< draft-ietf-raw-ldacs-08.txt   draft-ietf-raw-ldacs-09.txt >
RAW N. Maeurer, Ed. RAW N. Maeurer, Ed.
Internet-Draft T. Graeupl, Ed. Internet-Draft T. Graeupl, Ed.
Intended status: Informational German Aerospace Center (DLR) Intended status: Informational German Aerospace Center (DLR)
Expires: 11 November 2021 C. Schmitt, Ed. Expires: 25 April 2022 C. Schmitt, Ed.
Research Institute CODE, UniBwM Research Institute CODE, UniBwM
10 May 2021 22 October 2021
L-band Digital Aeronautical Communications System (LDACS) L-band Digital Aeronautical Communications System (LDACS)
draft-ietf-raw-ldacs-08 draft-ietf-raw-ldacs-09
Abstract Abstract
This document provides an overview of the architecture of the L-band This document gives an overview of the architecture of the L-band
Digital Aeronautical Communications System (LDACS), which provides a Digital Aeronautical Communications System (LDACS), which provides a
secure, scalable and spectrum efficient terrestrial data link for secure, scalable and spectrum efficient terrestrial data link for
civil aviation. LDACS is a scheduled, reliable multi-application civil aviation. LDACS is a scheduled, reliable multi-application
cellular broadband system with support for IPv6. LDACS shall provide cellular broadband system with support for IPv6. LDACS provides a
a data link for IP network-based aircraft guidance. High reliability data link for IPv6 network-based aircraft guidance. High reliability
and availability for IP connectivity over LDACS are therefore and availability for IP connectivity over LDACS, as well as security,
essential. are therefore essential.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 11 November 2021. This Internet-Draft will expire on 25 April 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Motivation and Use Cases . . . . . . . . . . . . . . . . . . 5 3. Motivation and Use Cases . . . . . . . . . . . . . . . . . . 6
3.1. Voice Communications Today . . . . . . . . . . . . . . . 6 3.1. Voice Communications Today . . . . . . . . . . . . . . . 7
3.2. Data Communications Today . . . . . . . . . . . . . . . . 6 3.2. Data Communications Today . . . . . . . . . . . . . . . . 7
4. Provenance and Documents . . . . . . . . . . . . . . . . . . 7 4. Provenance and Documents . . . . . . . . . . . . . . . . . . 8
5. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 8 5. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 9
5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 8 5.1. Advances Beyond the State-of-the-Art . . . . . . . . . . 9
5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 8 5.1.1. Priorities . . . . . . . . . . . . . . . . . . . . . 9
5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 9 5.1.2. Security . . . . . . . . . . . . . . . . . . . . . . 9
5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 9 5.1.3. High Data Rates . . . . . . . . . . . . . . . . . . . 10
5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 9 5.2. Application . . . . . . . . . . . . . . . . . . . . . . . 10
5.2.1. Air-to-Ground Multilink . . . . . . . . . . . . . . . 9 5.2.1. Air/Ground Multilink . . . . . . . . . . . . . . . . 10
5.2.2. Air-to-Air Extension for LDACS . . . . . . . . . . . 10 5.2.2. Air/Air Extension for LDACS . . . . . . . . . . . . . 10
5.2.3. Flight Guidance . . . . . . . . . . . . . . . . . . . 10 5.2.3. Flight Guidance . . . . . . . . . . . . . . . . . . . 11
5.2.4. Business Communication of Airlines . . . . . . . . . 11 5.2.4. Business Communications of Airlines . . . . . . . . . 12
5.2.5. LDACS Navigation . . . . . . . . . . . . . . . . . . 11 5.2.5. LDACS-based Navigation . . . . . . . . . . . . . . . 12
6. Requirements to LDACS . . . . . . . . . . . . . . . . . . . . 12 6. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 12
7. Characteristics of LDACS . . . . . . . . . . . . . . . . . . 13 7. Characteristics . . . . . . . . . . . . . . . . . . . . . . . 14
7.1. LDACS Sub-Network . . . . . . . . . . . . . . . . . . . . 13 7.1. LDACS Sub-Network . . . . . . . . . . . . . . . . . . . . 14
7.2. Topology . . . . . . . . . . . . . . . . . . . . . . . . 14 7.2. Topology . . . . . . . . . . . . . . . . . . . . . . . . 15
7.3. LDACS Physical Layer . . . . . . . . . . . . . . . . . . 14 7.3. LDACS Protocol Stack . . . . . . . . . . . . . . . . . . 15
7.4. LDACS Data Link Layer . . . . . . . . . . . . . . . . . . 15 7.3.1. LDACS Physical Layer . . . . . . . . . . . . . . . . 17
7.5. LDACS Mobility . . . . . . . . . . . . . . . . . . . . . 15 7.3.2. LDACS Data Link Layer . . . . . . . . . . . . . . . . 17
8. Reliability and Availability . . . . . . . . . . . . . . . . 15 7.3.3. LDACS Sub-Network Layer and Protocol Services . . . . 19
8.1. Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . 15 7.4. LDACS Mobility . . . . . . . . . . . . . . . . . . . . . 19
8.2. Beyond Layer 2 . . . . . . . . . . . . . . . . . . . . . 18 8. Reliability and Availability . . . . . . . . . . . . . . . . 19
9. Protocol Stack . . . . . . . . . . . . . . . . . . . . . . . 18 8.1. Below Layer 1 . . . . . . . . . . . . . . . . . . . . . . 19
9.1. Medium Access Control (MAC) Entity Services . . . . . . . 19 8.2. Layer 1 and 2 . . . . . . . . . . . . . . . . . . . . . . 19
9.2. Data Link Service (DLS) Entity Services . . . . . . . . . 21 8.3. Beyond Layer 2 . . . . . . . . . . . . . . . . . . . . . 23
9.3. Voice Interface (VI) Services . . . . . . . . . . . . . . 22 9. Security . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.4. LDACS Management Entity (LME) Services . . . . . . . . . 22 9.1. Security in Wireless Digital Aeronautical
9.5. Sub-Network Protocol (SNP) Services . . . . . . . . . . . 22 Communications . . . . . . . . . . . . . . . . . . . . . 24
10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 9.2. LDACS Requirements . . . . . . . . . . . . . . . . . . . 25
10.1. Reasons for Wireless Digital Aeronautical 9.3. LDACS Security Objectives . . . . . . . . . . . . . . . . 25
Communications . . . . . . . . . . . . . . . . . . . . . 23 9.4. LDACS Security Functions . . . . . . . . . . . . . . . . 26
10.2. LADACS Requirements . . . . . . . . . . . . . . . . . . 24 9.5. LDACS Security Architecture . . . . . . . . . . . . . . . 26
10.3. LDACS Security Objectives . . . . . . . . . . . . . . . 24 9.5.1. Entities . . . . . . . . . . . . . . . . . . . . . . 26
10.4. LDACS Security Functions . . . . . . . . . . . . . . . . 25 9.5.2. Entity Identification . . . . . . . . . . . . . . . . 27
10.5. LDACS Security Architecture . . . . . . . . . . . . . . 25 9.5.3. Entity Authentication and Key Establishment . . . . . 27
10.5.1. Entities . . . . . . . . . . . . . . . . . . . . . . 25 9.5.4. Message-in-transit Confidentiality, Integrity and
10.5.2. Entity Identification . . . . . . . . . . . . . . . 25 Authenticity . . . . . . . . . . . . . . . . . . . . 28
10.5.3. Entity Authentication and Key Negotiation . . . . . 26 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28
10.5.4. Message-in-transit Confidentiality, Integrity and 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28
Authenticity . . . . . . . . . . . . . . . . . . . . 26 12. Normative References . . . . . . . . . . . . . . . . . . . . 28
10.6. LDACS Security Modules . . . . . . . . . . . . . . . . . 27 13. Informative References . . . . . . . . . . . . . . . . . . . 29
10.6.1. Placements of Security Functionality in Protocol
Stack . . . . . . . . . . . . . . . . . . . . . . . . 27
10.6.2. Trust . . . . . . . . . . . . . . . . . . . . . . . 27
10.6.3. Mutual Authentication and Key Exchange (MAKE) . . . 28
10.6.4. Key Derivation and Key Hierarchy . . . . . . . . . . 28
10.6.5. User Data Security . . . . . . . . . . . . . . . . . 28
10.6.6. Control Data Security . . . . . . . . . . . . . . . 29
11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29
14. Normative References . . . . . . . . . . . . . . . . . . . . 30
15. Informative References . . . . . . . . . . . . . . . . . . . 31
Appendix A. Selected Information from DO-350A . . . . . . . . . 35 Appendix A. Selected Information from DO-350A . . . . . . . . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
One of the main pillars of the modern Air Traffic Management (ATM) One of the main pillars of the modern Air Traffic Management (ATM)
system is the existence of a communication infrastructure that system is the existence of a communications infrastructure that
enables efficient aircraft control and safe separation in all phases enables efficient aircraft control and safe aircraft separation in
of flight. Current systems are technically mature but suffering from all phases of flight. Current systems are technically mature but
the Very High Frequency (VHF) band's increasing saturation in high- suffering from the Very High Frequency (VHF) band's increasing
density areas and the limitations posed by analogue radio saturation in high- density areas and the limitations posed by
communications. Therefore, aviation globally and the European Union analogue radio communications. Therefore, aviation globally, and the
(EU) in particular, strives for a sustainable modernization of the European Union (EU) in particular, strives for a sustainable
aeronautical communication infrastructure. modernization of the aeronautical communications infrastructure.
In the long-term, ATM communication shall transition from analogue This modernization is realized in two steps: (1) the transition of
VHF voice [KAMA2010] and VHF Data Linke mode 2 (VDLM2) communication communications datalinks from analogue to digital technologies and,
to more spectrum efficient digital data communication. The European (2) the introduction of IPv6 based networking protocols in
ATM Master Plan foresees this transition to be realized for aeronautical networks [RFC4291], [RFC7136], [ICAO2015].
terrestrial communications by the development (and potential
implementation) of the L-band Digital Aeronautical Communications
System (LDACS). LDACS shall enable IPv6 based air- ground
communication related to the aviation safety and regularity of flight
[ICAO20152]. The particular challenge is that no additional spectrum
can be made available for terrestrial aeronautical communication. It
was thus necessary to develop co-existence mechanism/procedures to
enable the interference free operation of LDACS in parallel with
other aeronautical services/systems in the same frequency band.
Since LDACS shall be used for aircraft guidance, high reliability and Step (1) is realized via ATM communications transitioning from
availability for IP connectivity over LDACS are essential. analogue VHF voice [KAMA2010] to more spectrum efficient digital data
communication. For terrestrial communications the European ATM
Master Plan foresees this transition to be realized by the
development of the L-band Digital Aeronautical Communications System
(LDACS). Since central Europe has been identified as the area of the
world, that suffers the most from increased saturation of the VHF
band, the initial roll-out of LDACS will likely start there, and
continue to other increasingly saturated zones as the east- and west-
cost of the US and parts of Asia [ICAO2018].
Technically LDACS enables IPv6 based air- ground communication
related to aviation safety and regularity of flight [ICAO2015].
Passenger communication and similar services are not supported, since
only communications related to "safety and regularity of flight" are
permitted in protected aviation frequency bands. The particular
challenge is that no additional frequencies can be made available for
terrestrial aeronautical communication. It was thus necessary to
develop co-existence mechanism/procedures to enable the interference
free operation of LDACS in parallel with other aeronautical services/
systems in the protected frequency band. Since LDACS will be used
for aircraft guidance, high reliability and availability for IP
connectivity over LDACS are essential.
Step (2) is a strategy for the worldwide roll-out of IPv6 capable
digital aeronautical inter-networking. This is called the
Aeronautical Telecommunications Network (ATN)/Internet Protocol Suite
(IPS) (hence, ATN/IPS). It is specified in the International Civil
Aviation Organization (ICAO) document Doc 9896 [ICAO2015], the Radio
Technical Commission for Aeronautics (RTCA) document DO-379
[RTCA2019], the European Organization for Civil Aviation Equipment
(EUROCAE) document ED-262 [EURO2019], and the Aeronautical Radio
Incorporated (ARINC) document P858 [ARI2021]. LDACS is subject to
these regulations since it provides access subnets to the ATN/IPS.
ICAO has chosen IPv6 as basis for the ATN/IPS mostly for historical
reasons, since a previous architecture based on ISO/OSI protocols,
the ATN/OSI, failed in the market place.
In the context of safety-related communications, LDACS will play a
major role in future ATM. ATN/IPS datalinks will provide diversified
terrestrial and space-based connectivity in a multi-link concept,
called the Future Communications Infrastructure (FCI) [VIR2021].
From a technical point of view the FCI will realize airborne multi-
homed IPv6 networks connected to a global ground network via at least
two independent communication technologies. This is considered in
more detail in related IETF work in progress [I-D.haindl-lisp-gb-atn]
[I-D.ietf-rtgwg-atn-bgp].
In the context of WG-RAW, developing options, such as intelligent
switching between datalinks, for reliably delivering content from and
to endpoints, is foreseen. As LDACS is part of such a concept, the
work of RAW is immediately applicable. In general, with the
aeronautical communications system transitioning to ATN/IPS, and data
being transported via IPv6, closer cooperation and collaboration
between the aeronautical and IETF community is desirable.
LDACS standardization within the framework of ICAO started in
December 2016. The ICAO standardization group has produced an
initial Standards and Recommended Practices (SARPS) document
[ICA2018]. It defines the general characteristics of LDACS. The
ICAO standardization group plans to produce an ICAO technical manual
- the ICAO equivalent to a technical standard - within the next
years. Generally, the group is open to input from all sources and
encourages cooperation between the aeronautical and the IETF
community.
