ACP-WGI-07/WP-07 International Civil Aviation Organization 5/23/2008 WORKING PAPER Aeronautical Communication Panel Working Group I – Internet Protocol Suite (IPS) June 2-6, 2008 Montreal Canada Updated Security Requirements for the “Manual for the ATN using IPS Standards and Protocols” Prepared by: Vic Patel and Tom McParland Presented by: Vic Patel SUMMARY This paper provides updated security requirements for Doc 9896, “Manual for the ATN using IPS Standards and Protocols.” This paper is an update of working paper 9 from the 6th meeting of Working Group I. Changes from ACP-WGI06/WP09 are depicted as redline inserts and strikeouts. The working group is invited to consider these requirements as a baseline set of air-ground security requirements. 2.6 SECURITY This section contains provisions for ground-ground and air-ground security in the ATN/IPS. Certain provisions in this section are mandatory to implement but optional to use. Their actual use is to be based on a system threat and vulnerability analysis. 2.6.1 Ground-Ground Security Network layer security in the ground-ground ATN/IPS internetwork is implemented using Internet Protocol security (IPsec) and the Internet Key Exchange (IKEv2) protocol. 2.6.1.1 Ground-Ground IPsec/IKEv2 2.6.1.1.1 ATN/IPS nodes in the ground-ground environment shall implement the Security Architecture for the Internet Protocol as specified in RFC-4301 2.6.1.1.2. ATN/IPS nodes in the ground-ground environment shall implement the IP Encapsulating Security Payload (ESP) protocol as specified in RFC-4303. 2.6.1.1.3 ATN/IPS nodes in the ground-ground environment may implement the IP Authentication Header (AH) protocol as specified in RFC-4302. 2.6.1.1.4 ATN/IPS nodes in the ground-ground environment shall implement the Internet Key Exchange (IKEv2) Protocol as specified in RFC-4306. 2.6.1.1.5 ATN/IPS nodes in the ground-ground environment shall implement the Cryptographic Algorithm Implementation Requirements for the Encapsulating Security Payload (ESP) and Authentication Header (AH) as specified in RFC-4305.. 2.6.1.1.6 ATN/IPS nodes in the ground-ground environment shall implement The Null Encryption Algorithm and Its Use With IPsec as specified in RFC-4305, but not the Null Authentication Algorithm. Note - ESP encryption is optional, but authentication is always performed. 2.6.1.1.7 ATN/IPS nodes in the ground-ground environment shall implement the Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) required algorithms for key exchange as specified in RFC-4307. Note. – Algorithms of equivalent or greater strength than those identified in RFC-4307 are implemented as a local matter on a bi-lateral basis. 2.6.2 Air-Ground Security 2.6.2.1 Air-Ground Acess Network Security 2.6.2.1.1 ATN/IPS mobile nodes shall implement the security provisions of the accces network. Note. – For example, the WiMAX, 3GPP, and 3GPP2 access networks have authentication and authorization provisions. 2.6.2.2 Air-Ground IPsec/IKEv2 2.6.2.2.1 ATN/IPS nodes in the air-ground environment shall implement the Security Architecture for the Internet Protocol as specified in RFC 4301. 2.6.2.2.2 ATN/IPS nodes in the air-ground environment shall implement the IP Encapsulating Security Payload (ESP) protocol as specified in RFC 4303. 2.6.2.2.3 ATN/IPS nodes in the air-ground environment shall implement AUTH_HMAC_SHA2_256-128 as the integrity algorithm for ESP authentication as specified in RFC 4868. 2.6.2.2.4 ATN/IPS nodes in the air-ground environment, may implement the Authentication Protocol for Mobile IPv6 as specified in RFC 4285. 2.6.2.2.5 ATN/IPS nodes in the air-ground environment shall implement the Internet Key Exchange (IKEv2) Protocol as specified in RFC 4306. 2.6.2.2.6 ATN/IPS nodes in the air-ground environment shall implement IKEv2 with the following transforms: a) PRF_HMAC_SHA_256 as the pseudo-random function as specified in RFC 4868. b) 233-bit random ECP group for Diffie-Hellman Key Exchange values as specified in RFC 4753. c) ECDSA with SHA-256 on the P-256 curve as the authentication method as specified in RFC 4754. 2.6.2.2.6 ATN/IPS nodes in the air-ground environment shall use the Air Transport Authority (ATA) Certificate Policy as specified in Chapter 5 of ATA iSpec 2200, Information Standards for Aviation Maintenance developed by the ATA Digital Security Working Group (DSWG). 