< draft-ietf-raw-ldacs-07.txt   draft-ietf-raw-ldacs-08.txt >
RAW N. Maeurer, Ed. RAW N. Maeurer, Ed.
Internet-Draft T. Graeupl, Ed. Internet-Draft T. Graeupl, Ed.
Intended status: Informational German Aerospace Center (DLR) Intended status: Informational German Aerospace Center (DLR)
Expires: 21 August 2021 C. Schmitt, Ed. Expires: 11 November 2021 C. Schmitt, Ed.
Research Institute CODE, UniBwM Research Institute CODE, UniBwM
17 February 2021 10 May 2021
L-band Digital Aeronautical Communications System (LDACS) L-band Digital Aeronautical Communications System (LDACS)
draft-ietf-raw-ldacs-07 draft-ietf-raw-ldacs-08
Abstract Abstract
This document provides an overview of the architecture of the L-band This document provides an overview of the architecture of the L-band
Digital Aeronautical Communications System (LDACS), which provides a Digital Aeronautical Communications System (LDACS), which provides a
secure, scalable and spectrum efficient terrestrial data link for secure, scalable and spectrum efficient terrestrial data link for
civil aviation. LDACS is a scheduled, reliable multi-application civil aviation. LDACS is a scheduled, reliable multi-application
cellular broadband system with support for IPv6. LDACS SHALL provide cellular broadband system with support for IPv6. LDACS shall provide
a data link for IP network-based aircraft guidance. High reliability a data link for IP network-based aircraft guidance. High reliability
and availability for IP connectivity over LDACS are therefore and availability for IP connectivity over LDACS are therefore
essential. essential.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 21 August 2021. This Internet-Draft will expire on 11 November 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Motivation and Use Cases . . . . . . . . . . . . . . . . . . 5 3. Motivation and Use Cases . . . . . . . . . . . . . . . . . . 5
3.1. Voice Communications Today . . . . . . . . . . . . . . . 5 3.1. Voice Communications Today . . . . . . . . . . . . . . . 6
3.2. Data Communications Today . . . . . . . . . . . . . . . . 6 3.2. Data Communications Today . . . . . . . . . . . . . . . . 6
4. Provenance and Documents . . . . . . . . . . . . . . . . . . 7 4. Provenance and Documents . . . . . . . . . . . . . . . . . . 7
5. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 8 5. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 8
5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 8 5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 8
5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 8 5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 8
5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 8 5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 9
5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 9 5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 9
5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 9 5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 9
5.2.1. Air-to-Ground Multilink . . . . . . . . . . . . . . . 9 5.2.1. Air-to-Ground Multilink . . . . . . . . . . . . . . . 9
5.2.2. Air-to-Air Extension for LDACS . . . . . . . . . . . 9 5.2.2. Air-to-Air Extension for LDACS . . . . . . . . . . . 10
5.2.3. Flight Guidance . . . . . . . . . . . . . . . . . . . 10 5.2.3. Flight Guidance . . . . . . . . . . . . . . . . . . . 10
5.2.4. Business Communication of Airlines . . . . . . . . . 11 5.2.4. Business Communication of Airlines . . . . . . . . . 11
5.2.5. LDACS Navigation . . . . . . . . . . . . . . . . . . 11 5.2.5. LDACS Navigation . . . . . . . . . . . . . . . . . . 11
6. Requirements to LDACS . . . . . . . . . . . . . . . . . . . . 11 6. Requirements to LDACS . . . . . . . . . . . . . . . . . . . . 12
7. Characteristics of LDACS . . . . . . . . . . . . . . . . . . 13 7. Characteristics of LDACS . . . . . . . . . . . . . . . . . . 13
7.1. LDACS Sub-Network . . . . . . . . . . . . . . . . . . . . 13 7.1. LDACS Sub-Network . . . . . . . . . . . . . . . . . . . . 13
7.2. Topology . . . . . . . . . . . . . . . . . . . . . . . . 14 7.2. Topology . . . . . . . . . . . . . . . . . . . . . . . . 14
7.3. LDACS Physical Layer . . . . . . . . . . . . . . . . . . 14 7.3. LDACS Physical Layer . . . . . . . . . . . . . . . . . . 14
7.4. LDACS Data Link Layer . . . . . . . . . . . . . . . . . . 15 7.4. LDACS Data Link Layer . . . . . . . . . . . . . . . . . . 15
7.5. LDACS Mobility . . . . . . . . . . . . . . . . . . . . . 15 7.5. LDACS Mobility . . . . . . . . . . . . . . . . . . . . . 15
8. Reliability and Availability . . . . . . . . . . . . . . . . 15 8. Reliability and Availability . . . . . . . . . . . . . . . . 15
8.1. Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . 15 8.1. Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . 15
8.2. Beyond Layer 2 . . . . . . . . . . . . . . . . . . . . . 18 8.2. Beyond Layer 2 . . . . . . . . . . . . . . . . . . . . . 18
9. Protocol Stack . . . . . . . . . . . . . . . . . . . . . . . 18 9. Protocol Stack . . . . . . . . . . . . . . . . . . . . . . . 18
9.1. MAC Entity Services . . . . . . . . . . . . . . . . . . . 19 9.1. Medium Access Control (MAC) Entity Services . . . . . . . 19
9.2. DLS Entity Services . . . . . . . . . . . . . . . . . . . 21 9.2. Data Link Service (DLS) Entity Services . . . . . . . . . 21
9.3. VI Services . . . . . . . . . . . . . . . . . . . . . . . 22 9.3. Voice Interface (VI) Services . . . . . . . . . . . . . . 22
9.4. LME Services . . . . . . . . . . . . . . . . . . . . . . 22 9.4. LDACS Management Entity (LME) Services . . . . . . . . . 22
9.5. SNP Services . . . . . . . . . . . . . . . . . . . . . . 22 9.5. Sub-Network Protocol (SNP) Services . . . . . . . . . . . 22
10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22
10.1. Reasons for Wireless Digital Aeronautical 10.1. Reasons for Wireless Digital Aeronautical
Communications . . . . . . . . . . . . . . . . . . . . . 22 Communications . . . . . . . . . . . . . . . . . . . . . 23
10.2. LADACS Requirements . . . . . . . . . . . . . . . . . . 23 10.2. LADACS Requirements . . . . . . . . . . . . . . . . . . 24
10.3. LDACS Security Objectives . . . . . . . . . . . . . . . 24 10.3. LDACS Security Objectives . . . . . . . . . . . . . . . 24
10.4. LDACS Security Functions . . . . . . . . . . . . . . . . 24 10.4. LDACS Security Functions . . . . . . . . . . . . . . . . 25
10.5. LDACS Security Architecture . . . . . . . . . . . . . . 25 10.5. LDACS Security Architecture . . . . . . . . . . . . . . 25
10.5.1. Entities . . . . . . . . . . . . . . . . . . . . . . 25 10.5.1. Entities . . . . . . . . . . . . . . . . . . . . . . 25
10.5.2. Entity Identification . . . . . . . . . . . . . . . 25 10.5.2. Entity Identification . . . . . . . . . . . . . . . 25
10.5.3. Entity Authentication and Key Negotiation . . . . . 25 10.5.3. Entity Authentication and Key Negotiation . . . . . 26
10.5.4. Message-in-transit Confidentiality, Integrity and 10.5.4. Message-in-transit Confidentiality, Integrity and
Authenticity . . . . . . . . . . . . . . . . . . . . 26 Authenticity . . . . . . . . . . . . . . . . . . . . 26
10.6. LDACS Security Modules . . . . . . . . . . . . . . . . . 26 10.6. LDACS Security Modules . . . . . . . . . . . . . . . . . 27
10.6.1. Placements of Security Functionality in Protocol 10.6.1. Placements of Security Functionality in Protocol
Stack . . . . . . . . . . . . . . . . . . . . . . . . 26 Stack . . . . . . . . . . . . . . . . . . . . . . . . 27
10.6.2. Trust . . . . . . . . . . . . . . . . . . . . . . . 27 10.6.2. Trust . . . . . . . . . . . . . . . . . . . . . . . 27
10.6.3. Mutual Authentication and Key Exchange (MAKE) . . . 27 10.6.3. Mutual Authentication and Key Exchange (MAKE) . . . 28
10.6.4. Key Derivation and Key Hierarchy . . . . . . . . . . 28 10.6.4. Key Derivation and Key Hierarchy . . . . . . . . . . 28
10.6.5. User Data Security . . . . . . . . . . . . . . . . . 28 10.6.5. User Data Security . . . . . . . . . . . . . . . . . 28
10.6.6. Control Data Security . . . . . . . . . . . . . . . 28 10.6.6. Control Data Security . . . . . . . . . . . . . . . 29
11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29
14. Normative References . . . . . . . . . . . . . . . . . . . . 29 14. Normative References . . . . . . . . . . . . . . . . . . . . 30
15. Informative References . . . . . . . . . . . . . . . . . . . 30 15. Informative References . . . . . . . . . . . . . . . . . . . 31
Appendix A. Selected Information from DO-350A . . . . . . . . . 34 Appendix A. Selected Information from DO-350A . . . . . . . . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
One of the main pillars of the modern Air Traffic Management (ATM) One of the main pillars of the modern Air Traffic Management (ATM)
system is the existence of a communication infrastructure that system is the existence of a communication infrastructure that
enables efficient aircraft control and safe separation in all phases enables efficient aircraft control and safe separation in all phases
of flight. Current systems are technically mature but suffering from of flight. Current systems are technically mature but suffering from
the VHF band's increasing saturation in high-density areas and the the Very High Frequency (VHF) band's increasing saturation in high-
limitations posed by analogue radio communications. Therefore, density areas and the limitations posed by analogue radio
aviation globally and the European Union (EU) in particular, strives communications. Therefore, aviation globally and the European Union
for a sustainable modernization of the aeronautical communication (EU) in particular, strives for a sustainable modernization of the
infrastructure. aeronautical communication infrastructure.