2. Terminology 2. Terminology
The following terms are used in the context of RAW in this document: The following terms are used in the context of RAW in this document:
A2A Air-to-Air A/A Air/Air
AeroMACS Aeronautical Mobile Airport Communication System A/G Air/Ground
A2G Air-to-Ground A2G Air-to-Ground
ACARS Aircraft Communications Addressing and Reporting System ACARS Aircraft Communications Addressing and Reporting System
ADS-B Automatic Dependent Surveillance - Broadcast
ADS-C Automatic Dependent Surveillance - Contract ADS-C Automatic Dependent Surveillance - Contract
AM(R)S Aeronautical Mobile (Route) Service AeroMACS Aeronautical Mobile Airport Communications System
ANSP Air Traffic Network Service Provider ANSP Air Traffic Network Service Provider
AOC Aeronautical Operational Control AOC Aeronautical Operational Control
AR Access Router
ARINC Aeronautical Radio, Incorporated
ARQ Automatic Repeat reQuest
AS Aircraft Station AS Aircraft Station
ATC Air Traffic Control ATC Air Traffic Control
ATM Air Traffic Management ATM Air Traffic Management
ATN Aeronautical Telecommunication Network ATN Aeronautical Telecommunication Network
ATS Air Traffic Service ATS Air Traffic Service
BCCH Broadcast Channel
CCCH Common Control Channel CCCH Common Control Channel
COTS IP Commercial Off-The-Shelf
CM Context Management CM Context Management
CNS Communication Navigation Surveillance CNS Communication Navigation Surveillance
CPDLC Controller Pilot Data Link Communication COTS Commercial Off-The-Shelf
CPDLC Controller Pilot Data Link Communications
CRL Certificate Revocation List
CSP Communications Service Provider
DCCH Dedicated Control Channel DCCH Dedicated Control Channel
DCH Data Channel DCH Data Channel
DiffServ Differentiated Services
DLL Data Link Layer DLL Data Link Layer
DLS Data Link Service DLS Data Link Service
DME Distance Measuring Equipment DME Distance Measuring Equipment
DSB-AM Double Side-Band Amplitude Modulation DSB-AM Double Side-Band Amplitude Modulation
FCI Future Communication Infrastructure DTLS Datagram Transport Layer Security
EUROCAE European Organization for Civil Aviation Equipment
FAA Federal Aviation Administration
FCI Future Communications Infrastructure
FDD Frequency Division Duplex
FL Forward Link FL Forward Link
GANP Global Air Navigation Plan
GBAS Ground Based Augmentation System GBAS Ground Based Augmentation System
GNSS Global Navigation Satellite System GNSS Global Navigation Satellite System
GS Ground-Station GS Ground-Station
G2A Ground-to-Air G2A Ground-to-Air
HF High Frequency HF High Frequency
ICAO International Civil Aviation Organization ICAO International Civil Aviation Organization
IP Internet Protocol IP Internet Protocol
IPS Internet Protocol Suite IPS Internet Protocol Suite
kbit/s kilobit per second kbit/s kilobit per second
LDACS L-band Digital Aeronautical Communications System LDACS L-band Digital Aeronautical Communications System
LLC Logical Link Control LLC Logical Link Control
LME LDACS Management Entity LME LDACS Management Entity
MAC Medium Access Layer MAC Medium Access Control
MF Multi Frame MF Multi Frame
OFDM Orthogonal Frequency-Division Multiplexing OFDM Orthogonal Frequency-Division Multiplexing
OFDMA Orthogonal Frequency-Division Multiplexing Access OFDMA Orthogonal Frequency-Division Multiplexing Access
OSI Open Systems Interconnection OSI Open Systems Interconnection
PHY Physical Layer PHY Physical Layer
QPSK Quadrature Phase-Shift Keying
RACH Random Access Channel
RL Reverse Link RL Reverse Link
RTCA Radio Technical Commission for Aeronautics
SARPS Standards and Recommended Practices
SDR Software Defined Radio
SESAR Single European Sky ATM Research
SF Super-Frame SF Super-Frame
SN Serving Network
SNP Sub-Network Protocol SNP Sub-Network Protocol
STS Station-to-Station VDLm2 VHF Data Link mode 2
TDMA Time-Division Multiplexing-Access
VDLM1 VHF Data Link mode 1
VDLM2 VHF Data Link mode 2
VHF Very High Frequency VHF Very High Frequency
VI Voice Interface VI Voice Interface
3. Motivation and Use Cases 3. Motivation and Use Cases
Aircraft are currently connected to Air Traffic Control (ATC) and Aircraft are currently connected to Air Traffic Control (ATC) and
Aeronautical Operational Control (AOC) via voice and data Aeronautical Operational Control (AOC) services via voice and data
communications systems through all phases of a flight. AOC is a communications systems through all phases of flight. ATC refers to
generic term referring to the business communication of airlines. communication for flight guidance. AOC is a generic term referring
Within the airport terminal, connectivity is focused on high to the business communication of airlines. It refers to the mostly
bandwidth communications, while during en-route high reliability, proprietary exchange of data between the aircraft of the airline, its
robustness, and range is the main focus. Voice communications may operation centers, and its service partners. ARINC document 633 was
use the same or different equipment as data communications systems. developed and first released in 2007 [ARI2019] with the goal to
In the following the main differences between voice and data standardize these messages for interoperability, e.g., messages
communications capabilities are summarized. The assumed use cases between the airline and fueling or de-icing companies. Within the
for LDACS completes the list of use cases stated in [RAW-USE-CASES] airport terminal, connectivity is focused on high bandwidth
and the list of reliable and available wireless technologies communications, while during en-route, high reliability, robustness,
presented in [RAW-TECHNOS]. and range is the main focus. Voice communications may use the same
or different equipment as data communications systems. In the
following, the main differences between voice and data communications
capabilities are summarized. The assumed use cases for LDACS
complements the list of use cases stated in [RAW-USE-CASES] and the
list of reliable and available wireless technologies presented in
[RAW-TECHNOS].
3.1. Voice Communications Today 3.1. Voice Communications Today
Voice links are used for Air-to-Ground (A2G) and Air-to-Air (A2A) Voice links are used for Air/Ground (A/G) and Air/Air (A/A)
communications. The communication equipment is either ground-based communications. The communications equipment is either ground-based
working in the High Frequency (HF) or VHF frequency band or working in the High Frequency (HF) or VHF frequency band or
satellite-based. All VHF and HF voice communications are operated satellite-based. All VHF and HF voice communications are operated
via open broadcast channels without authentication, encryption or via open broadcast channels without authentication, encryption or
other protective measures. The use of well-proven communication other protective measures. The use of well-proven communications
procedures via broadcast channels can help to enhance the safety of procedures via broadcast channels can help to enhance the safety of
communications. The main voice communications media is still the communications. The main voice communications media is still the
analogue VHF Double Side-Band Amplitude Modulation (DSB-AM) analogue VHF Double Side-Band Amplitude Modulation (DSB-AM)
communications technique, supplemented by HF Single Side-Band communications technique, supplemented by HF single side-band
Amplitude Modulation and satellite communications for remote and amplitude modulation and satellite communications for remote and
oceanic areas. DSB-AM has been in use since 1948, works reliably and oceanic regions. DSB-AM has been in use since 1948, works reliably
safely, and uses low-cost communication equipment. These are the and safely, and uses low-cost communication equipment. These are the
main reasons why VHF DSB-AM communications are still in use, and it main reasons why VHF DSB-AM communications are still in use, and it
is likely that this technology will remain in service for many more is likely that this technology will remain in service for many more
years. This however results in current operational limitations and years. This however, results in current operational limitations and
impediments in deploying new Air Traffic Management (ATM) impediments in deploying new ATM applications, such as flight-centric
applications, such as flight-centric operation with Point-to-Point operation with point-to-point communications between pilots and air
communications. traffic control officers. [BOE2019]
3.2. Data Communications Today 3.2. Data Communications Today
Like for voice, data communications into the cockpit is currently Like for voice, data communications into the cockpit, are currently
provided by ground-based equipment operating either on HF or VHF provided by ground-based equipment operating either on HF or VHF
radio bands or by legacy satellite systems. All these communication radio bands or by legacy satellite systems. All these communication
systems are using narrowband radio channels with a data throughput systems are using narrowband radio channels with a data throughput
capacity in order of kilobits per second. While the aircraft is on capacity in the order of kilobits per second. While the aircraft is
ground some additional communications systems are available, like the on ground, some additional communications systems are available, like
Aeronautical Mobile Airport Communication System (AeroMACS) or public the Aeronautical Mobile Airport Communications System (AeroMACS) or
cellular networks, operating in the Airport (APT) domain and able to public cellular networks, operating in the Airport (APT) domain and
deliver broadband communication capability. able to deliver broadband communications capability. [BOE2019]
The data communication networks used for the transmission of data The data communications networks, used for the transmission of data
relating to the safety and regularity of the flight must be strictly relating to the safety and regularity of flight, must be strictly
isolated from those providing entertainment services to passengers. isolated from those providing entertainment services to passengers.
This leads to a situation that the flight crews are supported by This leads to a situation that the flight crews are supported by
narrowband services during flight while passengers have access to narrowband services during flight while passengers have access to
inflight broadband services. The current HF and VHF data links inflight broadband services. The current HF and VHF data links
cannot provide broadband services now or in the future, due to the cannot provide broadband services now or in the future, due to the
lack of available spectrum. This technical shortcoming is becoming a lack of available spectrum. This technical shortcoming is becoming a
limitation to enhanced ATM operations, such as Trajectory-Based limitation to enhanced ATM operations, such as trajectory-based
Operations and 4D trajectory negotiations. operations and 4D trajectory negotiations. [BOE2019]
Satellite-based communications are currently under investigation and Satellite-based communications are currently under investigation and
enhanced capabilities are under development which will be able to enhanced capabilities are under development which will be able to
provide inflight broadband services and communications supporting the provide inflight broadband services and communications supporting the
safety and regularity of flight. In parallel, the ground-based safety and regularity of flight. In parallel the ground-based
broadband data link technology LDACS is being standardized by ICAO broadband data link technology LDACS is being standardized by ICAO
and has recently shown its maturity during flight tests [SCH20191]. and has recently shown its maturity during flight tests [MAE20211]
The LDACS technology is scalable, secure and spectrum efficient and [BEL2021]. The LDACS technology is scalable, secure and spectrum
provides significant advantages to the users and service providers. efficient and provides significant advantages to the users and
It is expected that both - satellite systems and LDACS - will be service providers. It is expected that both - satellite systems and
deployed to support the future aeronautical communication needs as LDACS - will be deployed to support the future aeronautical
envisaged by the ICAO Global Air Navigation Plan. communication needs as envisaged by the ICAO Global Air Navigation
Plan (GNAP). [BOE2019]
4. Provenance and Documents 4. Provenance and Documents
The development of LDACS has already made substantial progress in the The development of LDACS has already made substantial progress in the
Single European Sky ATM Research framework, short SESAR, and is Single European Sky ATM Research (SESAR) framework and is currently
currently being continued in the follow-up program SESAR2020 being continued in the follow-up program SESAR2020 [RIH2018]. A key
[RIH2018]. A key objective of the these activities is to develop, objective of these activities is to develop, implement and validate a
implement and validate a modern aeronautical data link able to evolve modern aeronautical data link able to evolve with aviation needs over
with aviation needs over long-term. To this end, an LDACS long-term. To this end, an LDACS specification has been produced
specification has been produced [GRA2019] and is continuously [GRA2019] and is continuously updated; transmitter demonstrators were
updated; transmitter demonstrators were developed to test the developed to test the spectrum compatibility of LDACS with legacy
spectrum compatibility of LDACS with legacy systems operating in the systems operating in the L-band [SAJ2014]; and the overall system
L-band [SAJ2014]; and the overall system performance was analyzed by performance was analyzed by computer simulations, indicating that
computer simulations, indicating that LDACS can fulfil the identified LDACS can fulfil the identified requirements [GRA2011].
requirements [GRA2011].
LDACS standardization within the framework of the ICAO started in
December 2016. The ICAO standardization group has produced an
initial Standards and Recommended Practices document [ICA2018]. It
defines the general characteristics of LDACS. The ICAO
standardization group plans to produce an ICAO technical manual - the
ICAO equivalent to a technical standard - within the next years.
Generally, the group is open to input from all sources and develops
LDACS in the open.
Up to now LDACS standardization has been focused on the development Up to now LDACS standardization has been focused on the development
of the physical layer and the data link layer, only recently have of the physical layer and the data link layer. Only recently have
higher layers come into the focus of the LDACS development higher layers have come into the focus of the LDACS development
activities. There is currently no "IPv6 over LDACS" specification activities. There is currently no "IPv6 over LDACS" specification
publicly available; however, SESAR2020 has started the testing of publicly available; however, SESAR2020 has started the testing of
IPv6-based LDACS testbeds. IPv6-based LDACS testbeds.
The IPv6 architecture for the aeronautical telecommunication network The IPv6 architecture for the aeronautical telecommunication network
is called the Future Communications Infrastructure (FCI). FCI shall is called the FCI. The FCI will support quality of service,
support quality of service, diversity, and mobility under the diversity, and mobility under the umbrella of the "multi-link
umbrella of the "multi-link concept". This work is conducted by ICAO concept". This work is led by ICAO Communication Panel working group
Communication Panel working group WG-I. WG-I.
In addition to standardization activities several industrial LDACS In addition to standardization activities several industrial LDACS
prototypes have been built. One set of LDACS prototypes has been prototypes have been built. One set of LDACS prototypes has been
evaluated in flight trials confirming the theoretical results evaluated in flight trials confirming the theoretical results
predicting the system performance [GRA2018] [SCH20191]. predicting the system performance [GRA2018] [MAE20211] [BEL2021].
5. Applicability 5. Applicability
LDACS is a multi-application cellular broadband system capable of LDACS is a multi-application cellular broadband system capable of
simultaneously providing various kinds of Air Traffic Services (ATS) simultaneously providing various kinds of Air Traffic Services (ATS)
including ATS-B3 and AOC communications services from deployed including ATS-B3, and AOC communications services from deployed
Ground-Stations (GS). The A2G sub-system physical layer and data Ground-Stations (GS). The physical layer and data link layer of
link layer of LDACS are optimized for data link communications, but LDACS are optimized for controller-pilot data link communications,
the system also supports digital air-ground voice communications. but the system also supports digital air-ground voice communications.
LDACS supports communication in all airspaces (airport, terminal LDACS supports communications in all airspaces (airport, terminal
maneuvering area, and en-route), and on the airport surface. The maneuvering area, and en-route), and on the airport surface. The
physical LDACS cell coverage is effectively de-coupled from the physical LDACS cell coverage is effectively de-coupled from the
operational coverage required for a particular service. This is new operational coverage required for a particular service. This is new
in aeronautical communications. Services requiring wide-area in aeronautical communications. Services requiring wide-area
coverage can be installed at several adjacent LDACS cells. The coverage can be installed at several adjacent LDACS cells. The
handover between the involved LDACS cells is seamless, automatic, and handover between the involved LDACS cells is seamless, automatic, and
transparent to the user. Therefore, the LDACS A2G communications transparent to the user. Therefore, the LDACS communications concept
concept enables the aeronautical communication infrastructure to enables the aeronautical communication infrastructure to support
support future dynamic airspace management concepts. future dynamic airspace management concepts.
5.1. Advances Beyond the State-of-the-Art 5.1. Advances Beyond the State-of-the-Art
LDACS offers several capabilities that are not provided in LDACS offers several capabilities, not yet provided in contemporarily
contemporarily deployed aeronautical communication systems. deployed aeronautical communications systems.
5.1.1. Priorities 5.1.1. Priorities
LDACS is able to manage services priorities, an important feature not LDACS is able to manage service priorities, an important feature not
available in some of the current data link deployments. Thus, LDACS available in some of the current data link deployments. Thus, LDACS
guarantees bandwidth, low latency, and high continuity of service for guarantees bandwidth availability, low latency, and high continuity
safety critical ATS applications while simultaneously accommodating of service for safety critical ATS applications while simultaneously
less safety-critical AOC services. accommodating less safety-critical AOC services.
5.1.2. Security 5.1.2. Security
LDACS is a secure data link with built-in security mechanisms. It LDACS is a secure data link with built-in security mechanisms. It
enables secure data communications for ATS and AOC services, enables secure data communications for ATS and AOC services,
including secured private communications for aircraft operators and including secured private communications for aircraft operators and
ANSPs (Air Traffic Network Service Providers). This includes Air traffic Network Service Providers (ANSP). This includes concepts
concepts for key and trust management, mutual authenticated key for key and trust management, mutual authentication and key
exchange protocols, key derivation measures, user and control establishment protocols, key derivation measures, user and control
message-in-transit confidentiality and authenticity protection, message-in-transit protection, secure logging and availability and
secure logging and availability and robustness measures [MAE20181], robustness measures [MAE20182] [MAE2021].
[MAE20191], [MAE20192].
5.1.3. High Data Rates 5.1.3. High Data Rates
The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the The user data rate of LDACS is 315 kbit/s to 1428 kbit/s on the
forward link (FL) for the connection Ground-to-Air (G2A), and 294 Forward Link (FL) for the Ground-to-Air (G2A) connection, and 294
kbit/s to 1390 kbit/s on the reverse link (RF) for the connection kbit/s to 1390 kbit/s on the Reverse Link (RL) for the Air-to-Ground
A2G, depending on coding and modulation. This is 50 times the amount (A2G) connection, depending on coding and modulation. This is up to
terrestrial digital aeronautical communications systems such as VDLM2 two orders of magnitude greater than current terrestrial digital
provide [SCH20191]. aeronautical communications systems, such as the VHF Data Link mode 2
(VDLm2), provide [ICAO2019] [GRA2019].
5.2. Application 5.2. Application
LDACS shall be used by several aeronautical applications ranging from LDACS will be used by several aeronautical applications ranging from
enhanced communication protocol stacks (multi-homed mobile IPv6 enhanced communications protocol stacks (multi-homed mobile IPv6
networks in the aircraft and potentially ad-hoc networks between networks in the aircraft and potentially ad-hoc networks between
aircraft) to classical communication applications (sending Ground aircraft) to broadcast communication applications (sending Ground
Based Augmentation System (GBAS) correction data) and integration Based Augmentation System (GBAS) correction data) and integration
with other service domains (using the communication signal for with other service domains (using the communications signal for
navigation). navigation) [MAE20211].
