An analysis of ICAO requirements and recommendations for information security of the ATN
DOI:
https://doi.org/10.18372/2410-7840.15.5367Keywords:
information security, aeronautical telecommunications, Aeronautical Telecommunication Network, protection of Internet protocols, Internet Key Exchange protocolAbstract
Development and commissioning of the Aeronautical Telecommunication Network using standards and protocols for Internet Protocol Suite accompanied by the ICAO requirements and recommendations for the protection of communications against unauthorized access. These requirements, on the one hand, are conceptual in nature determining the levels of protection in accordance with the classification of the OSI/ISO, the general methodology of protection, on the other hand, have mandatory defining specific processes and technical solutions protect information resources. The problem boils down to the integration of various technical security solutions considering their possible deviance, where permitted by the conceptual nature of the requirements, and at the same time ensuring the necessary level of protection. Procedures for the protection of information resources in the implementation of digital communication sessions "ground-to-ground" and "air-to-ground" in the network ATN/IPS, recommended by the regulations of the ICAO, should be implemented in the network, transport, and application layers of digital aeronautical communications. There is not clearly specified strict criteria for the required (guaranteed) level of protection (evaluation criteria for information security from unauthorized access) and at the same time regulates the use of measures to protect the information based on IPsec, IKEv2 and ESP. Therefore the development of threat models and the definition of the functional profile of security for automated systems (AS) of aviation applications can be based on the experience of the development of threat models and definitions of functional profiles of protection for AS of the class "2" and class "3", the operation of which is based on standard telecommunication channels using the standards and protocols of the Internet protocol Suite.References
Руководство по сети авиационной электросвязи (ATN), использующей стандарты и протоколы пакета протоколов Интернет (IPS): Doc 9896 AN/469. – Издание первое. – Международная организация гражданской авиации (ICAO), 2010. – 112 с.
Computer security. Guide to IPsec VPNs: NIST SP 800-77. – National Institute of Standards and Technology (NIST), 2005. – 126 pp.
Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2): RFC 4307. – Internet Engineering Task Force (IETF), 2005. – 6 pp.
Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH): RFC 4835. – Internet Engineering Task Force (IETF), 2007. – 11 pp.
ECP Groups for IKE and IKEv2: RFC 4753. – Internet Engineering Task Force (IETF), 2007. – 16 pp.
Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS): RFC 4492. – Internet Engineering Task Force (IETF), 2006. – 35 pp.
HMAC: Keyed-Hashing for Message Authentication: RFC 2104. – Internet Engineering Task Force (IETF), 1997. – 11 pp.
IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA): RFC 4754. – Internet Engineering Task Force (IETF), 2007. – 15 pp.
Internet Key Exchange (IKEv2) Protocol: RFC 4306. – Internet Engineering Task Force (IETF), 2005. – 99 pp.
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile: RFC 5280. – Internet Engineering Task Force (IETF), 2008. – 151 pp.
Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework: RFC 3647. – Internet Engineering Task Force (IETF), 2003. – 94 pp.
IP Authentication Header: RFC 4302. – Internet Engineering Task Force (IETF), 2005. – 34 pp.
IP Encapsulating Security Payload (ESP): RFC 4303. – Internet Engineering Task Force (IETF), 2005. – 44 pp.
Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture: RFC 4877. – Internet Engineering Task Force (IETF), 2007. – 26 pp.
Security Architecture for the Internet Protocol: RFC 4301. – Internet Engineering Task Force (IETF), 2005. – 101 pp.
Suite B Cryptographic Suites for IPsec: RFC 4869. – Internet Engineering Task Force (IETF), 2007. – 9 pp.
The AES-CBC Cipher Algorithm and Its Use with IPsec: RFC 3602. – Internet Engineering Task Force (IETF), 2003. – 15 pp.
The Transport Layer Security (TLS) Protocol Version 1.2: RFC 5246. – Internet Engineering Task Force (IETF), 2008. – 104 pp.
The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP): RFC 4106. – Internet Engineering Task Force (IETF), 2005. – 11 pp.
Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec: RFC 4868. – Internet Engineering Task Force (IETF), 2007. – 21 pp.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
