| < draft-ietf-raw-ldacs-05.txt | draft-ietf-raw-ldacs-06.txt > | |||
|---|---|---|---|---|
| RAW N. Maeurer, Ed. | RAW N. Maeurer, Ed. | |||
| Internet-Draft T. Graeupl, Ed. | Internet-Draft T. Graeupl, Ed. | |||
| Intended status: Informational German Aerospace Center (DLR) | Intended status: Informational German Aerospace Center (DLR) | |||
| Expires: 5 May 2021 C. Schmitt, Ed. | Expires: 29 July 2021 C. Schmitt, Ed. | |||
| Research Institute CODE, UniBwM | Research Institute CODE, UniBwM | |||
| 1 November 2020 | 25 January 2021 | |||
| L-band Digital Aeronautical Communications System (LDACS) | L-band Digital Aeronautical Communications System (LDACS) | |||
| draft-ietf-raw-ldacs-05 | draft-ietf-raw-ldacs-06 | |||
| Abstract | Abstract | |||
| This document provides an overview of the architecture of the L-band | This document provides an overview of the architecture of the L-band | |||
| Digital Aeronautical Communications System (LDACS), which provides a | Digital Aeronautical Communications System (LDACS), which provides a | |||
| secure, scalable and spectrum efficient terrestrial data link for | secure, scalable and spectrum efficient terrestrial data link for | |||
| civil aviation. LDACS is a scheduled, reliable multi-application | civil aviation. LDACS is a scheduled, reliable multi-application | |||
| cellular broadband system with support for IPv6. LDACS SHALL provide | cellular broadband system with support for IPv6. LDACS SHALL provide | |||
| a data link for IP network-based aircraft guidance. High reliability | a data link for IP network-based aircraft guidance. High reliability | |||
| and availability for IP connectivity over LDACS are therefore | and availability for IP connectivity over LDACS are therefore | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 5 May 2021. | This Internet-Draft will expire on 29 July 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Simplified BSD License text | extracted from this document must include Simplified BSD License text | |||
| as described in Section 4.e of the Trust Legal Provisions and are | as described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Simplified BSD License. | provided without warranty as described in the Simplified BSD License. | |||
| skipping to change at page 2, line 51 ¶ | skipping to change at page 2, line 51 ¶ | |||
| 9.2. DLS Entity Services . . . . . . . . . . . . . . . . . . . 21 | 9.2. DLS Entity Services . . . . . . . . . . . . . . . . . . . 21 | |||
| 9.3. VI Services . . . . . . . . . . . . . . . . . . . . . . . 22 | 9.3. VI Services . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 9.4. LME Services . . . . . . . . . . . . . . . . . . . . . . 22 | 9.4. LME Services . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 9.5. SNP Services . . . . . . . . . . . . . . . . . . . . . . 22 | 9.5. SNP Services . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | |||
| 10.1. Reasons for Wireless Digital Aeronautical | 10.1. Reasons for Wireless Digital Aeronautical | |||
| Communications . . . . . . . . . . . . . . . . . . . . . 22 | Communications . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 10.2. Requirements for LDACS . . . . . . . . . . . . . . . . . 23 | 10.2. Requirements for LDACS . . . . . . . . . . . . . . . . . 23 | |||
| 10.3. Security Objectives for LDACS . . . . . . . . . . . . . 24 | 10.3. Security Objectives for LDACS . . . . . . . . . . . . . 24 | |||
| 10.4. Security Functions for LDACS . . . . . . . . . . . . . . 24 | 10.4. Security Functions for LDACS . . . . . . . . . . . . . . 24 | |||
| 10.5. Security Architectural Details for LDACS . . . . . . . . 24 | 10.5. Resulting Security Architectural Details . . . . . . . . 24 | |||
| 10.5.1. Entities in LDACS Security Model . . . . . . . . . . 25 | 10.5.1. Entities in LDACS Security Model . . . . . . . . . . 25 | |||
| 10.5.2. Matter of LDACS Entity Identification . . . . . . . 25 | 10.5.2. Matter of LDACS Entity Identification . . . . . . . 25 | |||
| 10.5.3. Matter of LDACS Entity Authentication and Key | 10.5.3. Matter of LDACS Entity Authentication and Key | |||
| Negotiation . . . . . . . . . . . . . . . . . . . . . 25 | Negotiation . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 10.5.4. Matter of LDACS Message-in-transit Confidentiality, | 10.5.4. Matter of LDACS Message-in-transit Confidentiality, | |||
| Integrity and Authenticity . . . . . . . . . . . . . 26 | Integrity and Authenticity . . . . . . . . . . . . . 26 | |||
| 10.6. Security Architecture for LDACS . . . . . . . . . . . . 26 | 10.6. Security Modules for LDACS . . . . . . . . . . . . . . . 26 | |||
| 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27 | 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27 | |||
| 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 | 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27 | 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 14. Normative References . . . . . . . . . . . . . . . . . . . . 27 | 14. Normative References . . . . . . . . . . . . . . . . . . . . 27 | |||
| 15. Informative References . . . . . . . . . . . . . . . . . . . 27 | 15. Informative References . . . . . . . . . . . . . . . . . . . 27 | |||