5.2.1. Air-to-Ground Multilink 5.2.1. Air/Ground Multilink
It is expected that LDACS together with upgraded satellite-based It is expected that LDACS, together with upgraded satellite-based
communications systems will be deployed within the FCI and constitute communications systems, will be deployed within the FCI and
one of the main components of the multilink concept within the FCI. constitute one of the main components of the multilink concept within
the FCI.
Both technologies, LDACS and satellite systems, have their specific Both technologies, LDACS and satellite systems, have their specific
benefits and technical capabilities which complement each other. benefits and technical capabilities which complement each other.
Especially, satellite systems are well-suited for large coverage Especially, satellite systems are well-suited for large coverage
areas with less dense air traffic, e.g. oceanic regions. LDACS is areas with less dense air traffic, e.g. oceanic regions. LDACS is
well-suited for dense air traffic areas, e.g. continental areas or well-suited for dense air traffic areas, e.g., continental areas or
hot-spots around airports and terminal airspace. In addition, both hot-spots around airports and terminal airspace. In addition, both
technologies offer comparable data link capacity and, thus, are well- technologies offer comparable data link capacity and, thus, are well-
suited for redundancy, mutual back-up, or load balancing. suited for redundancy, mutual back-up, or load balancing.
Technically the FCI multilink concept shall be realized by multi- Technically the FCI multilink concept will be realized by multi-
homed mobile IPv6 networks in the aircraft. The related protocol homed mobile IPv6 networks in the aircraft. The related protocol
stack is currently under development by ICAO and the Single European stack is currently under development by ICAO, within SESAR, and the
Sky ATM Research framework. IETF [I-D.haindl-lisp-gb-atn] [I-D.ietf-rtgwg-atn-bgp].
5.2.2. Air-to-Air Extension for LDACS 5.2.2. Air/Air Extension for LDACS
A potential extension of the multi-link concept is its extension to A potential extension of the multi-link concept is its extension to
ad-hoc networks between aircraft. the integration of ad-hoc networks between aircraft.
Direct A2A communication between aircrafts in terms of ad-hoc data Direct A/A communication between aircraft in terms of ad-hoc data
networks is currently considered a research topic since there is no networks are currently considered a research topic since there is no
immediate operational need for it, although several possible use immediate operational need for it, although several possible use
cases are discussed (digital voice, wake vortex warnings, and cases are discussed (Automatic Dependent Surveillance - Broadcast
trajectory negotiation) [BEL2019]. It should also be noted that (ADS-B), digital voice, wake vortex warnings, and trajectory
currently deployed analog VHF voice radios support direct voice negotiation) [BEL2019]. It should also be noted, that currently
communication between aircraft, making a similar use case for digital deployed analog VHF voice radios support direct voice communication
voice plausible. between aircraft, making a similar use case for digital voice
plausible.
LDACS direct A2A is currently not part of standardization. LDACS A/A is currently not part of the standardization process and
will not be covered within this document.
5.2.3. Flight Guidance 5.2.3. Flight Guidance
The FCI (and therefore LDACS) shall be used to host flight guidance. The FCI (and therefore LDACS) is used to provide flight guidance.
This is realized using three applications: This is realized using three applications:
1. Context Management (CM): The CM application shall manage the 1. Context Management (CM): The CM application manages the automatic
automatic logical connection to the ATC center currently logical connection to the ATC center currently responsible to
responsible to guide the aircraft. Currently this is done by the guide the aircraft. Currently this is done by the air crew
air crew manually changing VHF voice frequencies according to the manually changing VHF voice frequencies according to the progress
progress of the flight. The CM application automatically sets up of the flight. The CM application automatically sets up
equivalent sessions. equivalent sessions.
2. Controller Pilot Data Link Communication (CPDLC): The CPDLC 2. Controller Pilot Data Link Communications (CPDLC): The CPDLC
application provides the air crew with the ability to exchange application provides the air crew with the ability to exchange
data messages similar to text messages with the currently data messages similar to text messages with the currently
responsible ATC center. The CPDLC application shall take over responsible ATC center. The CPDLC application takes over most of
most of the communication currently performed over VHF voice and the communication currently performed over VHF voice and enables
enable new services that do not lend themselves to voice new services that do not lend themselves to voice communication
communication (e.g., trajectory negotiation). (i.e., trajectory negotiation).
3. Automatic Dependent Surveillance - Contract (ADS-C): ADS-C 3. Automatic Dependent Surveillance - Contract (ADS-C): ADS-C
reports the position of the aircraft to the currently active ATC reports the position of the aircraft to the currently active ATC
center. Reporting is bound to "contracts", i.e. pre-defined center. Reporting is bound to "contracts", i.e., pre-defined
events related to the progress of the flight (i.e. the events related to the progress of the flight (i.e., the
trajectory). ADS-C and CPDLC are the primary applications used to trajectory). ADS-C and CPDLC are the primary applications used
implement in-flight trajectory management. for implementing in-flight trajectory management.
CM, CPDLC, and ADS-C are available on legacy datalinks, but not CM, CPDLC, and ADS-C are available on legacy datalinks, but are not
widely deployed and with limited functionality. widely deployed and with limited functionality.
Further ATC applications may be ported to use the FCI or LDACS as Further ATC applications may be ported to use the FCI or LDACS as
well. A notable application is GBAS for secure, automated landings: well. A notable application is GBAS for secure, automated landings:
The Global Navigation Satellite System (GNSS) based GBAS is used to The Global Navigation Satellite System (GNSS) based GBAS is used to
improve the accuracy of GNSS to allow GNSS based instrument landings. improve the accuracy of GNSS to allow GNSS based instrument landings.
This is realized by sending GNSS correction data (e.g., compensating This is realized by sending GNSS correction data (e.g., compensating
ionospheric errors in the GNSS signal) to the aircraft's GNSS ionospheric errors in the GNSS signal) to the aircraft's GNSS
receiver via a separate data link. Currently the VDB data link is receiver via a separate data link. Currently the VDB data link is
used. VDB is a narrow-band single-purpose datalink without advanced used. VDB is a narrow-band single-purpose datalink without advanced
security only used to transmit GBAS correction data. This makes VDB security only used to transmit GBAS correction data. This makes VDB
a natural candidate for replacement by LDACS. a natural candidate for replacement by LDACS [MAE20211].
5.2.4. Business Communication of Airlines 5.2.4. Business Communications of Airlines
In addition to air traffic services AOC services shall be transmitted In addition to air traffic services, AOC services are transmitted
over LDACS. AOC is a generic term referring to the business over LDACS. AOC is a generic term referring to the business
communication of airlines. Regulatory this is considered related to communication of airlines, between the airlines and service partners
the safety and regularity of flight and may therefore be transmitted on the ground and their own aircraft in the air. Regulatory-wise,
over LDACS. this is considered related to safety and regularity of flight and may
therefore be transmitted over LDACS. AOC communication is considered
AOC communication is considered the main business case for LDACS the main business case for LDACS communications service providers
communication service providers since modern aircraft generate since modern aircraft generate significant amounts of data (i.e.,
significant amounts of data (e.g., engine maintenance data). engine maintenance data).
5.2.5. LDACS Navigation 5.2.5. LDACS-based Navigation
Beyond communication radio signals can always also be used for Beyond communications, radio signals can always also be used for
navigation. LDACS takes this into account. navigation. This fact is used for the LDACS navigation concept.
For future aeronautical navigation, ICAO RECOMMENDS the further For future aeronautical navigation, ICAO recommends the further
development of GNSS based technologies as primary means for development of GNSS based technologies as primary means for
navigation. However, the drawback of GNSS is its inherent single navigation. Due to the large separation between navigational
point of failure - the satellite. Due to the large separation satellites and aircraft, the power of the GNSS signals received by
between navigational satellites and aircraft, the received power of the aircraft is, however, very low. As a result, GNSS disruptions
GNSS signals on the ground is very low. As a result, GNSS might occasionally occur due to unintentional interference, or
disruptions might occasionally occur due to unintentional intentional jamming. Yet the navigation services must be available
interference, or intentional jamming. Yet the navigation services with sufficient performance for all phases of flight. Therefore,
must be available with sufficient performance for all phases of during GNSS outages, or blockages, an alternative solution is needed.
flight. Therefore, during GNSS outages, or blockages, an alternative This is commonly referred to as Alternative Positioning, Navigation,
solution is needed. This is commonly referred to as Alternative and Timing (APNT).
Positioning, Navigation, and Timing (APNT).
One of such APNT solution consists of integrating the navigation One of such APNT solutions consists of exploiting the built-in
functionality into LDACS. The ground infrastructure for APNT is navigation capabilities of LDACS operation. That is, the normal
deployed through the implementation of LDACS's GSs and the navigation operation of LDACS for ATC and AOC communications would also directly
capability comes "for free". enable the aircraft to navigate and obtain a reliable timing
reference from the LDACS GSs.
LDACS navigation has already been demonstrated in practice in a LDACS navigation has already been demonstrated in practice in two
flight measurement campaign [SCH20191]. flight measurement campaigns [SHU2013] [BEL2021] [MAE20211]. .
6. Requirements to LDACS 6. Requirements
The requirements to LDACS are mostly defined by its application area: The requirements for LDACS are mostly defined by its application
Communication related to safety and regularity of flight. area: Communications related to safety and regularity of flight.
A particularity of the current aeronautical communication landscape A particularity of the current aeronautical communication landscape
is that it is heavily regulated. Aeronautical data links (for is that it is heavily regulated. Aeronautical data links (for
applications related to safety and regularity of flight) may only use applications related to safety and regularity of flight) may only use
spectrum licensed to aviation and data links endorsed by ICAO. spectrum licensed to aviation and data links endorsed by ICAO.
Nation states can change this locally, however, due to the global Nation states can change this locally, however, due to the global
scale of the air transportation system adherence to these practices scale of the air transportation system, adherence to these practices
is to be expected. is to be expected.
Aeronautical data links for the Aeronautical Telecommunication Aeronautical data links for the ATN are therefore expected to remain
Network (ATN) are therefore expected to remain in service for in service for decades. The VDLm2 data link currently used for
decades. The VDLM2 data link currently used for digital terrestrial digital terrestrial internetworking was developed in the 1990ies (the
internetworking was developed in the 1990es (the use of the Open use of the Open Systems Interconnection (OSI) stack indicates that as
Systems Interconnection (OSI) stack indicates that as well). VDLM2 well). VDLm2 is expected to be used at least for several decades.
is expected to be used at least for several decades. In this respect In this respect aeronautical communications (for applications related
aeronautical communication (for applications related to safety and to safety and regularity of flight) is more comparable to industrial
regularity of flight) is more comparable to industrial applications applications than to the open Internet.
than to the open Internet.
Internetwork technology is already installed in current aircraft. Internetwork technology is already installed in current aircraft.
Current ATS applications use either the Aircraft Communications Current ATS applications use either Aircraft Communications
Addressing and Reporting System (ACARS) or the OSI stack. The Addressing and Reporting System (ACARS) or the OSI stack. The
objective of the development effort LDACS as part of the FCI is to objective of the development effort of LDACS, as part of the FCI, is
replace legacy OSI stack and proprietary ACARS internetwork to replace legacy OSI stack and proprietary ACARS internetwork
technologies with industry standard IP technology. It is anticipated technologies with industry standard IP technology. It is anticipated
that the use of Commercial Off-The-Shelf (COTS) IP technology mostly that the use of Commercial Off-The-Shelf (COTS) IP technology mostly
applies to the ground network. The avionics networks on the aircraft applies to the ground network. The avionics networks on the aircraft
will likely be heavily modified or proprietary. will likely be heavily modified versions of Ethernet or proprietary.
AOC applications currently mostly use the same stack (although some AOC applications currently mostly use the same stack (although some
applications, like the graphical weather service may use the applications, like the graphical weather service may use the
commercial passenger network). This creates capacity problems commercial passenger network). This creates capacity problems
(resulting in excessive amounts of timeouts) since the underlying (resulting in excessive amounts of timeouts) since the underlying
terrestrial data links (VDLM1/2) do not provide sufficient bandwidth. terrestrial data links do not provide sufficient bandwidth (i.e.,
The use of non-aviation specific data links is considered a security with VDLm2 currently in the order of 10 kbit/s). The use of non-
problem. Ideally the aeronautical IP internetwork and the Internet aviation specific data links is considered a security problem.
should be completely separated. Ideally the aeronautical IP internetwork and the Internet should be
completely separated.
The objective of LDACS is to provide a next generation terrestrial The objective of LDACS is to provide a next generation terrestrial
data link designed to support IP and provide much higher bandwidth to data link designed to support IP addressing and provide much higher
avoid the currently experienced operational problems. bandwidth to avoid the currently experienced operational problems.
The requirement for LDACS is therefore to provide a terrestrial high- The requirement for LDACS is therefore to provide a terrestrial high-
throughput data link for IP internetworking in the aircraft. throughput data link for IP internetworking in the aircraft.
In order to fulfil the above requirement LDACS needs to be In order to fulfil the above requirement LDACS needs to be
interoperable with IP (and IP-based services like Voice-over-IP) at interoperable with IP (and IP-based services like Voice-over-IP) at
the gateway connecting the LDACS network to other aeronautical ground the gateway connecting the LDACS network to other aeronautical ground
networks (the totality of them being the ATN). On the avionics side networks (i.e., the ATN). On the avionics side, in the aircraft,
in the aircraft aviation specific solutions are to be expected. aviation specific solutions are to be expected.
In addition to the functional requirements LDACS and its IP stack In addition to these functional requirements, LDACS and its IP stack
need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED- need to fulfil the requirements defined in RTCA DO-350A/EUROCAE ED-
228A [DO350A]. This document defines continuity, availability, and 228A [DO350A]. This document defines continuity, availability, and
integrity requirements at different scopes for each air traffic integrity requirements at different scopes for each air traffic
management application (CPDLC, CM, and ADS-C). The scope most management application (CPDLC, CM, and ADS-C). The scope most
relevant to IP over LDACS is the CSP (Communication Service Provider) relevant to IP over LDACS is the Communications Service Provider
scope. (CSP) scope.
Continuity, availability, and integrity requirements are defined in Continuity, availability, and integrity requirements are defined in
[DO350A] volume 1 Table 5-14, and Table 6-13. Appendix A presents [DO350A] volume 1 Table 5-14, and Table 6-13. Appendix A presents
the required information. the required information.
In a similar vein, requirements to fault management are defined in In a similar vein, requirements to fault management are defined in
the same tables. the same tables.
7. Characteristics of LDACS 7. Characteristics
LDACS will become one of several wireless access networks connecting LDACS will become one of several wireless access networks connecting
aircraft to the ATN implemented by the FCI and possibly ACARS/FANS aircraft to the ATN implemented by the FCI.
networks [FAN2019].
The current LDACS design is focused on the specification of layer 2. The current LDACS design is focused on the specification of layer one
and two. However, for the purpose of this work, only layer two
details are discussed here.
Achieving stringent the continuity, availability, and integrity Achieving the stringent continuity, availability, and integrity
requirements defined in [DO350A] will require the specification of requirements defined in [DO350A] will require the specification of
layer 3 and above mechanisms (e.g. reliable crossover at the IP layer 3 and above mechanisms (e.g. reliable crossover at the IP
layer). Fault management mechanisms are similarly undefined. Input layer). Fault management mechanisms are similarly undefined. Input
from the working group will be appreciated here. from the working group will be appreciated here.
7.1. LDACS Sub-Network 7.1. LDACS Sub-Network
An LDACS sub-network contains an Access Router (AR) and several GS, An LDACS sub-network contains an Access Router (AR) and several GS,
each of them providing one LDACS radio cell. each of them providing one LDACS radio cell.
