited functionality. widely deployed and with limited functionality.
Further ATC applications may be ported to use the FCI or LDACS as Further ATC applications may be ported to use the FCI or LDACS as
well. A notable application is GBAS for secure, automated landings: well. A notable application is GBAS for secure, automated landings:
The Global Navigation Satellite System (GNSS) based Ground Based The Global Navigation Satellite System (GNSS) based Ground Based
Augmentation System (GBAS) is used to improve the accuracy of GNSS to Augmentation System (GBAS) is used to improve the accuracy of GNSS to
allow GNSS based instrument landings. This is realized by sending allow GNSS based instrument landings. This is realized by sending
GNSS correction data (e.g., compensating ionospheric errors in the GNSS correction data (e.g., compensating ionospheric errors in the
GNSS signal) to the airborne GNSS receiver via a separate data link. GNSS signal) to the aircraft's GNSS receiver via a separate data
Currently the VDB data link is used. VDB is a narrow-band single- link. Currently the VDB data link is used. VDB is a narrow-band
purpose datalink without advanced security only used to transmit GBAS single-purpose datalink without advanced security only used to
correction data. This makes VDB a natural candidate for replacement transmit GBAS correction data. This makes VDB a natural candidate
by LDACS. for replacement by LDACS.
5.2.4. Business Communication of Airlines 5.2.4. Business Communication of Airlines
In addition to air traffic services AOC services shall be transmitted In addition to air traffic services AOC services shall be transmitted
over LDACS. AOC is a generic term referring to the business over LDACS. AOC is a generic term referring to the business
communication of airlines. Regulatory this is considered related to communication of airlines. Regulatory this is considered related to
the safety and regularity of flight and may therefore be transmitted the safety and regularity of flight and may therefore be transmitted
over LDACS. over LDACS.
AOC communication is considered the main business case for LDACS AOC communication is considered the main business case for LDACS
communication service providers since modern aircraft generate communication service providers since modern aircraft generate
significant amounts of data (e.g., engine maintenance data). significant amounts of data (e.g., engine maintenance data).
5.2.5. LDACS Navigation 5.2.5. LDACS Navigation
Beyond communication radio signals can always also be used for Beyond communication radio signals can always also be used for
navigation. LDACS takes this into account. navigation. LDACS takes this into account.
For future aeronautical navigation, ICAO recommends the further For future aeronautical navigation, ICAO recommends the further
development of Global Navigation Satellite System (GNSS) based development of GNSS based technologies as primary means for
technologies as primary means for navigation. However, the drawback navigation. However, the drawback of GNSS is its inherent single
of GNSS is its inherent single point of failure - the satellite. Due point of failure - the satellite. Due to the large separation
to the large separation between navigational satellites and aircraft, between navigational satellites and aircraft, the received power of
the received power of GNSS signals on the ground is very low. As a GNSS signals on the ground is very low. As a result, GNSS
result, GNSS disruptions might occasionally occur due to disruptions might occasionally occur due to unintentional
unintentional interference, or intentional jamming. Yet the interference, or intentional jamming. Yet the navigation services
navigation services must be available with sufficient performance for must be available with sufficient performance for all phases of
all phases of flight. Therefore, during GNSS outages, or blockages, flight. Therefore, during GNSS outages, or blockages, an alternative
an alternative solution is needed. This is commonly referred to as solution is needed. This is commonly referred to as Alternative
Alternative Positioning, Navigation, and Timing (APNT). Positioning, Navigation, and Timing (APNT).
One of such APNT solution consists of integrating the navigation One of such APNT solution consists of integrating the navigation
functionality into LDACS. The ground infrastructure for APNT is functionality into LDACS. The ground infrastructure for APNT is
deployed through the implementation of LDACS ground stations and the deployed through the implementation of LDACS's GSs and the navigation
navigation capability comes "for free". capability comes "for free".
LDACS navigation has already been demonstrated in practice in a LDACS navigation has already been demonstrated in practice in a
flight measurement campaign [SCH20191]. flight measurement campaign [SCH20191].
6. Requirements to LDACS 6. Requirements to LDACS
The requirements to LDACS are mostly defined by its application area: The requirements to LDACS are mostly defined by its application area:
Communication related to safety and regularity of flight. Communication related to safety and regularity of flight.
A particularity of the current aeronautical communication landscape A particularity of the current aeronautical communication landscape
is that it is heavily regulated. Aeronautical data links (for is that it is heavily regulated. Aeronautical data links (for
applications related to safety and regularity of flight) may only use applications related to safety and regularity of flight) may only use
spectrum licensed to aviation and data links endorsed by ICAO. spectrum licensed to aviation and data links endorsed by ICAO.
Nation states can change this locally, however, due to the global Nation states can change this locally, however, due to the global
scale of the air transportation system adherence to these practices scale of the air transportation system adherence to these practices
is to be expected. is to be expected.
Aeronautical data links for the Aeronautical Telecommunication Aeronautical data links for the Aeronautical Telecommunication
Network (ATN) are therefore expected to remain in service for Network (ATN) are therefore expected to remain in service for
decades. The VDLM2 data link currently used for digital terrestrial decades. The VDLM2 data link currently used for digital terrestrial
internetworking was developed in the 1990es (the use of the OSI internetworking was developed in the 1990es (the use of the Open
internetwork stack indicates that as well). VDLM2 is expected to be Systems Interconnection (OSI) stack indicates that as well). VDLM2
used at least for several decades. In this respect aeronautical is expected to be used at least for several decades. In this respect
communication (for applications related to safety and regularity of aeronautical communication (for applications related to safety and
flight) is more comparable to industrial applications than to the regularity of flight) is more comparable to industrial applications
open Internet. than to the open Internet.
Internetwork technology is already installed in current aircraft. Internetwork technology is already installed in current aircraft.
Current ATS applications use either the Aircraft Communications Current ATS applications use either the Aircraft Communications
Addressing and Reporting System (ACARS) or the Open Systems Addressing and Reporting System (ACARS) or the OSI stack. The
Interconnection (OSI) stack. The objective of the development effort objective of the development effort LDACS as part of the FCI is to
LDACS is part of (FCI) is to replace legacy (OSI) and proprietary replace legacy OSI stack and proprietary ACARS internetwork
(ACARS) internetwork technologies with industry standard IP technologies with industry standard IP technology. It is anticipated
technology. It is anticipated that the use of Commercial Off-The- that the use of Commercial Off-The-Shelf (COTS) IP technology mostly
Shelf (COTS) IP technology mostly applies to the ground network. The applies to the ground network. The avionics networks on the aircraft
avionics networks on the aircraft will likely be heavily modified or will likely be heavily modified or proprietary.
proprietary.
AOC applications currently mostly use the same stack (although some AOC applications currently mostly use the same stack (although some
applications, like the graphical weather service may use the applications, like the graphical weather service may use the
commercial passenger network). This creates capacity problems commercial passenger network). This creates capacity problems
(resulting in excessive amounts of timeouts) since the underlying (resulting in excessive amounts of timeouts) since the underlying
terrestrial data links (VDLM1/2) do not provide sufficient bandwidth. terrestrial data links (VDLM1/2) do not provide sufficient bandwidth.
