2.6 security

advertisement
ACP-WGI-07/WP-07
International Civil Aviation Organization
5/23/2008
WORKING PAPER
Aeronautical Communication Panel
Working Group I – Internet Protocol Suite (IPS)
June 2-6, 2008
Montreal Canada
Updated
Security Requirements
for the
“Manual for the ATN using IPS Standards and Protocols”
Prepared by: Vic Patel and Tom McParland
Presented by: Vic Patel
SUMMARY
This paper provides updated security requirements for Doc 9896, “Manual for the ATN
using IPS Standards and Protocols.” This paper is an update of working paper 9 from the
6th meeting of Working Group I. Changes from ACP-WGI06/WP09 are depicted as redline inserts and strikeouts. The working group is invited to consider these requirements as
a baseline set of air-ground security requirements.
2.6 SECURITY
This section contains provisions for ground-ground and air-ground security in the
ATN/IPS. Certain provisions in this section are mandatory to implement but optional to
use. Their actual use is to be based on a system threat and vulnerability analysis.
2.6.1 Ground-Ground Security
Network layer security in the ground-ground ATN/IPS internetwork is implemented
using Internet Protocol security (IPsec) and the Internet Key Exchange (IKEv2) protocol.
2.6.1.1 Ground-Ground IPsec/IKEv2
2.6.1.1.1 ATN/IPS nodes in the ground-ground environment shall implement the Security
Architecture for the Internet Protocol as specified in RFC-4301
2.6.1.1.2. ATN/IPS nodes in the ground-ground environment shall implement the IP
Encapsulating Security Payload (ESP) protocol as specified in RFC-4303.
2.6.1.1.3 ATN/IPS nodes in the ground-ground environment may implement the IP
Authentication Header (AH) protocol as specified in RFC-4302.
2.6.1.1.4 ATN/IPS nodes in the ground-ground environment shall implement the Internet
Key Exchange (IKEv2) Protocol as specified in RFC-4306.
2.6.1.1.5 ATN/IPS nodes in the ground-ground environment shall implement the
Cryptographic Algorithm Implementation Requirements for the Encapsulating Security
Payload (ESP) and Authentication Header (AH) as specified in RFC-4305..
2.6.1.1.6 ATN/IPS nodes in the ground-ground environment shall implement The Null
Encryption Algorithm and Its Use With IPsec as specified in RFC-4305, but not the Null
Authentication Algorithm.
Note - ESP encryption is optional, but authentication is always performed.
2.6.1.1.7 ATN/IPS nodes in the ground-ground environment shall implement the
Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
required algorithms for key exchange as specified in RFC-4307.
Note. – Algorithms of equivalent or greater strength than those identified in RFC-4307
are implemented as a local matter on a bi-lateral basis.
2.6.2 Air-Ground Security
2.6.2.1 Air-Ground Acess Network Security
2.6.2.1.1 ATN/IPS mobile nodes shall implement the security provisions of the accces
network.
Note. – For example, the WiMAX, 3GPP, and 3GPP2 access networks have
authentication and authorization provisions.
2.6.2.2 Air-Ground IPsec/IKEv2
2.6.2.2.1 ATN/IPS nodes in the air-ground environment shall implement the Security
Architecture for the Internet Protocol as specified in RFC 4301.
2.6.2.2.2 ATN/IPS nodes in the air-ground environment shall implement the IP
Encapsulating Security Payload (ESP) protocol as specified in RFC 4303.
2.6.2.2.3 ATN/IPS nodes in the air-ground environment shall implement
AUTH_HMAC_SHA2_256-128 as the integrity algorithm for ESP authentication as
specified in RFC 4868.
2.6.2.2.4 ATN/IPS nodes in the air-ground environment, may implement the
Authentication Protocol for Mobile IPv6 as specified in RFC 4285.
2.6.2.2.5 ATN/IPS nodes in the air-ground environment shall implement the Internet
Key Exchange (IKEv2) Protocol as specified in RFC 4306.
2.6.2.2.6 ATN/IPS nodes in the air-ground environment shall implement IKEv2 with the
following transforms:
a) PRF_HMAC_SHA_256 as the pseudo-random function as specified in RFC 4868.
b) 233-bit random ECP group for Diffie-Hellman Key Exchange values as specified
in RFC 4753.
c) ECDSA with SHA-256 on the P-256 curve as the authentication method as
specified in RFC 4754.
2.6.2.2.6 ATN/IPS nodes in the air-ground environment shall use the Air Transport
Authority (ATA) Certificate Policy as specified in Chapter 5 of ATA iSpec 2200,
Information Standards for Aviation Maintenance developed by the ATA Digital Security
Working Group (DSWG).
