| < draft-ietf-raw-ldacs-04.txt | draft-ietf-raw-ldacs-05.txt > | |||
|---|---|---|---|---|
| RAW N. Maeurer, Ed. | RAW N. Maeurer, Ed. | |||
| Internet-Draft T. Graeupl, Ed. | Internet-Draft T. Graeupl, Ed. | |||
| Intended status: Informational German Aerospace Center (DLR) | Intended status: Informational German Aerospace Center (DLR) | |||
| Expires: 2 May 2021 C. Schmitt, Ed. | Expires: 5 May 2021 C. Schmitt, Ed. | |||
| Research Institute CODE, UniBwM | Research Institute CODE, UniBwM | |||
| 29 October 2020 | 1 November 2020 | |||
| L-band Digital Aeronautical Communications System (LDACS) | L-band Digital Aeronautical Communications System (LDACS) | |||
| draft-ietf-raw-ldacs-04 | draft-ietf-raw-ldacs-05 | |||
| Abstract | Abstract | |||
| This document provides an overview of the architecture of the L-band | This document provides an overview of the architecture of the L-band | |||
| Digital Aeronautical Communications System (LDACS), which provides a | Digital Aeronautical Communications System (LDACS), which provides a | |||
| secure, scalable and spectrum efficient terrestrial data link for | secure, scalable and spectrum efficient terrestrial data link for | |||
| civil aviation. LDACS is a scheduled, reliable multi-application | civil aviation. LDACS is a scheduled, reliable multi-application | |||
| cellular broadband system with support for IPv6. LDACS shall provide | cellular broadband system with support for IPv6. LDACS SHALL provide | |||
| a data link for IP network-based aircraft guidance. High reliability | a data link for IP network-based aircraft guidance. High reliability | |||
| and availability for IP connectivity over LDACS are therefore | and availability for IP connectivity over LDACS are therefore | |||
| essential. | essential. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 2 May 2021. | This Internet-Draft will expire on 5 May 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Simplified BSD License text | extracted from this document must include Simplified BSD License text | |||
| as described in Section 4.e of the Trust Legal Provisions and are | as described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Simplified BSD License. | provided without warranty as described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | ||||
| 3. Motivation and Use Cases . . . . . . . . . . . . . . . . . . 5 | 3. Motivation and Use Cases . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. Voice Communications Today . . . . . . . . . . . . . . . 5 | 3.1. Voice Communications Today . . . . . . . . . . . . . . . 5 | |||
| 3.2. Data Communications Today . . . . . . . . . . . . . . . . 6 | 3.2. Data Communications Today . . . . . . . . . . . . . . . . 6 | |||
| 4. Provenance and Documents . . . . . . . . . . . . . . . . . . 7 | 4. Provenance and Documents . . . . . . . . . . . . . . . . . . 7 | |||
| 5. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 8 | 5. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 8 | 5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 8 | |||
| 5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 8 | 5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 8 | 5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 9 | 5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 9 | |||
| 5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 9 | 5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| skipping to change at page 3, line 30 ¶ | skipping to change at page 3, line 31 ¶ | |||
| One of the main pillars of the modern Air Traffic Management (ATM) | One of the main pillars of the modern Air Traffic Management (ATM) | |||
| system is the existence of a communication infrastructure that | system is the existence of a communication infrastructure that | |||
| enables efficient aircraft control and safe separation in all phases | enables efficient aircraft control and safe separation in all phases | |||
| of flight. Current systems are technically mature but suffering from | of flight. Current systems are technically mature but suffering from | |||
| the VHF band's increasing saturation in high-density areas and the | the VHF band's increasing saturation in high-density areas and the | |||
| limitations posed by analogue radio communications. Therefore, | limitations posed by analogue radio communications. Therefore, | |||
| aviation globally and the European Union (EU) in particular, strives | aviation globally and the European Union (EU) in particular, strives | |||
| for a sustainable modernization of the aeronautical communication | for a sustainable modernization of the aeronautical communication | |||
| infrastructure. | infrastructure. | |||
| In the long-term, ATM communication shall transition from analogue | In the long-term, ATM communication SHALL transition from analogue | |||
| VHF voice and VDLM2 communication to more spectrum efficient digital | VHF voice and VDLM2 communication to more spectrum efficient digital | |||
| data communication. The European ATM Master Plan foresees this | data communication. The European ATM Master Plan foresees this | |||
| transition to be realized for terrestrial communications by the | transition to be realized for terrestrial communications by the | |||
| development (and potential implementation) of the L-band Digital | development (and potential implementation) of the L-band Digital | |||
| Aeronautical Communications System (LDACS). LDACS shall enable IPv6 | Aeronautical Communications System (LDACS). LDACS SHALL enable IPv6 | |||
| based air- ground communication related to the aviation safety and | based air- ground communication related to the aviation safety and | |||
| regularity of flight. The particular challenge is that no additional | regularity of flight. The particular challenge is that no additional | |||
| spectrum can be made available for terrestrial aeronautical | spectrum can be made available for terrestrial aeronautical | |||
| communication. It was thus necessary to develop co-existence | communication. It was thus necessary to develop co-existence | |||
| mechanism/procedures to enable the interference free operation of | mechanism/procedures to enable the interference free operation of | |||
| LDACS in parallel with other aeronautical services/systems in the | LDACS in parallel with other aeronautical services/systems in the | |||
| same frequency band. | same frequency band. | |||
| Since LDACS shall be used for aircraft guidance, high reliability and | Since LDACS SHALL be used for aircraft guidance, high reliability and | |||
| availability for IP connectivity over LDACS are essential. | availability for IP connectivity over LDACS are essential. | |||
| 1.1. Requirements Language | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | ||||
| 2. Terminology | 2. Terminology | |||
| The following terms are used in the context of RAW in this document: | The following terms are used in the context of RAW in this document: | |||
| A2A Air-to-Air | A2A Air-to-Air | |||
| AeroMACS Aeronautical Mobile Airport Communication System | AeroMACS Aeronautical Mobile Airport Communication System | |||
| A2G Air-to-Ground | A2G Air-to-Ground | |||
| ACARS Aircraft Communications Addressing and Reporting System | ACARS Aircraft Communications Addressing and Reporting System | |||
| ADS-C Automatic Dependent Surveillance - Contract | ADS-C Automatic Dependent Surveillance - Contract | |||
| AM(R)S Aeronautical Mobile (Route) Service | AM(R)S Aeronautical Mobile (Route) Service | |||
| skipping to change at page 5, line 14 ¶ | skipping to change at page 5, line 25 ¶ | |||
| VHF Very High Frequency | VHF Very High Frequency | |||
| VI Voice Interface | VI Voice Interface | |||
| 3. Motivation and Use Cases | 3. Motivation and Use Cases | |||
| Aircraft are currently connected to Air-Traffic Control (ATC) and | Aircraft are currently connected to Air-Traffic Control (ATC) and | |||
| Aeronautical Operational Control (AOC) via voice and data | Aeronautical Operational Control (AOC) via voice and data | |||
| communications systems through all phases of a flight. Within the | communications systems through all phases of a flight. Within the | |||
| airport terminal, connectivity is focused on high bandwidth | airport terminal, connectivity is focused on high bandwidth | |||
| communications, while during en-route high reliability, robustness, | communications, while during en-route high reliability, robustness, | |||
| and range is the main focus. Voice communications may use the same | and range is the main focus. Voice communications MAY use the same | |||
| or different equipment as data communications systems. In the | or different equipment as data communications systems. In the | |||
| following the main differences between voice and data communications | following the main differences between voice and data communications | |||