The use of non-aviation specific data links is considered a security The use of non-aviation specific data links is considered a security
problem. Ideally the aeronautical IP internetwork and the Internet problem. Ideally the aeronautical IP internetwork and the Internet
should be completely separated. should be completely separated.
The objective of LDACS is to provide a next generation terrestrial The objective of LDACS is to provide a next generation terrestrial
data link designed to support IP and provide much higher bandwidth to data link designed to support IP and provide much higher bandwidth to
avoid the currently experienced operational problems. avoid the currently experienced operational problems.
The requirement for LDACS is therefore to provide a terrestrial high- The requirement for LDACS is therefore to provide a terrestrial high-
throughput data link for IP internetworking in the aircraft. throughput data link for IP internetworking in the aircraft.
In order to fulfil the above requirement LDACS needs to be In order to fulfil the above requirement LDACS needs to be
interoperable with IP (and IP-based services e.g. VoIP) at the interoperable with IP (and IP-based services like Voice-over-IP) at
gateway connecting the LDACS network to other aeronautical ground the gateway connecting the LDACS network to other aeronautical ground
networks (the totality of them being the ATN). On the avionics side networks (the totality of them being the ATN). On the avionics side
in the aircraft aviation specific solutions are to be expected. in the aircraft aviation specific solutions are to be expected.
In addition to the functional requirements LDACS and its IP stack In addition to the functional requirements LDACS and its IP stack
need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED- need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED-
228A [DO350A]. This document defines continuity, availability, and 228A [DO350A]. This document defines continuity, availability, and
integrity requirements at different scopes for each air traffic integrity requirements at different scopes for each air traffic
management application (CPDLC, CM, and ADS-C). The scope most management application (CPDLC, CM, and ADS-C). The scope most
relevant to IP over LDACS is the CSP (Communication Service Provider) relevant to IP over LDACS is the CSP (Communication Service Provider)
scope. scope.
skipping to change at page 13, line 50 skipping to change at page 13, line 43
Achieving stringent the continuity, availability, and integrity Achieving stringent the continuity, availability, and integrity
requirements defined in [DO350A] will require the specification of requirements defined in [DO350A] will require the specification of
layer 3 and above mechanisms (e.g. reliable crossover at the IP layer 3 and above mechanisms (e.g. reliable crossover at the IP
layer). Fault management mechanisms are similarly undefined. Input layer). Fault management mechanisms are similarly undefined. Input
from the working group will be appreciated here. from the working group will be appreciated here.
7.1. LDACS Sub-Network 7.1. LDACS Sub-Network
An LDACS sub-network contains an Access Router (AR), a Ground-Station An LDACS sub-network contains an Access Router (AR), a Ground-Station
Controller (GSC), and several Ground-Stations (GS), each of them Controller (GSC), and several GS, each of them providing one LDACS
providing one LDACS radio cell. radio cell.
User plane interconnection to the ATN is facilitated by the Access User plane interconnection to the ATN is facilitated by the AR
Router (AR) peering with an Air-to-Ground Router (A2G Router) peering with an A2G Router connected to the ATN. It is up to
connected to the ATN. It is up to implementer's choice to keep implementer's choice to keep AR and A2G Router functions separated,
Access Router and Air-Ground Router functions separated, or to merge or to merge them.
them.
The internal control plane of an LDACS sub-network is managed by the The internal control plane of an LDACS sub-network is managed by the
GSC. An LDACS sub-network is illustrated in Figure 1. GSC. An LDACS sub-network is illustrated in Figure 1.
wireless user wireless user
link plane link plane
A--------------G-------------Access---A2G-----ATN A--------------G----------------AR---A2G-----ATN
S..............S Router Router S..............S | Router
. control . | . control . |
. plane . | . plane . |
. . | . . |
GSC..............| GSC..............|
. | . |
. | . |
GS---------------+ GS---------------+
Figure 1: LDACS sub-network with two GSs and one AS Figure 1: LDACS sub-network with two GSs and one AS
7.2. Topology 7.2. Topology
LDACS operating in A2G mode is a cellular point-to-multipoint system. LDACS operating in A2G mode is a cellular point-to-multipoint system.
The A2G mode assumes a star-topology in each cell where Aircraft The A2G mode assumes a star-topology in each cell where Aircraft
Stations (AS) belonging to aircraft within a certain volume of space Stations (AS) belonging to aircraft within a certain volume of space
(the LDACS cell) is connected to the controlling GS. The LDACS GS is (the LDACS cell) is connected to the controlling GS. The LDACS GS is
a centralized instance that controls LDACS A2G communications within a centralized instance that controls LDACS A2G communications within
its cell. The LDACS GS can simultaneously support multiple bi- its cell. The LDACS GS can simultaneously support multiple bi-
directional communications to the ASs under its control. LDACS directional communications to the ASs under its control. LDACS's GSs
ground stations themselves are connected to a GSC controlling the themselves are connected to a GSC controlling the LDACS sub-network.
LDACS sub-network.
Prior to utilizing the system an AS has to register with the Prior to utilizing the system an AS has to register with the
controlling GS to establish dedicated logical channels for user and controlling GS to establish dedicated logical channels for user and
control data. Control channels have statically allocated resources, control data. Control channels have statically allocated resources,
while user channels have dynamically assigned resources according to while user channels have dynamically assigned resources according to
the current demand. Logical channels exist only between the GS and the current demand. Logical channels exist only between the GS and
the AS. the AS.
The LDACS wireless link protocol stack defines two layers, the The LDACS wireless link protocol stack defines two layers, the
physical layer and the data link layer. physical layer and the data link layer.
7.3. LDACS Physical Layer 7.3. LDACS Physical Layer
The physical layer provides the means to transfer data over the radio The physical layer provides the means to transfer data over the radio
channel. The LDACS GS supports bi-directional links to multiple channel. The LDACS GS supports bi-directional links to multiple
aircraft under its control. The forward link direction (FL; G2A) and aircraft under its control. The FL direction at the G2A connection
the reverse link direction (RL; A2G) are separated by frequency and the RL direction at the A2G connection are separated by Frequency
division duplex. Forward link and reverse link use a 500 kHz channel Division Duplex. FL and RL use a 500 kHz channel each. The GS
each. The ground-station transmits a continuous stream of Orthogonal transmits a continuous stream of Orthogonal Frequency-Division
Frequency-Division Multiplexing (OFDM) symbols on the forward link. Multiplexing (OFDM) symbols on the FL. In the RL different aircraft
In the reverse link different aircraft are separated in time and are separated in time and frequency using a combination of Orthogonal
frequency using a combination of Orthogonal Frequency-Division Frequency-Division Multiple-Access (OFDMA) and Time-Division
Multiple-Access (OFDMA) and Time-Division Multiple-Access (TDMA). Multiple-Access (TDMA). Aircraft thus transmit discontinuously on
Aircraft thus transmit discontinuously on the reverse link with radio the RL with radio bursts sent in precisely defined transmission
bursts sent in precisely defined transmission opportunities allocated opportunities allocated by the GS.
by the ground-station.
