Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Overall Security Framework for AeroMACS

advertisement 
International Civil Aviation Organization
CPWGI18 /
WP-14
INFORMATION PAPER
06/23/15
ReProduced
from
WG-S/7
COMMUNICATIONS PANEL (CP)
Seventh MEETING OF THE WORKING GROUP S
Montreal, Canada 22 – 23 June 2015
(NOTE: THIS PAPER WAS FIRST PRESENTED AT WG-S/7).
Agenda Item xx: Xxx
Overview of Security Framework for Aeronautical Mobile Airport
Communication Systems (AeroMACS)
(Presented by Aloke Roy)
SUMMARY
This document provides a high level overview of the Security framework of
Aeronautical Mobile Airport Communication System (AeroMACS) that are
applicable to both the airborne radios and the ground systems.
ACTION
The CP WG-I and SDS WG are invited to consider the security framework
described in this paper for the development of IPS security requirements such
that synergies can be achieved across all ICAO communication datalinks to
optimize ANSP & operator investments for security implementations.
1.
INTRODUCTION
This document provides a high level overview of the Security framework of Aeronautical Mobile Airport
Communication System (AeroMACS) that are applicable to both the airborne radios and the ground
systems. The intended purpose of this paper is to introduce AeroMACS security functions to ICAO WGI and SDS sub group such that overall security infrastructure requirements for all aeronautical data
communication services can be aligned to reduce the deployment costs for ANSPs and aircraft operators’
implementations.
2.
BACKGROUND
(8 pages)
Document1
ACP-WGWI18/IP14
-2-
IEEE standard 802.16 defines multiple options for the security sub layer to accommodate various network
deployments and service provider requirements. Hence it becomes necessary to standardize the minimum
functional requirements of security sub layer for AeroMACS, in order to provide aircraft with seamless
access to Airport Terminal Services across the globe. An analysis was performed on the security sub
layer specifications of WiMAX to determine a set of requirements that would be applicable to the
AeroMACS deployment contexts.
3.
DISCUSSION
Figure 3-1 represents various components of security sub layer of WIMAX as defined in IEEE 802.16
specifications.
Figure 3-1 WiMAX Security Sub Layer (Source: IEEE 802.16 standards)
The security sub layer provides subscribers with authentication and data privacy. Authorization/SA
module is responsible for validating the authenticity of Subscriber Stations and management of Security
Associations (SA) for WiMAX connections.
SA associates encryption keys and algorithms with a traffic type, so that the packets belonging to a
particular traffic type can be encrypted as per its SA definitions.
WiMAX supports two methods of authentications namely, RSA based authentication and EAP Based
authentication.
RSA authentication method uses X.509 digital certificates and RSA encryption algorithm along with RSA
keys, associated with the MAC address of a subscriber station. In this method, a base station authenticates
subscriber stations, but the other way is not possible as mutual authentication is not supported in RSA
scheme.
ACP-WGWI18/IP-14
EAP method offers mutual authentication in which both BS and SS authenticate each other. EAP supports
multiple authentication schemes and hence provides more flexibility to the network operators in choosing
subscriber authentication methods. For example, EAP-TLS is based on X.509 certificates while, EAPSIM is based on Subscriber Identity Module used in mobile phones. EAP method definitions are kept
outside the scope of WiMAX standards.
AeroMACS specifies EAP-TLS as the authentication mechanism for security association to satisfy
mutual authentication needs based on PKI X509 certificates to align with existing ATN security
procedures defined in ICAO 9880.
PKM protocol is responsible for deriving and managing the keys used by WiMAX layer. WiMAX
supports two versions of PKM protocol namely, PKM 1 and PKM 2. PKM 1 works in conjunction with
RSA scheme to authenticate a subscriber and derive keys for SS, while PKM2 supports EAP method for
mutual authentication of both SS and BS and their key management.
In addition to PKM2 in a typical deployment environment involving large networks, authentication and
policy management for subscribers would be done at centralized locations instead of being managed
locally at every BS level. In such scenarios, RADIUS protocol may be used in conjunction with EAP
methods to authenticate/authorize subscribers to use network resources.
The traffic encryption module supports a set of encryption algorithms to protect the message data.
Depending upon the definitions in SA, this module performs encryption/decryption of the data that enters
or leave the WiMAX device.