2.6.2.2.7 ATN/IPS nodes in the air-ground environment, shall implement Mobile IPv6
Operation with IKEv2 and the Revised IPsec Architecture as specified in RFC 4877.
2.6.2.3 Air-Ground Transport Layer Security
2.6.2.3.1 ATN/IPS mobile nodes and correspondent nodes may implement the Transport
Layer Security (TLS) protocol as specified in RFC 4346.
2.6.2.3.2 If TLS is used for air-ground security, mobile nodes and correspondent nodes
shall implement the Cipher Suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA as
specified in RFC 4492.
2.6.2.4 Air-Ground Application Layer Security
2.6.2.4.1 ATN/IPS mobile nodes and correspondent nodes may implement application
layer security at the IPS Dialogue Service Boundary.
2.6.2.4.2 If application layer security is used for air-ground security, mobile nodes and
corresondent nodes shall append an HMAC keyed message authentication code as
specified in RFC 2104 using SHA-256 as the cryptographic hash function.
2.6.2.4.3 If application layer security is used for air-ground security, an HMAC tag
truncated to 32 bits shall be computed over the User Data concatenated with a 32-bit send
sequence number for replay protection.
2.6.2.4.2 If application layer security is used for air-ground security, IKEv2 shall be used
for key establishment as specified in section 2.6.2.2.
d) .
APPENDIX A – REFERENCE DOCUMENTS
IETF STANDARDS AND PROTOCOLS
The following documents are available publicly at http://www.ietf.org and form part of
this manual to the extent specified herein. In the event of conflict between the documents
referenced herein and the contents of this manual, the provisions of this manual shall take
precedence.
Air Transport Authority (ATA) Specifications
ATA iSpec 2200
Information Standards for Aviation Maintenance
Request for Comments (RFCs)
netlmm-mn-ar-if
Network-based Localized Mobility Management Interface between
Mobile Node and Mobility Access Gateway, May 2007
netlmm-proxymip6
Proxy Mobile IPv6, February 2008
RFC-768
User Datagram Protocol, August 1980
RFC-793
Transmission Control Protocol (TCP), September 1981
RFC-1006
ISO Transport Service on top of TCP, May 1987
RFC-1323
TCP Extensions for High Performance May 1992
RFC-1981
Path Maximum Transmission Unit (MTU) Discovery for IP Version 6,
August 1996
RFC-2104
HMAC: Keyed-Hasing for Message Authentication, February 1997
RFC-2126
ISO Transport Service on top of TCP, March 1997
RFC-2460
Internet Protocol, Version 6 (IPv6) Specification, December 1998
RFC-2474
Differential Services Field, December 1998
RFC-2488
Enhancing TCP over Satellite Channels, January 1999
RFC-2858
Border Gateway Protocol (BGP4) Multiprotocol Extensions June 2000
RFC-3775
Mobility Support in IPv6, June 2004
RFC-4271
A Border Gateway Protocol 4 (BGP-4), January 2006
RFC-4285
Authentication Protocol for Mobile IPv6 , January 2006
RFC-4291
IP Version 6 Addressing Architecture, February 2006
RFC-4301
Security Architecture for the Internet Protocol, December, 2005
RFC-4302
Internet Protocol (IP) Authentication Header, December 2005
RFC-4303
IP Encapsulating Security Payload (ESP), December 2005
RFC-4305
Cryptographic Algorithm Implementation Requirements for Encapsulating
Security Payload (ESP) and Authentication Header (AH) – (NB proposed
standard, obsoletes RFC-2402, RFC-2406), December 2005
RFC-4306
Internet Key Exchange (IKEv2) Protocol, December 2005
RFC-4307
Cryptographic Algorithms for Use in the Internet Key Exchange Version 2
(IKEv2), December 2005
1
RFC-4346
RFC 4423
RFC-4443
RFC-4492
RFC-4555
RFC-4753
RFC-4754
RFC-4830
RFC-4831
RFC-4868
RFC-4877
The Transport Layer Security (TLS) Protocol Version 1.1, April 2006
Host Identity Protocol (HIP) Architecture, May 2006
Internet Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification, March 2006
Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
Security, May 2006
IKEv2 Mobility and Multihoming Protocol (MOBIKE), June 2006
ECP Groups for IKE and IKEv2, January 2007
IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature
Algorithm, (ECDSA), January 2007
Problem Statement for Network-Based Localized Mobility Management
(NETLMM), April 2007
Goals for Network-Based Localized Mobility Management (NETLMM),
April 2007
Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with
IPsec, May 2007
Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture,
April 2007
2
Download