User plane interconnection to the ATN is facilitated by the AR User plane interconnection to the ATN is facilitated by the AR
peering with an A2G Router connected to the ATN. peering with an A/G Router connected to the ATN.
The internal control plane of an LDACS sub-network interconnects the The internal control plane of an LDACS sub-network interconnects the
GS. An LDACS sub-network is illustrated in Figure 1. GSs. An LDACS sub-network is illustrated in Figure 1.
wireless user wireless user
link plane link plane
AS-------------GS---------------AR---A2G-----ATN AS-------------GS---------------AR---A/G-----ATN
. | Router . | Router
. control | . control |
. plane | . plane |
. | . |
GS...............| GS---------------|
. | . |
. | . |
GS---------------+ GS---------------+
Figure 1: LDACS sub-network with three GSs and one AS Figure 1: LDACS sub-network with three GSs and one AS
7.2. Topology 7.2. Topology
LDACS operating in A2G mode is a cellular point-to-multipoint system. LDACS is a cellular point-to-multipoint system. It assumes a star-
The A2G mode assumes a star-topology in each cell where Aircraft topology in each cell where Aircraft Stations (AS) belonging to
Stations (AS) belonging to aircraft within a certain volume of space aircraft within a certain volume of space (the LDACS cell) is
(the LDACS cell) is connected to the controlling GS. The LDACS GS is connected to the controlling GS. The LDACS GS is a centralized
a centralized instance that controls LDACS A2G communications within instance that controls LDACS A/G communications within its cell. The
its cell. The LDACS GS can simultaneously support multiple bi- LDACS GS can simultaneously support multiple bi-directional
directional communications to the ASs under its control. LDACS's GSs communications to the ASs under its control. LDACS's GSs themselves
themselves are connected to each other and the AR. are connected to each other and the AR.
Prior to utilizing the system an AS has to register with the Prior to utilizing the system an aircraft has to register with the
controlling GS to establish dedicated logical channels for user and controlling GS to establish dedicated logical channels for user and
control data. Control channels have statically allocated resources, control data. Control channels have statically allocated resources,
while user channels have dynamically assigned resources according to while user channels have dynamically assigned resources according to
the current demand. Logical channels exist only between the GS and the current demand. Logical channels exist only between the GS and
the AS. the AS.
The LDACS wireless link protocol stack defines two layers, the 7.3. LDACS Protocol Stack
physical layer and the data link layer.
7.3. LDACS Physical Layer The protocol stack of LDACS is implemented in the AS and GS: It
consists of the Physical Layer (PHY) with five major, functional
blocks above it. Four are placed in the Data Link Layer (DLL) of the
AS and GS: (1) Medium Access Control (MAC) Layer, (2) Voice Interface
(VI), (3) Data Link Service (DLS), and (4) LDACS Management Entity
(LME). The last entity resides within the sub-network layer: the
Sub-Network Protocol (SNP). The LDACS network is externally
connected to voice units, radio control units, and the ATN network
layer.
LDACS is considered an ATN/IPS radio access technology, from the view
of ICAO's regulatory framework. Hence, the interface between ATN and
LDACS must be IPv6 based, as regulatory documents, such as ICAO Doc
9896 [ICAO2015] and DO-379 [RTCA2019] clearly foresee that. The
translation between IPv6 layer and SNP layer is currently subject of
ongoing standardization efforts and at the time of writing not
finished yet.
Figure 2 shows the protocol stack of LDACS as implemented in the AS
and GS. Acronyms used here are introduced throughout the upcoming
sections.
IPv6 Network Layer
|
|
+------------------+ +----+
| SNP |--| | Sub-Network
| | | | Layer
+------------------+ | |
| | LME|
+------------------+ | |
| DLS | | | LLC Layer
+------------------+ +----+
| |
DCH DCCH/CCCH
| RACH/BCCH
| |
+--------------------------+
| MAC | Medium Access
| | Layer
+--------------------------+
|
+--------------------------+
| PHY | Physical Layer
+--------------------------+
|
|
((*))
FL/RL radio channels
separated by FDD
Figure 2: LDACS protocol stack in AS and GS
7.3.1. LDACS Physical Layer
The physical layer provides the means to transfer data over the radio The physical layer provides the means to transfer data over the radio
channel. The LDACS GS supports bi-directional links to multiple channel. The LDACS GS supports bi-directional links to multiple
aircraft under its control. The FL direction at the G2A connection aircraft under its control. The FL direction at the G2A connection
and the RL direction at the A2G connection are separated by Frequency and the RL direction at the A2G connection are separated by Frequency
Division Duplex. FL and RL use a 500 kHz channel each. The GS Division Duplex (FDD). FL and RL use a 500 kHz channel each. The GS
transmits a continuous stream of Orthogonal Frequency-Division transmits a continuous stream of Orthogonal Frequency-Division
Multiplexing (OFDM) symbols on the FL. In the RL different aircraft Multiplexing Access (OFDM) symbols on the FL. In the RL different
are separated in time and frequency using a combination of Orthogonal aircraft are separated in time and frequency using Orthogonal
Frequency-Division Multiple-Access (OFDMA) and Time-Division Frequency-Division Multiple Access (OFDMA). Aircraft thus transmit
Multiple-Access (TDMA). Aircraft thus transmit discontinuously on discontinuously on the RL via short radio bursts sent in precisely
the RL with radio bursts sent in precisely defined transmission defined transmission opportunities allocated by the GS.
opportunities allocated by the GS.
7.4. LDACS Data Link Layer 7.3.2. LDACS Data Link Layer
The data-link layer provides the necessary protocols to facilitate The data-link layer provides the necessary protocols to facilitate
concurrent and reliable data transfer for multiple users. The LDACS concurrent and reliable data transfer for multiple users. The LDACS
data link layer is organized in two sub-layers: The medium access data link layer is organized in two sub-layers: The medium access
sub-layer and the Logical Link Control (LLC) sub-layer. The medium sub-layer and the Logical Link Control (LLC) sub-layer. The medium
access sub-layer manages the organization of transmission access sub-layer manages the organization of transmission
opportunities in slots of time and frequency. The LLC sub-layer opportunities in slots of time and frequency. The LLC sub-layer
provides acknowledged point-to-point logical channels between the provides acknowledged point-to-point logical channels between the
aircraft and the GS using an automatic repeat request protocol. aircraft and the GS using an Automatic Repeat reQuest (ARQ) protocol.
LDACS supports also unacknowledged point-to-point channels and G2A LDACS supports also unacknowledged point-to-point channels and G2A
broadcast. Broadcast transmission.
7.5. LDACS Mobility
LDACS supports layer 2 handovers to different LDACS channels.
Handovers may be initiated by the aircraft (break-before-make) or by
the GS (make-before-break). Make-before-break handovers are only
supported for GSs connected to each other.
External handovers between non-connected LDACS sub-networks or
different aeronautical data links shall be handled by the FCI multi-
link concept.
8. Reliability and Availability
8.1. Layer 2
LDACS has been designed with applications related to the safety and 7.3.2.1. Medium Access Control (MAC) Services
regularity of flight in mind. It has therefore been designed as a
deterministic wireless data link (as far as this is possible).
Based on channel measurements of the L-band channel [SCHN2016] and The MAC time framing service provides the frame structure necessary
respecting the specific nature of the area of application, LDACS was to realize slot-based time-division multiplex-access on the physical
designed from the PHY layer up with robustness in mind. link. It provides the functions for the synchronization of the MAC
framing structure and the PHY Layer framing. The MAC time framing
provides a dedicated time slot for each logical channel.
In order to maximize the capacity per channel and to optimally use The MAC sub-layer offers access to the physical channel to its
the available spectrum, LDACS was designed as an OFDM-based Frequency service users. Channel access is provided through transparent
Division Duplex system, supporting simultaneous transmissions in FL logical channels. The MAC sub-layer maps logical channels onto the
at the G2A connection and RF at the A2G connection. The legacy appropriate slots and manages the access to these channels. Logical
systems already deployed in the L-band limit the bandwidth of both channels are used as interface between the MAC and LLC sub-layers.
channels to approximately 500 kHz.
The LDACS physical layer design includes propagation guard times 7.3.2.2. Data Link Service (DLS) Services
sufficient for the operation at a maximum distance of 200 nautical
miles from the GS. In actual deployment, LDACS can be configured for
any range up to this maximum range.
The LDACS FL physical layer is a continuous OFDM transmission. LDACS The DLS provides acknowledged and unacknowledged (including broadcast
RL transmission is based on OFDMA-TDMA bursts, with silence between and packet mode voice) bi-directional exchange of user data. If user
such bursts. The RL resources (i.e. bursts) are assigned to data is transmitted using the acknowledged DLS, the sending DLS
different ASs on demand by the GS. entity will wait for an acknowledgement from the receiver. If no
acknowledgement is received within a specified time frame, the sender
may automatically try to retransmit its data. However, after a
certain number of failed retries, the sender will suspend further
retransmission attempts and inform its client of the failure.
The LDACS physical layer supports adaptive coding and modulation for The DLS uses the logical channels provided by the MAC:
user data. Control data is always encoded with the most robust
coding and modulation (QPSK coding rate 1/2).
LDACS medium access on top of the physical layer uses a static frame 1. A GS announces its existence and access parameters in the
structure to support deterministic timer management. As shown in Broadcast Channel (BCCH).
Figure 3 and Figure 4, LDACS framing structure is based on Super- 2. The Random Access Channel (RACH) enables AS to request access to
Frames (SF) of 240ms duration corresponding to 2000 OFDM symbols. FL an LDACS cell.
and RL boundaries are aligned in time (from the GS perspective) 3. In the FL the Common Control Channel (CCCH) is used by the GS to
allowing for deterministic sending windows for KEEP ALIVE messages grant access to data channel resources.
and control and data channels in general. 4. The reverse direction is covered by the RL, where ASs need to
request resources before sending. This happens via the Dedicated
Control Channel (DCCH).
5. User data itself is communicated in the Data Channel (DCH) on the
FL and RL.
LDACS medium access is always under the control of the GS of a radio Access to the FL and RL data channel is granted by the scheduling
cell. Any medium access for the transmission of user data has to be mechanism implemented in the LME discussed below.
requested with a resource request message stating the requested
amount of resources and class of service. The GS performs resource
scheduling on the basis of these requests and grants resources with
resource allocation messages. Resource request and allocation
messages are exchanged over dedicated contention-free control
channels.
The purpose of Quality-of-Service in LDACS medium access is to 7.3.2.3. Voice Interface (VI) Services
provide prioritized medium access at the bottleneck (the wireless
link). The signaling of higher layer Quality-of-Service requirements
to LDACS is yet to be defined. A DiffServ-based solution with a
small number of priorities is to be expected.
LDACS has two mechanisms to request resources from the scheduler in The VI provides support for virtual voice circuits. Voice circuits
the GS. may either be set-up permanently by the GS (e.g., to emulate voice
party line) or may be created on demand. The creation and selection
of voice circuits is performed.
Resources can either be requested "on demand" with a given priority. 7.3.2.4. LDACS Management Entity (LME) Services
On the FL, this is done locally in the GS, on the RL a dedicated
contention-free control channel is used called Dedicated Control
Channel (DCCH), which is roughly 83 bit every 60 ms. A resource
allocation is always announced in the control channel of the FL,
short Common Control Channel (CCCH) having variable size. Due to the
spacing of the RL control channels every 60 ms, a medium access delay
in the same order of magnitude is to be expected.
Resources can also be requested "permanently". The permanent The mobility management service in the LME provides support for
resource request mechanism supports requesting recurring resources in registration and de-registration (cell entry and cell exit), scanning
given time intervals. A permanent resource request has to be RF channels of neighboring cells and handover between cells. In
canceled by the user (or by the GS, which is always in control). addition, it manages the addressing of aircraft within cells.
User data transmissions over LDACS are therefore always scheduled by The resource management service provides link maintenance (power,
the GS, while control data uses statically (i.e. at cell entry) frequency and time adjustments), support for adaptive coding and
allocated recurring resources (DCCH and CCCH). The current modulation, and resource allocation.
specification specifies no scheduling algorithm. Scheduling of RL
resources is done in physical Protocol Data Units of 112 bit (or
larger if more aggressive coding and modulation is used). Scheduling
on the FL is done Byte-wise since the FL is transmitted continuously
by the GS.
In addition to having full control over resource scheduling, the GS The resource management service accepts resource requests from/for
can send forced Handover commands for off-loading or RF channel different AS and issues resource allocations accordingly. While the
management, e.g. when the signal quality declines and a more suitable scheduling algorithm is not specified and a point of possible vendor
GS is in the AS reach. With robust resource management of the differentiation, it is subject to the following requirements:
capacities of the radio channel, reliability and robustness measures
are therefore also anchored in the LDACS management entity.
In addition, to radio resource management, the LDACS control channels 1. Resource scheduling must provide channel access according to the
are also used to send keep-alive messages, when they are not priority of the request
otherwise used. Since the framing of the control channels is 2. Resource scheduling must support "one-time" requests.
deterministic, missing keep-alive messages can thus be immediately 3. Resource scheduling must support "permanent" requests that
detected. This information is made available to the multi-link reserve a resource until the request is canceled e.g. for digital
protocols for fault management. voice circuits.
The protocol used to communicate faults is not defined in the LDACS 7.3.3. LDACS Sub-Network Layer and Protocol Services
specification. It is assumed that vendors would use industry
standard protocols like the Simple Network Management Protocol or the
Network Configuration Protocol where security permits.
The LDACS data link layer protocol running on top of the medium Lastly, the SNP handles the transition from IPv6 packts to LDACS
access sub-layer uses ARQ to provide reliable data transmission on internal packet structures. This work is ongoing and not part of
layer 2. this document. The DLS provides functions required for the transfer
of user plane data and control plane data over the LDACS sub-network.
The security service provides functions for secure user data
communication over the LDACS sub-network. Note that the SNP security
service applies cryptographic measures as configured by the GS.
It employs selective repeat ARQ with transparent fragmentation and 7.4. LDACS Mobility
reassembly to the resource allocation size to achieve low latency and
a low overhead without losing reliability. It ensures correct order
of packet delivery without duplicates. In case of transmission
errors it identifies lost fragments with deterministic timers synced
to the medium access frame structure and initiates retransmission.
Additionally, the priority mechanism of LDACS ensures the timely
delivery of messages with high importance.
8.2. Beyond Layer 2 LDACS supports layer 2 handovers to different LDACS cells. Handovers
may be initiated by the aircraft (break-before-make) or by the GS
(make-before-break). Make-before-break handovers are only supported
between GSs connected to each other.
LDACS availability can be increased by appropriately deploying LDACS External handovers between non-connected LDACS sub-networks or
infrastructure: This means proliferating the number of terrestrial different aeronautical data links are handled by the FCI multi- link
base stations. However, the scarcity of aeronautical spectrum for concept.
data link communication (in the case of LDACS: tens of MHz in the
L-band) and the long range (in the case of LDACS: up to 400 km) make
this quite hard. The deployment of a larger number of small cells is
certainly possible, suffers, however, also from the scarcity of
spectrum. An additional constraint to consider, is that Distance
Measuring Equipment (DME) is the primary user of the aeronautical
L-band. That is, any LDACS deployment has to take DME frequency
planning into account, too.
The aeronautical community has therefore decided not to rely on a 8. Reliability and Availability
single communication system or frequency band. It is envisioned to
have multiple independent data link technologies in the aircraft
(e.g., terrestrial and satellite communications) in addition to
legacy VHF voice.
However, as of now no reliability and availability mechanisms that 8.1. Below Layer 1
could utilize the multi-link have been specified on Layer 3 and
above. Even if LDACS has been designed for reliability, the wireless
medium presents significant challenges to achieve deterministic
properties such as low packet error rate, bounded consecutive losses,
and bounded latency. Support for high reliability and availability
for IP connectivity over LDACS is therefore highly desirable, needs,
however, be adapted to the specific use case.
