Gatelink - ATA e-Business Program


New Generation Aircraft Information
Security Web Seminar
Gatelink
Presented by the Air Transport Association
Digital Security Working Group
July 7, 2009
Agenda
• Brief Introduction to ATA
Presented by Paul Conn, Director of Electronic Data Standards, Air
Transport Association
• Public Key Infrastructure (PKI) concepts and terminology
Presented by Dave Coombs, Director, PKI Standards and Policy
Development, Carillon Information Security
• What is Gatelink to the Air Transportation Industry (ATI)
Presented by Mario Sabourin, Innovation Program Manager, SITA
• Aircraft PKI Considerations - Retrofit Perspective on
Getting a Device Certificate onto an Aircraft for Gatelink
Presented by Stephen Arentz, Sr. Enterprise Architect– Airline
Operations Strategy & Planning – Information Technology
Division, United Airlines
About ATA
•
•
•
•
Not-For-Profit Trade Association (founded 1936)
Washington D.C.
76 Employees
Membership:
17 U.S. Airlines
 3 International Airlines
 47 Industry Members
•
•
•
•
>90% Cargo/Passenger Traffic in the U.S.
Lobby Organization
Administer Industry Programs
Develop and Publish Industry Standards
ATA e-Business Program
Mission
Establish a global commercial aviation industry
information framework that facilitates:




Improved business agility
Reduced costs
Increased speed of business
Maintaining the highest level of safety
Membership
• Over 130 companies / organizations
• Over 2000 individual company representatives
• 33 Countries
ATA e-Business Program
Specifications
• Spec 42
 Aviation Industry Standards for Digital Information Security
• Spec 2000
 E-Business Specification for Materiels Management
• iSpec 2200
 Information Standards for Aviation Maintenance
• Spec 2300
 Data Exchange Standard for Flight Operations
• Common Support Data Dictionary
 Centralized industry data dictionary describing data elements and attributes, and their
properties
• ATA Aviation Marketplace
 The industry's primary product and service online catalog resource, enabling ecommerce between the world's major airlines and their suppliers.
ATA e-Business Program
ATA Digital Security Working Group
• Provides a forum for exchanging ideas, discussing challenges, and
recommending process improvements
Develops aviation industry consensus for changes to methods
and practices driven by digital security requirements
• Addresses the application of digital security technologies and
standards to ATA e-Business specifications
• Develops industry specifications to facilitate the civil aviation
community’s implementations of information security practices and
technologies
Introduction to PKI...
...and its use in the Air
Transport industry
The Problem

We rely on digital/virtual communication more than we used to.
– Before: face-to-face, telephone, paper, radio comms.
– Now: email, web-based tools, Word docs, Gatelink.

The value of these communications is still very high.
– Maybe higher.

How can we trust the identity of a voice we can't hear?

How can we be be sure our communications are private?

How can we answer these questions as an industry?
Public Key Infrastructure

PKI addresses these problems.
– Effectively a trust brokering system.
– Can convey digital identity assurance.
– Can ensure message integrity.
– Can ensure message confidentiality.

Efforts to do this in an industry-standard way.
– ATA Spec 42...
– ...in cooperation with other groups such as AEEC,
responsible for ARINC 822 (Gatelink).
Basic PKI Applications

Digital Signatures
– Provides Identity Assurance
– Provides Message Integrity Assurance

Encryption
– Provides Confidentiality
Digital Certificates
Trust Flow
Business Impact

Technical infrastructure.
– CA function may be outsourced

Policy & practices affecting trust in a PKI.

If outsourcing, contractual agreement with CA provider
cross-certified with an industry bridge.

If not outsourcing, contractual agreement and crosscertification with an industry bridge.

Integrating use of PKI into all areas of business.
– Do this once for your company, and spread the cost
over many different projects/programs.
– It's not just about Gatelink.
Not Just Gatelink

One PKI can also be used for:
– Physical access control
– Secure ACARS
– Electronic authorized release certificates (electronic
Form 8130-3 or equivalent)
– Electronic Flight Bag
– Secure Email with partner companies
– Secure collaboration / web single-sign-on with partner
companies

There will be more.
Summary

PKI provides identity assurance, message integrity
assurance, and message confidentiality.

The air transport industry has developed a standardized
approach to PKI design and deployment.

Gatelink is one of many projects to make use of these
standards.

A well designed PKI can serve many projects or an entire
company, not just one project.

Much work from many companies has gone into the
industry standards. It is in everyone's interest to work
together.
Thank you!
Dave Coombs <[email protected]>
Director, PKI Standards and Policy
Carillon Information Security Inc.
Questions?
What is Gatelink to the ATI ?
Agenda

Gatelink Value Proposition

Gatelink Planned Information Uses

The Wi-Fi Gatelink challenges

What does the future look like ?