| capabilities are summarized. The assumed use cases for LDACS | capabilities are summarized. The assumed use cases for LDACS | |||
| completes the list of use cases stated in [RAW-USE-CASES] and the | completes the list of use cases stated in [RAW-USE-CASES] and the | |||
| list of reliable and available wireless technologies presented in | list of reliable and available wireless technologies presented in | |||
| [RAW-TECHNOS]. | [RAW-TECHNOS]. | |||
| 3.1. Voice Communications Today | 3.1. Voice Communications Today | |||
| Voice links are used for Air-to-Ground (A2G) and Air-to-Air (A2A) | Voice links are used for Air-to-Ground (A2G) and Air-to-Air (A2A) | |||
| communications. The communication equipment is either ground-based | communications. The communication equipment is either ground-based | |||
| working in the High Frequency (HF) or Very High Frequency (VHF) | working in the High Frequency (HF) or Very High Frequency (VHF) | |||
| frequency band or satellite-based. All VHF and HF voice | frequency band or satellite-based. All VHF and HF voice | |||
| communications is operated via open broadcast channels without | communications is operated via open broadcast channels without | |||
| authentication, encryption or other protective measures. The use of | authentication, encryption or other protective measures. The use of | |||
| well-proven communication procedures via broadcast channels helps to | well-proven communication procedures via broadcast channels helps to | |||
| enhance the safety of communications by taking into account that | enhance the safety of communications by taking into account that | |||
| other users may encounter communication problems and may be | other users MAY encounter communication problems and MAY be | |||
| supported, if required. The main voice communications media is still | supported, if REQUIRED. The main voice communications media is still | |||
| the analogue VHF Double Side-Band Amplitude Modulation (DSB-AM) | the analogue VHF Double Side-Band Amplitude Modulation (DSB-AM) | |||
| communications technique, supplemented by HF Single Side-Band | communications technique, supplemented by HF Single Side-Band | |||
| Amplitude Modulation and satellite communications for remote and | Amplitude Modulation and satellite communications for remote and | |||
| oceanic areas. DSB-AM has been in use since 1948, works reliably and | oceanic areas. DSB-AM has been in use since 1948, works reliably and | |||
| safely, and uses low-cost communication equipment. These are the | safely, and uses low-cost communication equipment. These are the | |||
| main reasons why VHF DSB-AM communications is still in use, and it is | main reasons why VHF DSB-AM communications is still in use, and it is | |||
| likely that this technology will remain in service for many more | likely that this technology will remain in service for many more | |||
| years. This however results in current operational limitations and | years. This however results in current operational limitations and | |||
| impediments in deploying new Air-Traffic Management (ATM) | impediments in deploying new Air-Traffic Management (ATM) | |||
| applications, such as flight-centric operation with Point-to-Point | applications, such as flight-centric operation with Point-to-Point | |||
| skipping to change at page 6, line 18 ¶ | skipping to change at page 6, line 23 ¶ | |||
| provided by ground-based equipment operating either on HF or VHF | provided by ground-based equipment operating either on HF or VHF | |||
| radio bands or by legacy satellite systems. All these communication | radio bands or by legacy satellite systems. All these communication | |||
| systems are using narrowband radio channels with a data throughput | systems are using narrowband radio channels with a data throughput | |||
| capacity in order of kilobits per second. While the aircraft is on | capacity in order of kilobits per second. While the aircraft is on | |||
| ground some additional communications systems are available, like the | ground some additional communications systems are available, like the | |||
| Aeronautical Mobile Airport Communication System (AeroMACS) or public | Aeronautical Mobile Airport Communication System (AeroMACS) or public | |||
| cellular networks, operating in the Airport (APT) domain and able to | cellular networks, operating in the Airport (APT) domain and able to | |||
| deliver broadband communication capability. | deliver broadband communication capability. | |||
| The data communication networks used for the transmission of data | The data communication networks used for the transmission of data | |||
| relating to the safety and regularity of the flight must be strictly | relating to the safety and regularity of the flight MUST be strictly | |||
| isolated from those providing entertainment services to passengers. | isolated from those providing entertainment services to passengers. | |||
| This leads to a situation that the flight crews are supported by | This leads to a situation that the flight crews are supported by | |||
| narrowband services during flight while passengers have access to | narrowband services during flight while passengers have access to | |||
| inflight broadband services. The current HF and VHF data links | inflight broadband services. The current HF and VHF data links | |||
| cannot provide broadband services now or in the future, due to the | cannot provide broadband services now or in the future, due to the | |||
| lack of available spectrum. This technical shortcoming is becoming a | lack of available spectrum. This technical shortcoming is becoming a | |||
| limitation to enhanced ATM operations, such as Trajectory-Based | limitation to enhanced ATM operations, such as Trajectory-Based | |||
| Operations and 4D trajectory negotiations. | Operations and 4D trajectory negotiations. | |||
| Satellite-based communications are currently under investigation and | Satellite-based communications are currently under investigation and | |||
| skipping to change at page 7, line 37 ¶ | skipping to change at page 7, line 37 ¶ | |||
| LDACS in the open. | LDACS in the open. | |||
| Up to now LDACS standardization has been focused on the development | Up to now LDACS standardization has been focused on the development | |||
| of the physical layer and the data link layer, only recently have | of the physical layer and the data link layer, only recently have | |||
| higher layers come into the focus of the LDACS development | higher layers come into the focus of the LDACS development | |||
| activities. There is currently no "IPv6 over LDACS" specification | activities. There is currently no "IPv6 over LDACS" specification | |||
| publicly available; however, SESAR2020 has started the testing of | publicly available; however, SESAR2020 has started the testing of | |||
| IPv6-based LDACS testbeds. | IPv6-based LDACS testbeds. | |||
| The IPv6 architecture for the aeronautical telecommunication network | The IPv6 architecture for the aeronautical telecommunication network | |||
| is called the Future Communications Infrastructure (FCI). FCI shall | is called the Future Communications Infrastructure (FCI). FCI SHALL | |||
| support quality of service, diversity, and mobility under the | support quality of service, diversity, and mobility under the | |||
| umbrella of the "multi-link concept". This work is conducted by ICAO | umbrella of the "multi-link concept". This work is conducted by ICAO | |||
| Communication Panel working group WG-I. | Communication Panel working group WG-I. | |||
| In addition to standardization activities several industrial LDACS | In addition to standardization activities several industrial LDACS | |||
| prototypes have been built. One set of LDACS prototypes has been | prototypes have been built. One set of LDACS prototypes has been | |||
| evaluated in flight trials confirming the theoretical results | evaluated in flight trials confirming the theoretical results | |||
| predicting the system performance [GRA2018] [SCH20191]. | predicting the system performance [GRA2018] [SCH20191]. | |||
| 5. Applicability | 5. Applicability | |||
| skipping to change at page 8, line 17 ¶ | skipping to change at page 8, line 17 ¶ | |||
| LDACS is a multi-application cellular broadband system capable of | LDACS is a multi-application cellular broadband system capable of | |||
| simultaneously providing various kinds of Air Traffic Services | simultaneously providing various kinds of Air Traffic Services | |||
| (including ATS-B3) and AOC communications services from deployed | (including ATS-B3) and AOC communications services from deployed | |||
| Ground-Stations (GS). The LDACS A2G sub-system physical layer and | Ground-Stations (GS). The LDACS A2G sub-system physical layer and | |||