Below Layer 2 aeronautics usually relies on hardware redundancy. To Below Layer 2, aeronautics usually relies on hardware redundancy. To
protect availability of the LDACS link, an aircraft equipped with protect availability of the LDACS link, an aircraft equipped with
LDACS will have access to two L-band antennae with triple redundant LDACS will have access to two L-band antennae with triple redundant
radio systems as required for any safety relevant aeronautical radio systems as required for any safety relevant aeronautical
systems by ICAO. systems by ICAO.
9. Protocol Stack 8.2. Layer 1 and 2
The protocol stack of LDACS is implemented in the AS and GS: It
consists of the Physical Layer (PHY) with five major functional
blocks above it. Four are placed in the Data Link Layer (DLL) of the
AS and GS: (1) Medium Access Layer (MAC), (2) Voice Interface (VI),
(3) Data Link Service (DLS), and (4) LDACS Management Entity (LME).
The last entity resides within the Sub-Network Layer: Sub-Network
Protocol (SNP). The LDACS network is externally connected to voice
units, radio control units, and the ATN Network Layer.
Figure 2 shows the protocol stack of LDACS as implemented in the AS
and GS.
IPv6 Network Layer
|
|
+------------------+ +----+
| SNP |--| | Sub-Network
| | | | Layer
+------------------+ | |
| | LME|
+------------------+ | |
| DLS | | | Logical Link
| | | | Control Layer
+------------------+ +----+
| |
DCH DCCH/CCCH
| RACH/BCCH
| |
+--------------------------+
| MAC | Medium Access
| | Layer
+--------------------------+
|
+--------------------------+
| PHY | Physical Layer
+--------------------------+
|
|
((*))
FL/RL radio channels
separated by
Frequency Division Duplex
Figure 2: LDACS protocol stack in AS and GS
9.1. Medium Access Control (MAC) Entity Services
The MAC time framing service provides the frame structure necessary LDACS has been designed with applications related to the safety and
to realize slot-based Time Division Multiplex (TDM) access on the regularity of flight in mind. It has therefore been designed as a
physical link. It provides the functions for the synchronization of deterministic wireless data link (as far as this is possible).
the MAC framing structure and the PHY Layer framing. The MAC time
framing provides a dedicated time slot for each logical channel.
The MAC Sub-Layer offers access to the physical channel to its Based on channel measurements of the L-band channel LDACS was
service users. Channel access is provided through transparent designed from the PHY layer up with robustness in mind. Channel
logical channels. The MAC Sub-Layer maps logical channels onto the measurements of the L-band channel [SCH2016] confirmed LDACS to be
appropriate slots and manages the access to these channels. Logical well adapted to its channel.
channels are used as interface between the MAC and LLC Sub-Layers.
The LDACS framing structure for FL and RL is based on Super-Frames In order to maximize the capacity per channel and to optimally use
(SF) of 240 ms duration. Each SF corresponds to 2000 OFDM symbols. the available spectrum, LDACS was designed as an OFDM-based FDD
The FL and RL SF boundaries are aligned in time (from the view of the system, supporting simultaneous transmissions in FL in the G2A
GS). connection and RL in the A2G connection. The legacy systems already
deployed in the L-band limit the bandwidth of both channels to
approximately 500 kHz.
In the FL, an SF contains a Broadcast Frame of duration 6.72 ms (56 The LDACS physical layer design includes propagation guard times
OFDM symbols) for the Broadcast Control Channel (BCCH), and four sufficient for the operation at a maximum distance of 200 nautical
Multi-Frames (MF), each of duration 58.32 ms (486 OFDM symbols). miles from the GS. In actual deployment, LDACS can be configured for
any range up to this maximum range.
In the RL, each SF starts with a Random Access (RA) slot of length The LDACS physical layer supports adaptive coding and modulation for
6.72 ms with two opportunities for sending RL random access frames user data. Control data is always encoded with the most robust
for the Random Access Channel (RACH), followed by four MFs. These coding and modulation (FL: Quadrature Phase-Shift Keying (QPSK),
MFs have the same fixed duration of 58.32 ms as in the FL, but a coding rate 1/2, RL: QPSK, coding rate 1/3).
different internal structure
Figure 3 and Figure 4 illustrate the LDACS frame structure. LDACS medium access layer on top of the physical layer uses a static
frame structure to support deterministic timer management. As shown
in Figure 3 and Figure 4, LDACS framing structure is based on Super-
Frames (SF) of 240ms duration corresponding to 2000 OFDM symbols. FL
and RL boundaries are aligned in time (from the GS perspective)
allowing for deterministic slots for control and data channels. This
initial AS time synchronization and time synchronization maintenance
is based on observing the synchronization symbol pairs that
repetitively occur within the FL stream, being sent by the
controlling GS [GRA2019].
^ ^
| +------+------------+------------+------------+------------+ | +------+------------+------------+------------+------------+
| FL | BCCH | MF | MF | MF | MF | | FL | BCCH | MF | MF | MF | MF |
F +------+------------+------------+------------+------------+ F +------+------------+------------+------------+------------+
r <---------------- Super-Frame (SF) - 240ms ----------------> r <---------------- Super-Frame (SF) - 240ms ---------------->
e e
q +------+------------+------------+------------+------------+ q +------+------------+------------+------------+------------+
u RL | RACH | MF | MF | MF | MF | u RL | RACH | MF | MF | MF | MF |
e +------+------------+------------+------------+------------+ e +------+------------+------------+------------+------------+
skipping to change at page 21, line 23 skipping to change at page 21, line 41
e +------+---------------------------+ e +------+---------------------------+
n <---- Multi-Frame (MF) - 58.32ms --> n <---- Multi-Frame (MF) - 58.32ms -->
c c
y y
| |
-------------------- Time ------------------> -------------------- Time ------------------>
| |
Figure 4: MF structure for LDACS Figure 4: MF structure for LDACS
9.2. Data Link Service (DLS) Entity Services LDACS cell entry is conducted with an initial control message
exchange via the RACH and the BCCH.
The DLS provides acknowledged and unacknowledged (including broadcast After cell entry, LDACS medium access is always under the control of
and packet mode voice) bi-directional exchange of user data. If user the GS of a radio cell. Any medium access for the transmission of
data is transmitted using the acknowledged DLS, the sending DLS user data on a DCH has to be requested with a resource request
entity will wait for an acknowledgement from the receiver. If no message stating the requested amount of resources and class of
acknowledgement is received within a specified time frame, the sender service. The GS performs resource scheduling on the basis of these
may automatically try to retransmit its data. However, after a requests and grants resources with resource allocation messages.
certain number of failed retries, the sender will suspend further Resource request and allocation messages are exchanged over dedicated
retransmission attempts and inform its client of the failure. contention-free control channels (DCCH and CCCH).
The DLS uses the logical channels provided by the MAC: The purpose of quality-of-service in LDACS medium access is to
provide prioritized medium access at the bottleneck (the wireless
link). The signaling of higher layer quality-of-service requirements
to LDACS is yet to be defined. A Differentiated Services- (DiffServ)
based solution with a small number of priorities is to be expected.
1. A GS announces its existence and access parameters in the In addition to having full control over resource scheduling, the GS
Broadcast Channel (BC). can send forced handover commands for off-loading or channel
2. The RA channel enables AS to request access to an LDACS cell. management, e.g., when the signal quality declines and a more
3. In the FL the CCCH is used by the GS to grant access to data suitable GS is in the AS's reach. With robust resource management of
channel resources. the capacities of the radio channel, reliability and robustness
4. The reverse direction is covered by the RL, where ASs need to measures are therefore also anchored in the LME.
request resources before sending. This happens via the DCCH.
5. User data itself is communicated in the Data Channel (DCH) on the
FL and RL.
Access to the FL and RL data channel is granted by the scheduling In addition to radio resource management, the LDACS control channels
mechanism implemented in the LME discussed below. are also used to send keep-alive messages, when they are not
otherwise used. Since the framing of the control channels is
deterministic, missing keep-alive messages can thus be immediately
detected. This information is made available to the multi-link
protocols for fault management.
9.3. Voice Interface (VI) Services The protocol used to communicate faults is not defined in the LDACS
specification. It is assumed that vendors would use industry
standard protocols like the Simple Network Management Protocol or the
Network Configuration Protocol, where security permits.
The VI provides support for virtual voice circuits. Voice circuits The LDACS data link layer protocol, running on top of the medium
may either be set-up permanently by the GS (e.g., to emulate voice access sub-layer, uses ARQ to provide reliable data transmission on
party line) or may be created on demand. The creation and selection the data channel.
of voice circuits is performed in the LME. The VI provides only the
transmission services.
9.4. LDACS Management Entity (LME) Services It employs selective repeat ARQ with transparent fragmentation and
reassembly to the resource allocation size to achieve low latency and
a low overhead without losing reliability. It ensures correct order
of packet delivery without duplicates. In case of transmission
errors, it identifies lost fragments with deterministic timers synced
to the medium access frame structure and initiates retransmission.
The mobility management service in the LME provides support for 8.3. Beyond Layer 2
registration and de-registration (cell entry and cell exit), scanning
RF channels of neighboring cells and handover between cells. In
addition, it manages the addressing of aircraft/ ASs within cells.
The resource management service provides link maintenance (power, LDACS availability can be increased by appropriately deploying LDACS
frequency and time adjustments), support for adaptive coding and infrastructure: This means proliferating the number of terrestrial
modulation, and resource allocation. ground stations. However, the scarcity of aeronautical spectrum for
data link communication (in the case of LDACS: tens of MHz in the
L-band) and the long range (in the case of LDACS: up to 200 nautical
miles) make this quite hard. The deployment of a larger number of
small cells is certainly possible, suffers, however, also from the
scarcity of spectrum. An additional constraint to consider, is that
Distance Measuring Equipment (DME) is the primary user of the
aeronautical L-band. That is, any LDACS deployment has to take DME
frequency planning into account.
The resource management service accepts resource requests from/for The aeronautical community has therefore decided not to rely on a
different AS and issues resource allocations accordingly. While the single communication system or frequency band. It is envisioned to
scheduling algorithm is not specified and a point of possible vendor have multiple independent data link technologies in the aircraft
differentiation, it is subject to the following requirements: (e.g., terrestrial and satellite communications) in addition to
legacy VHF voice.
1. Resource scheduling must provide channel access according to the However, as of now, no reliability and availability mechanisms that
priority of the request could utilize the multi-link architecture, have been specified on
2. Resource scheduling must support "one-time" requests Layer 3 and above. Even if LDACS has been designed for reliability,
3. Resource scheduling must support "permanent" requests that the wireless medium presents significant challenges to achieve
reserve a resource until the request is canceled e.g. for digital deterministic properties such as low packet error rate, bounded
voice circuits. consecutive losses, and bounded latency. Support for high
reliability and availability for IP connectivity over LDACS is
therefore, highly desirable, needs, however, to be adapted to the
specific use case.
9.5. Sub-Network Protocol (SNP) Services 9. Security
The DLS provides functions required for the transfer of user plane ICAO Doc 9896 foresees transport layer security [ICAO2015] for all
data and control plane data over the LDACS sub-network. aeronautical data as described in ARINC P858 [ARI2021], most likely
realized via Datagram Transport Layer Security (DTLS) [RFC6012]
[RFC6347].
The security service provides functions for secure communication over LDACS also needs to comply with in-depth security requirements,
the LDACS sub-network. Note that the SNP security service applies stated in P858, for the radio access technologies transporting ATN/
cryptographic measures as configured by the GS. IPS data [ARI2021]. These requirements imply that LDACS must provide
layer 2 security in addition to any higher layer mechanisms.
10. Security Considerations 9.1. Security in Wireless Digital Aeronautical Communications
10.1. Reasons for Wireless Digital Aeronautical Communications
Aviation will require secure exchanges of data and voice messages for Aviation will require secure exchanges of data and voice messages for
managing the air traffic flow safely through the airspaces all over managing the air traffic flow safely through the airspaces all over
the world. Historically Communication Navigation Surveillance (CNS) the world. Historically Communication Navigation Surveillance (CNS)
wireless communications technology emerged from military and a threat wireless communications technology emerged from military and a threat
landscape where inferior technological and financial capabilities of landscape where inferior technological and financial capabilities of
adversaries were assumed [STR2016]. The main communication method adversaries were assumed [STR2016]. The main communications method
for ATC today is still an open analogue voice broadcast within the for ATC today is still an open analogue voice broadcast within the
aeronautical VHF band. Currently, the information security is purely aeronautical VHF band. Currently, information security is mainly
procedural based by using well-trained personnel and proven procedural, based by using well-trained personnel and proven
communications procedures. This communication method has been in communications procedures. This communication method has been in
service since 1948. However, since the emergence of civil service since 1948. However, since the emergence of civil
aeronautical CNS application and today, the world has changed. Civil aeronautical CNS applications in the 70s, and today, the world has
applications have significant lower spectrum available than military changed.
applications. This means several military defence mechanisms such as
frequency hopping or pilot symbol scrambling and, thus, a defense-in-
depth approach starting at the physical layer is infeasible for civil
systems. With the rise of cheap Software Defined Radios, the
previously existing financial barrier is almost gone and open source
projects such as GNU radio [GNU2012] allow the new type of
unsophisticated listeners and possible attackers. Most CNS
technology developed in ICAO relies on open standards, thus syntax
and semantics of wireless digital aeronautical communications should
be expected to be common knowledge for attackers. With increased
digitization and automation of civil aviation the human as control
instance is being taken gradually out of the loop. Autonomous
transport drones or single piloted aircraft demonstrate this trend.
However, without profound cybersecurity measures such as authenticity
and integrity checks of messages in-transit on the wireless link or
mutual entity authentication, this lack of a control instance can
prove disastrous. Thus, future digital communications waveforms will
need additional embedded security features to fulfill modern
information security requirements like authentication and integrity.
These security features require sufficient bandwidth which is beyond
the capabilities of a VHF narrowband communications system. For
voice and data communications, sufficient data throughput capability
is needed to support the security functions while not degrading
performance. LDACS is a data link technology with sufficient
bandwidth to incorporate security without losing too much user
throughput.
As digitalization progresses even further with LDACS and automated Civil applications have significant lower spectrum available than
procedures such as 4D-Trajectories allowing semi-automated en-route military applications. This means several military defense
flying of aircraft, LDACS requires stronger cybersecurity measures. mechanisms, such as frequency hopping or pilot symbol scrambling and,
thus, a defense-in- depth approach starting at the physical layer, is
infeasible for civil systems. With the rise of cheap Software
Defined Radios (SDRs), the previously existing financial barrier is
almost gone and open source projects such as GNU radio [GNU2021]
allow a new type of unsophisticated listeners and possible attackers.
10.2. LADACS Requirements Most CNS technology developed in ICAO relies on open standards, thus
syntax and semantics of wireless digital aeronautical communications
should be expected to be common knowledge for attackers. With
increased digitization and automation of civil aviation, the human as
control instance, is being taken gradually out of the loop.
Autonomous transport drones or single piloted aircraft demonstrate
this trend. However, without profound cybersecurity measures such as
authenticity and integrity checks of messages in-transit on the
wireless link or mutual entity authentication, this lack of a control
instance can prove disastrous. Thus, future digital communications
waveforms will need additional embedded security features to fulfill
modern information security requirements like authentication and
integrity. These security features require sufficient bandwidth
which is beyond the capabilities of currently deployed VHF narrowband
communications systems. For voice and data communications,
sufficient data throughput capability is needed to support the
security functions while not degrading performance. LDACS is a data
link technology with sufficient bandwidth to incorporate security
without losing too much user data throughput.
Overall there are several business goals for cybersecurity to protect 9.2. LDACS Requirements
in FCI in civil aviation:
Overall, there are several business goals for cybersecurity to
protect, within the FCI in civil aviation:
1. Safety: The system must sufficiently mitigate attacks, which 1. Safety: The system must sufficiently mitigate attacks, which
contribute to safety hazards. contribute to safety hazards.
2. Flight regularity: The system must sufficiently mitigate attacks, 2. Flight regularity: The system must sufficiently mitigate attacks,
which contribute to delays, diversions, or cancellations of which contribute to delays, diversions, or cancellations of
flights. flights.