| Appendix A. Selected Information from DO-350A . . . . . . . . . 30 | Appendix A. Selected Information from DO-350A . . . . . . . . . 30 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 1. Introduction | 1. Introduction | |||
| skipping to change at page 24, line 46 ¶ | skipping to change at page 24, line 46 ¶ | |||
| These objectives were used to derive several security functions for | These objectives were used to derive several security functions for | |||
| LDACS REQUIRED to be integrated in the LDACS cybersecurity | LDACS REQUIRED to be integrated in the LDACS cybersecurity | |||
| architecture: (1) Identification, (2) Authentication, (3) | architecture: (1) Identification, (2) Authentication, (3) | |||
| Authorization, (4) Confidentiality, (5) System Integrity, (6) Data | Authorization, (4) Confidentiality, (5) System Integrity, (6) Data | |||
| Integrity, (7) Robustness, (8) Reliability, (9) Availability, and | Integrity, (7) Robustness, (8) Reliability, (9) Availability, and | |||
| (10) Key and Trust Management. Several works investigated possible | (10) Key and Trust Management. Several works investigated possible | |||
| measures to implement these security functions [BIL2017], [MAE20181], | measures to implement these security functions [BIL2017], [MAE20181], | |||
| [MAE20191]. Having identified security requirements, objectives and | [MAE20191]. Having identified security requirements, objectives and | |||
| functions it MUST be ensured that they are applicable. | functions it MUST be ensured that they are applicable. | |||
| 10.5. Security Architectural Details for LDACS | 10.5. Resulting Security Architectural Details | |||
| The requirements lead to a LDACS security model including different | The requirements lead to a LDACS security model including different | |||
| entities for identification, authentication and authorization | entities for identification, authentication and authorization | |||
| purposes ensuring integrity, authenticity and confidentiality of data | purposes ensuring integrity, authenticity and confidentiality of data | |||
| in-transit especially. | in-transit especially. | |||
| 10.5.1. Entities in LDACS Security Model | 10.5.1. Entities in LDACS Security Model | |||
| A simplified LDACS architectural modelrequires the following | A simplified LDACS architectural modelrequires the following | |||
| entities: Network operators such as the Societe Internationale de | entities: Network operators such as the Societe Internationale de | |||
| skipping to change at page 26, line 34 ¶ | skipping to change at page 26, line 34 ¶ | |||
| The subsequent key material from the previous step can then be used | The subsequent key material from the previous step can then be used | |||
| to protect LDACS Layer 2 communications via applying encryption and | to protect LDACS Layer 2 communications via applying encryption and | |||
| integrity protection measures on the SNP layer of the LDACS protocol | integrity protection measures on the SNP layer of the LDACS protocol | |||
| stack. As LDACS transports AOC and ATS data, the integrity of that | stack. As LDACS transports AOC and ATS data, the integrity of that | |||
| data is most important, while confidentiality only needs to be | data is most important, while confidentiality only needs to be | |||
| applied to AOC data to protect business interests [ICA2018]. This | applied to AOC data to protect business interests [ICA2018]. This | |||
| possibility of providing low layered confidentiality and integrity | possibility of providing low layered confidentiality and integrity | |||
| protection ensures a secure delivery of user data over the air gap. | protection ensures a secure delivery of user data over the air gap. | |||
| Furthermore it ensures integrity protection of LDACS control data. | Furthermore it ensures integrity protection of LDACS control data. | |||
| 10.6. Security Architecture for LDACS | 10.6. Security Modules for LDACS | |||
| A draft of the cybersecurity architecture of LDACS can be found in | A draft of the cybersecurity architecture of LDACS can be found in | |||
| [ICA2018] and [MAE20182] and respective updates in [MAE20191], | [ICA2018] and [MAE20182] and respective updates in [MAE20191], | |||
| [MAE20192], and [MAE2020]. It proposes the use of an own LDACS PKI, | [MAE20192], and [MAE2020]. It proposes the use of an own LDACS PKI, | |||
| identity management based on aircraft identities and network operator | identity management based on aircraft identities and network operator | |||
| identities (e.g., SITA and ARINC), public key certificates | identities (e.g., SITA and ARINC), public key certificates | |||
| incorporated in the PKI based chain-of-trust and stored in the | incorporated in the PKI based chain-of-trust and stored in the | |||
| entities allowing for mutual authentication and key exchange | entities allowing for mutual authentication and key exchange | |||
| procedures, key derivation mechanisms for perfect forward secrecy and | procedures, key derivation mechanisms for perfect forward secrecy and | |||
| user/control plane message-in-transit integrity and confidentiality | user/control plane message-in-transit integrity and confidentiality | |||
| End of changes. 9 change blocks. | ||||
| 9 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||