| data link layer are optimized for data link communications, but the | data link layer are optimized for data link communications, but the | |||
| system also supports digital air-ground voice communications. | system also supports digital air-ground voice communications. | |||
| LDACS supports communication in all airspaces (airport, terminal | LDACS supports communication in all airspaces (airport, terminal | |||
| maneuvering area, and en-route), and on the airport surface. The | maneuvering area, and en-route), and on the airport surface. The | |||
| physical LDACS cell coverage is effectively de-coupled from the | physical LDACS cell coverage is effectively de-coupled from the | |||
| operational coverage required for a particular service. This is new | operational coverage REQUIRED for a particular service. This is new | |||
| in aeronautical communications. Services requiring wide-area | in aeronautical communications. Services requiring wide-area | |||
| coverage can be installed at several adjacent LDACS cells. The | coverage can be installed at several adjacent LDACS cells. The | |||
| handover between the involved LDACS cells is seamless, automatic, and | handover between the involved LDACS cells is seamless, automatic, and | |||
| transparent to the user. Therefore, the LDACS A2G communications | transparent to the user. Therefore, the LDACS A2G communications | |||
| concept enables the aeronautical communication infrastructure to | concept enables the aeronautical communication infrastructure to | |||
| support future dynamic airspace management concepts. | support future dynamic airspace management concepts. | |||
| 5.1. Advances Beyond the State-of-the-Art | 5.1. Advances Beyond the State-of-the-Art | |||
| LDACS offers several capabilities that are not provided in | LDACS offers several capabilities that are not provided in | |||
| skipping to change at page 9, line 16 ¶ | skipping to change at page 9, line 16 ¶ | |||
| The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the | The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the | |||
| forward link (FL) for the connection Ground-to-Air (G2A), and 294 | forward link (FL) for the connection Ground-to-Air (G2A), and 294 | |||
| kbit/s to 1390 kbit/s on the reverse link (RF) for the connection | kbit/s to 1390 kbit/s on the reverse link (RF) for the connection | |||
| A2G, depending on coding and modulation. This is 50 times the amount | A2G, depending on coding and modulation. This is 50 times the amount | |||
| terrestrial digital aeronautical communications systems such as VDLM2 | terrestrial digital aeronautical communications systems such as VDLM2 | |||
| provide [SCH20191]. | provide [SCH20191]. | |||
| 5.2. Application | 5.2. Application | |||
| LDACS shall be used by several aeronautical applications ranging from | LDACS SHALL be used by several aeronautical applications ranging from | |||
| enhanced communication protocol stacks (multi-homed mobile IPv6 | enhanced communication protocol stacks (multi-homed mobile IPv6 | |||
| networks in the aircraft and potentially ad-hoc networks between | networks in the aircraft and potentially ad-hoc networks between | |||
| aircraft) to classical communication applications (sending GBAS | aircraft) to classical communication applications (sending GBAS | |||
| correction data) and integration with other service domains (using | correction data) and integration with other service domains (using | |||
| the communication signal for navigation). | the communication signal for navigation). | |||
| 5.2.1. Air-to-Ground Multilink | 5.2.1. Air-to-Ground Multilink | |||
| It is expected that LDACS together with upgraded satellite-based | It is expected that LDACS together with upgraded satellite-based | |||
| communications systems will be deployed within the FCI and constitute | communications systems will be deployed within the FCI and constitute | |||
| skipping to change at page 9, line 38 ¶ | skipping to change at page 9, line 38 ¶ | |||
| Both technologies, LDACS and satellite systems, have their specific | Both technologies, LDACS and satellite systems, have their specific | |||
| benefits and technical capabilities which complement each other. | benefits and technical capabilities which complement each other. | |||
| Especially, satellite systems are well-suited for large coverage | Especially, satellite systems are well-suited for large coverage | |||
| areas with less dense air traffic, e.g. oceanic regions. LDACS is | areas with less dense air traffic, e.g. oceanic regions. LDACS is | |||
| well-suited for dense air traffic areas, e.g. continental areas or | well-suited for dense air traffic areas, e.g. continental areas or | |||
| hot-spots around airports and terminal airspace. In addition, both | hot-spots around airports and terminal airspace. In addition, both | |||
| technologies offer comparable data link capacity and, thus, are well- | technologies offer comparable data link capacity and, thus, are well- | |||
| suited for redundancy, mutual back-up, or load balancing. | suited for redundancy, mutual back-up, or load balancing. | |||
| Technically the FCI multilink concept shall be realized by multi- | Technically the FCI multilink concept SHALL be realized by multi- | |||
| homed mobile IPv6 networks in the aircraft. The related protocol | homed mobile IPv6 networks in the aircraft. The related protocol | |||
| stack is currently under development by ICAO and the Single European | stack is currently under development by ICAO and the Single European | |||
| Sky ATM Research framework. | Sky ATM Research framework. | |||
| 5.2.2. Air-to-Air Extension for LDACS | 5.2.2. Air-to-Air Extension for LDACS | |||
| A potential extension of the multi-link concept is its extension to | A potential extension of the multi-link concept is its extension to | |||
| ad-hoc networks between aircraft. | ad-hoc networks between aircraft. | |||
| Direct A2A communication between aircrafts in terms of ad-hoc data | Direct A2A communication between aircrafts in terms of ad-hoc data | |||
| networks is currently considered a research topic since there is no | networks is currently considered a research topic since there is no | |||
| immediate operational need for it, although several possible use | immediate operational need for it, although several possible use | |||
| cases are discussed (digital voice, wake vortex warnings, and | cases are discussed (digital voice, wake vortex warnings, and | |||
| trajectory negotiation) [BEL2019]. It should also be noted that | trajectory negotiation) [BEL2019]. It SHOULD also be noted that | |||
| currently deployed analog VHF voice radios support direct voice | currently deployed analog VHF voice radios support direct voice | |||
| communication between aircraft, making a similar use case for digital | communication between aircraft, making a similar use case for digital | |||
| voice plausible. | voice plausible. | |||
| LDACS direct A2A is currently not part of standardization. | LDACS direct A2A is currently not part of standardization. | |||
| 5.2.3. Flight Guidance | 5.2.3. Flight Guidance | |||
| The FCI (and therefore LDACS) shall be used to host flight guidance. | The FCI (and therefore LDACS) SHALL be used to host flight guidance. | |||
| This is realized using three applications: | This is realized using three applications: | |||
| 1. Context Management (CM): The CM application shall manage the | 1. Context Management (CM): The CM application SHALL manage the | |||
| automatic logical connection to the ATC center currently | automatic logical connection to the ATC center currently | |||
| responsible to guide the aircraft. Currently this is done by the | responsible to guide the aircraft. Currently this is done by the | |||
| air crew manually changing VHF voice frequencies according to the | air crew manually changing VHF voice frequencies according to the | |||
| progress of the flight. The CM application automatically sets up | progress of the flight. The CM application automatically sets up | |||
| equivalent sessions. | equivalent sessions. | |||
| 2. Controller Pilot Data Link Communication (CPDLC): The CPDLC | 2. Controller Pilot Data Link Communication (CPDLC): The CPDLC | |||
| application provides the air crew with the ability to exchange | application provides the air crew with the ability to exchange | |||
| data messages similar to text messages with the currently | data messages similar to text messages with the currently | |||
| responsible ATC center. The CPDLC application shall take over | responsible ATC center. The CPDLC application SHALL take over | |||
| most of the communication currently performed over VHF voice and | most of the communication currently performed over VHF voice and | |||
