270 likes | 395 Views
Aeronautical Information Security ATN Conference September 24-25 2002. Honeywell Advanced Systems Technology Group 7000 Columbia Gateway Drive Columbia, MD 21046. Agenda. What is Information Security Overview of Cryptography ATN Security Secure ACARS.
E N D
Aeronautical Information SecurityATN ConferenceSeptember 24-25 2002 Honeywell Advanced Systems Technology Group 7000 Columbia Gateway Drive Columbia, MD 21046
Agenda • What is Information Security • Overview of Cryptography • ATN Security • Secure ACARS
Information security is concerned with providing: Confidentiality, Authentication, Integrity, and Availability of data (during both storage and communication). What is Information Security?
Thorough Vulnerability analysis to identify relevant risks Bandwidth and computation constraints Standardization – use of proven security solutions Cost of implementation,deployment and maintenance Critical Considerations for Aeronautical INFOSEC
Privacy Authentication Spoofing Monitoring Integrity Data Corruption Virus Modification Viruses Vulnerability and Risk Analysis
Symmetric Cryptography a.k.a., Secret Key Cryptography A single shared secret key () is used to both encrypt and decrypt a message Common algorithms DES, Triple-DES, IDEA, AES Strengths Excellent performance (fast) Very strong security Weaknesses Secret key management requires sending and receiving parties to obtain shared secret key via secure means Not practical for digital signing or authentication Scalability Encryption Alice Encrypt Bob Decrypt Overview of Cryptography [1/5]
Asymmetric Cryptography a.k.a., Public Key Cryptography Keys come in pairs -- one private ( ), one public () Operation “done” with one key is “undone” with other Common algorithms RSA, DSA, ECC Strengths Minimizes exposure of keys Only public keys are shared Knowing public key provides no information about private key Enables digital signatures Weaknesses Computationally slow compared to symmetric key Requires “trust” in public keys Encryption Digital Signature Bob Alice Encrypt Bob Bob Decrypt Alice Alice Sign + Alice Bob + Verify Overview of Cryptography [2/5]
Bob Alice Alice Encrypt Encrypt Hash & Sign Note: is a public key certificate which contains Alice’s public key signed by a trusted Certificate Authority (CA). Confidentiality and Authentication Confidentiality Only Alice Bob Bob Hash & Verify Decrypt Decrypt Overview of Cryptography [3/5] Hybrid Cryptography • Takes advantage of symmetric and asymmetric strengths • Encrypt messages using high performance symmetric algorithms • Securely manage message encryption keys and digitally sign messages using slower asymmetric algorithms
Alice Alice Bob Bob Derive Key HMAC TAG Overview of Cryptography [4/5] Session Key Derivation • Shared secret key is derived independently from parameters that are exchanged in the open • Mathematical properties ensure that session keys generated independently by both parties are identical • Conserves system resources Alice Alice Bob Verify Derive Key Sign Note: is a public key certificate which contains Alice’s public key signed by a trusted Certificate Authority (CA). Note: Alice generates some session Parameters and sends them to Bob. Her signature ensures authenticity. Note: Alice and Bob derives the session key fromparameters exchanged between them, their respective addresses, and their public/private key pairs. Alice
Overview of Cryptography [5/5] Basic Contents of a Public Key Certificate Public Key Certificate Distinguished Name: cn= Identifier ou= ATN-Aircraft o= Honeywell c= US Serial No.: 12345678 Valid Not Before: Date/Time Valid Not After: Date/Time Public Key: Key Usage: Signing Issuing CA Distinguished Name: cn= ‘State’-CA ou= ATN o= Honeywell c= US Unique name of public key owner Unique public key certificate number Certificate validity dates Public key Key Usage (signing or encryption) Name of certificate issuer Certificate issuer’s digital signature
Security in ATN • Risk analysis performed by Eurocontrol has identified the following threats: • Masquerade/modification/replay of air-ground application communications. • Denial of service by flooding ground IDRP databases. • Airlines desire to ensure the confidentiality of operational data. • ATN SARPs (Edition 3) provides the following security services: • Authentication and integrity of air-ground applications. • Authentication and integrity of IDRP communications. • Supporting Public Key Infrastructure (PKI). • ATNP WG-B/Sub-Group 3 is enhancing the ATN SARPs to add confidentiality services
ATN Security Solution • Uses both symmetric & public-key cryptography. • Based on ISO Generic Upper Layer Security (GULS) standard. • Mutual authentication during initial CM contact is provided by Elliptic Curve Digital Signature Algorithm (ECDSA). • Initial CM contact also establishes shared public value using (EC Diffie-Hellman) • Required public keys of applications are delivered to aircraft during initial CMA exchange. • Application (and location) specific session keys derived by applications from their key pairs and shared public value. • Subsequent application communications secured by Hashed Message Authentication Code (HMAC) under session key • Message Counter and source included to prevent replay.