3. Protection of business interests: The system must sufficiently 3. Protection of business interests: The system must sufficiently
mitigate attacks which result in financial loss, reputation mitigate attacks which result in financial loss, reputation
damage, disclosure of sensitive proprietary information, or damage, disclosure of sensitive proprietary information, or
disclosure of personal information. disclosure of personal information.
To further analyze assets and derive threats and thus protection To further analyze assets and derive threats and thus protection
scenarios several Threat-and Risk Analysis were performed for LDACS scenarios several threat-and risk analyses were performed for LDACS
[MAE20181] , [MAE20191]. These results allowed deriving security [MAE20181] , [MAE20191]. These results allowed deriving security
scope and objectives from the requirements and the conducted Threat- scope and objectives from the requirements and the conducted threat-
and Risk Analysis. and risk analysis.
10.3. LDACS Security Objectives 9.3. LDACS Security Objectives
Security considerations for LDACS are defined by the official Security considerations for LDACS are defined by the official SARPS
Standards And Recommended Practices (SARPS) document by ICAO document by ICAO [ICA2018]:
[ICA2018]:
1. LDACS shall provide a capability to protect the availability and 1. LDACS shall provide a capability to protect the availability and
continuity of the system. continuity of the system.
2. LDACS shall provide a capability including cryptographic 2. LDACS shall provide a capability including cryptographic
mechanisms to protect the integrity of messages in transit. mechanisms to protect the integrity of messages in transit.
3. LDACS shall provide a capability to ensure the authenticity of 3. LDACS shall provide a capability to ensure the authenticity of
messages in transit. messages in transit.
4. LDACS should provide a capability for nonrepudiation of origin 4. LDACS should provide a capability for nonrepudiation of origin
for messages in transit. for messages in transit.
5. LDACS should provide a capability to protect the confidentiality 5. LDACS should provide a capability to protect the confidentiality
of messages in transit. of messages in transit.
6. LDACS shall provide an authentication capability. 6. LDACS shall provide an authentication capability.
7. LDACS shall provide a capability to authorize the permitted 7. LDACS shall provide a capability to authorize the permitted
actions of users of the system and to deny actions that are not actions of users of the system and to deny actions that are not
explicitly authorized. explicitly authorized.
8. If LDACS provides interfaces to multiple domains, LDACS shall 8. If LDACS provides interfaces to multiple domains, LDACS shall
provide capability to prevent the propagation of intrusions within provide capability to prevent the propagation of intrusions within
LDACS domains and towards external domains. LDACS domains and towards external domains.
10.4. LDACS Security Functions Currently, a change request for these SARPS aims to limit the "non-
repudiation of origin of messages in transit" requirement only to the
authentication and key establishment messages at the beginning of
every session.
9.4. LDACS Security Functions
These objectives were used to derive several security functions for These objectives were used to derive several security functions for
LDACS required to be integrated in the LDACS cybersecurity LDACS required to be integrated in the LDACS cybersecurity
architecture: (1) Identification, (2) Authentication, (3) architecture: Identification, Authentication, Authorization,
Authorization, (4) Confidentiality, (5) System Integrity, (6) Data Confidentiality, System Integrity, Data Integrity, Robustness,
Integrity, (7) Robustness, (8) Reliability, (9) Availability, and Reliability, Availability, and Key and Trust Management. Several
(10) Key and Trust Management. Several works investigated possible works investigated possible measures to implement these security
measures to implement these security functions [BIL2017], [MAE20181], functions [BIL2017], [MAE20181], [MAE20191].
[MAE20191]. Having identified security requirements, objectives and
functions it must be ensured that they are applicable.
10.5. LDACS Security Architecture 9.5. LDACS Security Architecture
The requirements lead to a LDACS security model including different The requirements lead to a LDACS security model, including different
entities for identification, authentication and authorization entities for identification, authentication and authorization
purposes ensuring integrity, authenticity and confidentiality of data purposes, ensuring integrity, authenticity and confidentiality of
in-transit especially. data. A draft of the cybersecurity architecture of LDACS can be
found in [ICA2018] and [MAE20182] and respective updates in
[MAE20191], [MAE20192], [MAE2020], and most recently [MAE2021].
10.5.1. Entities 9.5.1. Entities
A simplified LDACS architectural modelrequires the following A simplified LDACS architectural model requires the following
entities: Network operators such as the Societe Internationale de entities: Network operators such as the Societe Internationale de
Telecommunications Aeronautiques (SITA) [SIT2020] and ARINC [ARI2020] Telecommunications Aeronautiques (SITA) [SIT2020] and ARINC [ARI2020]
are providing access to the (1) Ground IPS network via an (2) A2G are providing access to the ground IPS network via an A/G LDACS
LDACS Router. This router is attached to a closed off LDACS Access router. This router is attached to a closed off LDACS access
Network, (3) which connects via further (4) Access Routers to the network, which connects via further (access routers to the different
different (5) LDACS Cell Ranges, each controlled by a (6) GS (serving LDACS cell ranges, each controlled by a GS (serving one LDACS cell),
one LDACS cell), with several interconnected GS (7) spanning a local with several interconnected GS spanning a local LDACS access network.
LDACS access network. Via the (8) A2G wireless LDACS data link (9) Via the A/G wireless LDACS data link AS the aircraft is connected to
AS the aircraft is connected to the ground network and via the (10) the ground network and via the aircraft's VI and aircraft's network
aircrafts's VI and (11) aircraft's network interface, aircraft's data interface, aircraft's data can be sent via the AS back to the GS,
can be sent via the AS back to the GS, LDACS local access network, then to the LDACS local access network, access routers, LDACS access
access routers, LDACS access network, A2G LDACS router to the ground network, A/G LDACS router and finally to the ground IPS network
Internet Protocol Suite (IPS) network [ICAO20152]. [ICAO2015].
10.5.2. Entity Identification
LDACS needs specific identities for (1) the AS, (2) the GS, and (3)
the Network Operator. The aircraft itself can be identified using
the ICAO unique address of an aircraft, the call sign of that
aircraft or the recently founded Privacy ICAO Address (PIA) program
[FAA2020]. It is conceivable that the LDACS AS will use a
combination of aircraft identification, radio component
identification and even operator features identification to create a
unique AS LDACS identification tag. Similar to a 4G's eNodeB Serving
Network (SN) Identification tag, a GS could be identified using a
similar field. The identification of the network operator is again
similar to 4G (e.g., E-Plus, AT&T, and TELUS), in the way that the
aeronautical network operators are listed (e.g., ARINC [ARI2020] and
SITA [SIT2020]).
10.5.3. Entity Authentication and Key Negotiation
In order to anchor Trust within the system all LDACS entities
connected to the ground IPS network shall be rooted in an LDACS
specific chain-of-trust and PKI solution, quite similar to AeroMACS
approach [CRO2016]. These X.509 certificates [RFC5280] residing at
the entities and incorporated in the LDACS PKI proof the ownership of
their respective public key, include information about the identity
of the owner and the digital signature of the entity that has
verified the certificate's content. First all ground infrastructures
must mutually authenticate to each other, negotiate and derive keys
and, thus, secure all ground connections. How this process is
handled in detail is still an ongoing discussion. However,
established methods to secure user plane by IPSec [RFC4301] and IKEv2
[RFC7296] or the application layer via TLS 1.3 [RFC8446] are
conceivable. The LDACS PKI with their chain-of-trust approach,
digital certificates and public entity keys lay the groundwork for
this step. In a second step the AS with the LDACS radio approaches
an LDACS cell and performs a cell entry with the corresponding GS.
Similar to the LTE cell attachment process [TS33.401], where
authentication happens after basic communication has been enabled
between AS and GS (step 5a in the UE attachment process [TS33.401]),
the next step is mutual authentication and key exchange. Hence, in
step three using the identity-based Station-to-Station (STS) protocol
with Diffie-Hellman Key Exchange [MAE2020], AS and GS establish
mutual trust by authenticating each other, exchanging key material
and finally, both ending up with derived key material. A key
confirmation is mandatory before the communication channel between
the AS and the GS can be opened for user-data communications.
10.5.4. Message-in-transit Confidentiality, Integrity and Authenticity
The subsequent key material from the previous step can then be used
to protect LDACS Layer 2 communications via applying encryption and
integrity protection measures on the SNP layer of the LDACS protocol
stack. As LDACS transports AOC and ATS data, the integrity of that
data is most important, while confidentiality only needs to be
applied to AOC data to protect business interests [ICA2018]. This
possibility of providing low layered confidentiality and integrity
protection ensures a secure delivery of user data over the air gap.
Furthermore, it ensures integrity protection of LDACS control data.
10.6. LDACS Security Modules
A draft of the cybersecurity architecture of LDACS can be found in
[ICA2018] and [MAE20182] and respective updates in [MAE20191],
[MAE20192], and [MAE2020].
10.6.1. Placements of Security Functionality in Protocol Stack
Placing protection mechanisms in the LME and SNP entities within the
protocol stack of LDACS will be most efficient in securing LDACS.
MAC and DLS will also receive new tasks like the measurement
performance for control channel protection. Security endpoints for
secure user data communication, control data protection and primary
entity authentication are the AS and GS.
10.6.2. Trust
The LDACS security concept requires all entities in an LDACS network
to authenticate to each other to ascertain that only trusted
participants can use the system. To establish trust within the
network, inter-operations between all FCI candidates must be
possible, thus LDACS will follow AeroMACS lead and also use an FCI
specific PKI [RFC5280]. A PKI can solve the problem of having to
trust a communication's partner identity claim via involving a
trusted third party who verifies the identities of the parties who
wish to engage in communication via issuing a digital certificate.
As aviation operates worldwide, a hierarchical PKI will have to be
deployed with several sub-CAs being distributed over the world.
Basically, there are two proposals on how to achieve worldwide trust
coverage:
1. One root CA is installed per geographic region and then it
performs cross-certification with distributed root-CAs of all
other geo-graphic regions around the world. Subdomains can exist
within ATM organizations. Here trust emerges from the assured
trustworthiness of each regional root CA cross-certifying other
and being cross-certified by other regional CAs
2. The other idea is to have one worldwide (probably offline) root
CA, hosted by a trusted worldwide entity, such as ICAO, with
several regions sub-CAs distributed around the world. That way,
the ICAO hosted root CA serves as trust bridge.
10.6.3. Mutual Authentication and Key Exchange (MAKE)
Via a modified, identity-based STS procedure and digital certificate
and public keys pre-deployed during maintenance at the respective
end-entities, the MAKE procedure can guarantee (1) Mutual
Authentication, (2) Secure Key Agreement, (3) Prefect Forward Secrecy
and (4) Key Confirmation [MAE2020]. As Diffie-Hellman Key Exchange
(DHKE) procedure, we are currently evaluating the classic ephemeral
DHKE [DIF1976] with 3072bit keys, Elliptic Curve DHKE (ECDH) with
256bit keys [KOB1987] and the Supersingular Isogeny DHKE (SIDH) with
2624bit key sizes [JAO2011]. As minimization of security data on the
datalink is key, ECDH is currently the favorite way forward.
Assuming that an LDACS security header consists of TYPE, ID, UA and
PRIO fields, the entire header is of length 48bit [GRA2019].
Cryptographic nonces are 96bit long, signatures 512bit and the public
elliptic curve Diffie-Hellman keys 256bit. With these bit sizes, the
entire STS-MAKE procedure between AS and GS requires a total of 4
messages and 1920bit [MAE2021].
10.6.4. Key Derivation and Key Hierarchy
Once all parties within the network have successfully authenticated 9.5.2. Entity Identification
to each other, key derivation is necessary to generate different keys
for different purposes. We need different keys for user data
protection and keys for control data protection. As key derivation
function, we propose the Hash-based Message Authentication Code
(HMAC) Key Derivation Function (KDF) - HKDF [RFC5869]. First the
input keying material (here: master key/static Diffie Hellman shared
key) is taken and a fixed-length pseudo-random key is extracted. We
extract a pseudorandom key from the master key by adding a salt
value, which can be any fixed non-secret string chosen at random. In
the process the pseudo random key becomes indistinguishable from a
uniform distribution of bits. As LDACS will be deployed in 2024 with
a recommendation of a minimum-security level of 128bit.
10.6.5. User Data Security LDACS needs specific identities for the AS, the GS, and the network
operator. The aircraft itself can be identified using the ICAO
unique address of an aircraft, the call sign of that aircraft or the
recently founded privacy ICAO address of the Federal Aviation
Administration (FAA) program with the same name [FAA2020]. It is
conceivable that the LDACS AS will use a combination of aircraft
identification, radio component identification and even operator
feature identification to create a unique AS LDACS identification
tag. Similar to a 4G's eNodeB serving network identification tag, a
GS could be identified using a similar field. The identification of
the network operator is again similar to 4G (e.g., E-Plus, AT&T, and
TELUS), in the way that the aeronautical network operators are listed
(e.g., ARINC [ARI2020] and SITA [SIT2020]).
It is proposed to secure LDACS Sub-Network Packet Data Units (SN- 9.5.3. Entity Authentication and Key Establishment
PDU)s, as their size can vary from 128 to 1536 Byte [GRA2019], which
makes them possibly the largest PDUs within LDACS. This helps
minimizing security data overhead, in case a Message Authentication
Code (MAC) tag is attached to the SN-PDU. For confidentiality
protection, it is recommended symmetric approaches for data
encryption, due to low computational overhead and fast operation
times. As encryption algorithm, it is recommended to use AES-128-
GCM/AES-256-GCM [RFC5288] with Galois Counter Mode (GCM) being a mode
of operation on symmetric key block. It provides authenticated
encryption and decryption operations and it proves robust against
currently known quantum-computer-based algorithms [BER2017]. For
message integrity/authenticity protection, it is recommended either
to use the aforementioned AES-GCM with tag lengths of at least 128bit
or HMAC with hash-functions from the SHA-3 family [PRI2014]. At
least HMAC-SHA3-128 with a tag length of 128bit is recommended. This
way the tag security data overhead ranges from 1.04 to 12.50% for
user data, depending on the SN-PDU size.
10.6.6. Control Data Security In order to anchor trust within the system, all LDACS entities
connected to the ground IPS network will be rooted in an LDACS
specific chain-of-trust and PKI solution, quite similar to AeroMACS's
approach [CRO2016]. These certificates, residing at the entities and
incorporated in the LDACS PKI, providing proof the ownership of their
respective public key, include information about the identity of the
owner and the digital signature of the entity that has verified the
certificate's content. First, all ground infrastructures must
mutually authenticate to each other, negotiate and derive keys and,
thus, secure all ground connections. How this process is handled in
detail is still an ongoing discussion. However, established methods
to secure user plane by IPSec [RFC4301] and IKEv2 [RFC7296] or the
application layer via TLS 1.3 [RFC8446] are conceivable. The LDACS
PKI with their chain-of-trust approach, digital certificates and
public entity keys lay the groundwork for this step. In a second
step, the AS with the LDACS radio aboard, approaches an LDACS cell
and performs a cell-attachment procedure with the corresponding GS.
This procedure consists of (1) the basic cell entry [GRA2019] and (2)
a Mutual Authentication and Key Establishment (MAKE) procedure
[MAE2021].