In the long-term, ATM communication SHALL transition from analogue In the long-term, ATM communication shall transition from analogue
VHF voice and VDLM2 communication to more spectrum efficient digital VHF voice [KAMA2010] and VHF Data Linke mode 2 (VDLM2) communication
data communication. The European ATM Master Plan foresees this to more spectrum efficient digital data communication. The European
transition to be realized for terrestrial communications by the ATM Master Plan foresees this transition to be realized for
development (and potential implementation) of the L-band Digital terrestrial communications by the development (and potential
Aeronautical Communications System (LDACS). LDACS SHALL enable IPv6 implementation) of the L-band Digital Aeronautical Communications
based air- ground communication related to the aviation safety and System (LDACS). LDACS shall enable IPv6 based air- ground
regularity of flight. The particular challenge is that no additional communication related to the aviation safety and regularity of flight
spectrum can be made available for terrestrial aeronautical [ICAO20152]. The particular challenge is that no additional spectrum
communication. It was thus necessary to develop co-existence can be made available for terrestrial aeronautical communication. It
mechanism/procedures to enable the interference free operation of was thus necessary to develop co-existence mechanism/procedures to
LDACS in parallel with other aeronautical services/systems in the enable the interference free operation of LDACS in parallel with
same frequency band. other aeronautical services/systems in the same frequency band.
Since LDACS SHALL be used for aircraft guidance, high reliability and Since LDACS shall be used for aircraft guidance, high reliability and
availability for IP connectivity over LDACS are essential. availability for IP connectivity over LDACS are essential.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Terminology 2. Terminology
The following terms are used in the context of RAW in this document: The following terms are used in the context of RAW in this document:
A2A Air-to-Air A2A Air-to-Air
AeroMACS Aeronautical Mobile Airport Communication System AeroMACS Aeronautical Mobile Airport Communication System
A2G Air-to-Ground A2G Air-to-Ground
ACARS Aircraft Communications Addressing and Reporting System ACARS Aircraft Communications Addressing and Reporting System
ADS-C Automatic Dependent Surveillance - Contract ADS-C Automatic Dependent Surveillance - Contract
AM(R)S Aeronautical Mobile (Route) Service AM(R)S Aeronautical Mobile (Route) Service
ANSP Air Traffic Network Service Provider ANSP Air Traffic Network Service Provider
AOC Aeronautical Operational Control AOC Aeronautical Operational Control
AS Aircraft Station AS Aircraft Station
ATC Air-Traffic Control ATC Air Traffic Control
ATM Air-Traffic Management ATM Air Traffic Management
ATN Aeronautical Telecommunication Network ATN Aeronautical Telecommunication Network
ATS Air Traffic Service ATS Air Traffic Service
CCCH Common Control Channel CCCH Common Control Channel
COTS IP Commercial Off-The-Shelf COTS IP Commercial Off-The-Shelf
CM Context Management CM Context Management
CNS Communication Navigation Surveillance CNS Communication Navigation Surveillance
CPDLC Controller Pilot Data Link Communication CPDLC Controller Pilot Data Link Communication
DCCH Dedicated Control Channel DCCH Dedicated Control Channel
DCH Data Channel DCH Data Channel
DLL Data Link Layer DLL Data Link Layer
DLS Data Link Service DLS Data Link Service
DME Distance Measuring Equipment DME Distance Measuring Equipment
DSB-AM Double Side-Band Amplitude Modulation DSB-AM Double Side-Band Amplitude Modulation
FCI Future Communication Infrastructure FCI Future Communication Infrastructure
FL Forward Link FL Forward Link
GBAS Ground Based Augmentation System
GNSS Global Navigation Satellite System GNSS Global Navigation Satellite System
GS Ground-Station GS Ground-Station
G2A Ground-to-Air G2A Ground-to-Air
HF High Frequency HF High Frequency
ICAO International Civil Aviation Organization ICAO International Civil Aviation Organization
IP Internet Protocol IP Internet Protocol
IPS Internet Protocol Suite
kbit/s kilobit per second kbit/s kilobit per second
LDACS L-band Digital Aeronautical Communications System LDACS L-band Digital Aeronautical Communications System
LLC Logical Link Control LLC Logical Link Control
LME LDACS Management Entity LME LDACS Management Entity
MAC Medium Access Layer MAC Medium Access Layer
MF Multi Frame MF Multi Frame
OFDM Orthogonal Frequency-Division Multiplexing OFDM Orthogonal Frequency-Division Multiplexing
OFDMA Orthogonal Frequency-Division Multiplexing Access OFDMA Orthogonal Frequency-Division Multiplexing Access
OSI Open Systems Interconnection OSI Open Systems Interconnection
PHY Physical Layer PHY Physical Layer
RL Reverse Link RL Reverse Link
SF Super-Frame SF Super-Frame
SN Serving Network
SNP Sub-Network Protocol SNP Sub-Network Protocol
STS Station-to-Station
TDMA Time-Division Multiplexing-Access TDMA Time-Division Multiplexing-Access
VDLM1 VHF Data Link mode 1 VDLM1 VHF Data Link mode 1
VDLM2 VHF Data Link mode 2 VDLM2 VHF Data Link mode 2
VHF Very High Frequency VHF Very High Frequency
VI Voice Interface VI Voice Interface
3. Motivation and Use Cases 3. Motivation and Use Cases
Aircraft are currently connected to Air-Traffic Control (ATC) and Aircraft are currently connected to Air Traffic Control (ATC) and
Aeronautical Operational Control (AOC) via voice and data Aeronautical Operational Control (AOC) via voice and data
communications systems through all phases of a flight. Within the communications systems through all phases of a flight. AOC is a
airport terminal, connectivity is focused on high bandwidth generic term referring to the business communication of airlines.
communications, while during en-route high reliability, robustness, Within the airport terminal, connectivity is focused on high
and range is the main focus. Voice communications MAY use the same bandwidth communications, while during en-route high reliability,
or different equipment as data communications systems. In the robustness, and range is the main focus. Voice communications may
following the main differences between voice and data communications use the same or different equipment as data communications systems.
capabilities are summarized. The assumed use cases for LDACS In the following the main differences between voice and data
completes the list of use cases stated in [RAW-USE-CASES] and the communications capabilities are summarized. The assumed use cases
list of reliable and available wireless technologies presented in for LDACS completes the list of use cases stated in [RAW-USE-CASES]
[RAW-TECHNOS]. and the list of reliable and available wireless technologies
presented in [RAW-TECHNOS].
3.1. Voice Communications Today 3.1. Voice Communications Today
Voice links are used for Air-to-Ground (A2G) and Air-to-Air (A2A) Voice links are used for Air-to-Ground (A2G) and Air-to-Air (A2A)
communications. The communication equipment is either ground-based communications. The communication equipment is either ground-based
working in the High Frequency (HF) or Very High Frequency (VHF) working in the High Frequency (HF) or VHF frequency band or
frequency band or satellite-based. All VHF and HF voice satellite-based. All VHF and HF voice communications are operated
communications is operated via open broadcast channels without via open broadcast channels without authentication, encryption or
authentication, encryption or other protective measures. The use of other protective measures. The use of well-proven communication
well-proven communication procedures via broadcast channels helps to procedures via broadcast channels can help to enhance the safety of
enhance the safety of communications by taking into account that communications. The main voice communications media is still the
other users MAY encounter communication problems and MAY be analogue VHF Double Side-Band Amplitude Modulation (DSB-AM)
supported, if REQUIRED. The main voice communications media is still
the analogue VHF Double Side-Band Amplitude Modulation (DSB-AM)
communications technique, supplemented by HF Single Side-Band communications technique, supplemented by HF Single Side-Band
Amplitude Modulation and satellite communications for remote and Amplitude Modulation and satellite communications for remote and
oceanic areas. DSB-AM has been in use since 1948, works reliably and oceanic areas. DSB-AM has been in use since 1948, works reliably and
safely, and uses low-cost communication equipment. These are the safely, and uses low-cost communication equipment. These are the
main reasons why VHF DSB-AM communications is still in use, and it is main reasons why VHF DSB-AM communications are still in use, and it
likely that this technology will remain in service for many more is likely that this technology will remain in service for many more
years. This however results in current operational limitations and years. This however results in current operational limitations and
impediments in deploying new Air-Traffic Management (ATM) impediments in deploying new Air Traffic Management (ATM)
applications, such as flight-centric operation with Point-to-Point applications, such as flight-centric operation with Point-to-Point
communications. communications.
3.2. Data Communications Today 3.2. Data Communications Today
Like for voice, data communications into the cockpit is currently Like for voice, data communications into the cockpit is currently
provided by ground-based equipment operating either on HF or VHF provided by ground-based equipment operating either on HF or VHF
radio bands or by legacy satellite systems. All these communication radio bands or by legacy satellite systems. All these communication
systems are using narrowband radio channels with a data throughput systems are using narrowband radio channels with a data throughput
capacity in order of kilobits per second. While the aircraft is on capacity in order of kilobits per second. While the aircraft is on
ground some additional communications systems are available, like the ground some additional communications systems are available, like the
Aeronautical Mobile Airport Communication System (AeroMACS) or public Aeronautical Mobile Airport Communication System (AeroMACS) or public
cellular networks, operating in the Airport (APT) domain and able to cellular networks, operating in the Airport (APT) domain and able to
deliver broadband communication capability. deliver broadband communication capability.