3.1
Security Sub-Layers for AeroMACS
Figure 3-2 provides the security framework and architecture of Security Layers across various
AeroMACS network components such as subscriber station (SS), base station (BS), access service
network gateway (ASNGW) and accounting, authorization and access (AAA) server. A physical system
may contain multiple functional entities available in the same unit. For example: ASN Gateway and BS
can be present in a single system. MS and BS belong to access network (ASN) while AAA server
belongs to customer service network (CSN). In a practical deployment, ASN and CSN may belong to
separate organizations or may belong to a single organization. There may or may not be an involvement
of Proxy server depending upon whether a Mobile Station is logging into a Visited Network or the Home
Network.
NAP
AeroMACS
AAA
Proxy
802.16
BS
802.16
MS
TLS
EAP Transit
EAP
SA control
PKM v2
PKM v2
Control Data
Signing
PHY
Traffic Data
encryption
Control Data
Signing
EAP
R6
RADIUS
Client
UDP
IP
Traffic Data
encryption
AAA Server
ASN G/W
TLS
SA control
Application
NW AAA
WAN I/F
RADIUS
Proxy
RADIUS
Server
UDP
UDP
IP
IP
WAN
Interface
WAN
Interface
PHY
TCP/IP NW
ACP-WGWI18/IP14
-4-
Figure 3-2 AeroMACS Security Framework & Protocol Architecture
The scope of the AeroMACS security framework is to,
1. Authenticate a Mobile Station logging into the network. Authentication is based on mutual
validation of digital certificates exchanged between the Mobile Stations and the AAA server.
Hence AAA servers shall hold valid certificates of all AeroMACS Station root CAs ( not
necessarily the certificates of all Mobile Stations ) in order to authenticate any genuine Mobile
Station trying to log on the network, irrespective of its subscription with the CSN. Similarly
devices shall hold certificates of all AeroMACS server root CAs.
2. Ensure privacy for Mobile User to communicate over the wireless medium. AeroMACS security
framework supports multiple cryptographic suites to encrypt all kinds of data traffic (Unicast,
Multicast and Broadcast) from/to the mobile station. It should be noted that current version of
AeroMACS standards do not accommodate encryption of multicast/broadcast data flows.
3. Ensure integrity of the packets exchanged in the wireless medium so that only the intended
packets from the authentic source are accepted at the destinations. This is achieved by adding an
Authentication Code at the end of payload generated using Traffic Encryption Key along with the
cyber suite defined in the Security Association.
Public Key Management (PKM) module is responsible for the overall management of the security
framework. AeroMACS shall be using only PKM Version 2, as the support of mutual authentication is
available only in PKMV2.
PKM v2 supports EAP_TLS protocol for mutual authentication. The digital certificates and other
credentials are exchanged as TLS records between MS and AAA server. The exchanged certificates are
validated by both the parties to establish the trust. EAP_TLS also has a robust mechanism for arriving at
a shared secret between the negotiating peers. At the end of EAP_TLS transaction MS and AAA server
arrive at MSK (Master Session Key) to be used for the session. MSK is the primary key from which all
other keys are derived. (For certificates to be valid, the certificates are to be issued by the CAs authorized
for AeroMACS. The certificate issuance and management is beyond the scope of this document).
In AeroMACS environment EAP negotiations need to happen before the establishment or wireless link
and IP connectivity. But, EAP peer applications run between SS and AAA server, located remotely in the
network, while ASN Gateway acts as a transit point forwarding packets between SS and AAA server.
RADIUS is used as a transport mechanism, between the ASN Gateway (Authenticator) and the AAA
server, for transferring EAP_TLS packets through internet to/from AAA server. RADIUS uses a secured
connection between ASN Gateway and AAA server to ensure privacy. At the end of EAP_TLS
transaction the MSK arrived at AAA server is transferred to ASN Gateway (authenticator) for further
processing.
From MSK, ASNGW and MS derive pairwise master key (PMK) and from PMK authentication key (AK)
is derived independently. ASN Gateway updates Base Station with AK. From AK the whole set of keys
like, key encryption key (KEK), group KEK (GKEK), Traffic Encryption Keys (TEK) etc., are derived
ACP-WGWI18/IP-14
as per the rules defined in 802.16 specifications independently at BS and MS. PKM has a 3-way SA-TEK
handshake mechanism for BS and MS to verify the final TEK that are derived independently at BS and
MS. TEK keys are derived for every SAID as per the associated cryptographic suite requirements. PKM
also periodically refreshes AK and TEKs between MS and BS in order to have robust privacy.