7.4. LDACS Data Link Layer 7.4. LDACS Data Link Layer
The data-link layer provides the necessary protocols to facilitate The data-link layer provides the necessary protocols to facilitate
concurrent and reliable data transfer for multiple users. The LDACS concurrent and reliable data transfer for multiple users. The LDACS
data link layer is organized in two sub-layers: The medium access data link layer is organized in two sub-layers: The medium access
sub-layer and the logical link control sub-layer. The medium access sub-layer and the Logical Link Control (LLC) sub-layer. The medium
sub-layer manages the organization of transmission opportunities in access sub-layer manages the organization of transmission
slots of time and frequency. The logical link control sub-layer opportunities in slots of time and frequency. The LLC sub-layer
provides acknowledged point-to-point logical channels between the provides acknowledged point-to-point logical channels between the
aircraft and the ground-station using an automatic repeat request aircraft and the GS using an automatic repeat request protocol.
protocol. LDACS supports also unacknowledged point-to-point channels LDACS supports also unacknowledged point-to-point channels and G2A
and G2A broadcast. broadcast.
7.5. LDACS Mobility 7.5. LDACS Mobility
LDACS supports layer 2 handovers to different LDACS channels. LDACS supports layer 2 handovers to different LDACS channels.
Handovers may be initiated by the aircraft (break-before-make) or by Handovers may be initiated by the aircraft (break-before-make) or by
the GS (make-before-break). Make-before-break handovers are only the GS (make-before-break). Make-before-break handovers are only
supported for ground-stations connected to the same GSC. supported for GSs connected to the same GSC.
External handovers between non-connected LDACS sub-networks or External handovers between non-connected LDACS sub-networks or
different aeronautical data links shall be handled by the FCI multi- different aeronautical data links shall be handled by the FCI multi-
link concept. link concept.
8. Reliability and Availability 8. Reliability and Availability
8.1. Layer 2 8.1. Layer 2
LDACS has been designed with applications related to the safety and LDACS has been designed with applications related to the safety and
regularity of flight in mind. It has therefore been designed as a regularity of flight in mind. It has therefore been designed as a
deterministic wireless data link (as far as this is possible). deterministic wireless data link (as far as this is possible).
Based on channel measurements of the L-band channel [SCHN2016] and Based on channel measurements of the L-band channel [SCHN2016] and
respecting the specific nature of the area of application, LDACS was respecting the specific nature of the area of application, LDACS was
designed from the PHY layer up with robustness in mind. designed from the PHY layer up with robustness in mind.
In order to maximize the capacity per channel and to optimally use In order to maximize the capacity per channel and to optimally use
the available spectrum, LDACS was designed as an OFDM-based FDD the available spectrum, LDACS was designed as an OFDM-based Frequency
system, supporting simultaneous transmissions in Forward Link (FL; Division Duplex system, supporting simultaneous transmissions in FL
G2A) and Reverse Link (RL; A2G). The legacy systems already deployed at the G2A connection and RF at the A2G connection. The legacy
in the L-band limit the bandwidth of both channels to approximately systems already deployed in the L-band limit the bandwidth of both
500 kHz. channels to approximately 500 kHz.
The LDACS physical layer design includes propagation guard times The LDACS physical layer design includes propagation guard times
sufficient for the operation at a maximum distance of 200 nautical sufficient for the operation at a maximum distance of 200 nautical
miles from the GS. In actual deployment, LDACS can be configured for miles from the GS. In actual deployment, LDACS can be configured for
any range up to this maximum range. any range up to this maximum range.
The LDACS FL physical layer is a continuous OFDM transmission. LDACS The LDACS FL physical layer is a continuous OFDM transmission. LDACS
RL transmission is based on OFDMA-TDMA bursts, with silence between RL transmission is based on OFDMA-TDMA bursts, with silence between
such bursts. The RL resources (i.e. bursts) are assigned to such bursts. The RL resources (i.e. bursts) are assigned to
different users (ASs) on demand by the ground station (GS). different ASs on demand by the GS.
The LDACS physical layer supports adaptive coding and modulation for The LDACS physical layer supports adaptive coding and modulation for
user data. Control data is always encoded with the most robust user data. Control data is always encoded with the most robust
coding and modulation (QPSK coding rate 1/2). coding and modulation (QPSK coding rate 1/2).
LDACS medium access on top of the physical layer uses a static frame LDACS medium access on top of the physical layer uses a static frame
structure to support deterministic timer management. As shown in structure to support deterministic timer management. As shown in
figure 3 and 4, LDACS framing structure is based on Super-Frames (SF) Figure 3 and Figure 4, LDACS framing structure is based on Super-
of 240ms duration corresponding to 2000 OFDM symbols. FL and RL Frames (SF) of 240ms duration corresponding to 2000 OFDM symbols. FL
boundaries are aligned in time (from the GS perspective) allowing for and RL boundaries are aligned in time (from the GS perspective)
deterministic sending windows for KEEP ALIVE messages and control and allowing for deterministic sending windows for KEEP ALIVE messages
data channels in general. and control and data channels in general.
LDACS medium access is always under the control of the GS of a radio LDACS medium access is always under the control of the GS of a radio
cell. Any medium access for the transmission of user data has to be cell. Any medium access for the transmission of user data has to be
requested with a resource request message stating the requested requested with a resource request message stating the requested
amount of resources and class of service. The GS performs resource amount of resources and class of service. The GS performs resource
scheduling on the basis of these requests and grants resources with scheduling on the basis of these requests and grants resources with
resource allocation messages. Resource request and allocation resource allocation messages. Resource request and allocation
messages are exchanged over dedicated contention-free control messages are exchanged over dedicated contention-free control
channels. channels.
The purpose of QoS in LDACS medium access is to provide prioritized The purpose of Quality-of-Service in LDACS medium access is to
medium access at the bottleneck (the wireless link). The signaling provide prioritized medium access at the bottleneck (the wireless
of higher layer QoS requirements to LDACS is yet to be defined. A link). The signaling of higher layer Quality-of-Service requirements
DiffServ-based solution with a small number of priorities is to be to LDACS is yet to be defined. A DiffServ-based solution with a
expected. small number of priorities is to be expected.
LDACS has two mechanisms to request resources from the scheduler in LDACS has two mechanisms to request resources from the scheduler in
the GS. the GS.
Resources can either be requested "on demand" with a given priority. Resources can either be requested "on demand" with a given priority.