| enable new services that do not lend themselves to voice | enable new services that do not lend themselves to voice | |||
| communication (e.g., trajectory negotiation). | communication (e.g., trajectory negotiation). | |||
| 3. Automatic Dependent Surveillance - Contract (ADS-C): ADS-C | 3. Automatic Dependent Surveillance - Contract (ADS-C): ADS-C | |||
| reports the position of the aircraft to the currently active ATC | reports the position of the aircraft to the currently active ATC | |||
| center. Reporting is bound to "contracts", i.e. pre-defined | center. Reporting is bound to "contracts", i.e. pre-defined | |||
| events related to the progress of the flight (i.e. the | events related to the progress of the flight (i.e. the | |||
| trajectory). ADS-C and CPDLC are the primary applications used to | trajectory). ADS-C and CPDLC are the primary applications used to | |||
| implement in-flight trajectory management. | implement in-flight trajectory management. | |||
| CM, CPDLC, and ADS-C are available on legacy datalinks, but not | CM, CPDLC, and ADS-C are available on legacy datalinks, but not | |||
| widely deployed and with limited functionality. | widely deployed and with limited functionality. | |||
| Further ATC applications may be ported to use the FCI or LDACS as | Further ATC applications MAY be ported to use the FCI or LDACS as | |||
| well. A notable application is GBAS for secure, automated landings: | well. A notable application is GBAS for secure, automated landings: | |||
| The Global Navigation Satellite System (GNSS) based Ground Based | The Global Navigation Satellite System (GNSS) based Ground Based | |||
| Augmentation System (GBAS) is used to improve the accuracy of GNSS to | Augmentation System (GBAS) is used to improve the accuracy of GNSS to | |||
| allow GNSS based instrument landings. This is realized by sending | allow GNSS based instrument landings. This is realized by sending | |||
| GNSS correction data (e.g., compensating ionospheric errors in the | GNSS correction data (e.g., compensating ionospheric errors in the | |||
| GNSS signal) to the aircraft's GNSS receiver via a separate data | GNSS signal) to the aircraft's GNSS receiver via a separate data | |||
| link. Currently the VDB data link is used. VDB is a narrow-band | link. Currently the VDB data link is used. VDB is a narrow-band | |||
| single-purpose datalink without advanced security only used to | single-purpose datalink without advanced security only used to | |||
| transmit GBAS correction data. This makes VDB a natural candidate | transmit GBAS correction data. This makes VDB a natural candidate | |||
| for replacement by LDACS. | for replacement by LDACS. | |||
| 5.2.4. Business Communication of Airlines | 5.2.4. Business Communication of Airlines | |||
| In addition to air traffic services AOC services shall be transmitted | In addition to air traffic services AOC services SHALL be transmitted | |||
| over LDACS. AOC is a generic term referring to the business | over LDACS. AOC is a generic term referring to the business | |||
| communication of airlines. Regulatory this is considered related to | communication of airlines. Regulatory this is considered related to | |||
| the safety and regularity of flight and may therefore be transmitted | the safety and regularity of flight and MAY therefore be transmitted | |||
| over LDACS. | over LDACS. | |||
| AOC communication is considered the main business case for LDACS | AOC communication is considered the main business case for LDACS | |||
| communication service providers since modern aircraft generate | communication service providers since modern aircraft generate | |||
| significant amounts of data (e.g., engine maintenance data). | significant amounts of data (e.g., engine maintenance data). | |||
| 5.2.5. LDACS Navigation | 5.2.5. LDACS Navigation | |||
| Beyond communication radio signals can always also be used for | Beyond communication radio signals can always also be used for | |||
| navigation. LDACS takes this into account. | navigation. LDACS takes this into account. | |||
| For future aeronautical navigation, ICAO recommends the further | For future aeronautical navigation, ICAO recommends the further | |||
| development of GNSS based technologies as primary means for | development of GNSS based technologies as primary means for | |||
| navigation. However, the drawback of GNSS is its inherent single | navigation. However, the drawback of GNSS is its inherent single | |||
| point of failure - the satellite. Due to the large separation | point of failure - the satellite. Due to the large separation | |||
| between navigational satellites and aircraft, the received power of | between navigational satellites and aircraft, the received power of | |||
| GNSS signals on the ground is very low. As a result, GNSS | GNSS signals on the ground is very low. As a result, GNSS | |||
| disruptions might occasionally occur due to unintentional | disruptions might occasionally occur due to unintentional | |||
| interference, or intentional jamming. Yet the navigation services | interference, or intentional jamming. Yet the navigation services | |||
| must be available with sufficient performance for all phases of | MUST be available with sufficient performance for all phases of | |||
| flight. Therefore, during GNSS outages, or blockages, an alternative | flight. Therefore, during GNSS outages, or blockages, an alternative | |||
| solution is needed. This is commonly referred to as Alternative | solution is needed. This is commonly referred to as Alternative | |||
| Positioning, Navigation, and Timing (APNT). | Positioning, Navigation, and Timing (APNT). | |||
| One of such APNT solution consists of integrating the navigation | One of such APNT solution consists of integrating the navigation | |||
| functionality into LDACS. The ground infrastructure for APNT is | functionality into LDACS. The ground infrastructure for APNT is | |||
| deployed through the implementation of LDACS's GSs and the navigation | deployed through the implementation of LDACS's GSs and the navigation | |||
| capability comes "for free". | capability comes "for free". | |||
| LDACS navigation has already been demonstrated in practice in a | LDACS navigation has already been demonstrated in practice in a | |||
| flight measurement campaign [SCH20191]. | flight measurement campaign [SCH20191]. | |||
| 6. Requirements to LDACS | 6. Requirements to LDACS | |||
| The requirements to LDACS are mostly defined by its application area: | The requirements to LDACS are mostly defined by its application area: | |||
| Communication related to safety and regularity of flight. | Communication related to safety and regularity of flight. | |||
| A particularity of the current aeronautical communication landscape | A particularity of the current aeronautical communication landscape | |||
| is that it is heavily regulated. Aeronautical data links (for | is that it is heavily regulated. Aeronautical data links (for | |||
| applications related to safety and regularity of flight) may only use | applications related to safety and regularity of flight) MAY only use | |||
| spectrum licensed to aviation and data links endorsed by ICAO. | spectrum licensed to aviation and data links endorsed by ICAO. | |||
| Nation states can change this locally, however, due to the global | Nation states can change this locally, however, due to the global | |||
| scale of the air transportation system adherence to these practices | scale of the air transportation system adherence to these practices | |||
| is to be expected. | is to be expected. | |||
| Aeronautical data links for the Aeronautical Telecommunication | Aeronautical data links for the Aeronautical Telecommunication | |||
| Network (ATN) are therefore expected to remain in service for | Network (ATN) are therefore expected to remain in service for | |||
| decades. The VDLM2 data link currently used for digital terrestrial | decades. The VDLM2 data link currently used for digital terrestrial | |||
| internetworking was developed in the 1990es (the use of the Open | internetworking was developed in the 1990es (the use of the Open | |||
| Systems Interconnection (OSI) stack indicates that as well). VDLM2 | Systems Interconnection (OSI) stack indicates that as well). VDLM2 | |||
| skipping to change at page 12, line 34 ¶ | skipping to change at page 12, line 34 ¶ | |||
| Current ATS applications use either the Aircraft Communications | Current ATS applications use either the Aircraft Communications | |||
| Addressing and Reporting System (ACARS) or the OSI stack. The | Addressing and Reporting System (ACARS) or the OSI stack. The | |||
| objective of the development effort LDACS as part of the FCI is to | objective of the development effort LDACS as part of the FCI is to | |||
