An analysis of ICAO requirements and recommendations for information security of the ATN

Authors

  • Олексій Георгійович Голубничий Національний авіаційний університет

DOI:

https://doi.org/10.18372/2410-7840.15.5367

Keywords:

information security, aeronautical telecommunications, Aeronautical Telecommunication Network, protection of Internet protocols, Internet Key Exchange protocol

Abstract

Development and commissioning of the Aeronautical Telecommunication Network using standards and protocols for Internet Protocol Suite accompanied by the ICAO requirements and recommendations for the protection of communications against unauthorized access. These requirements, on the one hand, are conceptual in nature determining the levels of protection in accordance with the classification of the OSI/ISO, the general methodology of protection, on the other hand, have mandatory defining specific processes and technical solutions protect information resources. The problem boils down to the integration of various technical security solutions considering their possible deviance, where permitted by the conceptual nature of the requirements, and at the same time ensuring the necessary level of protection. Procedures for the protection of information resources in the implementation of digital communication sessions "ground-to-ground" and "air-to-ground" in the network ATN/IPS, recommended by the regulations of the ICAO, should be implemented in the network, transport, and application layers of digital aeronautical communications. There is not clearly specified strict criteria for the required (guaranteed) level of protection (evaluation criteria for information security from unauthorized access) and at the same time regulates the use of measures to protect the information based on IPsec, IKEv2 and ESP. Therefore the development of threat models and the definition of the functional profile of security for automated systems (AS) of aviation applications can be based on the experience of the development of threat models and definitions of functional profiles of protection for AS of the class "2" and class "3", the operation of which is based on standard telecommunication channels using the standards and protocols of the Internet protocol Suite.

Author Biography

Олексій Георгійович Голубничий, Національний авіаційний університет

PhD in Eng., Docent, Doctoral Student of the National Aviation University.

References

Руководство по сети авиационной электросвязи (ATN), использующей стандарты и протоколы пакета протоколов Интернет (IPS): Doc 9896 AN/469. – Издание первое. – Международная организация гражданской авиации (ICAO), 2010. – 112 с.

Computer security. Guide to IPsec VPNs: NIST SP 800-77. – National Institute of Standards and Technology (NIST), 2005. – 126 pp.

Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2): RFC 4307. – Internet Engineering Task Force (IETF), 2005. – 6 pp.

Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH): RFC 4835. – Internet Engineering Task Force (IETF), 2007. – 11 pp.

ECP Groups for IKE and IKEv2: RFC 4753. – Internet Engineering Task Force (IETF), 2007. – 16 pp.

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS): RFC 4492. – Internet Engineering Task Force (IETF), 2006. – 35 pp.

HMAC: Keyed-Hashing for Message Authentication: RFC 2104. – Internet Engineering Task Force (IETF), 1997. – 11 pp.

IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA): RFC 4754. – Internet Engineering Task Force (IETF), 2007. – 15 pp.

Internet Key Exchange (IKEv2) Protocol: RFC 4306. – Internet Engineering Task Force (IETF), 2005. – 99 pp.

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile: RFC 5280. – Internet Engineering Task Force (IETF), 2008. – 151 pp.

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework: RFC 3647. – Internet Engineering Task Force (IETF), 2003. – 94 pp.

IP Authentication Header: RFC 4302. – Internet Engineering Task Force (IETF), 2005. – 34 pp.

IP Encapsulating Security Payload (ESP): RFC 4303. – Internet Engineering Task Force (IETF), 2005. – 44 pp.

Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture: RFC 4877. – Internet Engineering Task Force (IETF), 2007. – 26 pp.

Security Architecture for the Internet Protocol: RFC 4301. – Internet Engineering Task Force (IETF), 2005. – 101 pp.

Suite B Cryptographic Suites for IPsec: RFC 4869. – Internet Engineering Task Force (IETF), 2007. – 9 pp.

The AES-CBC Cipher Algorithm and Its Use with IPsec: RFC 3602. – Internet Engineering Task Force (IETF), 2003. – 15 pp.

The Transport Layer Security (TLS) Protocol Version 1.2: RFC 5246. – Internet Engineering Task Force (IETF), 2008. – 104 pp.

The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP): RFC 4106. – Internet Engineering Task Force (IETF), 2005. – 11 pp.

Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec: RFC 4868. – Internet Engineering Task Force (IETF), 2007. – 21 pp.

Published

2014-02-07

Issue

Section

Articles