The data communication networks used for the transmission of data The data communication networks used for the transmission of data
relating to the safety and regularity of the flight MUST be strictly relating to the safety and regularity of the flight must be strictly
isolated from those providing entertainment services to passengers. isolated from those providing entertainment services to passengers.
This leads to a situation that the flight crews are supported by This leads to a situation that the flight crews are supported by
narrowband services during flight while passengers have access to narrowband services during flight while passengers have access to
inflight broadband services. The current HF and VHF data links inflight broadband services. The current HF and VHF data links
cannot provide broadband services now or in the future, due to the cannot provide broadband services now or in the future, due to the
lack of available spectrum. This technical shortcoming is becoming a lack of available spectrum. This technical shortcoming is becoming a
limitation to enhanced ATM operations, such as Trajectory-Based limitation to enhanced ATM operations, such as Trajectory-Based
Operations and 4D trajectory negotiations. Operations and 4D trajectory negotiations.
Satellite-based communications are currently under investigation and Satellite-based communications are currently under investigation and
skipping to change at page 7, line 10 skipping to change at page 7, line 18
provides significant advantages to the users and service providers. provides significant advantages to the users and service providers.
It is expected that both - satellite systems and LDACS - will be It is expected that both - satellite systems and LDACS - will be
deployed to support the future aeronautical communication needs as deployed to support the future aeronautical communication needs as
envisaged by the ICAO Global Air Navigation Plan. envisaged by the ICAO Global Air Navigation Plan.
4. Provenance and Documents 4. Provenance and Documents
The development of LDACS has already made substantial progress in the The development of LDACS has already made substantial progress in the
Single European Sky ATM Research framework, short SESAR, and is Single European Sky ATM Research framework, short SESAR, and is
currently being continued in the follow-up program SESAR2020 currently being continued in the follow-up program SESAR2020
[RIH2018]. A key objective of the this activities is to develop, [RIH2018]. A key objective of the these activities is to develop,
implement and validate a modern aeronautical data link able to evolve implement and validate a modern aeronautical data link able to evolve
with aviation needs over long-term. To this end, an LDACS with aviation needs over long-term. To this end, an LDACS
specification has been produced [GRA2019] and is continuously specification has been produced [GRA2019] and is continuously
updated; transmitter demonstrators were developed to test the updated; transmitter demonstrators were developed to test the
spectrum compatibility of LDACS with legacy systems operating in the spectrum compatibility of LDACS with legacy systems operating in the
L-band [SAJ2014]; and the overall system performance was analyzed by L-band [SAJ2014]; and the overall system performance was analyzed by
computer simulations, indicating that LDACS can fulfil the identified computer simulations, indicating that LDACS can fulfil the identified
requirements [GRA2011]. requirements [GRA2011].
LDACS standardization within the framework of the ICAO started in LDACS standardization within the framework of the ICAO started in
skipping to change at page 7, line 37 skipping to change at page 7, line 45
LDACS in the open. LDACS in the open.
Up to now LDACS standardization has been focused on the development Up to now LDACS standardization has been focused on the development
of the physical layer and the data link layer, only recently have of the physical layer and the data link layer, only recently have
higher layers come into the focus of the LDACS development higher layers come into the focus of the LDACS development
activities. There is currently no "IPv6 over LDACS" specification activities. There is currently no "IPv6 over LDACS" specification
publicly available; however, SESAR2020 has started the testing of publicly available; however, SESAR2020 has started the testing of
IPv6-based LDACS testbeds. IPv6-based LDACS testbeds.
The IPv6 architecture for the aeronautical telecommunication network The IPv6 architecture for the aeronautical telecommunication network
is called the Future Communications Infrastructure (FCI). FCI SHALL is called the Future Communications Infrastructure (FCI). FCI shall
support quality of service, diversity, and mobility under the support quality of service, diversity, and mobility under the
umbrella of the "multi-link concept". This work is conducted by ICAO umbrella of the "multi-link concept". This work is conducted by ICAO
Communication Panel working group WG-I. Communication Panel working group WG-I.
In addition to standardization activities several industrial LDACS In addition to standardization activities several industrial LDACS
prototypes have been built. One set of LDACS prototypes has been prototypes have been built. One set of LDACS prototypes has been
evaluated in flight trials confirming the theoretical results evaluated in flight trials confirming the theoretical results
predicting the system performance [GRA2018] [SCH20191]. predicting the system performance [GRA2018] [SCH20191].
5. Applicability 5. Applicability
LDACS is a multi-application cellular broadband system capable of LDACS is a multi-application cellular broadband system capable of
simultaneously providing various kinds of Air Traffic Services simultaneously providing various kinds of Air Traffic Services (ATS)
(including ATS-B3) and AOC communications services from deployed including ATS-B3 and AOC communications services from deployed
Ground-Stations (GS). The A2G sub-system physical layer and data Ground-Stations (GS). The A2G sub-system physical layer and data
link layer of LDACS are optimized for data link communications, but link layer of LDACS are optimized for data link communications, but
the system also supports digital air-ground voice communications. the system also supports digital air-ground voice communications.
LDACS supports communication in all airspaces (airport, terminal LDACS supports communication in all airspaces (airport, terminal
maneuvering area, and en-route), and on the airport surface. The maneuvering area, and en-route), and on the airport surface. The
physical LDACS cell coverage is effectively de-coupled from the physical LDACS cell coverage is effectively de-coupled from the
operational coverage REQUIRED for a particular service. This is new operational coverage required for a particular service. This is new
in aeronautical communications. Services requiring wide-area in aeronautical communications. Services requiring wide-area
coverage can be installed at several adjacent LDACS cells. The coverage can be installed at several adjacent LDACS cells. The
handover between the involved LDACS cells is seamless, automatic, and handover between the involved LDACS cells is seamless, automatic, and
transparent to the user. Therefore, the LDACS A2G communications transparent to the user. Therefore, the LDACS A2G communications
concept enables the aeronautical communication infrastructure to concept enables the aeronautical communication infrastructure to
support future dynamic airspace management concepts. support future dynamic airspace management concepts.
5.1. Advances Beyond the State-of-the-Art 5.1. Advances Beyond the State-of-the-Art
LDACS offers several capabilities that are not provided in LDACS offers several capabilities that are not provided in
skipping to change at page 9, line 16 skipping to change at page 9, line 28
The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the
forward link (FL) for the connection Ground-to-Air (G2A), and 294 forward link (FL) for the connection Ground-to-Air (G2A), and 294
kbit/s to 1390 kbit/s on the reverse link (RF) for the connection kbit/s to 1390 kbit/s on the reverse link (RF) for the connection
A2G, depending on coding and modulation. This is 50 times the amount A2G, depending on coding and modulation. This is 50 times the amount
terrestrial digital aeronautical communications systems such as VDLM2 terrestrial digital aeronautical communications systems such as VDLM2
provide [SCH20191]. provide [SCH20191].
5.2. Application 5.2. Application
LDACS SHALL be used by several aeronautical applications ranging from LDACS shall be used by several aeronautical applications ranging from
enhanced communication protocol stacks (multi-homed mobile IPv6 enhanced communication protocol stacks (multi-homed mobile IPv6
networks in the aircraft and potentially ad-hoc networks between networks in the aircraft and potentially ad-hoc networks between
aircraft) to classical communication applications (sending GBAS aircraft) to classical communication applications (sending Ground
correction data) and integration with other service domains (using Based Augmentation System (GBAS) correction data) and integration
the communication signal for navigation). with other service domains (using the communication signal for
navigation).
5.2.1. Air-to-Ground Multilink 5.2.1. Air-to-Ground Multilink
It is expected that LDACS together with upgraded satellite-based It is expected that LDACS together with upgraded satellite-based
communications systems will be deployed within the FCI and constitute communications systems will be deployed within the FCI and constitute
one of the main components of the multilink concept within the FCI. one of the main components of the multilink concept within the FCI.
Both technologies, LDACS and satellite systems, have their specific Both technologies, LDACS and satellite systems, have their specific
benefits and technical capabilities which complement each other. benefits and technical capabilities which complement each other.
Especially, satellite systems are well-suited for large coverage Especially, satellite systems are well-suited for large coverage
areas with less dense air traffic, e.g. oceanic regions. LDACS is areas with less dense air traffic, e.g. oceanic regions. LDACS is
well-suited for dense air traffic areas, e.g. continental areas or well-suited for dense air traffic areas, e.g. continental areas or
hot-spots around airports and terminal airspace. In addition, both hot-spots around airports and terminal airspace. In addition, both
technologies offer comparable data link capacity and, thus, are well- technologies offer comparable data link capacity and, thus, are well-
suited for redundancy, mutual back-up, or load balancing. suited for redundancy, mutual back-up, or load balancing.
Technically the FCI multilink concept SHALL be realized by multi- Technically the FCI multilink concept shall be realized by multi-
homed mobile IPv6 networks in the aircraft. The related protocol homed mobile IPv6 networks in the aircraft. The related protocol
stack is currently under development by ICAO and the Single European stack is currently under development by ICAO and the Single European
Sky ATM Research framework. Sky ATM Research framework.
5.2.2. Air-to-Air Extension for LDACS 5.2.2. Air-to-Air Extension for LDACS
A potential extension of the multi-link concept is its extension to A potential extension of the multi-link concept is its extension to
ad-hoc networks between aircraft. ad-hoc networks between aircraft.