| replace legacy OSI stack and proprietary ACARS internetwork | replace legacy OSI stack and proprietary ACARS internetwork | |||
| technologies with industry standard IP technology. It is anticipated | technologies with industry standard IP technology. It is anticipated | |||
| that the use of Commercial Off-The-Shelf (COTS) IP technology mostly | that the use of Commercial Off-The-Shelf (COTS) IP technology mostly | |||
| applies to the ground network. The avionics networks on the aircraft | applies to the ground network. The avionics networks on the aircraft | |||
| will likely be heavily modified or proprietary. | will likely be heavily modified or proprietary. | |||
| AOC applications currently mostly use the same stack (although some | AOC applications currently mostly use the same stack (although some | |||
| applications, like the graphical weather service may use the | applications, like the graphical weather service MAY use the | |||
| commercial passenger network). This creates capacity problems | commercial passenger network). This creates capacity problems | |||
| (resulting in excessive amounts of timeouts) since the underlying | (resulting in excessive amounts of timeouts) since the underlying | |||
| terrestrial data links (VDLM1/2) do not provide sufficient bandwidth. | terrestrial data links (VDLM1/2) do not provide sufficient bandwidth. | |||
| The use of non-aviation specific data links is considered a security | The use of non-aviation specific data links is considered a security | |||
| problem. Ideally the aeronautical IP internetwork and the Internet | problem. Ideally the aeronautical IP internetwork and the Internet | |||
| should be completely separated. | SHOULD be completely separated. | |||
| The objective of LDACS is to provide a next generation terrestrial | The objective of LDACS is to provide a next generation terrestrial | |||
| data link designed to support IP and provide much higher bandwidth to | data link designed to support IP and provide much higher bandwidth to | |||
| avoid the currently experienced operational problems. | avoid the currently experienced operational problems. | |||
| The requirement for LDACS is therefore to provide a terrestrial high- | The requirement for LDACS is therefore to provide a terrestrial high- | |||
| throughput data link for IP internetworking in the aircraft. | throughput data link for IP internetworking in the aircraft. | |||
| In order to fulfil the above requirement LDACS needs to be | In order to fulfil the above requirement LDACS needs to be | |||
| interoperable with IP (and IP-based services like Voice-over-IP) at | interoperable with IP (and IP-based services like Voice-over-IP) at | |||
| skipping to change at page 13, line 21 ¶ | skipping to change at page 13, line 21 ¶ | |||
| In addition to the functional requirements LDACS and its IP stack | In addition to the functional requirements LDACS and its IP stack | |||
| need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED- | need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED- | |||
| 228A [DO350A]. This document defines continuity, availability, and | 228A [DO350A]. This document defines continuity, availability, and | |||
| integrity requirements at different scopes for each air traffic | integrity requirements at different scopes for each air traffic | |||
| management application (CPDLC, CM, and ADS-C). The scope most | management application (CPDLC, CM, and ADS-C). The scope most | |||
| relevant to IP over LDACS is the CSP (Communication Service Provider) | relevant to IP over LDACS is the CSP (Communication Service Provider) | |||
| scope. | scope. | |||
| Continuity, availability, and integrity requirements are defined in | Continuity, availability, and integrity requirements are defined in | |||
| [DO350A] volume 1 Table 5-14, and Table 6-13. Appendix A presents | [DO350A] volume 1 Table 5-14, and Table 6-13. Appendix A presents | |||
| the required information. | the REQUIRED information. | |||
| In a similar vein, requirements to fault management are defined in | In a similar vein, requirements to fault management are defined in | |||
| the same tables. | the same tables. | |||
| 7. Characteristics of LDACS | 7. Characteristics of LDACS | |||
| LDACS will become one of several wireless access networks connecting | LDACS will become one of several wireless access networks connecting | |||
| aircraft to the ATN implemented by the FCI and possibly ACARS/FANS | aircraft to the ATN implemented by the FCI and possibly ACARS/FANS | |||
| networks [FAN2019]. | networks [FAN2019]. | |||
| skipping to change at page 15, line 25 ¶ | skipping to change at page 15, line 25 ¶ | |||
| access sub-layer manages the organization of transmission | access sub-layer manages the organization of transmission | |||
| opportunities in slots of time and frequency. The LLC sub-layer | opportunities in slots of time and frequency. The LLC sub-layer | |||
| provides acknowledged point-to-point logical channels between the | provides acknowledged point-to-point logical channels between the | |||
| aircraft and the GS using an automatic repeat request protocol. | aircraft and the GS using an automatic repeat request protocol. | |||
| LDACS supports also unacknowledged point-to-point channels and G2A | LDACS supports also unacknowledged point-to-point channels and G2A | |||
| broadcast. | broadcast. | |||
| 7.5. LDACS Mobility | 7.5. LDACS Mobility | |||
| LDACS supports layer 2 handovers to different LDACS channels. | LDACS supports layer 2 handovers to different LDACS channels. | |||
| Handovers may be initiated by the aircraft (break-before-make) or by | Handovers MAY be initiated by the aircraft (break-before-make) or by | |||
| the GS (make-before-break). Make-before-break handovers are only | the GS (make-before-break). Make-before-break handovers are only | |||
| supported for GSs connected to the same GSC. | supported for GSs connected to the same GSC. | |||
| External handovers between non-connected LDACS sub-networks or | External handovers between non-connected LDACS sub-networks or | |||
| different aeronautical data links shall be handled by the FCI multi- | different aeronautical data links SHALL be handled by the FCI multi- | |||
| link concept. | link concept. | |||
| 8. Reliability and Availability | 8. Reliability and Availability | |||
| 8.1. Layer 2 | 8.1. Layer 2 | |||
| LDACS has been designed with applications related to the safety and | LDACS has been designed with applications related to the safety and | |||
| regularity of flight in mind. It has therefore been designed as a | regularity of flight in mind. It has therefore been designed as a | |||
| deterministic wireless data link (as far as this is possible). | deterministic wireless data link (as far as this is possible). | |||
| skipping to change at page 18, line 31 ¶ | skipping to change at page 18, line 31 ¶ | |||
| have multiple independent data link technologies in the aircraft | have multiple independent data link technologies in the aircraft | |||
| (e.g., terrestrial and SatCom) in addition to legacy VHF voice. | (e.g., terrestrial and SatCom) in addition to legacy VHF voice. | |||
| However, as of now no reliability and availability mechanisms that | However, as of now no reliability and availability mechanisms that | |||
| could utilize the multi-link have been specified on Layer 3 and | could utilize the multi-link have been specified on Layer 3 and | |||
| above. | above. | |||
| Below Layer 2 aeronautics usually relies on hardware redundancy. To | Below Layer 2 aeronautics usually relies on hardware redundancy. To | |||
| protect availability of the LDACS link, an aircraft equipped with | protect availability of the LDACS link, an aircraft equipped with | |||
| LDACS will have access to two L-band antennae with triple redundant | LDACS will have access to two L-band antennae with triple redundant | |||
| radio systems as required for any safety relevant system by ICAO. | radio systems as REQUIRED for any safety relevant system by ICAO. | |||
| 9. Protocol Stack | 9. Protocol Stack | |||
| The protocol stack of LDACS is implemented in the AS, GS, and GSC: It | The protocol stack of LDACS is implemented in the AS, GS, and GSC: It | |||
| consists of the Physical Layer (PHY) with five major functional | consists of the Physical Layer (PHY) with five major functional | |||
| blocks above it. Four are placed in the Data Link Layer (DLL) of the | blocks above it. Four are placed in the Data Link Layer (DLL) of the | |||
| AS and GS: (1) Medium Access Layer (MAC), (2) Voice Interface (VI), | AS and GS: (1) Medium Access Layer (MAC), (2) Voice Interface (VI), | |||
| (3) Data Link Service (DLS), and (4) LDACS Management Entity (LME). | (3) Data Link Service (DLS), and (4) LDACS Management Entity (LME). | |||