On the forward link, this is done locally in the GS, on the reverse On the FL, this is done locally in the GS, on the RL a dedicated
link a dedicated contention-free control channel is used called contention-free control channel is used called Dedicated Control
Dedicated Control Channel (DCCH; roughly 83 bit every 60 ms). A Channel (DCCH), which is roughly 83 bit every 60 ms. A resource
resource allocation is always announced in the control channel of the allocation is always announced in the control channel of the FL,
forward link (Common Control Channel (CCCH); variably sized). Due to short Common Control Channel (CCCH) having variable size. Due to the
the spacing of the reverse link control channels every 60 ms, a spacing of the RL control channels every 60 ms, a medium access delay
medium access delay in the same order of magnitude is to be expected. in the same order of magnitude is to be expected.
Resources can also be requested "permanently". The permanent Resources can also be requested "permanently". The permanent
resource request mechanism supports requesting recurring resources in resource request mechanism supports requesting recurring resources in
given time intervals. A permanent resource request has to be given time intervals. A permanent resource request has to be
canceled by the user (or by the ground-station, which is always in canceled by the user (or by the GS, which is always in control).
control).
User data transmissions over LDACS are therefore always scheduled by User data transmissions over LDACS are therefore always scheduled by
the GS, while control data uses statically (i.e. at cell entry) the GS, while control data uses statically (i.e. at cell entry)
allocated recurring resources (DCCH and CCCH). The current allocated recurring resources (DCCH and CCCH). The current
specification specifies no scheduling algorithm. Scheduling of specification specifies no scheduling algorithm. Scheduling of RL
reverse link resources is done in physical Protocol Data Units (PDU) resources is done in physical Protocol Data Units of 112 bit (or
of 112 bit (or larger if more aggressive coding and modulation is larger if more aggressive coding and modulation is used). Scheduling
used). Scheduling on the forward link is done Byte- wise since the on the FL is done Byte-wise since the FL is transmitted continuously
forward link is transmitted continuously by the GS. by the GS.
In addition to having full control over resource scheduling, the GS In addition to having full control over resource scheduling, the GS
can send forced Handover (HO) commands for off-loading or RF channel can send forced Handover commands for off-loading or RF channel
management, e.g. when the signal quality declines and a more suitable management, e.g. when the signal quality declines and a more suitable
GS is in the AS reach. With robust resource management of the GS is in the AS reach. With robust resource management of the
capacities of the radio channel, reliability and robustness measures capacities of the radio channel, reliability and robustness measures
are therefore also anchored in the LDACS management entity. are therefore also anchored in the LDACS management entity.
In addition, to radio resource management, the LDACS control channels In addition, to radio resource management, the LDACS control channels
are also used to send keep-alive messages, when they are not are also used to send keep-alive messages, when they are not
otherwise used. Since the framing of the control channels is otherwise used. Since the framing of the control channels is
deterministic, missing keep-alive messages can thus be immediately deterministic, missing keep-alive messages can thus be immediately
detected. This information is made available to the multi-link detected. This information is made available to the multi-link
skipping to change at page 18, line 40 skipping to change at page 18, line 22
this quite hard. The deployment of a larger number of small cells is this quite hard. The deployment of a larger number of small cells is
certainly possible, suffers, however, also from the scarcity of certainly possible, suffers, however, also from the scarcity of
spectrum. An additional constraint to take into account, is that spectrum. An additional constraint to take into account, is that
Distance Measuring Equipment (DME) is the primary user of the Distance Measuring Equipment (DME) is the primary user of the
aeronautical L-band. That is, any LDACS deployment has to take DME aeronautical L-band. That is, any LDACS deployment has to take DME
frequency planning into account, too. frequency planning into account, too.
The aeronautical community has therefore decided not to rely on a The aeronautical community has therefore decided not to rely on a
single communication system or frequency band. It is envisioned to single communication system or frequency band. It is envisioned to
have multiple independent data link technologies in the aircraft have multiple independent data link technologies in the aircraft
(e.g. terrestrial and SatCom) in addition to legacy VHF voice. (e.g., terrestrial and SatCom) in addition to legacy VHF voice.
However, as of now no reliability and availability mechanisms that However, as of now no reliability and availability mechanisms that
could utilize the multi-link have been specified on Layer 3 and could utilize the multi-link have been specified on Layer 3 and
above. above.
Below Layer 2 aeronautics usually relies on hardware redundancy. To Below Layer 2 aeronautics usually relies on hardware redundancy. To
protect availability of the LDACS link, an aircraft equipped with protect availability of the LDACS link, an aircraft equipped with
LDACS will have access to two L-band antennae with triple redundant LDACS will have access to two L-band antennae with triple redundant
radio systems as required for any safety relevant system by ICAO. radio systems as required for any safety relevant system by ICAO.
9. Protocol Stack 9. Protocol Stack
The protocol stack of LDACS is implemented in the AS, GS, and GSC: It The protocol stack of LDACS is implemented in the AS, GS, and GSC: It
consists of the Physical Layer (PHY) with five major functional consists of the Physical Layer (PHY) with five major functional
blocks above it. Four are placed in the Data Link Layer (DLL) of the blocks above it. Four are placed in the Data Link Layer (DLL) of the
AS and GS: (1) Medium Access Layer (MAC), (2) Voice Interface (VI), AS and GS: (1) Medium Access Layer (MAC), (2) Voice Interface (VI),
(3) Data Link Service (DLS), (4) LDACS Management Entity (LME). The (3) Data Link Service (DLS), and (4) LDACS Management Entity (LME).
last entity resides within the Sub-Network Layer: Sub-Network The last entity resides within the Sub-Network Layer: Sub-Network
Protocol (SNP). The LDACS network is externally connected to voice Protocol (SNP). The LDACS network is externally connected to voice
units, radio control units, and the ATN Network Layer. units, radio control units, and the ATN Network Layer.
Figure 2 shows the protocol stack of LDACS as implemented in the AS Figure 2 shows the protocol stack of LDACS as implemented in the AS
and GS. and GS.
IPv6 Network Layer IPv6 Network Layer
| |
| |
+------------------+ +----+ +------------------+ +----+
skipping to change at page 19, line 47 skipping to change at page 19, line 33
| | Layer | | Layer
+--------------------------+ +--------------------------+
| |
+--------------------------+ +--------------------------+
| PHY | Physical Layer | PHY | Physical Layer
+--------------------------+ +--------------------------+
| |
| |
((*)) ((*))
FL/RL radio channels FL/RL radio channels
separated by FDD separated by
Frequency Division Duplex
Figure 2: LDACS protocol stack in AS and GS Figure 2: LDACS protocol stack in AS and GS
9.1. Medium Access Control (MAC) Entity Services 9.1. MAC Entity Services
The MAC time framing service provides the frame structure necessary The MAC time framing service provides the frame structure necessary
to realize slot-based Time Division Multiplex (TDM) access on the to realize slot-based Time Division Multiplex access on the physical
physical link. It provides the functions for the synchronization of link. It provides the functions for the synchronization of the MAC
the MAC framing structure and the PHY Layer framing. The MAC time framing structure and the PHY Layer framing. The MAC time framing
framing provides a dedicated time slot for each logical channel. provides a dedicated time slot for each logical channel.