LDACS has four control channels: AS announce their existence in the Note, that LDACS will foresee multiple security levels. To address
RA, at the beginning of each SF in the RL, where each AS can transmit the issue of the long service life of LDACS (i.e., possibly >30
56bit. GS announce their existence in the BC, at the beginning of years) and the security of current pre-quantum cryptography, these
each SF in the FL, where the GS can transmit a total of 2304bit. AS security levels include pre- and post-quantum cryptographic
can request resources in the DC, where each AS has an 83bit long slot solutions. Limiting security data on the LDACS datalink as much as
and GS can grant those resources in the CC, with 728bit per CC-PHY- possible, to reserve as much space for actual user data transmission,
SDU. As the control channels of LDACS are very small-size, it is is key in the LDACS security architecture, this is also reflected in
obvious that protection is challenging. Having security requirements the underlying cryptography: Pre-quantum solutions will rely on
in mind it is recommended to introduce group key mechanisms for elliptic curves [KOB1987], while post-quantum solutions consider
LDACS. Thus, after the MAKE procedure of LDACS, a control plane Falcon [SON2021] [MAE2021] or similar lightweight PQC signature
related group key is derived by the GS and shared with all AS in a schemes, and SIKE or SABER as key establishment options [SIK2021]
protected manner. As group key procedure, several approaches are [ROY2020].
investigated (e.g., G-IKEv2 [I-D.ietf-ipsecme-g-ikev2], CRGT
[ZHE2007], CAKE [GUG2018], LKH [SAK2014], and OFT [KUM2020]). As OFT
has the least requirements on network operations compared to the
other, LDACS will use OFT with a fixed tree of 512-member nodes for a
maximum of 512 supported AS in an LDACS cell. All AS and GS use this
group key to protect the exchanged control data in the CC/DC slots.
As these messages remain valid for a time period in the order of 10
ms and the transmission is distance bound by the MAC protocol of
LDACS, very small digest tags of 16 or 32bit can suffice to protect a
minimum of integrity of control messages of LDACS. To that end, it
is proposed to use blake2b or blake2s and to trim the tag after 4
bytes [RFC7693].
11. Privacy Considerations 9.5.4. Message-in-transit Confidentiality, Integrity and Authenticity
LDACS provides a Quality-of-Service, and the generic considerations The key material from the previous step can then be used to protect
for such mechanisms apply. LDACS Layer 2 communications via applying encryption and integrity
protection measures on the SNP layer of the LDACS protocol stack. As
LDACS transports AOC and ATS data, the integrity of that data is most
important, while confidentiality only needs to be applied to AOC data
to protect business interests [ICA2018]. This possibility of
providing low layered confidentiality and integrity protection
ensures a secure delivery of user data over the air gap.
Furthermore, it ensures integrity protection of LDACS control data.
12. IANA Considerations 10. IANA Considerations
This memo includes no request to IANA. This memo includes no request to IANA.
13. Acknowledgements 11. Acknowledgements
Thanks to all contributors to the development of LDACS and ICAO PT-T. Thanks to all contributors to the development of LDACS and ICAO PT-T.
Thanks to Klaus-Peter Hauf, Bart Van Den Einden, and Pierluigi Thanks to Klaus-Peter Hauf, Bart Van Den Einden, and Pierluigi
Fantappie for further input to this draft. Fantappie for further input to this draft.
Thanks to the Chair for Network Security and the research institute Thanks to the Chair for Network Security and the research institute
CODE for their comments and improvements. CODE for their comments and improvements.
Thanks to SBA Research Vienna for fruitful discussions on Thanks to SBA Research Vienna for fruitful discussions on
aeronautical communications concerning security incentives for aeronautical communications concerning security incentives for
industry and potential economic spillovers. industry and potential economic spillovers.
14. Normative References Thanks to the Aeronautical Communications group at the Institute of
Communications and Navigation of the German Aerospace Center (DLR).
With that, the authors would like to explicitly thank Miguel Angel
Bellido-Manganell and Lukas Marcel Schalk for their thorough
feedback.
12. Normative References
[GRA2019] Graeupl, T., Rihacek, C., and B. Haindl, "LDACS A/G
Specification", SESAR2020 PJ14-02-01 D3.3.030 , 2019.
[ICAO2015] International Civil Aviation Organization (ICAO), "Manual
on the Aeronautical Telecommunication Network (ATN) using
Internet Protocol Suite (IPS) Standards and Protocols, Doc
9896", January 2015,
<https://standards.globalspec.com/std/10026940/icao-9896>.
[RTCA2019] Radio Technical Commission for Aeronautics (RTCA),
"Internet Protocol Suite Profiles, DO-379", September
2019, <https://www.rtca.org/products/do-379/>.
[EURO2019] European Organization for Civil Aviation Equipment
(EUROCAE), "Technical Standard of Aviation Profiles for
ATN/IPS, ED-262", September 2019,
<https://eshop.eurocae.net/eurocae-documents-and-reports/
ed-262/>.
[ARI2021] ARINC, "Internet Protocol Suite (IPS) For Aeronautical
Safety Services Part 1- Airborne IP System Technical
Requirements, ARINC SPECIFICATION 858 P1", June 2021,
<https://standards.globalspec.com/std/14391274/858p1>.
13. Informative References
[RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with
CBC-MAC (CCM)", RFC 3610, DOI 10.17487/RFC3610, September
2003, <https://www.rfc-editor.org/info/rfc3610>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <https://www.rfc-editor.org/info/rfc4301>. December 2005, <https://www.rfc-editor.org/info/rfc4301>.
[RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The
AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June
2006, <https://www.rfc-editor.org/info/rfc4493>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/info/rfc5280>. <https://www.rfc-editor.org/info/rfc5280>.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
<https://www.rfc-editor.org/info/rfc5869>.
[RFC6012] Salowey, J., Petch, T., Gerhards, R., and H. Feng,
"Datagram Transport Layer Security (DTLS) Transport
Mapping for Syslog", RFC 6012, DOI 10.17487/RFC6012,
October 2010, <https://www.rfc-editor.org/info/rfc6012>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6
Interface Identifiers", RFC 7136, DOI 10.17487/RFC7136,
February 2014, <https://www.rfc-editor.org/info/rfc7136>.
[RFC7236] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP)
Authentication Scheme Registrations", RFC 7236,
DOI 10.17487/RFC7236, June 2014,
<https://www.rfc-editor.org/info/rfc7236>.
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
Kivinen, "Internet Key Exchange Protocol Version 2 Kivinen, "Internet Key Exchange Protocol Version 2
(IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
2014, <https://www.rfc-editor.org/info/rfc7296>. 2014, <https://www.rfc-editor.org/info/rfc7296>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [SCH2016] Schneckenburger, N., Jost, T., Shutin, D., Walter, M.,
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
<https://www.rfc-editor.org/info/rfc5869>.
[RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois
Counter Mode (GCM) Cipher Suites for TLS", RFC 5288,
DOI 10.17487/RFC5288, August 2008,
<https://www.rfc-editor.org/info/rfc5288>.
[RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2
Cryptographic Hash and Message Authentication Code (MAC)",
RFC 7693, DOI 10.17487/RFC7693, November 2015,
<https://www.rfc-editor.org/info/rfc7693>.
15. Informative References
[SCHN2016] Schneckenburger, N., Jost, T., Shutin, D., Walter, M.,
Thiasiriphet, T., Schnell, M., and U.C. Fiebig, Thiasiriphet, T., Schnell, M., and U.C. Fiebig,
"Measurement of the L-band Air-to-Ground Channel for "Measurement of the L-band Air-to-Ground Channel for
Positioning Applications", IEEE Transactions on Aerospace Positioning Applications", IEEE Transactions on Aerospace
and Electronic Systems, 52(5), pp.2281-229 , 2016. and Electronic Systems, 52(5), pp.2281-229 , 2016.
[MAE20191] Maeurer, N., Graeupl, T., and C. Schmitt, "Evaluation of [MAE20191] Maeurer, N., Graeupl, T., and C. Schmitt, "Evaluation of
the LDACS Cybersecurity Implementation", IEEE 38th Digital the LDACS Cybersecurity Implementation", IEEE 38th Digital
Avionics Systems Conference (DACS), pp. 1-10, San Diego, Avionics Systems Conference (DACS), pp. 1-10, San Diego,
CA, USA , 2019. CA, USA , 2019.
[MAE20192] Maeurer, N. and C. Schmitt, "Towards Successful [MAE20192] Maeurer, N. and C. Schmitt, "Towards Successful
Realization of the LDACS Cybersecurity Architecture: An Realization of the LDACS Cybersecurity Architecture: An
Updated Datalink Security Threat- and Risk Analysis", IEEE Updated Datalink Security Threat- and Risk Analysis", IEEE
Integrated Communications, Navigation and Surveillance Integrated Communications, Navigation and Surveillance
Conference (ICNS), pp. 1-13, Herndon, VA, USA , 2019. Conference (ICNS), pp. 1-13, Herndon, VA, USA , 2019.
[GRA2019] Graeupl, T., Rihacek, C., and B. Haindl, "LDACS A/G
Specification", SESAR2020 PJ14-02-01 D3.3.030 , 2019.
[FAN2019] Pierattelli, S., Fantappie, P., Tamalet, S., van den [FAN2019] Pierattelli, S., Fantappie, P., Tamalet, S., van den
Einden, B., Rihacek, C., and T. Graeupl, "LDACS Deployment Einden, B., Rihacek, C., and T. Graeupl, "LDACS Deployment
Options and Recommendations", SESAR2020 PJ14-02-01 Options and Recommendations", SESAR2020 PJ14-02-01
D3.4.020 , 2019. D3.4.020 , 2019.
[MAE20182] Maeurer, N. and A. Bilzhause, "A Cybersecurity [MAE20182] Maeurer, N. and A. Bilzhause, "A Cybersecurity
Architecture for the L-band Digital Aeronautical Architecture for the L-band Digital Aeronautical
Communications System (LDACS)", IEEE 37th Digital Avionics Communications System (LDACS)", IEEE 37th Digital Avionics
Systems Conference (DASC), pp. 1-10, London, UK , 2017. Systems Conference (DASC), pp. 1-10, London, UK , 2017.
skipping to change at page 32, line 13 skipping to change at page 31, line 28
2011. 2011.
[GRA2018] Graeupl, T., Schneckenburger, N., Jost, T., Schnell, M., [GRA2018] Graeupl, T., Schneckenburger, N., Jost, T., Schnell, M.,
Filip, A., Bellido-Manganell, M.A., Mielke, D.M., Maeurer, Filip, A., Bellido-Manganell, M.A., Mielke, D.M., Maeurer,
N., Kumar, R., Osechas, O., and G. Battista, "L-band N., Kumar, R., Osechas, O., and G. Battista, "L-band
Digital Aeronautical Communications System (LDACS) flight Digital Aeronautical Communications System (LDACS) flight
trials in the national German project MICONAV", Integrated trials in the national German project MICONAV", Integrated
Communications, Navigation, Surveillance Conference Communications, Navigation, Surveillance Conference
(ICNS), pp. 1-7, Herndon, VA, USA , 2018. (ICNS), pp. 1-7, Herndon, VA, USA , 2018.
[SCH20191] Schnell, M., "DLR Tests Digital Communications
Technologies Combined with Additional Navigation Functions
for the First Time", 2019.
[ICA2018] International Civil Aviation Organization (ICAO), "L-Band [ICA2018] International Civil Aviation Organization (ICAO), "L-Band
Digital Aeronautical Communication System (LDACS)", Digital Aeronautical Communication System (LDACS)",
International Standards and Recommended Practices Annex 10 International Standards and Recommended Practices Annex 10
- Aeronautical Telecommunications, Vol. III - - Aeronautical Telecommunications, Vol. III -
Communication Systems , 2018. Communication Systems , 2018.
[SAJ2014] Haindl, B., Meser, J., Sajatovic, M., Mueller, S., [SAJ2014] Haindl, B., Meser, J., Sajatovic, M., Mueller, S.,
Arthaber, H., Faseth, T., and M. Zaisberger, "LDACS1 Arthaber, H., Faseth, T., and M. Zaisberger, "LDACS1
Conformance and Compatibility Assessment", IEEE/AIAA 33rd Conformance and Compatibility Assessment", IEEE/AIAA 33rd
Digital Avionics Systems Conference (DASC), pp. 1-11, Digital Avionics Systems Conference (DASC), pp. 1-11,
skipping to change at page 33, line 32 skipping to change at page 32, line 41
[MAE20181] Maeurer, N. and A. Bilzhause, "Paving the Way for an IT [MAE20181] Maeurer, N. and A. Bilzhause, "Paving the Way for an IT
Security Architecture for LDACS: A Datalink Security Security Architecture for LDACS: A Datalink Security
Threat and Risk Analysis", IEEE Integrated Communications, Threat and Risk Analysis", IEEE Integrated Communications,
Navigation, Surveillance Conference (ICNS), pp. 1-11, New Navigation, Surveillance Conference (ICNS), pp. 1-11, New
York, NY, USA , 2018. York, NY, USA , 2018.
[FAA2020] FAA, "Federal Aviation Administration. ADS-B Privacy.", [FAA2020] FAA, "Federal Aviation Administration. ADS-B Privacy.",
August 2020, August 2020,
<https://www.faa.gov/nextgen/equipadsb/privacy/>. <https://www.faa.gov/nextgen/equipadsb/privacy/>.
[GNU2012] GNU Radio project, "GNU radio", August 2012, [GNU2021] GNU Radio project, "GNU radio", October 2021,
<http://gnuradio.org>. <http://gnuradio.org>.
[SIT2020] SITA, "Societe Internationale de Telecommunications [SIT2020] SITA, "Societe Internationale de Telecommunications
Aeronautiques", August 2020, <https://www.sita.aero/>. Aeronautiques", August 2020, <https://www.sita.aero/>.
[ARI2020] ARINC, "Aeronautical Radio Incorporated", August 2020, [ARI2020] ARINC, "Aeronautical Radio Incorporated", August 2020,
<https://www.aviation-ia.com/>. <https://www.aviation-ia.com/>.
[DO350A] RTCA SC-214, "Safety and Performance Standard for Baseline [DO350A] RTCA SC-214, "Safety and Performance Standard for Baseline
2 ATS Data Communications (Baseline 2 SPR Standard)", May 2 ATS Data Communications (Baseline 2 SPR Standard)", May
2016, <https://standards.globalspec.com/std/10003192/rtca- 2016, <https://standards.globalspec.com/std/10003192/rtca-
do-350-volume-1-2>. do-350-volume-1-2>.
[ICAO20151] [ICAO2019] International Civil Aviation Organization (ICAO), "Manual
International Civil Aviation Organization (ICAO), "Manual
on VHF Digital Link (VDL) Mode 2, Doc 9776", January 2019, on VHF Digital Link (VDL) Mode 2, Doc 9776", January 2019,
<https://store.icao.int/en/manual-on-vhf-digital-link-vdl- <https://store.icao.int/en/manual-on-vhf-digital-link-vdl-
mode-2-doc-9776>. mode-2-doc-9776>.
[ICAO20152]
International Civil Aviation Organization (ICAO), "Manual
on the Aeronautical Telecommunication Network (ATN) using
Internet Protocol Suite (IPS) Standards and Protocols, Doc
9896", January 2015,
<https://standards.globalspec.com/std/10026940/icao-9896>.
[KAMA2010] Kamali, B., "An Overview of VHF Civil Radio Network and [KAMA2010] Kamali, B., "An Overview of VHF Civil Radio Network and
the Resolution of Spectrum Depletion", Integrated the Resolution of Spectrum Depletion", Integrated
Communications, Navigation, and Surveillance Conference, Communications, Navigation, and Surveillance Conference,
pp. F4-1-F4-8 , May 2010. pp. F4-1-F4-8 , May 2010.
[DIF1976] Diffie, W. and M. Hellman, "New Directions in [SON2021] Soni, D., Basu, K., Nabeel, M., Aaraj, N., Manzano, M.,
Cryptography", IEEE Transactions on Information Theory, and R. Karri, "FALCON", Hardware Architectures for Post-
22(6):644-654 , November 1976. Quantum Digital Signature Schemes, pp. 31-41 , November
2021.
[KOB1987] Koblitz, N. and M. Hellman, "Elliptic Curve [KOB1987] Koblitz, N. and M. Hellman, "Elliptic Curve
Cryptosystems", Mathematics of Computation, Cryptosystems", Mathematics of Computation,
48(177):203-209. , January 1987. 48(177):203-209. , January 1987.
[JAO2011] Jao, D. and L. De Feo, "Towards Quantum-Resistant [SIK2021] SIKE, "SIKE – Supersingular Isogeny Key Encapsulation",
Cryptosystems from Super-singular Elliptic Curve October 2021, <https://sike.org/>.