| The last entity resides within the Sub-Network Layer: Sub-Network | The last entity resides within the Sub-Network Layer: Sub-Network | |||
| Protocol (SNP). The LDACS network is externally connected to voice | Protocol (SNP). The LDACS network is externally connected to voice | |||
| skipping to change at page 21, line 30 ¶ | skipping to change at page 21, line 30 ¶ | |||
| Figure 4: MF structure for LDACS | Figure 4: MF structure for LDACS | |||
| 9.2. DLS Entity Services | 9.2. DLS Entity Services | |||
| The DLS provides acknowledged and unacknowledged (including broadcast | The DLS provides acknowledged and unacknowledged (including broadcast | |||
| and packet mode voice) bi-directional exchange of user data. If user | and packet mode voice) bi-directional exchange of user data. If user | |||
| data is transmitted using the acknowledged DLS, the sending DLS | data is transmitted using the acknowledged DLS, the sending DLS | |||
| entity will wait for an acknowledgement from the receiver. If no | entity will wait for an acknowledgement from the receiver. If no | |||
| acknowledgement is received within a specified time frame, the sender | acknowledgement is received within a specified time frame, the sender | |||
| may automatically try to retransmit its data. However, after a | MAY automatically try to retransmit its data. However, after a | |||
| certain number of failed retries, the sender will suspend further | certain number of failed retries, the sender will suspend further | |||
| retransmission attempts and inform its client of the failure. | retransmission attempts and inform its client of the failure. | |||
| The DLS uses the logical channels provided by the MAC: | The DLS uses the logical channels provided by the MAC: | |||
| 1. A GS announces its existence and access parameters in the | 1. A GS announces its existence and access parameters in the | |||
| Broadcast Channel (BC). | Broadcast Channel (BC). | |||
| 2. The RA channel enables AS to request access to an LDACS cell. | 2. The RA channel enables AS to request access to an LDACS cell. | |||
| 3. In the FL the CCCH is used by the GS to grant access to data | 3. In the FL the CCCH is used by the GS to grant access to data | |||
| channel resources. | channel resources. | |||
| 4. The reverse direction is covered by the RL, where ASs need to | 4. The reverse direction is covered by the RL, where ASs need to | |||
| request resources before sending. This happens via the DCCH. | request resources before sending. This happens via the DCCH. | |||
| 5. User data itself is communicated in the Data Channel (DCH) on the | 5. User data itself is communicated in the Data Channel (DCH) on the | |||
| FL and RL. | FL and RL. | |||
| 9.3. VI Services | 9.3. VI Services | |||
| The VI provides support for virtual voice circuits. Voice circuits | The VI provides support for virtual voice circuits. Voice circuits | |||
| may either be set-up permanently by the GS (e.g., to emulate voice | MAY either be set-up permanently by the GS (e.g., to emulate voice | |||
| party line) or may be created on demand. The creation and selection | party line) or MAY be created on demand. The creation and selection | |||
| of voice circuits is performed in the LME. The VI provides only the | of voice circuits is performed in the LME. The VI provides only the | |||
| transmission services. | transmission services. | |||
| 9.4. LME Services | 9.4. LME Services | |||
| The mobility management service in the LME provides support for | The mobility management service in the LME provides support for | |||
| registration and de-registration (cell entry and cell exit), scanning | registration and de-registration (cell entry and cell exit), scanning | |||
| RF channels of neighboring cells and handover between cells. In | RF channels of neighboring cells and handover between cells. In | |||
| addition, it manages the addressing of aircraft/ ASs within cells. | addition, it manages the addressing of aircraft/ ASs within cells. | |||
| It is controlled by the network management service in the GSC. | It is controlled by the network management service in the GSC. | |||
| The resource management service provides link maintenance (power, | The resource management service provides link maintenance (power, | |||
| frequency and time adjustments), support for adaptive coding and | frequency and time adjustments), support for adaptive coding and | |||
| modulation, and resource allocation. | modulation, and resource allocation. | |||
| 9.5. SNP Services | 9.5. SNP Services | |||
| The DLS provides functions required for the transfer of user plane | The DLS provides functions REQUIRED for the transfer of user plane | |||
| data and control plane data over the LDACS sub-network. | data and control plane data over the LDACS sub-network. | |||
| The security service provides functions for secure communication over | The security service provides functions for secure communication over | |||
| the LDACS sub-network. Note that the SNP security service applies | the LDACS sub-network. Note that the SNP security service applies | |||
| cryptographic measures as configured by the GSC. | cryptographic measures as configured by the GSC. | |||
| 10. Security Considerations | 10. Security Considerations | |||
| 10.1. Reasons for Wireless Digital Aeronautical Communications | 10.1. Reasons for Wireless Digital Aeronautical Communications | |||
| skipping to change at page 23, line 38 ¶ | skipping to change at page 23, line 38 ¶ | |||
| As digitalization progresses even further with LDACS and automated | As digitalization progresses even further with LDACS and automated | |||
| procedures such as 4D-Trajectories allowing semi-automated en-route | procedures such as 4D-Trajectories allowing semi-automated en-route | |||
| flying of aircraft, LDACS requires stronger cybersecurity measures. | flying of aircraft, LDACS requires stronger cybersecurity measures. | |||
| 10.2. Requirements for LDACS | 10.2. Requirements for LDACS | |||
| Overall there are several business goals for cybersecurity to protect | Overall there are several business goals for cybersecurity to protect | |||
| in FCI in civil aviation: | in FCI in civil aviation: | |||
| 1. Safety: The system must sufficiently mitigate attacks, which | 1. Safety: The system MUST sufficiently mitigate attacks, which | |||
| contribute to safety hazards. | contribute to safety hazards. | |||
| 2. Flight regularity: The system must sufficiently mitigate attacks, | 2. Flight regularity: The system MUST sufficiently mitigate attacks, | |||
| which contribute to delays, diversions, or cancellations of | which contribute to delays, diversions, or cancellations of | |||
| flights. | flights. | |||
| 3. Protection of business interests: The system must sufficiently | 3. Protection of business interests: The system MUST sufficiently | |||
| mitigate attacks which result in financial loss, reputation | mitigate attacks which result in financial loss, reputation | |||
| damage, disclosure of sensitive proprietary information, or | damage, disclosure of sensitive proprietary information, or | |||
| disclosure of personal information. | disclosure of personal information. | |||
| To further analyze assets and derive threats and thus protection | To further analyze assets and derive threats and thus protection | |||
| scenarios several Threat-and Risk Analysis were performed for LDACS | scenarios several Threat-and Risk Analysis were performed for LDACS | |||
| [MAE20181] , [MAE20191]. These results allowed deriving security | [MAE20181] , [MAE20191]. These results allowed deriving security | |||
| scope and objectives from the requirements and the conducted Threat- | scope and objectives from the requirements and the conducted Threat- | |||
| and Risk Analysis. | and Risk Analysis. | |||
| 10.3. Security Objectives for LDACS | 10.3. Security Objectives for LDACS | |||
| Security considerations for LDACS are defined by the official | Security considerations for LDACS are defined by the official | |||
| Standards And Recommended Practices document by ICAO [ICA2018]: | Standards And Recommended Practices document by ICAO [ICA2018]: | |||
| 1. LDACS shall provide a capability to protect the availability and | 1. LDACS SHALL provide a capability to protect the availability and | |||
| continuity of the system. | continuity of the system. | |||
| 2. LDACS shall provide a capability including cryptographic | 2. LDACS SHALL provide a capability including cryptographic | |||
| mechanisms to protect the integrity of messages in transit. | mechanisms to protect the integrity of messages in transit. | |||
| 3. LDACS shall provide a capability to ensure the authenticity of | 3. LDACS SHALL provide a capability to ensure the authenticity of | |||
| messages in transit. | messages in transit. | |||