The MAC Sub-Layer offers access to the physical channel to its The MAC Sub-Layer offers access to the physical channel to its
service users. Channel access is provided through transparent service users. Channel access is provided through transparent
logical channels. The MAC Sub-Layer maps logical channels onto the logical channels. The MAC Sub-Layer maps logical channels onto the
appropriate slots and manages the access to these channels. Logical appropriate slots and manages the access to these channels. Logical
channels are used as interface between the MAC and LLC Sub-Layers. channels are used as interface between the MAC and LLC Sub-Layers.
The LDACS framing structure for FL and RL is based on Super-Frames The LDACS framing structure for FL and RL is based on Super-Frames
(SF) of 240 ms duration. Each SF corresponds to 2000 OFDM symbols. (SF) of 240 ms duration. Each SF corresponds to 2000 OFDM symbols.
The FL and RL SF boundaries are aligned in time (from the view of the The FL and RL SF boundaries are aligned in time (from the view of the
GS). GS).
In the FL, an SF contains a Broadcast Frame of duration 6.72 ms (56 In the FL, an SF contains a Broadcast Frame of duration 6.72 ms (56
OFDM symbols) for the Broadcast Control Channel (BCCH), and four OFDM symbols) for the Broadcast Control Channel (BCCH), and four
Multi-Frames (MF), each of duration 58.32 ms (486 OFDM symbols). Multi-Frames (MF), each of duration 58.32 ms (486 OFDM symbols).
In the RL, each SF starts with a Random Access (RA) slot of length In the RL, each SF starts with a Random Access (RA) slot of length
6.72 ms with two opportunities for sending reverse link random access 6.72 ms with two opportunities for sending RL random access frames
frames for the Random Access Channel (RACH), followed by four MFs. for the Random Access Channel (RACH), followed by four MFs. These
These MFs have the same fixed duration of 58.32 ms as in the FL, but MFs have the same fixed duration of 58.32 ms as in the FL, but a
a different internal structure different internal structure
Figure 3 and Figure 4 illustrates the LDACS frame structure. Figure 3 and Figure 4 illustrate the LDACS frame structure.
^ ^
| +------+------------+------------+------------+------------+ | +------+------------+------------+------------+------------+
| FL | BCCH | MF | MF | MF | MF | | FL | BCCH | MF | MF | MF | MF |
F +------+------------+------------+------------+------------+ F +------+------------+------------+------------+------------+
r <---------------- Super-Frame (SF) - 240ms ----------------> r <---------------- Super-Frame (SF) - 240ms ---------------->
e e
q +------+------------+------------+------------+------------+ q +------+------------+------------+------------+------------+
u RL | RACH | MF | MF | MF | MF | u RL | RACH | MF | MF | MF | MF |
e +------+------------+------------+------------+------------+ e +------+------------+------------+------------+------------+
n <---------------- Super-Frame (SF) - 240ms ----------------> n <---------------- Super-Frame (SF) - 240ms ---------------->
c c
y y
| |
----------------------------- Time ------------------------------> ----------------------------- Time ------------------------------>
| |
Figure 3: LDACS super-frame structure Figure 3: SF structure for LDACS
^ ^
| +-------------+------+-------------+ | +-------------+------+-------------+
| FL | DCH | CCCH | DCH | | FL | DCH | CCCH | DCH |
F +-------------+------+-------------+ F +-------------+------+-------------+
r <---- Multi-Frame (MF) - 58.32ms --> r <---- Multi-Frame (MF) - 58.32ms -->
e e
q +------+---------------------------+ q +------+---------------------------+
u RL | DCCH | DCH | u RL | DCCH | DCH |
e +------+---------------------------+ e +------+---------------------------+
n <---- Multi-Frame (MF) - 58.32ms --> n <---- Multi-Frame (MF) - 58.32ms -->
c c
y y
| |
----------------------------- Time ------------------------------> -------------------- Time ------------------>
| |
Figure 4: LDACS multi-frame (MF) structure Figure 4: MF structure for LDACS
9.2. Data Link Service (DLS) Entity Services 9.2. DLS Entity Services
The DLS provides acknowledged and unacknowledged (including broadcast The DLS provides acknowledged and unacknowledged (including broadcast
and packet mode voice) bi-directional exchange of user data. If user and packet mode voice) bi-directional exchange of user data. If user
data is transmitted using the acknowledged data link service, the data is transmitted using the acknowledged DLS, the sending DLS
sending DLS entity will wait for an acknowledgement from the entity will wait for an acknowledgement from the receiver. If no
receiver. If no acknowledgement is received within a specified time acknowledgement is received within a specified time frame, the sender
frame, the sender may automatically try to retransmit its data. may automatically try to retransmit its data. However, after a
However, after a certain number of failed retries, the sender will certain number of failed retries, the sender will suspend further
suspend further retransmission attempts and inform its client of the retransmission attempts and inform its client of the failure.
failure.
The data link service uses the logical channels provided by the MAC: The DLS uses the logical channels provided by the MAC:
1. A ground-stations announces its existence and access parameters 1. A GS announces its existence and access parameters in the
in the Broadcast Channel (BC). Broadcast Channel (BC).
2. The Random Access Channel (RA) enables AS to request access to an 2. The RA channel enables AS to request access to an LDACS cell.
LDACS cell. 3. In the FL the CCCH is used by the GS to grant access to data
3. In the Forward Link (FL) the Common Control Channel (CCCH) is channel resources.
used by the GS to grant access to data channel resources. 4. The reverse direction is covered by the RL, where ASs need to
4. The reverse direction is covered by the Reverse Link (RL), where request resources before sending. This happens via the DCCH.
aircraft-stations need to request resources before sending. This
happens via the Dedicated Common Control Channel (DCCH).
5. User data itself is communicated in the Data Channel (DCH) on the 5. User data itself is communicated in the Data Channel (DCH) on the
FL and RL. FL and RL.
9.3. Voice Interface (VI) Services 9.3. VI Services
The VI provides support for virtual voice circuits. Voice circuits The VI provides support for virtual voice circuits. Voice circuits
may either be set-up permanently by the GS (e.g., to emulate voice may either be set-up permanently by the GS (e.g., to emulate voice
party line) or may be created on demand. The creation and selection party line) or may be created on demand. The creation and selection
of voice circuits is performed in the LME. The VI provides only the of voice circuits is performed in the LME. The VI provides only the
transmission services. transmission services.
9.4. LDACS Management Entity (LME) Services 9.4. LME Services
The mobility management service in the LME provides support for The mobility management service in the LME provides support for
registration and de-registration (cell entry and cell exit), scanning registration and de-registration (cell entry and cell exit), scanning
RF channels of neighboring cells and handover between cells. In RF channels of neighboring cells and handover between cells. In
addition, it manages the addressing of aircraft/ ASs within cells. addition, it manages the addressing of aircraft/ ASs within cells.
It is controlled by the network management service in the GSC. It is controlled by the network management service in the GSC.
The resource management service provides link maintenance (power, The resource management service provides link maintenance (power,
frequency and time adjustments), support for adaptive coding and frequency and time adjustments), support for adaptive coding and
modulation (ACM), and resource allocation. modulation, and resource allocation.