Direct A2A communication between aircrafts in terms of ad-hoc data Direct A2A communication between aircrafts in terms of ad-hoc data
networks is currently considered a research topic since there is no networks is currently considered a research topic since there is no
immediate operational need for it, although several possible use immediate operational need for it, although several possible use
cases are discussed (digital voice, wake vortex warnings, and cases are discussed (digital voice, wake vortex warnings, and
trajectory negotiation) [BEL2019]. It SHOULD also be noted that trajectory negotiation) [BEL2019]. It should also be noted that
currently deployed analog VHF voice radios support direct voice currently deployed analog VHF voice radios support direct voice
communication between aircraft, making a similar use case for digital communication between aircraft, making a similar use case for digital
voice plausible. voice plausible.
LDACS direct A2A is currently not part of standardization. LDACS direct A2A is currently not part of standardization.
5.2.3. Flight Guidance 5.2.3. Flight Guidance
The FCI (and therefore LDACS) SHALL be used to host flight guidance. The FCI (and therefore LDACS) shall be used to host flight guidance.
This is realized using three applications: This is realized using three applications:
1. Context Management (CM): The CM application SHALL manage the 1. Context Management (CM): The CM application shall manage the
automatic logical connection to the ATC center currently automatic logical connection to the ATC center currently
responsible to guide the aircraft. Currently this is done by the responsible to guide the aircraft. Currently this is done by the
air crew manually changing VHF voice frequencies according to the air crew manually changing VHF voice frequencies according to the
progress of the flight. The CM application automatically sets up progress of the flight. The CM application automatically sets up
equivalent sessions. equivalent sessions.
2. Controller Pilot Data Link Communication (CPDLC): The CPDLC 2. Controller Pilot Data Link Communication (CPDLC): The CPDLC
application provides the air crew with the ability to exchange application provides the air crew with the ability to exchange
data messages similar to text messages with the currently data messages similar to text messages with the currently
responsible ATC center. The CPDLC application SHALL take over responsible ATC center. The CPDLC application shall take over
most of the communication currently performed over VHF voice and most of the communication currently performed over VHF voice and
enable new services that do not lend themselves to voice enable new services that do not lend themselves to voice
communication (e.g., trajectory negotiation). communication (e.g., trajectory negotiation).
3. Automatic Dependent Surveillance - Contract (ADS-C): ADS-C 3. Automatic Dependent Surveillance - Contract (ADS-C): ADS-C
reports the position of the aircraft to the currently active ATC reports the position of the aircraft to the currently active ATC
center. Reporting is bound to "contracts", i.e. pre-defined center. Reporting is bound to "contracts", i.e. pre-defined
events related to the progress of the flight (i.e. the events related to the progress of the flight (i.e. the
trajectory). ADS-C and CPDLC are the primary applications used to trajectory). ADS-C and CPDLC are the primary applications used to
implement in-flight trajectory management. implement in-flight trajectory management.
CM, CPDLC, and ADS-C are available on legacy datalinks, but not CM, CPDLC, and ADS-C are available on legacy datalinks, but not
widely deployed and with limited functionality. widely deployed and with limited functionality.
Further ATC applications MAY be ported to use the FCI or LDACS as Further ATC applications may be ported to use the FCI or LDACS as
well. A notable application is GBAS for secure, automated landings: well. A notable application is GBAS for secure, automated landings:
The Global Navigation Satellite System (GNSS) based Ground Based The Global Navigation Satellite System (GNSS) based GBAS is used to
Augmentation System (GBAS) is used to improve the accuracy of GNSS to improve the accuracy of GNSS to allow GNSS based instrument landings.
allow GNSS based instrument landings. This is realized by sending This is realized by sending GNSS correction data (e.g., compensating
GNSS correction data (e.g., compensating ionospheric errors in the ionospheric errors in the GNSS signal) to the aircraft's GNSS
GNSS signal) to the aircraft's GNSS receiver via a separate data receiver via a separate data link. Currently the VDB data link is
link. Currently the VDB data link is used. VDB is a narrow-band used. VDB is a narrow-band single-purpose datalink without advanced
single-purpose datalink without advanced security only used to security only used to transmit GBAS correction data. This makes VDB
transmit GBAS correction data. This makes VDB a natural candidate a natural candidate for replacement by LDACS.
for replacement by LDACS.
5.2.4. Business Communication of Airlines 5.2.4. Business Communication of Airlines
In addition to air traffic services AOC services SHALL be transmitted In addition to air traffic services AOC services shall be transmitted
over LDACS. AOC is a generic term referring to the business over LDACS. AOC is a generic term referring to the business
communication of airlines. Regulatory this is considered related to communication of airlines. Regulatory this is considered related to
the safety and regularity of flight and MAY therefore be transmitted the safety and regularity of flight and may therefore be transmitted
over LDACS. over LDACS.
AOC communication is considered the main business case for LDACS AOC communication is considered the main business case for LDACS
communication service providers since modern aircraft generate communication service providers since modern aircraft generate
significant amounts of data (e.g., engine maintenance data). significant amounts of data (e.g., engine maintenance data).
5.2.5. LDACS Navigation 5.2.5. LDACS Navigation
Beyond communication radio signals can always also be used for Beyond communication radio signals can always also be used for
navigation. LDACS takes this into account. navigation. LDACS takes this into account.
For future aeronautical navigation, ICAO RECOMMENDS the further For future aeronautical navigation, ICAO RECOMMENDS the further
development of GNSS based technologies as primary means for development of GNSS based technologies as primary means for
navigation. However, the drawback of GNSS is its inherent single navigation. However, the drawback of GNSS is its inherent single
point of failure - the satellite. Due to the large separation point of failure - the satellite. Due to the large separation
between navigational satellites and aircraft, the received power of between navigational satellites and aircraft, the received power of
GNSS signals on the ground is very low. As a result, GNSS GNSS signals on the ground is very low. As a result, GNSS
disruptions might occasionally occur due to unintentional disruptions might occasionally occur due to unintentional
interference, or intentional jamming. Yet the navigation services interference, or intentional jamming. Yet the navigation services
MUST be available with sufficient performance for all phases of must be available with sufficient performance for all phases of
flight. Therefore, during GNSS outages, or blockages, an alternative flight. Therefore, during GNSS outages, or blockages, an alternative
solution is needed. This is commonly referred to as Alternative solution is needed. This is commonly referred to as Alternative
Positioning, Navigation, and Timing (APNT). Positioning, Navigation, and Timing (APNT).
One of such APNT solution consists of integrating the navigation One of such APNT solution consists of integrating the navigation
functionality into LDACS. The ground infrastructure for APNT is functionality into LDACS. The ground infrastructure for APNT is
deployed through the implementation of LDACS's GSs and the navigation deployed through the implementation of LDACS's GSs and the navigation
capability comes "for free". capability comes "for free".
LDACS navigation has already been demonstrated in practice in a LDACS navigation has already been demonstrated in practice in a
flight measurement campaign [SCH20191]. flight measurement campaign [SCH20191].
6. Requirements to LDACS 6. Requirements to LDACS
The requirements to LDACS are mostly defined by its application area: The requirements to LDACS are mostly defined by its application area:
Communication related to safety and regularity of flight. Communication related to safety and regularity of flight.
A particularity of the current aeronautical communication landscape A particularity of the current aeronautical communication landscape
is that it is heavily regulated. Aeronautical data links (for is that it is heavily regulated. Aeronautical data links (for
applications related to safety and regularity of flight) MAY only use applications related to safety and regularity of flight) may only use
spectrum licensed to aviation and data links endorsed by ICAO. spectrum licensed to aviation and data links endorsed by ICAO.
Nation states can change this locally, however, due to the global Nation states can change this locally, however, due to the global
scale of the air transportation system adherence to these practices scale of the air transportation system adherence to these practices
is to be expected. is to be expected.
Aeronautical data links for the Aeronautical Telecommunication Aeronautical data links for the Aeronautical Telecommunication
Network (ATN) are therefore expected to remain in service for Network (ATN) are therefore expected to remain in service for
decades. The VDLM2 data link currently used for digital terrestrial decades. The VDLM2 data link currently used for digital terrestrial
internetworking was developed in the 1990es (the use of the Open internetworking was developed in the 1990es (the use of the Open
Systems Interconnection (OSI) stack indicates that as well). VDLM2 Systems Interconnection (OSI) stack indicates that as well). VDLM2
skipping to change at page 12, line 34 skipping to change at page 12, line 39
Current ATS applications use either the Aircraft Communications Current ATS applications use either the Aircraft Communications
Addressing and Reporting System (ACARS) or the OSI stack. The Addressing and Reporting System (ACARS) or the OSI stack. The
objective of the development effort LDACS as part of the FCI is to objective of the development effort LDACS as part of the FCI is to
replace legacy OSI stack and proprietary ACARS internetwork replace legacy OSI stack and proprietary ACARS internetwork
technologies with industry standard IP technology. It is anticipated technologies with industry standard IP technology. It is anticipated
that the use of Commercial Off-The-Shelf (COTS) IP technology mostly that the use of Commercial Off-The-Shelf (COTS) IP technology mostly
applies to the ground network. The avionics networks on the aircraft applies to the ground network. The avionics networks on the aircraft
will likely be heavily modified or proprietary. will likely be heavily modified or proprietary.
AOC applications currently mostly use the same stack (although some AOC applications currently mostly use the same stack (although some
applications, like the graphical weather service MAY use the applications, like the graphical weather service may use the
commercial passenger network). This creates capacity problems commercial passenger network). This creates capacity problems
(resulting in excessive amounts of timeouts) since the underlying (resulting in excessive amounts of timeouts) since the underlying
terrestrial data links (VDLM1/2) do not provide sufficient bandwidth. terrestrial data links (VDLM1/2) do not provide sufficient bandwidth.