| 4. LDACS should provide a capability for nonrepudiation of origin | 4. LDACS SHOULD provide a capability for nonrepudiation of origin | |||
| for messages in transit. | for messages in transit. | |||
| 5. LDACS should provide a capability to protect the confidentiality | 5. LDACS SHOULD provide a capability to protect the confidentiality | |||
| of messages in transit. | of messages in transit. | |||
| 6. LDACS shall provide an authentication capability. | 6. LDACS SHALL provide an authentication capability. | |||
| 7. LDACS shall provide a capability to authorize the permitted | 7. LDACS SHALL provide a capability to authorize the permitted | |||
| actions of users of the system and to deny actions that are not | actions of users of the system and to deny actions that are not | |||
| explicitly authorized. | explicitly authorized. | |||
| 8. If LDACS provides interfaces to multiple domains, LDACS shall | 8. If LDACS provides interfaces to multiple domains, LDACS SHALL | |||
| provide capability to prevent the propagation of intrusions within | provide capability to prevent the propagation of intrusions within | |||
| LDACS domains and towards external domains. | LDACS domains and towards external domains. | |||
| 10.4. Security Functions for LDACS | 10.4. Security Functions for LDACS | |||
| These objectives were used to derive several security functions for | These objectives were used to derive several security functions for | |||
| LDACS required to be integrated in the LDACS cybersecurity | LDACS REQUIRED to be integrated in the LDACS cybersecurity | |||
| architecture: (1) Identification, (2) Authentication, (3) | architecture: (1) Identification, (2) Authentication, (3) | |||
| Authorization, (4) Confidentiality, (5) System Integrity, (6) Data | Authorization, (4) Confidentiality, (5) System Integrity, (6) Data | |||
| Integrity, (7) Robustness, (8) Reliability, (9) Availability, and | Integrity, (7) Robustness, (8) Reliability, (9) Availability, and | |||
| (10) Key and Trust Management. Several works investigated possible | (10) Key and Trust Management. Several works investigated possible | |||
| measures to implement these security functions [BIL2017], [MAE20181], | measures to implement these security functions [BIL2017], [MAE20181], | |||
| [MAE20191]. Having identified security requirements, objectives and | [MAE20191]. Having identified security requirements, objectives and | |||
| functions it MUST be ensured that they are applicable. | functions it MUST be ensured that they are applicable. | |||
| 10.5. Security Architectural Details for LDACS | 10.5. Security Architectural Details for LDACS | |||
| skipping to change at page 25, line 43 ¶ | skipping to change at page 25, line 43 ¶ | |||
| GS could be identified using a similar field. And again similar to | GS could be identified using a similar field. And again similar to | |||
| 4G's Mobility Management Entities (MME), a GSC could be identified | 4G's Mobility Management Entities (MME), a GSC could be identified | |||
| using similar identification fields within the LDACS network. The | using similar identification fields within the LDACS network. The | |||
| identification of the network operator is again similar to 4G (e.g., | identification of the network operator is again similar to 4G (e.g., | |||
| E-Plus, AT&T, and TELUS), in the way that the aeronautical network | E-Plus, AT&T, and TELUS), in the way that the aeronautical network | |||
| operators are listed (e.g., ARINC [ARI2020] and SITA [SIT2020]). | operators are listed (e.g., ARINC [ARI2020] and SITA [SIT2020]). | |||
| 10.5.3. Matter of LDACS Entity Authentication and Key Negotiation | 10.5.3. Matter of LDACS Entity Authentication and Key Negotiation | |||
| In order to anchor Trust within the system all LDACS entities | In order to anchor Trust within the system all LDACS entities | |||
| connected to the ground IPS network shall be rooted in an LDACS | connected to the ground IPS network SHALL be rooted in an LDACS | |||
| specific chain-of-trust and PKI solution, quite similar to AeroMACS | specific chain-of-trust and PKI solution, quite similar to AeroMACS | |||
| approach [CRO2016]. These X.509 certificates [RFC5280] residing at | approach [CRO2016]. These X.509 certificates [RFC5280] residing at | |||
| the entities and incorporated in the LDACS PKI proof the ownership of | the entities and incorporated in the LDACS PKI proof the ownership of | |||
| their respective public key, include information about the identity | their respective public key, include information about the identity | |||
| of the owner and the digital signature of the entity that has | of the owner and the digital signature of the entity that has | |||
| verified the certificate's content. First all ground infrastructures | verified the certificate's content. First all ground infrastructures | |||
| must mutually authenticate to each other, negotiate and derive keys | MUST mutually authenticate to each other, negotiate and derive keys | |||
| and, thus, secure all ground connections. How this process is | and, thus, secure all ground connections. How this process is | |||
| handled in detail is still an ongoing discussion. However, | handled in detail is still an ongoing discussion. However, | |||
| established methods to secure user plane by IPSec [RFC4301] and IKEv2 | established methods to secure user plane by IPSec [RFC4301] and IKEv2 | |||
| [RFC7296] or the application layer via TLS 1.3 [RFC8446] are | [RFC7296] or the application layer via TLS 1.3 [RFC8446] are | |||
| conceivable. The LDACS PKI with their chain-of-trust approach, | conceivable. The LDACS PKI with their chain-of-trust approach, | |||
| digital certificates and public entity keys lay the groundwork for | digital certificates and public entity keys lay the groundwork for | |||
| this step. In a second step the AS with the LDACS radio approaches | this step. In a second step the AS with the LDACS radio approaches | |||
| an LDACS cell and performs a cell entry with the corresponding GS. | an LDACS cell and performs a cell entry with the corresponding GS. | |||
| Similar to the LTE cell attachment process [TS33.401], where | Similar to the LTE cell attachment process [TS33.401], where | |||
| authentication happens after basic communication has been enabled | authentication happens after basic communication has been enabled | |||
| skipping to change at page 26, line 48 ¶ | skipping to change at page 26, line 48 ¶ | |||
| [MAE20192], and [MAE2020]. It proposes the use of an own LDACS PKI, | [MAE20192], and [MAE2020]. It proposes the use of an own LDACS PKI, | |||
| identity management based on aircraft identities and network operator | identity management based on aircraft identities and network operator | |||
| identities (e.g., SITA and ARINC), public key certificates | identities (e.g., SITA and ARINC), public key certificates | |||
| incorporated in the PKI based chain-of-trust and stored in the | incorporated in the PKI based chain-of-trust and stored in the | |||
| entities allowing for mutual authentication and key exchange | entities allowing for mutual authentication and key exchange | |||
| procedures, key derivation mechanisms for perfect forward secrecy and | procedures, key derivation mechanisms for perfect forward secrecy and | |||
| user/control plane message-in-transit integrity and confidentiality | user/control plane message-in-transit integrity and confidentiality | |||
| protection. This secures data traveling over the airgap between AS | protection. This secures data traveling over the airgap between AS | |||
| and GS and also between GS and ANSP regardless of the secure or | and GS and also between GS and ANSP regardless of the secure or | |||
| unsecure nature of application data. Of course application data | unsecure nature of application data. Of course application data | |||
| itself must be additionally secured to achieve end-to-end security | itself MUST be additionally secured to achieve end-to-end security | |||
| (secure dialogue service), however the LDACS datalinks aims to | (secure dialogue service), however the LDACS datalinks aims to | |||
| provide an additional layer of protection just for this network | provide an additional layer of protection just for this network | |||
| segment. | segment. | |||
| 11. Privacy Considerations | 11. Privacy Considerations | |||
| LDACS provides a Quality-of-Service, and the generic considerations | LDACS provides a Quality-of-Service, and the generic considerations | |||
| for such mechanisms apply. | for such mechanisms apply. | |||
| 12. IANA Considerations | 12. IANA Considerations | |||
| skipping to change at page 27, line 46 ¶ | skipping to change at page 27, line 46 ¶ | |||
| [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