Isogenies", 4th International Workshop on Post-Quantum
Cryptography, Springer, Heidelberg, Germany, pp. 19-34 ,
November 2011.
[MAE2021] Maeurer, N., Graeupl, T., and C. Schmitt, "Cybersecurity
for the L-band DigitalAeronautical Communications System
(LDACS)", Aviation Cybersecurity: Foundations, Principles,
and Applications. H. Song, K. Hopkinson, T. De Cola, T.
Alexandrovich, and D. Liu (Eds.), Chapter 07, in printing
process , 2021.
[BER2017] Bernstein, D.J. and T. Lange, "Post-Quantum Cryptography",
Nature, 549(7671):188-194 , 2017.
[PRI2014] Pritzker, P. and P.D. Gallagher, "SHA-3 standard:
Permutation-Based Hash and Extendable-Output Functions",
Information Tech Laboratory National Institute of
Standards and Technology, pp. 1-35 , 2014.
[ZHE2007] Zheng, X., Huang, C.T., and M. Matthews, "Chinese
Remainder Theorem-Based Group Key Management", 45th Annual
Southeast Regional Conference, ACM, New York, NY, USA, pp.
266-271 , March 2007.
[GUG2018] Guggemos, T., Streit, K., Knuepfer, M., gentsche Felde,
N., and P. Hillmann, "No Cookies, Just CAKE: CRTbased Key
Hierarchy for Efficient Key Management in Dynamic Groups",
International Conference for Internet Technology and
Secured Transactions, Cambridge, UK, pp. 25-32 , December
2018.
[SAK2014] Sakamoto, N., "An Efficient Structure for LKH Key Tree on
Secure Multi-Cast Communications", 15th IEEE/ACIS
International Conference on Software Engineering,
Artificial Intelligence, Networking and Parallel/
Distributed Computing, New York, NY, USA, pp. 1-7 ,
November 2014.
[KUM2020] Kumar, V., Kumar, R., and S.K. Pandey, "A Computationally [ROY2020] Roy, S.S.. and A. Basso, "High-Speed Instruction-Set
Efficient Centralized Group Key Distribution Protocol for Coprocessor For Lattice-Based Key Encapsulation Mechanism:
Secure Multicast Communications Based Upon RSA Public Key Saber In Hardware", IACR Transactions on Cryptographic
Cryptosystem", Journal of King Saud University - Computer Hardware and Embedded Systems, 443-466. , August 2020.
and Information Sciences, 32(9):1081-1094 , 2020.
[RAW-TECHNOS] [RAW-TECHNOS]
Thubert, P., Cavalcanti, D., Vilajosana, X., Schmitt, C., Thubert, P., Cavalcanti, D., Vilajosana, X., Schmitt, C.,
and J. Farkas, "Reliable and Available Wireless and J. Farkas, "Reliable and Available Wireless
Technologies", Work in Progress, Internet-Draft, draft- Technologies", Work in Progress, Internet-Draft, draft-
ietf-raw-technologies-01, 19 February 2021, ietf-raw-technologies-04, 3 August 2021,
<https://tools.ietf.org/html/draft-ietf-raw-technologies- <https://datatracker.ietf.org/doc/html/draft-ietf-raw-
01>. technologies-04>.
[RAW-USE-CASES] [RAW-USE-CASES]
Papadopoulos, G. Z., Thubert, P., Theoleyre, F., and C. J. Papadopoulos, G. Z., Thubert, P., Theoleyre, F., and C. J.
Bernardos, "RAW use cases", Work in Progress, Internet- Bernardos, "RAW use cases", Work in Progress, Internet-
Draft, draft-ietf-raw-use-cases-01, 21 February 2021, Draft, draft-ietf-raw-use-cases-03, 20 October 2021,
<https://tools.ietf.org/html/draft-ietf-raw-use-cases-01>. <https://datatracker.ietf.org/doc/html/draft-ietf-raw-use-
cases-03>.
[I-D.ietf-ipsecme-g-ikev2] [I-D.haindl-lisp-gb-atn]
Smyslov, V. and B. Weis, "Group Key Management using Haindl, B., Lindner, M., Rahman, R., Comeras, M. P.,
IKEv2", Work in Progress, Internet-Draft, draft-ietf- Moreno, V., Maino, F., and B. Venkatachalapathy, "Ground-
ipsecme-g-ikev2-02, 11 January 2021, Based LISP for the Aeronautical Telecommunications
<https://tools.ietf.org/html/draft-ietf-ipsecme- Network", Work in Progress, Internet-Draft, draft-haindl-
g-ikev2-02>. lisp-gb-atn-06, 6 March 2021,
<https://datatracker.ietf.org/doc/html/draft-haindl-lisp-
gb-atn-06>.
[I-D.ietf-rtgwg-atn-bgp]
Templin, F. L., Saccone, G., Dawra, G., Lindem, A., and V.
Moreno, "A Simple BGP-based Mobile Routing System for the
Aeronautical Telecommunications Network", Work in
Progress, Internet-Draft, draft-ietf-rtgwg-atn-bgp-11, 6
July 2021, <https://datatracker.ietf.org/doc/html/draft-
ietf-rtgwg-atn-bgp-11>.
[ICAO2018] International Civil Aviation Organization (ICAO),
"Handbook on Radio Frequency Spectrum Requirements for
Civil Aviation, Doc 9718, Volume 1, ICAO Spectrum
Strategy, Policy Statements and Related Information", July
2018, <https://www.icao.int/safety/FSMP/Documents/Doc9718/
Doc9718_Vol_I_2nd_ed_(2018)corr1.pdf>.
[EURO2021] European Organization for Civil Aviation Equipment
(EUROCAE), "Radio Frequency Function 2020 report", March
2021, <https://www.eurocontrol.int/>.
[ARI2019] ARINC, "AOC Air-Ground Data And Message Exchange Format,
ARINC 633", January 2019,
<https://standards.globalspec.com/std/13152055/
ARINC%20633>.
[VIR2021] Virdia, A., Stea, G., and G. Dini, "SAPIENT: Enabling
Real-Time Monitoring and Control in the Future
Communication Infrastructure of Air Traffic Management",
IEEE Transactions on Intelligent Transportation Systems,
22(8):4864-4875 , August 2021.
[SHU2013] Shutin, D., Schneckenburger, N., Walter, M., and M.
Schnell, "LDACS1 Ranging Performance - An Analysis Of
Flight Measurement Results", IEEE 32th Digital Avionics
Systems Conference (DASC), pp. 1-10, East Syracuse, NY,
USA , October 2013.
[BEL2021] Bellido-Manganell, M.A., Graeupl, T., Heirich, O.,
Maeurer, N., Filip-Dhaubhadel, A., Mielke, D.M., Schalk,
L.M., Becker, D., Schneckenburger, N., and M. Schnell,
"LDACS Flight Trials: Demonstration and Performance
Analysis of the Future Aeronautical Communications
System", IEEE Transactions on Aerospace and Electronic
Systems, pp. 1-19 , September 2021.
[MAE2021] Maeurer, N., Graeupl, T., Gentsch, C., Guggemos, T.,
Tiepelt, M., Schmitt, C., and G. Dreo Rodosek, "A Secure
Cell-Attachment Procedure for LDACS", 1st Workshop on
Secure and Reliable Communication and Navigation in the
Aerospace Domain (SRCNAS), pp. 1-10, Vienna, Austria ,
September 2021.
[MAE20211] Maeurer, N., Graeupl, T., Bellido-Manganell, M.A., Mielke,
D.M., Filip-Dhaubhadel, A., Heirich, O., Gerberth, D.,
Flux, M., Schalk, L.M., Becker, D., Schneckenburger, N.,
and M. Schnell, "Flight Trial Demonstration of Secure GBAS
via the L-band Digital Aeronautical Communications System
(LDACS)", IEEE Aerospace and Electronic Systems Magazine,
36(4), pp. 8-17 , April 2021.
[BOE2019] Boegl, T., Rautenberg, M., Haindl, R., Rihacek, C., Meser,
J., Fantappie, P., Pringvanich, N., Micallef, J.,
Klauspeter, H.., MacBride, J., Sacre, P., v.d. Eiden, B.,
Graeupl, T., and M. Schnell, "LDACS White Paper - A Roll-
out Scenario", International Civil Aviation Organization,
Communications Panel - Data Communications Infrastructure
Working Group - Third Meeting, pp. 1-8, Montreal, Canada ,
October 2019.
Appendix A. Selected Information from DO-350A Appendix A. Selected Information from DO-350A
This appendix includes the continuity, availability, and integrity This appendix includes the continuity, availability, and integrity
requirements interesting for LDACS defined in [DO350A]. requirements applicable for LDACS defined in [DO350A].
The following terms are used here: The following terms are used here:
CPDLC Controller Pilot Data Link Communication CPDLC Controller Pilot Data Link Communication
DT Delivery Time (nominal) value for RSP DT Delivery Time (nominal) value for RSP
ET Expiration Time value for RCP ET Expiration Time value for RCP
FH Flight Hour FH Flight Hour
MA Monitoring and Alerting criteria MA Monitoring and Alerting criteria
OT Overdue Delivery Time value for RSP OT Overdue Delivery Time value for RSP
RCP Required Communication Performance RCP Required Communication Performance
skipping to change at page 36, line 14 skipping to change at page 36, line 4
CPDLC Controller Pilot Data Link Communication CPDLC Controller Pilot Data Link Communication
DT Delivery Time (nominal) value for RSP DT Delivery Time (nominal) value for RSP
ET Expiration Time value for RCP ET Expiration Time value for RCP
FH Flight Hour FH Flight Hour
MA Monitoring and Alerting criteria MA Monitoring and Alerting criteria
OT Overdue Delivery Time value for RSP OT Overdue Delivery Time value for RSP
RCP Required Communication Performance RCP Required Communication Performance
RSP Required Surveillance Performance RSP Required Surveillance Performance
TT Transaction Time (nominal) value for RCP TT Transaction Time (nominal) value for RCP
+========================+=============+=============+ +========================+=============+=============+
| | ECP 130 | ECP 130 | | | RCP 130 | RCP 130 |
+========================+=============+=============+ +========================+=============+=============+
| Parameter | ET | TT95% | | Parameter | ET | TT95% |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
| Transaction Time (sec) | 130 | 67 | | Transaction Time (sec) | 130 | 67 |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
| Continuity | 0.999 | 0.95 | | Continuity | 0.999 | 0.95 |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
| Availability | 0.989 | 0.989 | | Availability | 0.989 | 0.989 |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
| Integrity | 1E-5 per FH | 1E-5 per FH | | Integrity | 1E-5 per FH | 1E-5 per FH |
+------------------------+-------------+-------------+ +------------------------+-------------+-------------+
Table 1: CPDLC Requirements for ECP Table 1: CPDLC Requirements for RCP 130
+==============+==========+==============+=========+=========+ +==============+==========+==============+=========+=========+
| | RCP 240 | RCP 240 | RCP 400 | RCP 400 | | | RCP 240 | RCP 240 | RCP 400 | RCP 400 |
+==============+==========+==============+=========+=========+ +==============+==========+==============+=========+=========+
| Parameter | ET | TT95% | ET | TT95% | | Parameter | ET | TT95% | ET | TT95% |
+--------------+----------+--------------+---------+---------+ +--------------+----------+--------------+---------+---------+
| Transaction | 240 | 210 | 400 | 350 | | Transaction | 240 | 210 | 400 | 350 |
| Time (sec) | | | | | | Time (sec) | | | | |
+--------------+----------+--------------+---------+---------+ +--------------+----------+--------------+---------+---------+
| Continuity | 0.999 | 0.95 | 0.999 | 0.95 | | Continuity | 0.999 | 0.95 | 0.999 | 0.95 |
+--------------+----------+--------------+---------+---------+ +--------------+----------+--------------+---------+---------+
| Availability | 0.989 | 0.989 | 0.989 | 0.989 | | Availability | 0.989 | 0.989 | 0.989 | 0.989 |
| | (safety) | (efficiency) | | | | | (safety) | (efficiency) | | |
+--------------+----------+--------------+---------+---------+ +--------------+----------+--------------+---------+---------+
| Integrity | 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 | | Integrity | 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 |
| | FH | | per FH | per FH | | | FH | | per FH | per FH |
+--------------+----------+--------------+---------+---------+ +--------------+----------+--------------+---------+---------+
Table 2: CPDLC Requirements for RCP Table 2: CPDLC Requirements for RCP 240/400
RCP Monitoring and Alerting Criteria in case of CPDLC: RCP Monitoring and Alerting Criteria in case of CPDLC:
- MA-1: The system SHALL be capable of detecting failures and - MA-1: The system shall be capable of detecting failures and
configuration changes that would cause the communication service configuration changes that would cause the communication service
no longer meet the RCP specification for the intended use. no longer meet the RCP specification for the intended use.
- MA-2: When the communication service can no longer meet the RCP - MA-2: When the communication service can no longer meet the RCP
specification for the intended function, the flight crew and/or specification for the intended function, the flight crew and/or
the controller SHALL take appropriate action. the controller shall take appropriate action.
+==============+=====+=====+==========+==============+======+=======+ +==============+=====+=====+==========+==============+======+=======+
| | RSP | RSP | RSP 180 | RSP 180 | RSP |RSP 400| | | RSP | RSP | RSP 180 | RSP 180 | RSP |RSP 400|
| | 160 | 160 | | | 400 | | | | 160 | 160 | | | 400 | |
+==============+=====+=====+==========+==============+======+=======+ +==============+=====+=====+==========+==============+======+=======+
| Parameter | OT |DT95%| OT | DT95% | OT | DT95% | | Parameter | OT |DT95%| OT | DT95% | OT | DT95% |
+--------------+-----+-----+----------+--------------+------+-------+ +--------------+-----+-----+----------+--------------+------+-------+
| Transaction | 160 | 90 | 180 | 90 | 400 | 300 | | Transaction | 160 | 90 | 180 | 90 | 400 | 300 |
| Time (sec) | | | | | | | | Time (sec) | | | | | | |
+--------------+-----+-----+----------+--------------+------+-------+ +--------------+-----+-----+----------+--------------+------+-------+
skipping to change at page 37, line 35 skipping to change at page 37, line 28
+--------------+-----+-----+----------+--------------+------+-------+ +--------------+-----+-----+----------+--------------+------+-------+
| Integrity | 1E-5| 1E-5| 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 | | Integrity | 1E-5| 1E-5| 1E-5 per | 1E-5 per FH | 1E-5 | 1E-5 |
| | per | per | FH | |per FH| per FH| | | per | per | FH | |per FH| per FH|
| | FH | FH | | | | | | | FH | FH | | | | |
+--------------+-----+-----+----------+--------------+------+-------+ +--------------+-----+-----+----------+--------------+------+-------+
Table 3: ADS-C Requirements Table 3: ADS-C Requirements
RCP Monitoring and Alerting Criteria: RCP Monitoring and Alerting Criteria:
- MA-1: The system SHALL be capable of detecting failures and - MA-1: The system shall be capable of detecting failures and
configuration changes that would cause the ADS-C service no longer configuration changes that would cause the ADS-C service no longer
meet the RSP specification for the intended function. meet the RSP specification for the intended function.
- MA-2: When the ADS-C service can no longer meet the RSP - MA-2: When the ADS-C service can no longer meet the RSP
specification for the intended function, the flight crew and/or specification for the intended function, the flight crew and/or
the controller SHALL take appropriate action. the controller shall take appropriate action.
Authors' Addresses Authors' Addresses
Nils Maeurer (editor) Nils Maeurer (editor)
German Aerospace Center (DLR) German Aerospace Center (DLR)
Muenchner Strasse 20 Muenchner Strasse 20
82234 Wessling 82234 Wessling
Germany Germany
Email: Nils.Maeurer@dlr.de Email: Nils.Maeurer@dlr.de
 End of changes. 205 change blocks. 
938 lines changed or deleted 917 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/