9.5. Sub-Network Protocol (SNP) Services 9.5. SNP Services
The data link service provides functions required for the transfer of The DLS provides functions required for the transfer of user plane
user plane data and control plane data over the LDACS sub-network. data and control plane data over the LDACS sub-network.
The security service provides functions for secure communication over The security service provides functions for secure communication over
the LDACS sub-network. Note that the SNP security service applies the LDACS sub-network. Note that the SNP security service applies
cryptographic measures as configured by the ground station cryptographic measures as configured by the GSC.
controller.
10. Security Considerations 10. Security Considerations
10.1. Reasons for Wireless Digital Aeronautical Communications 10.1. Reasons for Wireless Digital Aeronautical Communications
Aviation will require secure exchanges of data and voice messages for Aviation will require secure exchanges of data and voice messages for
managing the air-traffic flow safely through the airspaces all over managing the air-traffic flow safely through the airspaces all over
the world. Historically Communication Navigation Surveillance (CNS) the world. Historically Communication Navigation Surveillance (CNS)
wireless communications technology emerged from military and a threat wireless communications technology emerged from military and a threat
landscape where inferior technological and financial capabilities of landscape where inferior technological and financial capabilities of
skipping to change at page 23, line 26 skipping to change at page 23, line 6
aeronautical VHF band. Currently, the information security is purely aeronautical VHF band. Currently, the information security is purely
procedural based by using well-trained personnel and proven procedural based by using well-trained personnel and proven
communications procedures. This communication method has been in communications procedures. This communication method has been in
service since 1948. However since the emergence of civil service since 1948. However since the emergence of civil
aeronautical CNS application and today, the world has changed. First aeronautical CNS application and today, the world has changed. First
of all civil applications have significant lower spectrum available of all civil applications have significant lower spectrum available
than military applications. This means several military defense than military applications. This means several military defense
mechanisms such as frequency hopping or pilot symbol scrambling and mechanisms such as frequency hopping or pilot symbol scrambling and
thus a defense-in-depth approach starting at the physical layer is thus a defense-in-depth approach starting at the physical layer is
impossible for civil systems. With the rise of cheap Software impossible for civil systems. With the rise of cheap Software
Defined Radios (SDR), the previously existing financial barrier is Defined Radios, the previously existing financial barrier is almost
almost gone and open source projects such as GNU radio [GNU2012] gone and open source projects such as GNU radio [GNU2012] allow the
allow the new type of unsophisticated listeners and possible new type of unsophisticated listeners and possible attackers.
attackers. Furthermore most CNS technology developed in ICAO relies Furthermore most CNS technology developed in ICAO relies on open
on open standards, thus syntax and semantics of wireless digital standards, thus syntax and semantics of wireless digital aeronautical
aeronautical communications can be common knowledge for attackers. communications can be common knowledge for attackers. Finally with
Finally with increased digitization and automation of civil aviation increased digitization and automation of civil aviation the human as
the human as control instance is being taken gradually out of the control instance is being taken gradually out of the loop.
loop. Autonomous transport drones or single piloted aircraft Autonomous transport drones or single piloted aircraft demonstrate
demonstrate this trend. However without profound cybersecurity this trend. However without profound cybersecurity measures such as
measures such as authenticity and integrity checks of messages in- authenticity and integrity checks of messages in-transit on the
transit on the wireless link or mutual entity authentication, this wireless link or mutual entity authentication, this lack of a control
lack of a control instance can prove disastrous. Thus future digital instance can prove disastrous. Thus future digital communications
communications waveforms will need additional embedded security waveforms will need additional embedded security features to fulfill
features to fulfill modern information security requirements like modern information security requirements like authentication and
authentication and integrity. However, these security features integrity. However, these security features require sufficient
require sufficient bandwidth which is beyond the capabilities of a bandwidth which is beyond the capabilities of a VHF narrowband
VHF narrowband communications system. For voice and data communications system. For voice and data communications, sufficient
communications, sufficient data throughput capability is needed to data throughput capability is needed to support the security
support the security functions while not degrading performance. functions while not degrading performance. LDACS is a data link
LDACS is a data link technology with sufficient bandwidth to technology with sufficient bandwidth to incorporate security without
incorporate security without losing too much user throughput. losing too much user throughput.
As digitalization progresses even further with LDACS and automated As digitalization progresses even further with LDACS and automated
procedures such as 4D-Trajectories allowing semi-automated en-route procedures such as 4D-Trajectories allowing semi-automated en-route
flying of aircraft, LDACS requires stronger cybersecurity measures. flying of aircraft, LDACS requires stronger cybersecurity measures.
10.2. Requirements for LDACS 10.2. Requirements for LDACS
Overall there are several business goals for cybersecurity to protect Overall there are several business goals for cybersecurity to protect
in future communication infrastructure in civil aviation: in FCI in civil aviation:
1. Safety: The system must sufficiently mitigate attacks, which 1. Safety: The system must sufficiently mitigate attacks, which
contribute to safety hazards. contribute to safety hazards.
2. Flight regularity: The system must sufficiently mitigate attacks, 2. Flight regularity: The system must sufficiently mitigate attacks,
which contribute to delays, diversions, or cancellations of which contribute to delays, diversions, or cancellations of
flights. flights.
3. Protection of business interests: The system must sufficiently 3. Protection of business interests: The system must sufficiently
mitigate attacks which result in financial loss, reputation mitigate attacks which result in financial loss, reputation
damage, disclosure of sensitive proprietary information, or damage, disclosure of sensitive proprietary information, or
disclosure of personal information. disclosure of personal information.
To further analyze assets and derive threats and thus protection To further analyze assets and derive threats and thus protection
scenarios several Threat-and Risk Analysis were performed for LDACS scenarios several Threat-and Risk Analysis were performed for LDACS
[MAE20181] , [MAE20191]. These results allowed deriving security [MAE20181] , [MAE20191]. These results allowed deriving security
scope and objectives from the requirements and the conducted Threat- scope and objectives from the requirements and the conducted Threat-
and Risk Analysis. and Risk Analysis.
10.3. Security Objectives for LDACS 10.3. Security Objectives for LDACS
Security considerations for LDACS are defined by the official ICAO Security considerations for LDACS are defined by the official
SARPS [ICA2018]: Standards And Recommended Practices document by ICAO [ICA2018]:
1. LDACS shall provide a capability to protect the availability and 1. LDACS shall provide a capability to protect the availability and
continuity of the system. continuity of the system.
2. LDACS shall provide a capability including cryptographic 2. LDACS shall provide a capability including cryptographic
mechanisms to protect the integrity of messages in transit. mechanisms to protect the integrity of messages in transit.
3. LDACS shall provide a capability to ensure the authenticity of 3. LDACS shall provide a capability to ensure the authenticity of
messages in transit. messages in transit.
4. LDACS should provide a capability for nonrepudiation of origin 4. LDACS should provide a capability for nonrepudiation of origin
for messages in transit. for messages in transit.