| Kivinen, "Internet Key Exchange Protocol Version 2 | Kivinen, "Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | |||
| 2014, <https://www.rfc-editor.org/info/rfc7296>. | 2014, <https://www.rfc-editor.org/info/rfc7296>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, | ||||
| DOI 10.17487/RFC2119, March 1997, | ||||
| <https://www.rfc-editor.org/info/rfc2119>. | ||||
| 15. Informative References | 15. Informative References | |||
| [SCHN2016] Schneckenburger, N., Jost, T., Shutin, D., Walter, M., | [SCHN2016] Schneckenburger, N., Jost, T., Shutin, D., Walter, M., | |||
| Thiasiriphet, T., Schnell, M., and U.C. Fiebig, | Thiasiriphet, T., Schnell, M., and U.C. Fiebig, | |||
| "Measurement of the L-band Air-to-Ground Channel for | "Measurement of the L-band Air-to-Ground Channel for | |||
| Positioning Applications", IEEE Transactions on Aerospace | Positioning Applications", IEEE Transactions on Aerospace | |||
| and Electronic Systems, 52(5), pp.2281-229 , 2016. | and Electronic Systems, 52(5), pp.2281-229 , 2016. | |||
| [MAE20191] Maeurer, N., Graeupl, T., and C. Schmitt, "Evaluation of | [MAE20191] Maeurer, N., Graeupl, T., and C. Schmitt, "Evaluation of | |||
| the LDACS Cybersecurity Implementation", IEEE 38th Digital | the LDACS Cybersecurity Implementation", IEEE 38th Digital | |||
| skipping to change at page 30, line 33 ¶ | skipping to change at page 30, line 39 ¶ | |||
| [DO350A] RTCA SC-214, "Safety and Performance Standard for Baseline | [DO350A] RTCA SC-214, "Safety and Performance Standard for Baseline | |||
| 2 ATS Data Communications (Baseline 2 SPR Standard)", May | 2 ATS Data Communications (Baseline 2 SPR Standard)", May | |||
| 2016, <https://standards.globalspec.com/std/10003192/rtca- | 2016, <https://standards.globalspec.com/std/10003192/rtca- | |||
| do-350-volume-1-2>. | do-350-volume-1-2>. | |||
| [RAW-TECHNOS] | [RAW-TECHNOS] | |||
| Thubert, P., Cavalcanti, D., Vilajosana, X., Schmitt, C., | Thubert, P., Cavalcanti, D., Vilajosana, X., Schmitt, C., | |||
| and J. Farkas, "Reliable and Available Wireless | and J. Farkas, "Reliable and Available Wireless | |||
| Technologies", Work in Progress, Internet-Draft, draft- | Technologies", Work in Progress, Internet-Draft, draft- | |||
| thubert-raw-technologies-05, 18 May 2020, | ietf-raw-technologies-00, 20 October 2020, | |||
| <https://tools.ietf.org/html/draft-thubert-raw- | <https://tools.ietf.org/html/draft-ietf-raw-technologies- | |||
| technologies-05>. | 00>. | |||
| [RAW-USE-CASES] | [RAW-USE-CASES] | |||
| Papadopoulos, G., Thubert, P., Theoleyre, F., and C. | Papadopoulos, G., Thubert, P., Theoleyre, F., and C. | |||
| Bernardos, "RAW use cases", Work in Progress, Internet- | Bernardos, "RAW use cases", Work in Progress, Internet- | |||
| Draft, draft-bernardos-raw-use-cases-04, 13 July 2020, | Draft, draft-ietf-raw-use-cases-00, 23 October 2020, | |||
| <https://tools.ietf.org/html/draft-bernardos-raw-use- | <https://tools.ietf.org/html/draft-ietf-raw-use-cases-00>. | |||
| cases-04>. | ||||
| Appendix A. Selected Information from DO-350A | Appendix A. Selected Information from DO-350A | |||
| This appendix includes the continuity, availability, and integrity | This appendix includes the continuity, availability, and integrity | |||
| requirements interesting for LDACS defined in [DO350A]. | requirements interesting for LDACS defined in [DO350A]. | |||
| The following terms are used here: | The following terms are used here: | |||
| CPDLC Controller Pilot Data Link Communication | CPDLC Controller Pilot Data Link Communication | |||
| DT Delivery Time (nominal) value for RSP | DT Delivery Time (nominal) value for RSP | |||
| skipping to change at page 31, line 49 ¶ | skipping to change at page 32, line 7 ¶ | |||
| | | (safety) | (efficiency) | | | | | | (safety) | (efficiency) | | | | |||
| +--------------+----------+--------------+---------+---------+ | +--------------+----------+--------------+---------+---------+ | |||
| | Integrity | 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 | | | Integrity | 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 | | |||
| | | FH | | per FH | per FH | | | | FH | | per FH | per FH | | |||
| +--------------+----------+--------------+---------+---------+ | +--------------+----------+--------------+---------+---------+ | |||
| Table 2: CPDLC Requirements for RCP | Table 2: CPDLC Requirements for RCP | |||
| RCP Monitoring and Alerting Criteria in case of CPDLC: | RCP Monitoring and Alerting Criteria in case of CPDLC: | |||
| - MA-1: The system shall be capable of detecting failures and | - MA-1: The system SHALL be capable of detecting failures and | |||
| configuration changes that would cause the communication service | configuration changes that would cause the communication service | |||
| no longer meet the RCP specification for the intended use. | no longer meet the RCP specification for the intended use. | |||
| - MA-2: When the communication service can no longer meet the RCP | - MA-2: When the communication service can no longer meet the RCP | |||
| specification for the intended function, the flight crew and/or | specification for the intended function, the flight crew and/or | |||
| the controller shall take appropriate action. | the controller SHALL take appropriate action. | |||
| +==============+=====+=====+==========+==============+======+=======+ | +==============+=====+=====+==========+==============+======+=======+ | |||
| | | RSP | RSP | RSP 180 | RSP 180 | RSP |RSP 400| | | | RSP | RSP | RSP 180 | RSP 180 | RSP |RSP 400| | |||
| | | 160 | 160 | | | 400 | | | | | 160 | 160 | | | 400 | | | |||
| +==============+=====+=====+==========+==============+======+=======+ | +==============+=====+=====+==========+==============+======+=======+ | |||
| | Parameter | OT |DT95%| OT | DT95% | OT | DT95% | | | Parameter | OT |DT95%| OT | DT95% | OT | DT95% | | |||
| +--------------+-----+-----+----------+--------------+------+-------+ | +--------------+-----+-----+----------+--------------+------+-------+ | |||
| | Transaction | 160 | 90 | 180 | 90 | 400 | 300 | | | Transaction | 160 | 90 | 180 | 90 | 400 | 300 | | |||
| | Time (sec) | | | | | | | | | Time (sec) | | | | | | | | |||
| +--------------+-----+-----+----------+--------------+------+-------+ | +--------------+-----+-----+----------+--------------+------+-------+ | |||
| skipping to change at page 32, line 33 ¶ | skipping to change at page 32, line 37 ¶ | |||
| +--------------+-----+-----+----------+--------------+------+-------+ | +--------------+-----+-----+----------+--------------+------+-------+ | |||
| | Integrity | 1E-5| 1E-5| 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 | | | Integrity | 1E-5| 1E-5| 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 | | |||
| | | per | per | FH | |per FH| per FH| | | | per | per | FH | |per FH| per FH| | |||
| | | FH | FH | | | | | | | | FH | FH | | | | | | |||
| +--------------+-----+-----+----------+--------------+------+-------+ | +--------------+-----+-----+----------+--------------+------+-------+ | |||
| Table 3: ADS-C Requirements | Table 3: ADS-C Requirements | |||
| RCP Monitoring and Alerting Criteria: | RCP Monitoring and Alerting Criteria: | |||
| - MA-1: The system shall be capable of detecting failures and | - MA-1: The system SHALL be capable of detecting failures and | |||
| configuration changes that would cause the ADS-C service no longer | configuration changes that would cause the ADS-C service no longer | |||
| meet the RSP specification for the intended function. | meet the RSP specification for the intended function. | |||
| - MA-2: When the ADS-C service can no longer meet the RSP | - MA-2: When the ADS-C service can no longer meet the RSP | |||
| specification for the intended function, the flight crew and/or | specification for the intended function, the flight crew and/or | |||
| the controller shall take appropriate action. | the controller SHALL take appropriate action. | |||
| Authors' Addresses | Authors' Addresses | |||
| Nils Maeurer (editor) | Nils Maeurer (editor) | |||
| German Aerospace Center (DLR) | German Aerospace Center (DLR) | |||
| Muenchner Strasse 20 | Muenchner Strasse 20 | |||
| 82234 Wessling | 82234 Wessling | |||
| Germany | Germany | |||
| Email: Nils.Maeurer@dlr.de | Email: Nils.Maeurer@dlr.de | |||
| Thomas Graeupl (editor) | Thomas Graeupl (editor) | |||
| German Aerospace Center (DLR) | German Aerospace Center (DLR) | |||
| Muenchner Strasse 20 | Muenchner Strasse 20 | |||
| 82234 Wessling | 82234 Wessling | |||
| Germany | Germany | |||
| Email: Thomas.Graeupl@dlr.de | Email: Thomas.Graeupl@dlr.de | |||
| Corinna Schmitt (editor) | Corinna Schmitt (editor) | |||
| Research Institute CODE, UniBwM | Research Institute CODE, UniBwM | |||
| End of changes. 58 change blocks. | ||||
| 62 lines changed or deleted | 73 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||