ATN PKI • Major components: Certificate Authorities (CA) and Certificate Delivery Services. • Each State is required to establish and maintain a CA and Delivery Services. • Aircraft operators may maintain subordinate CAs. • CAs issue X.509 certificates and CRLs. • Sharing of CAs among States is recommended to reduce cross certification. • Delivery Services deliver certificates and CRLs to ATN entities.
Relationship of ATN CAs State CA State CA State CA AOE CAs Ground CMA Ground Apps Ground Routers Aircraft CMAs Aircraft Routers
Certificate Delivery Services • May use X.500 directories for automated certificate delivery. • Ground scenarios: • All applications and routers have directory access. • CMA has directory access and provides certificates and CRLs as needed to other applications. • Certificates may be cashed locally or pre-stored. • Air scenarios: • Short-lived certificates for CMA/routers sent to aircraft. • Certificate fields known by aircraft in advance not sent on RF. Certificate reconstructed by aircraft before verification. • CMA certificates may be pre-stored.
Secure ACARS Overview • US Air Force Dual Use Science and Technology (DUS&T) Program • Objective of DUS&T: Leverage Commercial Know-how, Investments, and Markets for Dual Commercial and Military Use • Cooperative Agreement Between Government and Contractor • 50/50 Cost Share between Honeywell and USAF • Phase 1: Extend ACARS protocol to support standard-based security solution • Honeywell, Columbia MD • Expected completion of laboratory prototype by 2/2003
System Capabilities • Security Services • Authentication: Provide strong authentication of the terrestrial and airborne communicating peer entities • Data Integrity: Provide data integrity for the ACARS payload • Data Confidentiality: Provide data confidentiality for the ACARS payload • Migration to ATN • Implements cryptographic primitives, functions, and Public Key Infrastructure (PKI) specified in the ATN SARPs, Security Services (ICAO Doc 9705, SV 8) • Compatibility/Interoperability • Support full backward compatibility with the existing ACARS message traffic when operating in non-secure mode • Permit the DSP to route ACARS security message traffic in the same manner as current non-secure message traffic • Ensure media independence to facilitate operation over VHF, HF, SATCOM or other future communication links • Data Compression to preserve ACARS bandwidth
Notes S-ACARS ECDSA FIPS-186-2 HMAC-SHA-1 RFC 2104 Note 1 SHA-1 FIPS-180-1 AES FIPS-197 ECDH ANSI X9.63 Note 2 ITU-T X.509 Proposed Security Framework for ACARS Security Service Mechanism Cryptographic Algorithms ATN SARPs Data Integrity / Authentication Digital Signature ECDSA FIPS-186-2 Message Authentication HMAC-SHA-1 RFC2104 Hash SHA-1 FIPS-180-1 Confidentiality Encryption AES FIPS-197 Key Management Key Exchange ECDH ANSI X9.63 PK Certificates ITU-T X.509 Notes: 1. HMAC is published as FIPS-198, as of 6 Mar 2002. 2. Currently there is no FIPS for key exchange; however for Elliptic Curve Cryptosystems, ANSI X9.63 is likely to be the basis for FIPS. Standards-based, COTS-supported Security Framework
Secure ACARS Overhead Analysis Based on Proposed ACARS Security Framework • Session Establishment • Key Establishment • Downlink: ~ 60 bytes • Uplink: ~ 21 bytes • Data Exchange • Confidentiality, Data Authentication/Integrity Services • Down/Uplink: Single-block or Multi-block ACARS message + Security Overhead (7 bytes) • Session Termination • Data Authentication/Integrity • Explicit • Downlink: ~ 10 bytes • Uplink: ~ 10 bytes • Implicit • Down/Uplink: 0 bytes Compression can negate overhead and achieve savings!
Contact Aloke Roy Honeywell International Phone #: +1-410-964-7341, Fax #: +1-410-964-7322 Email: aloke.roy@honeywell.com