The use of non-aviation specific data links is considered a security The use of non-aviation specific data links is considered a security
problem. Ideally the aeronautical IP internetwork and the Internet problem. Ideally the aeronautical IP internetwork and the Internet
SHOULD be completely separated. should be completely separated.
The objective of LDACS is to provide a next generation terrestrial The objective of LDACS is to provide a next generation terrestrial
data link designed to support IP and provide much higher bandwidth to data link designed to support IP and provide much higher bandwidth to
avoid the currently experienced operational problems. avoid the currently experienced operational problems.
The requirement for LDACS is therefore to provide a terrestrial high- The requirement for LDACS is therefore to provide a terrestrial high-
throughput data link for IP internetworking in the aircraft. throughput data link for IP internetworking in the aircraft.
In order to fulfil the above requirement LDACS needs to be In order to fulfil the above requirement LDACS needs to be
interoperable with IP (and IP-based services like Voice-over-IP) at interoperable with IP (and IP-based services like Voice-over-IP) at
skipping to change at page 13, line 21 skipping to change at page 13, line 21
In addition to the functional requirements LDACS and its IP stack In addition to the functional requirements LDACS and its IP stack
need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED- need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED-
228A [DO350A]. This document defines continuity, availability, and 228A [DO350A]. This document defines continuity, availability, and
integrity requirements at different scopes for each air traffic integrity requirements at different scopes for each air traffic
management application (CPDLC, CM, and ADS-C). The scope most management application (CPDLC, CM, and ADS-C). The scope most
relevant to IP over LDACS is the CSP (Communication Service Provider) relevant to IP over LDACS is the CSP (Communication Service Provider)
scope. scope.
Continuity, availability, and integrity requirements are defined in Continuity, availability, and integrity requirements are defined in
[DO350A] volume 1 Table 5-14, and Table 6-13. Appendix A presents [DO350A] volume 1 Table 5-14, and Table 6-13. Appendix A presents
the REQUIRED information. the required information.
In a similar vein, requirements to fault management are defined in In a similar vein, requirements to fault management are defined in
the same tables. the same tables.
7. Characteristics of LDACS 7. Characteristics of LDACS
LDACS will become one of several wireless access networks connecting LDACS will become one of several wireless access networks connecting
aircraft to the ATN implemented by the FCI and possibly ACARS/FANS aircraft to the ATN implemented by the FCI and possibly ACARS/FANS
networks [FAN2019]. networks [FAN2019].
skipping to change at page 15, line 25 skipping to change at page 15, line 25
access sub-layer manages the organization of transmission access sub-layer manages the organization of transmission
opportunities in slots of time and frequency. The LLC sub-layer opportunities in slots of time and frequency. The LLC sub-layer
provides acknowledged point-to-point logical channels between the provides acknowledged point-to-point logical channels between the
aircraft and the GS using an automatic repeat request protocol. aircraft and the GS using an automatic repeat request protocol.
LDACS supports also unacknowledged point-to-point channels and G2A LDACS supports also unacknowledged point-to-point channels and G2A
broadcast. broadcast.
7.5. LDACS Mobility 7.5. LDACS Mobility
LDACS supports layer 2 handovers to different LDACS channels. LDACS supports layer 2 handovers to different LDACS channels.
Handovers MAY be initiated by the aircraft (break-before-make) or by Handovers may be initiated by the aircraft (break-before-make) or by
the GS (make-before-break). Make-before-break handovers are only the GS (make-before-break). Make-before-break handovers are only
supported for GSs connected to each other. supported for GSs connected to each other.
External handovers between non-connected LDACS sub-networks or External handovers between non-connected LDACS sub-networks or
different aeronautical data links SHALL be handled by the FCI multi- different aeronautical data links shall be handled by the FCI multi-
link concept. link concept.
8. Reliability and Availability 8. Reliability and Availability
8.1. Layer 2 8.1. Layer 2
LDACS has been designed with applications related to the safety and LDACS has been designed with applications related to the safety and
regularity of flight in mind. It has therefore been designed as a regularity of flight in mind. It has therefore been designed as a
deterministic wireless data link (as far as this is possible). deterministic wireless data link (as far as this is possible).
skipping to change at page 18, line 14 skipping to change at page 18, line 14
8.2. Beyond Layer 2 8.2. Beyond Layer 2
LDACS availability can be increased by appropriately deploying LDACS LDACS availability can be increased by appropriately deploying LDACS
infrastructure: This means proliferating the number of terrestrial infrastructure: This means proliferating the number of terrestrial
base stations. However, the scarcity of aeronautical spectrum for base stations. However, the scarcity of aeronautical spectrum for
data link communication (in the case of LDACS: tens of MHz in the data link communication (in the case of LDACS: tens of MHz in the
L-band) and the long range (in the case of LDACS: up to 400 km) make L-band) and the long range (in the case of LDACS: up to 400 km) make
this quite hard. The deployment of a larger number of small cells is this quite hard. The deployment of a larger number of small cells is
certainly possible, suffers, however, also from the scarcity of certainly possible, suffers, however, also from the scarcity of
spectrum. An additional constraint to take into account, is that spectrum. An additional constraint to consider, is that Distance
Distance Measuring Equipment (DME) is the primary user of the Measuring Equipment (DME) is the primary user of the aeronautical
aeronautical L-band. That is, any LDACS deployment has to take DME L-band. That is, any LDACS deployment has to take DME frequency
frequency planning into account, too. planning into account, too.
The aeronautical community has therefore decided not to rely on a The aeronautical community has therefore decided not to rely on a
single communication system or frequency band. It is envisioned to single communication system or frequency band. It is envisioned to
have multiple independent data link technologies in the aircraft have multiple independent data link technologies in the aircraft
(e.g., terrestrial and satellite communications) in addition to (e.g., terrestrial and satellite communications) in addition to
legacy VHF voice. legacy VHF voice.
However, as of now no reliability and availability mechanisms that However, as of now no reliability and availability mechanisms that
could utilize the multi-link have been specified on Layer 3 and could utilize the multi-link have been specified on Layer 3 and
above. above. Even if LDACS has been designed for reliability, the wireless
medium presents significant challenges to achieve deterministic
properties such as low packet error rate, bounded consecutive losses,
and bounded latency. Support for high reliability and availability
for IP connectivity over LDACS is therefore highly desirable, needs,
however, be adapted to the specific use case.
Below Layer 2 aeronautics usually relies on hardware redundancy. To Below Layer 2 aeronautics usually relies on hardware redundancy. To
protect availability of the LDACS link, an aircraft equipped with protect availability of the LDACS link, an aircraft equipped with
LDACS will have access to two L-band antennae with triple redundant LDACS will have access to two L-band antennae with triple redundant
radio systems as REQUIRED for any safety relevant aeronautical radio systems as required for any safety relevant aeronautical
systems by ICAO. systems by ICAO.
9. Protocol Stack 9. Protocol Stack
The protocol stack of LDACS is implemented in the AS and GS: It The protocol stack of LDACS is implemented in the AS and GS: It
consists of the Physical Layer (PHY) with five major functional consists of the Physical Layer (PHY) with five major functional
blocks above it. Four are placed in the Data Link Layer (DLL) of the blocks above it. Four are placed in the Data Link Layer (DLL) of the
AS and GS: (1) Medium Access Layer (MAC), (2) Voice Interface (VI), AS and GS: (1) Medium Access Layer (MAC), (2) Voice Interface (VI),
(3) Data Link Service (DLS), and (4) LDACS Management Entity (LME). (3) Data Link Service (DLS), and (4) LDACS Management Entity (LME).
The last entity resides within the Sub-Network Layer: Sub-Network The last entity resides within the Sub-Network Layer: Sub-Network
skipping to change at page 19, line 38 skipping to change at page 19, line 38
+--------------------------+ +--------------------------+
| |
| |
((*)) ((*))
FL/RL radio channels FL/RL radio channels
separated by separated by
Frequency Division Duplex Frequency Division Duplex
Figure 2: LDACS protocol stack in AS and GS Figure 2: LDACS protocol stack in AS and GS
9.1. MAC Entity Services 9.1. Medium Access Control (MAC) Entity Services
The MAC time framing service provides the frame structure necessary The MAC time framing service provides the frame structure necessary
to realize slot-based Time Division Multiplex (TDM) access on the to realize slot-based Time Division Multiplex (TDM) access on the
physical link. It provides the functions for the synchronization of physical link. It provides the functions for the synchronization of
the MAC framing structure and the PHY Layer framing. The MAC time the MAC framing structure and the PHY Layer framing. The MAC time
framing provides a dedicated time slot for each logical channel. framing provides a dedicated time slot for each logical channel.
The MAC Sub-Layer offers access to the physical channel to its The MAC Sub-Layer offers access to the physical channel to its
service users. Channel access is provided through transparent service users. Channel access is provided through transparent
logical channels. The MAC Sub-Layer maps logical channels onto the logical channels. The MAC Sub-Layer maps logical channels onto the
skipping to change at page 21, line 23 skipping to change at page 21, line 23
e +------+---------------------------+ e +------+---------------------------+
n <---- Multi-Frame (MF) - 58.32ms --> n <---- Multi-Frame (MF) - 58.32ms -->
c c
y y
| |
-------------------- Time ------------------> -------------------- Time ------------------>
| |
Figure 4: MF structure for LDACS Figure 4: MF structure for LDACS
9.2. DLS Entity Services 9.2. Data Link Service (DLS) Entity Services
The DLS provides acknowledged and unacknowledged (including broadcast The DLS provides acknowledged and unacknowledged (including broadcast
and packet mode voice) bi-directional exchange of user data. If user and packet mode voice) bi-directional exchange of user data. If user
data is transmitted using the acknowledged DLS, the sending DLS data is transmitted using the acknowledged DLS, the sending DLS
entity will wait for an acknowledgement from the receiver. If no entity will wait for an acknowledgement from the receiver. If no
acknowledgement is received within a specified time frame, the sender acknowledgement is received within a specified time frame, the sender
MAY automatically try to retransmit its data. However, after a may automatically try to retransmit its data. However, after a
certain number of failed retries, the sender will suspend further certain number of failed retries, the sender will suspend further
retransmission attempts and inform its client of the failure. retransmission attempts and inform its client of the failure.