SA module is responsible managing the Security Associations of various data traffic. These SAs have
cryptographic suite identified for each connection. TEK process is initiated for every SAID to arrive at
TEK keys and refresh them periodically.
After authentication, MS continues with registration, optional TFTP configuration (in case of IP managed
nodes) and data connection establishment procedures. Encryption module secures the traffic through the
connection as per the associated SAID. It uses the TEK keys derived from the above process along with
the configured cryptographic suite to encrypt/decrypt the outgoing/incoming data packets through the
connection.
Thus a secure connection is established at 802.16 MAC layer between MS and BS. After data connection
establishment between MS and BS, the data path is completed between ASN gateway and RAS server for
the higher layer protocols to negotiate IP connectivity with the Remote Access Servers of CSN.
Figures 3-3 and 3-4 show the message sequence charts for AeroMACS security association and key
derivation process.
4.
ACTION BY THE MEETING
The CP WG-I and SDS WG are invited to consider the security framework described in this paper for the
development of IPS security requirements such that synergies can be achieved across all ICAO
communication datalinks to optimize ANSP & operator investments for security implementations.
ACP-WGWI18/IP-14
Figure 3-3: Message Flow Charts
AAA Server
Airborne
Router
Airborne
Radio
Base
Station
MS
Initialize AeroMACS
Synchronization,
Ranging, Capability
Negotiation
ASN
Gateway
NSP Access
Router
BS
S
Context Initialization
EAP_REQ/Identify
EAP_RSP/Identify (My ID)
EAP_TLS
(TLS_Client_hello)
EAP_TLS (TLS_Certificate,
TLS_client_key_exchange,TL
S_certificate_verify,
TLS_change cipher spec,
TLS_Finsshed
EAP_TYPE=TLS,
(No data)
PKM:EAP
EAP_TLS _Start
RADIUS:EAP
PKM:EAP
EAP Response
RADIUS:EAP
PKM:EAP
EAP Request
RADIUS:EAP
PKM:EAP
EAP Response
RADIUS:EAP
PKM:EAP
EAP Request
PKM:EAP
EAP Request
PKM:EAP
PMK, AK
Derived
RADIUS ACCESS REQ: ID
RADIUS:EAP
EAP_TYPE=TLS,
(No data)
EAP_TLS
(TLS_Server_Hello,
TLS_Certificate,
{TLS_Server_Key_exchange},
TLS_Certificate Req,
TLS_Server_Hello_Done
EAP_TLS
(TLS_change_cipher_spec,
TLS finished)
RADIUS:EAP
EAP Success
RADIUS_SUCCESS
(AK Transferred)
PMK, AK
Derived
(MSK Transferred)
-2-
ACP-WGWI18/IP14
Figure 3-4: Message Flow Charts (Cont.)
AAA Server
Airborne
Router
Airborne
Radio
ASN
Gateway
Base
Station
MS
NSP Access
Router
BS
HMAC/CMAC/
KEK derivation
HMAC/CMAC/
KEK derivation
SA-TEK Challenge
Data Plane
DHCP Server
SA-TEK Request
SA-TEK Response
Key Request
Key Response
DHCP server
Registration
AeroMACS link
Established
Data connections
GRE Tunnels
Data plane Dynamic IP Address configuration (Optional)
DHCP
Proxy
IP Traffic
Pkt
forwarding
Related documents
通用学术英语-Orientation
通用学术英语-Orientation
Academic Integration of International Experience: Creative
Academic Integration of International Experience: Creative
EAP Presentation
EAP Presentation
Slides - EveryLife Foundation for Rare Diseases
Slides - EveryLife Foundation for Rare Diseases
Role of Mental Health with Employees & Threats
Role of Mental Health with Employees & Threats
UC application 指导
UC application 指导
Guidelines for ESL/EFL Teaching Summary
Guidelines for ESL/EFL Teaching Summary
The Role of Organizational Development in an EAP Setting
The Role of Organizational Development in an EAP Setting
Download
advertisement