5. LDACS should provide a capability to protect the confidentiality 5. LDACS should provide a capability to protect the confidentiality
skipping to change at page 25, line 15 skipping to change at page 24, line 44
10.4. Security Functions for LDACS 10.4. Security Functions for LDACS
These objectives were used to derive several security functions for These objectives were used to derive several security functions for
LDACS required to be integrated in the LDACS cybersecurity LDACS required to be integrated in the LDACS cybersecurity
architecture: (1) Identification, (2) Authentication, (3) architecture: (1) Identification, (2) Authentication, (3)
Authorization, (4) Confidentiality, (5) System Integrity, (6) Data Authorization, (4) Confidentiality, (5) System Integrity, (6) Data
Integrity, (7) Robustness, (8) Reliability, (9) Availability, and Integrity, (7) Robustness, (8) Reliability, (9) Availability, and
(10) Key and Trust Management. Several works investigated possible (10) Key and Trust Management. Several works investigated possible
measures to implement these security functions [BIL2017], [MAE20181], measures to implement these security functions [BIL2017], [MAE20181],
[MAE20191]. Having identified security requirements, objectives and [MAE20191]. Having identified security requirements, objectives and
functions now we must look at the scope of the applicability of these functions it MUST be ensured that they are applicable.
functions.
10.5. Security Architectural Details for LDACS 10.5. Security Architectural Details for LDACS
With requirements out of the way, we want to have a look at the scope The requirements lead to a LDACS security model including different
of the LDACS security model. This includes looking at the entities, entities for identification, authentication and authorization
identification, authentication and authorization of entities, purposes ensuring integrity, authenticity and confidentiality of data
integrity, authenticity and confidentiality of data in-transit and in-transit especially.
more.
10.5.1. Entities in LDACS Security Model 10.5.1. Entities in LDACS Security Model
First of all the question is what entities do we have in a simplified A simplified LDACS architectural modelrequires the following
LDACS architectural model: Network operators such as the Societe entities: Network operators such as the Societe Internationale de
Internationale de Telecommunications Aeronautiques (SITA) [SIT2020] Telecommunications Aeronautiques (SITA) [SIT2020] and ARINC [ARI2020]
and ARINC [ARI2020] are providing access to the (1) Ground IPS are providing access to the (1) Ground IPS network via an (2) A2G
network via an (2) A2G LDACS Router. This router is attached to a LDACS Router. This router is attached to a closed off LDACS Access
closed off LDACS Access Network (3) which connects via further (4) Network (3) which connects via further (4) Access Routers to the
Access Routers to the different (5) LDACS Cell Ranges, each different (5) LDACS Cell Ranges, each controlled by a (6) GSC and
controlled by a (6) Ground Station Controller (GSC) and spanning a spanning a local LDACS Access Network connecting to the (7) GSs that
local LDACS Access Network connecting to the (7) Ground Stations (GS) serve one LDACS cell. Via the (8) A2G wireless LDACS data link (9)
that serve one LDACS cell. Via the (8) A2G wireless LDACS data link AS the aircraft is connected to the ground network and via the (10)
(9) Airborne Stations (AS) the aircraft is connected to the ground aircrafts's VI and (11) aircraft's network interface, aircraft's data
network and via the (10) airborne voice interface and (11) airborne can be sent via the AS back to the GS and the forwarded back via GSC,
network interface, airborne data can be sent via the AS back to the LDACS local access network, access routers, LDACS access network, A2G
GS and the forwarded back via GSC, LDACS local access network, access LDACS router to the ground IPS network.
routers, LDACS access network, A2G LDACS router to the ground IPS
network.
10.5.2. Matter of LDACS Entity Identification 10.5.2. Matter of LDACS Entity Identification
Each entity described in the sections above must be uniquely LDACS needs specific identities for (1) the AS, (2) the GS, (3) the
identified within the LDACS network thus we need LDACS specific GSC and (4) the Network Operator. The aircraft itself can be
identities for (1) the Aircraft Station (AS), (2) Ground Station identified using the ICAO unique address of an aircraft, the call
(GS), (3) Ground Station Controller (GSC) and (4) Network Operator sign of that aircraft or the recently founded Privacy ICAO Address
(NO). The aircraft itself can be identified using the ICAO unique (PIA) program [FAA2020]. It is conceivable that the LDACS AS will
address of an aircraft, the call sign of that aircraft or the use a combination of aircraft identification, radio component
recently founded Privacy ICAO Address (PIA) program [FAA2020]. It is identification such as MAC addresses and even operator features
conceivable that the LDACS AS will use a combination of aircraft identification to create a unique AS LDACS identification tag.
identification, radio component identification such as MAC addresses Similar to a 4G's eNodeB Serving Network (SN) Identification tag, a
and even operator features identification to create a unique AS LDACS GS could be identified using a similar field. And again similar to
identification tag. Similar to a 4G's eNodeB Serving Network (SN) 4G's Mobility Management Entities (MME), a GSC could be identified
Identification tag, a GS could be identified using a similar field. using similar identification fields within the LDACS network. The
And again similar to 4G's Mobility Management Entities (MME), a GSC identification of the network operator is again similar to 4G (e.g.,
could be identified using similar identification fields within the E-Plus, AT&T, and TELUS), in the way that the aeronautical network
LDACS network. The identification of the network operator is again operators are listed (e.g., ARINC [ARI2020] and SITA [SIT2020]).
similar to 4G (e.g., E-Plus, AT&T, TELUS, ...), in the way that the
aeronautical network operators are listed (e.g., ARINC [ARI2020] and
SITA [SIT2020]).
10.5.3. Matter of LDACS Entity Authentication and Key Negotiation 10.5.3. Matter of LDACS Entity Authentication and Key Negotiation
In order to anchor Trust within the system all LDACS entities In order to anchor Trust within the system all LDACS entities
connected to the ground IPS network shall be rooted in an LDACS connected to the ground IPS network shall be rooted in an LDACS
specific chain-of-trust and PKI solution, quite similar to AeroMACS specific chain-of-trust and PKI solution, quite similar to AeroMACS
approach [CRO2016]. These X.509 certificates [RFC5280] residing at approach [CRO2016]. These X.509 certificates [RFC5280] residing at
the entities and incorporated in the LDACS PKI proof the ownership of the entities and incorporated in the LDACS PKI proof the ownership of
their respective public key, include information about the identity their respective public key, include information about the identity
of the owner and the digital signature of the entity that has of the owner and the digital signature of the entity that has
verified the certificate's content. First all ground infrastructures verified the certificate's content. First all ground infrastructures
must mutually authenticate to each other, negotiate and derive keys must mutually authenticate to each other, negotiate and derive keys
and thus secure all ground connections. How this process is handled and, thus, secure all ground connections. How this process is
in detail is still an ongoing discussion. However, established handled in detail is still an ongoing discussion. However,
methods to secure user plane by IPSec [RFC4301] and IKEv2 [RFC7296] established methods to secure user plane by IPSec [RFC4301] and IKEv2
or the application layer via TLS 1.3 [RFC8446] are conceivable. The [RFC7296] or the application layer via TLS 1.3 [RFC8446] are
LDACS PKI with their chain-of-trust approach, digital certificates conceivable. The LDACS PKI with their chain-of-trust approach,
and public entity keys lay the groundwork for this step. In a second digital certificates and public entity keys lay the groundwork for
step the aircraft with the LDACS radio (AS) approaches an LDACS cell this step. In a second step the AS with the LDACS radio approaches
and performs a cell entry with the corresponding groundstation (GS). an LDACS cell and performs a cell entry with the corresponding GS.