The DLS uses the logical channels provided by the MAC: The DLS uses the logical channels provided by the MAC:
1. A GS announces its existence and access parameters in the 1. A GS announces its existence and access parameters in the
Broadcast Channel (BC). Broadcast Channel (BC).
2. The RA channel enables AS to request access to an LDACS cell. 2. The RA channel enables AS to request access to an LDACS cell.
3. In the FL the CCCH is used by the GS to grant access to data 3. In the FL the CCCH is used by the GS to grant access to data
channel resources. channel resources.
4. The reverse direction is covered by the RL, where ASs need to 4. The reverse direction is covered by the RL, where ASs need to
request resources before sending. This happens via the DCCH. request resources before sending. This happens via the DCCH.
5. User data itself is communicated in the Data Channel (DCH) on the 5. User data itself is communicated in the Data Channel (DCH) on the
FL and RL. FL and RL.
9.3. VI Services Access to the FL and RL data channel is granted by the scheduling
mechanism implemented in the LME discussed below.
9.3. Voice Interface (VI) Services
The VI provides support for virtual voice circuits. Voice circuits The VI provides support for virtual voice circuits. Voice circuits
MAY either be set-up permanently by the GS (e.g., to emulate voice may either be set-up permanently by the GS (e.g., to emulate voice
party line) or MAY be created on demand. The creation and selection party line) or may be created on demand. The creation and selection
of voice circuits is performed in the LME. The VI provides only the of voice circuits is performed in the LME. The VI provides only the
transmission services. transmission services.
9.4. LME Services 9.4. LDACS Management Entity (LME) Services
The mobility management service in the LME provides support for The mobility management service in the LME provides support for
registration and de-registration (cell entry and cell exit), scanning registration and de-registration (cell entry and cell exit), scanning
RF channels of neighboring cells and handover between cells. In RF channels of neighboring cells and handover between cells. In
addition, it manages the addressing of aircraft/ ASs within cells. addition, it manages the addressing of aircraft/ ASs within cells.
The resource management service provides link maintenance (power, The resource management service provides link maintenance (power,
frequency and time adjustments), support for adaptive coding and frequency and time adjustments), support for adaptive coding and
modulation, and resource allocation. modulation, and resource allocation.
9.5. SNP Services The resource management service accepts resource requests from/for
different AS and issues resource allocations accordingly. While the
scheduling algorithm is not specified and a point of possible vendor
differentiation, it is subject to the following requirements:
The DLS provides functions REQUIRED for the transfer of user plane 1. Resource scheduling must provide channel access according to the
priority of the request
2. Resource scheduling must support "one-time" requests
3. Resource scheduling must support "permanent" requests that
reserve a resource until the request is canceled e.g. for digital
voice circuits.
9.5. Sub-Network Protocol (SNP) Services
The DLS provides functions required for the transfer of user plane
data and control plane data over the LDACS sub-network. data and control plane data over the LDACS sub-network.
The security service provides functions for secure communication over The security service provides functions for secure communication over
the LDACS sub-network. Note that the SNP security service applies the LDACS sub-network. Note that the SNP security service applies
cryptographic measures as configured by the GS. cryptographic measures as configured by the GS.
10. Security Considerations 10. Security Considerations
10.1. Reasons for Wireless Digital Aeronautical Communications 10.1. Reasons for Wireless Digital Aeronautical Communications
Aviation will require secure exchanges of data and voice messages for Aviation will require secure exchanges of data and voice messages for
managing the air-traffic flow safely through the airspaces all over managing the air traffic flow safely through the airspaces all over
the world. Historically Communication Navigation Surveillance (CNS) the world. Historically Communication Navigation Surveillance (CNS)
wireless communications technology emerged from military and a threat wireless communications technology emerged from military and a threat
landscape where inferior technological and financial capabilities of landscape where inferior technological and financial capabilities of
adversaries were assumed [STR2016]. The main communication method adversaries were assumed [STR2016]. The main communication method
for ATC today is still an open analogue voice broadcast within the for ATC today is still an open analogue voice broadcast within the
aeronautical VHF band. Currently, the information security is purely aeronautical VHF band. Currently, the information security is purely
procedural based by using well-trained personnel and proven procedural based by using well-trained personnel and proven
communications procedures. This communication method has been in communications procedures. This communication method has been in
service since 1948. However, since the emergence of civil service since 1948. However, since the emergence of civil
aeronautical CNS application and today, the world has changed. Civil aeronautical CNS application and today, the world has changed. Civil
applications have significant lower spectrum available than military applications have significant lower spectrum available than military
applications. This means several military defence mechanisms such as applications. This means several military defence mechanisms such as
frequency hopping or pilot symbol scrambling and, thus, a defense-in- frequency hopping or pilot symbol scrambling and, thus, a defense-in-
depth approach starting at the physical layer is infeasible for civil depth approach starting at the physical layer is infeasible for civil
systems. With the rise of cheap Software Defined Radios, the systems. With the rise of cheap Software Defined Radios, the
previously existing financial barrier is almost gone and open source previously existing financial barrier is almost gone and open source
projects such as GNU radio [GNU2012] allow the new type of projects such as GNU radio [GNU2012] allow the new type of
unsophisticated listeners and possible attackers. Most CNS unsophisticated listeners and possible attackers. Most CNS
technology developed in ICAO relies on open standards, thus syntax technology developed in ICAO relies on open standards, thus syntax
and semantics of wireless digital aeronautical communications SHOULD and semantics of wireless digital aeronautical communications should
be expected to be common knowledge for attackers. With increased be expected to be common knowledge for attackers. With increased
digitization and automation of civil aviation the human as control digitization and automation of civil aviation the human as control
instance is being taken gradually out of the loop. Autonomous instance is being taken gradually out of the loop. Autonomous
transport drones or single piloted aircraft demonstrate this trend. transport drones or single piloted aircraft demonstrate this trend.
However, without profound cybersecurity measures such as authenticity However, without profound cybersecurity measures such as authenticity
and integrity checks of messages in-transit on the wireless link or and integrity checks of messages in-transit on the wireless link or
mutual entity authentication, this lack of a control instance can mutual entity authentication, this lack of a control instance can
prove disastrous. Thus, future digital communications waveforms will prove disastrous. Thus, future digital communications waveforms will
need additional embedded security features to fulfill modern need additional embedded security features to fulfill modern
information security requirements like authentication and integrity. information security requirements like authentication and integrity.
skipping to change at page 23, line 37 skipping to change at page 24, line 10
As digitalization progresses even further with LDACS and automated As digitalization progresses even further with LDACS and automated
procedures such as 4D-Trajectories allowing semi-automated en-route procedures such as 4D-Trajectories allowing semi-automated en-route
flying of aircraft, LDACS requires stronger cybersecurity measures. flying of aircraft, LDACS requires stronger cybersecurity measures.
10.2. LADACS Requirements 10.2. LADACS Requirements
Overall there are several business goals for cybersecurity to protect Overall there are several business goals for cybersecurity to protect
in FCI in civil aviation: in FCI in civil aviation:
1. Safety: The system MUST sufficiently mitigate attacks, which 1. Safety: The system must sufficiently mitigate attacks, which
contribute to safety hazards. contribute to safety hazards.
2. Flight regularity: The system MUST sufficiently mitigate attacks, 2. Flight regularity: The system must sufficiently mitigate attacks,
which contribute to delays, diversions, or cancellations of which contribute to delays, diversions, or cancellations of
flights. flights.
3. Protection of business interests: The system MUST sufficiently 3. Protection of business interests: The system must sufficiently
mitigate attacks which result in financial loss, reputation mitigate attacks which result in financial loss, reputation
damage, disclosure of sensitive proprietary information, or damage, disclosure of sensitive proprietary information, or
disclosure of personal information. disclosure of personal information.
To further analyze assets and derive threats and thus protection To further analyze assets and derive threats and thus protection
scenarios several Threat-and Risk Analysis were performed for LDACS scenarios several Threat-and Risk Analysis were performed for LDACS
[MAE20181] , [MAE20191]. These results allowed deriving security [MAE20181] , [MAE20191]. These results allowed deriving security
scope and objectives from the requirements and the conducted Threat- scope and objectives from the requirements and the conducted Threat-
and Risk Analysis. and Risk Analysis.
10.3. LDACS Security Objectives 10.3. LDACS Security Objectives
Security considerations for LDACS are defined by the official Security considerations for LDACS are defined by the official
Standards And Recommended Practices (SARPS) document by ICAO Standards And Recommended Practices (SARPS) document by ICAO
[ICA2018]: [ICA2018]:
1. LDACS SHALL provide a capability to protect the availability and 1. LDACS shall provide a capability to protect the availability and
continuity of the system. continuity of the system.
2. LDACS SHALL provide a capability including cryptographic 2. LDACS shall provide a capability including cryptographic
mechanisms to protect the integrity of messages in transit. mechanisms to protect the integrity of messages in transit.
3. LDACS SHALL provide a capability to ensure the authenticity of 3. LDACS shall provide a capability to ensure the authenticity of
messages in transit. messages in transit.
4. LDACS SHOULD provide a capability for nonrepudiation of origin 4. LDACS should provide a capability for nonrepudiation of origin
for messages in transit. for messages in transit.