Securing Connections & Communication

Secure Wireless Connectivity Considerations
Gatelink Value Proposition

Terminal phases ideal to exchange large volumes of non critical,
non time-sensitive data

Current use of “sneaker-net” and mass storage media leading to
suboptimal capture rates (60% - 80%)

Better and faster aircraft data availability improve flight
operations as well as maintenance trending, diagnosing and
troubleshooting

Gatelink is an ideal alternative to manual retrieval process of
non-critical data


Large volumes of non-critical data cannot be exchanged cost-efficiently
over existing aircraft datalink services like ACARS
Gatelink's industry-standard basis increases economies of
scope and network effects
Gatelink Planned Information Uses
Applications
Description
Pre-Flight Information
Navigation charts, graphical weather, load sheet, dangerous
goods, flight plans, etc.
Crew management
Crew disposition assignment or composition
Administrative Function
Passenger information, wheelchair, stands, aircrew support,
aircraft logistics
Maintenance
LSAP delivery, Technical Log Book, Aircraft maintenance
document and parts catalogue, technical status of the aircraft
EFB
Weight and balance calculations, performance charts, flight
manuals, electronic documentation
What does the future look like?

A fully interconnected aircraft that is part of the airline’s IT infrastucture


Growth of global adoption




Early adopters move to install and use Gatelink at hubs
Soon seek access at non-hub locations around the world
Timelines for fleet wide adoption will be over the next decade at non-hub
locations depending on achieved ROI
We see innovation associated with the global adoption of the Gatelink
technology


Gatelink is one of the first steps to implement this vision
New uses for the Terminal Wireless LAN Unit (TWLU) and Crew Wireless LAN
Unit (CWLU) solutions
Wireless technologies are subject to change & evolution



Equipment will migrate and cover more than simply 802.11 b/g
Increased testing of emerging technology such as HSPA, WiMax, LTE
Validate ROI for Wi-Fi Gatelink solutions prior to any large scale move to a new
technology base
The Wi-Fi Gatelink challenges
New generation aircraft communications must be part
of Overall Security Framework
Where Gatelink fits in the security layers
Securing Connections & Communication
EAP Authentication Process
Securing Gatelink with PKI – generic considerations

PKI Integration Requirements:

PKI Enabled Application

PKI Certificate Format supported (attributes)

Staff PKI technology skills

Certificate Authority Availability

PKI operational requirements
• Delivery process (on-line & off-line)

Organizational requirements
• Central RA, local RA, subscriber, sponsor

Documentation
• Policy, processes, procedures
Value of PKI to aircraft communications

Most secure authentication method identified today

Maximizes interoperability between aircraft and groundbased applications

Certificates may contain additional fields/attributes to
enhance security of global solutions
Conclusion

Security concerns increasingly becoming increasingly
important in ATI processes and applications

New aircraft communications must take security aspects
into account to ensure safe and efficient operations

PKI has been identified as most suitable security solution
for many aircraft-related applications
Thank you
Mario Sabourin
Innovation Program Manager
AeroTrust Product Manager
SITA - CSBU
[email protected]

Aircraft Public Key
Infrastructure (PKI)
Considerations

Retrofit Perspective
on Getting a Device
Certificate onto an Aircraft
for Gatelink
Agenda

Why Gatelink

PKI Security Considerations

Certificate Authority Vendor

PKI Standards

PKI Airline Trusted Roles

PKI Airline Considerations

Technical Implementation

Inter-Operability Considerations
Why Gatelink?


Gatelink provides linkage across the final barrier, securely
connecting aircraft end systems to the Airline’s network
With this connectivity slow and costly manual data transfer can
be replaced with a faster and more economical way
PKI Security Considerations

Security related actions / tasks:

Corporate legal and security policy review of PKI

Determine any new security requirements (i.e. manual or
paper based that are being replaced electronically)

Determine / verify each division’s roles and responsibilities
(Corporate Security, IT Security, Aircraft Engineering,
Aircraft Maintenance, etc.)

Review proposed aircraft attaching to airline corporate
network from security perspective

Make Certificate Authority (CA) build vs. buy decision
•
This analysis is involved and should examine all areas that
might potentially require certificates, not just the first project
Certificate Authority Vendor (1of2)

General actions / tasks associated with setting up PKI with
Certificate Authority (CA) vendor:







Per CertiPath CP the Registration Authority (RA) function must be
performed by CA personnel (may vary by CA vendor)
Airline prepares archive vault per CA requirements
CA approves airline implementation of proofing and audit
requirements
Airline appoints and CA approves Airline Certificate Authority
Administrator
Airline designates personnel for Device Sponsor and Trusted
Agent roles (both roles maybe performed by the same individuals)
Airline completes Trusted Agent individual background checks
and training
Airline / CA determine appropriate / required key encryption
algorithm and length
Certificate Authority Vendor (2of2)

Specific actions / tasks associated with setting up PKI aircraft
device certificates with Certificate Authority (CA) vendor:

Determine / agree on aircraft device certificate level of assurance
(medium vs. high, hardware vs. software, full vs. CBP)