Similar to the LTE cell attachment process [TS33.401], where Similar to the LTE cell attachment process [TS33.401], where
authentication happens after basic communication has been enabled authentication happens after basic communication has been enabled
between AS and GS (step 5a in the UE attachment process [TS33.401]), between AS and GS (step 5a in the UE attachment process [TS33.401]),
the next step is mutual authentication and key exchange. Thus in the next step is mutual authentication and key exchange. Hence, in
step three using the identity based Station-to-Station (STS) protocol step three using the identity based Station-to-Station (STS) protocol
with Diffie-Hellman Key Exchange [MAE2020], AS and GS establish with Diffie-Hellman Key Exchange [MAE2020], AS and GS establish
mutual trust by authenticating each other, exchanging key material mutual trust by authenticating each other, exchanging key material
and finally both ending up with derived key material. A key and finally both ending up with derived key material. A key
confirmation is mandatory before the communication channel AS-GS can confirmation is mandatory before the communication channel between
be opened for user-data communications. the AS and the GS can be opened for user-data communications.
10.5.4. Matter of LDACS Message-in-transit Confidentiality, Integrity 10.5.4. Matter of LDACS Message-in-transit Confidentiality, Integrity
and Authenticity and Authenticity
The subsequent key material from the previous step can then be used The subsequent key material from the previous step can then be used
to protect LDACS Layer 2 communications via applying encryption and to protect LDACS Layer 2 communications via applying encryption and
integrity protection measures on the SNP layer of the LDACS protocol integrity protection measures on the SNP layer of the LDACS protocol
stack. As LDACS transports AOC and ATS data, the integrity of that stack. As LDACS transports AOC and ATS data, the integrity of that
data is most important, while confidentiality only needs to be data is most important, while confidentiality only needs to be
applied to AOC data to protect business interests [ICA2018]. This applied to AOC data to protect business interests [ICA2018]. This
possibility of providing low layered confidentiality and integrity possibility of providing low layered confidentiality and integrity
protection ensures a secure delivery of user data over the air gap. protection ensures a secure delivery of user data over the air gap.
Furthermore it ensures integrity protection of LDACS control data. Furthermore it ensures integrity protection of LDACS control data.
10.6. Security Architecture for LDACS 10.6. Security Architecture for LDACS
Summing up all previous paragraphs, a draft of the cybersecurity A draft of the cybersecurity architecture of LDACS can be found in
architecture of LDACS can be found in [ICA2018], [MAE20182] and [ICA2018] and [MAE20182] and respective updates in [MAE20191],
updates in [MAE20191], [MAE20192], [MAE2020]. It proposes the use of [MAE20192], and [MAE2020]. It proposes the use of an own LDACS PKI,
an own LDACS PKI, identity management based on aircraft identities identity management based on aircraft identities and network operator
and network operator identities (e.g., SITA and ARINC), public key identities (e.g., SITA and ARINC), public key certificates
certificates incorporated in the PKI based chain-of-trust and stored incorporated in the PKI based chain-of-trust and stored in the
in the entities allowing for mutual authentication and key exchange entities allowing for mutual authentication and key exchange
procedures, key derivation mechanisms for perfect forward secrecy and procedures, key derivation mechanisms for perfect forward secrecy and
user/control plane message-in-transit integrity and confidentiality user/control plane message-in-transit integrity and confidentiality
protection. This secures data traveling over the airgap between protection. This secures data traveling over the airgap between AS
aircraft and groundstation and also between groundstation and Air and GS and also between GS and ANSP regardless of the secure or
Navigation Service Provider regardless of the secure or unsecure unsecure nature of application data. Of course application data
nature of application data. Of course application data itself must itself must be additionally secured to achieve end-to-end security
be additionally secured to achieve end-to-end security (secure (secure dialogue service), however the LDACS datalinks aims to
dialogue service), however the LDACS datalinks aims to provide an provide an additional layer of protection just for this network
additional layer of protection just for this network segment. segment.
11. Privacy Considerations 11. Privacy Considerations
LDACS provides a Quality of Service (QoS), and the generic LDACS provides a Quality-of-Service, and the generic considerations
considerations for such mechanisms apply. for such mechanisms apply.
12. IANA Considerations 12. IANA Considerations
This memo includes no request to IANA. This memo includes no request to IANA.
13. Acknowledgements 13. Acknowledgements
Thanks to all contributors to the development of LDACS and ICAO PT-T. Thanks to all contributors to the development of LDACS and ICAO PT-T.
Thanks to Klaus-Peter Hauf, Bart Van Den Einden, and Pierluigi Thanks to Klaus-Peter Hauf, Bart Van Den Einden, and Pierluigi
skipping to change at page 31, line 36 skipping to change at page 30, line 52
cases-04>. cases-04>.
Appendix A. Selected Information from DO-350A Appendix A. Selected Information from DO-350A
This appendix includes the continuity, availability, and integrity This appendix includes the continuity, availability, and integrity
requirements interesting for LDACS defined in [DO350A]. requirements interesting for LDACS defined in [DO350A].
The following terms are used here: The following terms are used here:
CPDLC Controller Pilot Data Link Communication CPDLC Controller Pilot Data Link Communication
DT Nominal Time value for RSP DT Delivery Time (nominal) value for RSP
ET Operational Time value for RCP ET Expiration Time value for RCP
FH Flight Hour FH Flight Hour
MA Monitoring and Alerting criteria MA Monitoring and Alerting criteria
OT Operational Time value for RSP OT Overdue Delivery Time value for RSP
RCP Required Communication Performance RCP Required Communication Performance
RSP Required Surveillance Performance RSP Required Surveillance Performance
TT Nominal Time value for RCP TT Transaction Time (nominal) value for RCP
+========================+=============+=============+ +========================+=============+=============+
| | ECP 130 | ECP 130 | | | ECP 130 | ECP 130 |
+========================+=============+=============+ +========================+=============+=============+
| Parameter | ET | TT95% | | Parameter | ET | TT95% |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
| Transaction Time (sec) | 130 | 67 | | Transaction Time (sec) | 130 | 67 |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
| Continuity | 0.999 | 0.95 | | Continuity | 0.999 | 0.95 |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
| Availability | 0.989 | 0.989 | | Availability | 0.989 | 0.989 |
 End of changes. 95 change blocks. 
329 lines changed or deleted 303 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/