5. LDACS SHOULD provide a capability to protect the confidentiality 5. LDACS should provide a capability to protect the confidentiality
of messages in transit. of messages in transit.
6. LDACS SHALL provide an authentication capability. 6. LDACS shall provide an authentication capability.
7. LDACS SHALL provide a capability to authorize the permitted 7. LDACS shall provide a capability to authorize the permitted
actions of users of the system and to deny actions that are not actions of users of the system and to deny actions that are not
explicitly authorized. explicitly authorized.
8. If LDACS provides interfaces to multiple domains, LDACS SHALL 8. If LDACS provides interfaces to multiple domains, LDACS shall
provide capability to prevent the propagation of intrusions within provide capability to prevent the propagation of intrusions within
LDACS domains and towards external domains. LDACS domains and towards external domains.
10.4. LDACS Security Functions 10.4. LDACS Security Functions
These objectives were used to derive several security functions for These objectives were used to derive several security functions for
LDACS REQUIRED to be integrated in the LDACS cybersecurity LDACS required to be integrated in the LDACS cybersecurity
architecture: (1) Identification, (2) Authentication, (3) architecture: (1) Identification, (2) Authentication, (3)
Authorization, (4) Confidentiality, (5) System Integrity, (6) Data Authorization, (4) Confidentiality, (5) System Integrity, (6) Data
Integrity, (7) Robustness, (8) Reliability, (9) Availability, and Integrity, (7) Robustness, (8) Reliability, (9) Availability, and
(10) Key and Trust Management. Several works investigated possible (10) Key and Trust Management. Several works investigated possible
measures to implement these security functions [BIL2017], [MAE20181], measures to implement these security functions [BIL2017], [MAE20181],
[MAE20191]. Having identified security requirements, objectives and [MAE20191]. Having identified security requirements, objectives and
functions it MUST be ensured that they are applicable. functions it must be ensured that they are applicable.
10.5. LDACS Security Architecture 10.5. LDACS Security Architecture
The requirements lead to a LDACS security model including different The requirements lead to a LDACS security model including different
entities for identification, authentication and authorization entities for identification, authentication and authorization
purposes ensuring integrity, authenticity and confidentiality of data purposes ensuring integrity, authenticity and confidentiality of data
in-transit especially. in-transit especially.
10.5.1. Entities 10.5.1. Entities
skipping to change at page 25, line 25 skipping to change at page 25, line 37
entities: Network operators such as the Societe Internationale de entities: Network operators such as the Societe Internationale de
Telecommunications Aeronautiques (SITA) [SIT2020] and ARINC [ARI2020] Telecommunications Aeronautiques (SITA) [SIT2020] and ARINC [ARI2020]
are providing access to the (1) Ground IPS network via an (2) A2G are providing access to the (1) Ground IPS network via an (2) A2G
LDACS Router. This router is attached to a closed off LDACS Access LDACS Router. This router is attached to a closed off LDACS Access
Network, (3) which connects via further (4) Access Routers to the Network, (3) which connects via further (4) Access Routers to the
different (5) LDACS Cell Ranges, each controlled by a (6) GS (serving different (5) LDACS Cell Ranges, each controlled by a (6) GS (serving
one LDACS cell), with several interconnected GS (7) spanning a local one LDACS cell), with several interconnected GS (7) spanning a local
LDACS access network. Via the (8) A2G wireless LDACS data link (9) LDACS access network. Via the (8) A2G wireless LDACS data link (9)
AS the aircraft is connected to the ground network and via the (10) AS the aircraft is connected to the ground network and via the (10)
aircrafts's VI and (11) aircraft's network interface, aircraft's data aircrafts's VI and (11) aircraft's network interface, aircraft's data
can be sent via the AS back to the GS and the forwarded back via GSC, can be sent via the AS back to the GS, LDACS local access network,
LDACS local access network, access routers, LDACS access network, A2G access routers, LDACS access network, A2G LDACS router to the ground
LDACS router to the ground IPS network. Internet Protocol Suite (IPS) network [ICAO20152].
10.5.2. Entity Identification 10.5.2. Entity Identification
LDACS needs specific identities for (1) the AS, (2) the GS, (3) the LDACS needs specific identities for (1) the AS, (2) the GS, and (3)
GS, and (4) the Network Operator. The aircraft itself can be the Network Operator. The aircraft itself can be identified using
identified using the ICAO unique address of an aircraft, the call the ICAO unique address of an aircraft, the call sign of that
sign of that aircraft or the recently founded Privacy ICAO Address aircraft or the recently founded Privacy ICAO Address (PIA) program
(PIA) program [FAA2020]. It is conceivable that the LDACS AS will [FAA2020]. It is conceivable that the LDACS AS will use a
use a combination of aircraft identification, radio component combination of aircraft identification, radio component
identification such as MAC addresses and even operator features identification and even operator features identification to create a
identification to create a unique AS LDACS identification tag. unique AS LDACS identification tag. Similar to a 4G's eNodeB Serving
Similar to a 4G's eNodeB Serving Network (SN) Identification tag, a Network (SN) Identification tag, a GS could be identified using a
GS could be identified using a similar field. The identification of similar field. The identification of the network operator is again
the network operator is again similar to 4G (e.g., E-Plus, AT&T, and similar to 4G (e.g., E-Plus, AT&T, and TELUS), in the way that the
TELUS), in the way that the aeronautical network operators are listed aeronautical network operators are listed (e.g., ARINC [ARI2020] and
(e.g., ARINC [ARI2020] and SITA [SIT2020]). SITA [SIT2020]).
10.5.3. Entity Authentication and Key Negotiation 10.5.3. Entity Authentication and Key Negotiation
In order to anchor Trust within the system all LDACS entities In order to anchor Trust within the system all LDACS entities
connected to the ground IPS network SHALL be rooted in an LDACS connected to the ground IPS network shall be rooted in an LDACS
specific chain-of-trust and PKI solution, quite similar to AeroMACS specific chain-of-trust and PKI solution, quite similar to AeroMACS
approach [CRO2016]. These X.509 certificates [RFC5280] residing at approach [CRO2016]. These X.509 certificates [RFC5280] residing at
the entities and incorporated in the LDACS PKI proof the ownership of the entities and incorporated in the LDACS PKI proof the ownership of
their respective public key, include information about the identity their respective public key, include information about the identity
of the owner and the digital signature of the entity that has of the owner and the digital signature of the entity that has
verified the certificate's content. First all ground infrastructures verified the certificate's content. First all ground infrastructures
MUST mutually authenticate to each other, negotiate and derive keys must mutually authenticate to each other, negotiate and derive keys
and, thus, secure all ground connections. How this process is and, thus, secure all ground connections. How this process is
handled in detail is still an ongoing discussion. However, handled in detail is still an ongoing discussion. However,
established methods to secure user plane by IPSec [RFC4301] and IKEv2 established methods to secure user plane by IPSec [RFC4301] and IKEv2
[RFC7296] or the application layer via TLS 1.3 [RFC8446] are [RFC7296] or the application layer via TLS 1.3 [RFC8446] are
conceivable. The LDACS PKI with their chain-of-trust approach, conceivable. The LDACS PKI with their chain-of-trust approach,
digital certificates and public entity keys lay the groundwork for digital certificates and public entity keys lay the groundwork for
this step. In a second step the AS with the LDACS radio approaches this step. In a second step the AS with the LDACS radio approaches
an LDACS cell and performs a cell entry with the corresponding GS. an LDACS cell and performs a cell entry with the corresponding GS.
Similar to the LTE cell attachment process [TS33.401], where Similar to the LTE cell attachment process [TS33.401], where
authentication happens after basic communication has been enabled authentication happens after basic communication has been enabled
skipping to change at page 28, line 28 skipping to change at page 28, line 47
uniform distribution of bits. As LDACS will be deployed in 2024 with uniform distribution of bits. As LDACS will be deployed in 2024 with
a recommendation of a minimum-security level of 128bit. a recommendation of a minimum-security level of 128bit.
10.6.5. User Data Security 10.6.5. User Data Security
It is proposed to secure LDACS Sub-Network Packet Data Units (SN- It is proposed to secure LDACS Sub-Network Packet Data Units (SN-
PDU)s, as their size can vary from 128 to 1536 Byte [GRA2019], which PDU)s, as their size can vary from 128 to 1536 Byte [GRA2019], which
makes them possibly the largest PDUs within LDACS. This helps makes them possibly the largest PDUs within LDACS. This helps
minimizing security data overhead, in case a Message Authentication minimizing security data overhead, in case a Message Authentication
Code (MAC) tag is attached to the SN-PDU. For confidentiality Code (MAC) tag is attached to the SN-PDU. For confidentiality
protection, it is RECOMMENDED symmetric approaches for data protection, it is recommended symmetric approaches for data
encryption, due to low computational overhead and fast operation encryption, due to low computational overhead and fast operation
times. As encryption algorithm, it is RECOMMENDED to use AES-128- times. As encryption algorithm, it is recommended to use AES-128-
GCM/AES-256-GCM [RFC5288] with Galois Counter Mode (GCM) being a mode GCM/AES-256-GCM [RFC5288] with Galois Counter Mode (GCM) being a mode
of operation on symmetric key block. It provides authenticated of operation on symmetric key block. It provides authenticated
encryption and decryption operations and it proves robust against encryption and decryption operations and it proves robust against
currently known quantum-computer-based algorithms [BER2017]. For currently known quantum-computer-based algorithms [BER2017]. For
message integrity/authenticity protection, it is RECOMMENDED either message integrity/authenticity protection, it is recommended either
to use the aforementioned AES-GCM with tag lengths of at least 128bit to use the aforementioned AES-GCM with tag lengths of at least 128bit
or HMAC with hash-functions from the SHA-3 family [PRI2014]. At or HMAC with hash-functions from the SHA-3 family [PRI2014]. At
least HMAC-SHA3-128 with a tag length of 128bit is RECOMMENDED. This least HMAC-SHA3-128 with a tag length of 128bit is recommended. This
way the tag security data overhead ranges from 1.04 to 12.50% for way the tag security data overhead ranges from 1.04 to 12.50% for
user data, depending on the SN-PDU size. user data, depending on the SN-PDU size.