Airline / CA prepares contract (or addendum) for Device
Certificates

Airline determines device key pair generation process

Airline defines device certificate vetting process

CA reviews / approves device certificate vetting process

Airline defines storage of device certificate on aircraft

CA reviews / approves storage of device certificate on aircraft
PKI Standards

Starts with: X.509 Certificates


Based on: ATA-DSWG Spec 42 - Aviation Industry Standards
for Digital Information Security


IETF RFC 3647 - Internet X.509 Public Key Infrastructure
Certificate Policy and Certification Practices Framework
Details PKI requirements and specifications for the civil aviation
industry
For Gatelink: ARINC AEEC 822 - Aircraft / Ground IP
Communication


Based on IEEE 802.11 services and must be compliant with ITU-T
X.509 v3, as specified in IETF RFC-3280
IETF RFC 3280 - Internet X.509 Public Key Infrastructure
Certificate and Certification Revocation List (CRL) Profile
PKI Airline Trusted Roles

Certificate Authority Administrator


Device Sponsor


Fills the role of a Subscriber for non-human system components
(could be same as Trusted Agent)
Trusted Agent


Administrative role that approves all access to CA, revokes user’s
digital certificates and prepares employment authorization letters
for users
Verifies identity and securely communicates subscriber information
to RA (performs identity proofing and submits / forwards CSR to
RA)
Audit Agent

Reviews, maintains and archives audit logs, performs / oversees
internal compliance audits
PKI Airline Considerations

For CA vendor implementations, what type of certificate? (see
previous slide)

For CA vendor implementations, what are the initial certificate
costs? Renewal costs?

Requires airline IT, Aircraft Engineering and Maintenance, and
Security groups to work together

Determine certificate validation length (3 years)

Determine how long before certificate expiration a new CSR
should be generated (4 weeks)

Asses each country’s regulations planned for implementation

Establishing a working PKI with a CA vendor takes time
(at United its been over 1 year and we’re still working on it)
Technical Implementation (1of2)

Determine encryption algorithm hashing and length

Determine distinguished name fields in the Certificate
Signing Request (CSR) and the Digital Certificate issued by
the CA

Determine where the digital key pair will be generated, on
aircraft avionics or on ground system – both have pros and
cons

Key pair generation software needs to be CA approved.
CertiPath CP requires FIPS 140-2 level 1 certification for
medium level certificates (very limited number of certified
object modules)
Technical Implementation (2of2)

Determine the aircraft ID to be used (nose number, tail
number, ICAO number, etc.), and how this is known by the
avionics component or mechanic

Determine how mutual authentication will be performed
(proxy to airline server, use root CA certificate, etc.)

Determine how the aircraft will receive a Certificate
Revocation List (CRL) or implement Online Certificate
Status Protocol (OCSP) communication

Determine what certificate extensions are used and
whether they are marked as critical since this can cause
certificates to be rejected

Be careful, pay attention to details and test for compatibility
across your implementation
Inter-Operability Considerations

All Gatelink related components must support PKI certificate
based authentication

Careful planning and implementation is needed where airlines
do not own the end-to-end infrastructure


Such as multiple airport network infrastructures or multiple
wireless service providers
Authentication requires that certificates be shared and updated
by airline servers, airport servers and aircraft before an aircraft
attempts to connect at an airport

CA certificates must be pre-load onto each aircraft for any airport
it will connect to

The complexity and workload will vary depending on
implementation specifics, using airport proxy servers can reduce
complexity
Summary

Don’t be discouraged, much of the trail blazing is
already done

There are standards committees that have already
addressed many areas, and continue to work the
remaining ones

Much knowledge can be obtained by participating in the
standards committees

Use the standards committees for support

Stick to the standards!!!
Thank You
Questions?
Presented by:
Steve Arentz
Sr. Enterprise Architect
Airline Operations Strategy & Planning –
Information Technology Division
United Airlines
[email protected]
Help Shape the Future
• Join the DSWG
 Bring airline requirements
to the table
 Work hand in hand with
suppliers and manufacturers
Current Airline Members
American Airlines
British Airways
Northwest Airlines
Qantas Airways
Turkish Airlines
United Airlines
 Consensus-based process
Unlimited FREE downloads of all ATA e-Business
specifications, including Spec 42
 No additional cost for current ATA e-Business members
Visit www.ataebiz.org for more information
Future Webinar Topics
• The connected aircraft and securing the environment
• Forming your information security strategy (i.e., conducting
risk assessment, regulatory considerations, etc.)
• Securing data coming off the plane
• Electronic part certification (i.e., electronic Authorized
Release Certificates)
• Software part signing (e.g. Electronic Flight Bag
applications)
Questions and Discussion
More Information
• ATA e-Business Program
 Web: www.ataebiz.org
 Email: [email protected]
• Paul Conn, ATA
 [email protected]
• Mario Sabourin, SITA
 [email protected]
• Steve Arentz, United Airlines
 [email protected]
• David Coombs, Carillon Information Security
 [email protected]