ATN/IPS SECURITY APPROACH: TWO-WAY MUTUAL AUTHENTICATION, DATA INTEGRITY AND PRIVACY

Currently there are various industry and regulatory activities (Airlines Electronic Engineering Committee Internet Protocol Suites (IPS) Working Group, Radio Technical Commission for Aeronautics SC-223, EUROCAE Working Group 108, and ICAO Working Group I) underway to develop the future aviation safety service Aeronautical Telecommunication Network (ATN) based on Internet Protocol Suite (IPS) IPv6, which is the selected protocol for air/ground communication in support of Air Traffic Service (ATS) safety service applications. This will provide IPv6 as an alternative to the traditional ACARS and ATN/OSI protocols for the air/ground aviation safety services network, but it also exposes the aviation safety services data communication to various cyber security threats. Data communication security plays an important role in the successful development of ATN/IPS as a next generation aviation safety service network that support ATS, ATC, AOC messages over various air/ground radio links. Security countermeasures help ensure the confidentiality, availability, and integrity of ATN/IPS systems by preventing or mitigating harm from cyber security attacks. This paper introduces the motivation and context for ATN/IPS security in terms of the aviation safety service data communication network. It describes the first fully implemented two-way authentication security, data integrity scheme for the aircraft air/ground safety service communications based on existing internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol. The security approach uses Elliptical Curve Cryptography (ECC), which is the most efficient, matured, and widely accepted public key cryptography algorithm. This paper presents the DTLS implementation in the context of an air/ground system architecture and overall feasibility and the scheme's feasibility (low overhead and high interoperability). This is further demonstrated through extensive evaluation of a prototype using an existing avionics hardware platform and an existing ground system.