10.6.6. Control Data Security 10.6.6. Control Data Security
LDACS has four control channels: AS announce their existence in the LDACS has four control channels: AS announce their existence in the
RA, at the beginning of each SF in the RL, where each AS can transmit RA, at the beginning of each SF in the RL, where each AS can transmit
56bit. GS announce their existence in the BC, at the beginning of 56bit. GS announce their existence in the BC, at the beginning of
each SF in the FL, where the GS can transmit a total of 2304bit. AS each SF in the FL, where the GS can transmit a total of 2304bit. AS
can request resources in the DC, where each AS has an 83bit long slot can request resources in the DC, where each AS has an 83bit long slot
and GS can grant those resources in the CC, with 728bit per CC-PHY- and GS can grant those resources in the CC, with 728bit per CC-PHY-
SDU. As the control channels of LDACS are very small-size, it is SDU. As the control channels of LDACS are very small-size, it is
obvious that protection is challenging. Having security requirements obvious that protection is challenging. Having security requirements
in mind it is RECOMMENDED to introduce group key mechanisms for in mind it is recommended to introduce group key mechanisms for
LDACS. Thus, after the MAKE procedure of LDACS, a control plane LDACS. Thus, after the MAKE procedure of LDACS, a control plane
related group key is derived by the GS and shared with all AS in a related group key is derived by the GS and shared with all AS in a
protected manner. As group key procedure, several approaches are protected manner. As group key procedure, several approaches are
investigated (e.g., G-IKEv2 [I-D.ietf-ipsecme-g-ikev2], CRGT investigated (e.g., G-IKEv2 [I-D.ietf-ipsecme-g-ikev2], CRGT
[ZHE2007], CAKE [GUG2018], LKH [SAK2014], and OFT [KUM2020]). As OFT [ZHE2007], CAKE [GUG2018], LKH [SAK2014], and OFT [KUM2020]). As OFT
has the least requirements on network operations compared to the has the least requirements on network operations compared to the
other, LDACS will use OFT with a fixed tree of 512-member nodes for a other, LDACS will use OFT with a fixed tree of 512-member nodes for a
maximum of 512 supported AS in an LDACS cell. All AS and GS use this maximum of 512 supported AS in an LDACS cell. All AS and GS use this
group key to protect the exchanged control data in the CC/DC slots. group key to protect the exchanged control data in the CC/DC slots.
As these messages remain valid for a time period in the order of 10 As these messages remain valid for a time period in the order of 10
skipping to change at page 29, line 36 skipping to change at page 30, line 8
This memo includes no request to IANA. This memo includes no request to IANA.
13. Acknowledgements 13. Acknowledgements
Thanks to all contributors to the development of LDACS and ICAO PT-T. Thanks to all contributors to the development of LDACS and ICAO PT-T.
Thanks to Klaus-Peter Hauf, Bart Van Den Einden, and Pierluigi Thanks to Klaus-Peter Hauf, Bart Van Den Einden, and Pierluigi
Fantappie for further input to this draft. Fantappie for further input to this draft.
Thanks to the Chair for Network Security and the research institute
CODE for their comments and improvements.
Thanks to SBA Research Vienna for fruitful discussions on Thanks to SBA Research Vienna for fruitful discussions on
aeronautical communications concerning security incentives for aeronautical communications concerning security incentives for
industry and potential economic spillovers. industry and potential economic spillovers.
14. Normative References 14. Normative References
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <https://www.rfc-editor.org/info/rfc4301>. December 2005, <https://www.rfc-editor.org/info/rfc4301>.
skipping to change at page 33, line 13 skipping to change at page 33, line 46
Aeronautiques", August 2020, <https://www.sita.aero/>. Aeronautiques", August 2020, <https://www.sita.aero/>.
[ARI2020] ARINC, "Aeronautical Radio Incorporated", August 2020, [ARI2020] ARINC, "Aeronautical Radio Incorporated", August 2020,
<https://www.aviation-ia.com/>. <https://www.aviation-ia.com/>.
[DO350A] RTCA SC-214, "Safety and Performance Standard for Baseline [DO350A] RTCA SC-214, "Safety and Performance Standard for Baseline
2 ATS Data Communications (Baseline 2 SPR Standard)", May 2 ATS Data Communications (Baseline 2 SPR Standard)", May
2016, <https://standards.globalspec.com/std/10003192/rtca- 2016, <https://standards.globalspec.com/std/10003192/rtca-
do-350-volume-1-2>. do-350-volume-1-2>.
[ICAO20151]
International Civil Aviation Organization (ICAO), "Manual
on VHF Digital Link (VDL) Mode 2, Doc 9776", January 2019,
<https://store.icao.int/en/manual-on-vhf-digital-link-vdl-
mode-2-doc-9776>.
[ICAO20152]
International Civil Aviation Organization (ICAO), "Manual
on the Aeronautical Telecommunication Network (ATN) using
Internet Protocol Suite (IPS) Standards and Protocols, Doc
9896", January 2015,
<https://standards.globalspec.com/std/10026940/icao-9896>.
[KAMA2010] Kamali, B., "An Overview of VHF Civil Radio Network and
the Resolution of Spectrum Depletion", Integrated
Communications, Navigation, and Surveillance Conference,
pp. F4-1-F4-8 , May 2010.
[DIF1976] Diffie, W. and M. Hellman, "New Directions in [DIF1976] Diffie, W. and M. Hellman, "New Directions in
Cryptography", IEEE Transactions on Information Theory, Cryptography", IEEE Transactions on Information Theory,
22(6):644-654 , November 1976. 22(6):644-654 , November 1976.
[KOB1987] Koblitz, N. and M. Hellman, "Elliptic Curve [KOB1987] Koblitz, N. and M. Hellman, "Elliptic Curve
Cryptosystems", Mathematics of Computation, Cryptosystems", Mathematics of Computation,
48(177):203-209. , January 1987. 48(177):203-209. , January 1987.
[JAO2011] Jao, D. and L. De Feo, "Towards Quantum-Resistant [JAO2011] Jao, D. and L. De Feo, "Towards Quantum-Resistant
Cryptosystems from Super-singular Elliptic Curve Cryptosystems from Super-singular Elliptic Curve
skipping to change at page 34, line 22 skipping to change at page 35, line 29
[KUM2020] Kumar, V., Kumar, R., and S.K. Pandey, "A Computationally [KUM2020] Kumar, V., Kumar, R., and S.K. Pandey, "A Computationally
Efficient Centralized Group Key Distribution Protocol for Efficient Centralized Group Key Distribution Protocol for
Secure Multicast Communications Based Upon RSA Public Key Secure Multicast Communications Based Upon RSA Public Key
Cryptosystem", Journal of King Saud University - Computer Cryptosystem", Journal of King Saud University - Computer
and Information Sciences, 32(9):1081-1094 , 2020. and Information Sciences, 32(9):1081-1094 , 2020.
[RAW-TECHNOS] [RAW-TECHNOS]
Thubert, P., Cavalcanti, D., Vilajosana, X., Schmitt, C., Thubert, P., Cavalcanti, D., Vilajosana, X., Schmitt, C.,
and J. Farkas, "Reliable and Available Wireless and J. Farkas, "Reliable and Available Wireless
Technologies", Work in Progress, Internet-Draft, draft- Technologies", Work in Progress, Internet-Draft, draft-
ietf-raw-technologies-00, 20 October 2020, ietf-raw-technologies-01, 19 February 2021,
<https://tools.ietf.org/html/draft-ietf-raw-technologies- <https://tools.ietf.org/html/draft-ietf-raw-technologies-
00>. 01>.
[RAW-USE-CASES] [RAW-USE-CASES]
Papadopoulos, G., Thubert, P., Theoleyre, F., and C. Papadopoulos, G. Z., Thubert, P., Theoleyre, F., and C. J.
Bernardos, "RAW use cases", Work in Progress, Internet- Bernardos, "RAW use cases", Work in Progress, Internet-
Draft, draft-ietf-raw-use-cases-00, 23 October 2020, Draft, draft-ietf-raw-use-cases-01, 21 February 2021,
<https://tools.ietf.org/html/draft-ietf-raw-use-cases-00>. <https://tools.ietf.org/html/draft-ietf-raw-use-cases-01>.
[I-D.ietf-ipsecme-g-ikev2] [I-D.ietf-ipsecme-g-ikev2]
Smyslov, V. and B. Weis, "Group Key Management using Smyslov, V. and B. Weis, "Group Key Management using
IKEv2", Work in Progress, Internet-Draft, draft-ietf- IKEv2", Work in Progress, Internet-Draft, draft-ietf-
ipsecme-g-ikev2-02, 11 January 2021, ipsecme-g-ikev2-02, 11 January 2021,
<https://tools.ietf.org/html/draft-ietf-ipsecme- <https://tools.ietf.org/html/draft-ietf-ipsecme-
g-ikev2-02>. g-ikev2-02>.
Appendix A. Selected Information from DO-350A Appendix A. Selected Information from DO-350A
 End of changes. 97 change blocks. 
170 lines changed or deleted 206 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/