2.6.2.2.7 ATN/IPS nodes in the air-ground environment, shall implement Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture as specified in RFC 4877. 2.6.2.3 Air-Ground Transport Layer Security 2.6.2.3.1 ATN/IPS mobile nodes and correspondent nodes may implement the Transport Layer Security (TLS) protocol as specified in RFC 4346. 2.6.2.3.2 If TLS is used for air-ground security, mobile nodes and correspondent nodes shall implement the Cipher Suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA as specified in RFC 4492. 2.6.2.4 Air-Ground Application Layer Security 2.6.2.4.1 ATN/IPS mobile nodes and correspondent nodes may implement application layer security at the IPS Dialogue Service Boundary. 2.6.2.4.2 If application layer security is used for air-ground security, mobile nodes and corresondent nodes shall append an HMAC keyed message authentication code as specified in RFC 2104 using SHA-256 as the cryptographic hash function. 2.6.2.4.3 If application layer security is used for air-ground security, an HMAC tag truncated to 32 bits shall be computed over the User Data concatenated with a 32-bit send sequence number for replay protection. 2.6.2.4.2 If application layer security is used for air-ground security, IKEv2 shall be used for key establishment as specified in section 2.6.2.2. d) . APPENDIX A – REFERENCE DOCUMENTS IETF STANDARDS AND PROTOCOLS The following documents are available publicly at http://www.ietf.org and form part of this manual to the extent specified herein. In the event of conflict between the documents referenced herein and the contents of this manual, the provisions of this manual shall take precedence. Air Transport Authority (ATA) Specifications ATA iSpec 2200 Information Standards for Aviation Maintenance Request for Comments (RFCs) netlmm-mn-ar-if Network-based Localized Mobility Management Interface between Mobile Node and Mobility Access Gateway, May 2007 netlmm-proxymip6 Proxy Mobile IPv6, February 2008 RFC-768 User Datagram Protocol, August 1980 RFC-793 Transmission Control Protocol (TCP), September 1981 RFC-1006 ISO Transport Service on top of TCP, May 1987 RFC-1323 TCP Extensions for High Performance May 1992 RFC-1981 Path Maximum Transmission Unit (MTU) Discovery for IP Version 6, August 1996 RFC-2104 HMAC: Keyed-Hasing for Message Authentication, February 1997 RFC-2126 ISO Transport Service on top of TCP, March 1997 RFC-2460 Internet Protocol, Version 6 (IPv6) Specification, December 1998 RFC-2474 Differential Services Field, December 1998 RFC-2488 Enhancing TCP over Satellite Channels, January 1999 RFC-2858 Border Gateway Protocol (BGP4) Multiprotocol Extensions June 2000 RFC-3775 Mobility Support in IPv6, June 2004 RFC-4271 A Border Gateway Protocol 4 (BGP-4), January 2006 RFC-4285 Authentication Protocol for Mobile IPv6 , January 2006 RFC-4291 IP Version 6 Addressing Architecture, February 2006 RFC-4301 Security Architecture for the Internet Protocol, December, 2005 RFC-4302 Internet Protocol (IP) Authentication Header, December 2005 RFC-4303 IP Encapsulating Security Payload (ESP), December 2005 RFC-4305 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) – (NB proposed standard, obsoletes RFC-2402, RFC-2406), December 2005 RFC-4306 Internet Key Exchange (IKEv2) Protocol, December 2005 RFC-4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2), December 2005 1 RFC-4346 RFC 4423 RFC-4443 RFC-4492 RFC-4555 RFC-4753 RFC-4754 RFC-4830 RFC-4831 RFC-4868 RFC-4877 The Transport Layer Security (TLS) Protocol Version 1.1, April 2006 Host Identity Protocol (HIP) Architecture, May 2006 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification, March 2006 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security, May 2006 IKEv2 Mobility and Multihoming Protocol (MOBIKE), June 2006 ECP Groups for IKE and IKEv2, January 2007 IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm, (ECDSA), January 2007 Problem Statement for Network-Based Localized Mobility Management (NETLMM), April 2007 Goals for Network-Based Localized Mobility Management (NETLMM), April 2007 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec, May 2007 Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture, April 2007 2