International Civil Aviation Organization CP-WGI 19/ IPxx 20-22 January 2016 INFORMATION PAPER COMMUNICATIONS PANEL (CP) NINETEENTH MEETING OF WORKING GROUP - I Montreal, Canada 20-22 January 2016 Agenda Item 4.2: IPS Security ATM SAFETY CRITICAL COMMUNICATIONS IPS SECURITY CURRENT STATUS AND EVOLUTION (Presented by EUROCONTROL) 0BSUMMARY The purpose of this paper is to list IPS Security current and planned documents related to the ATM Safety Critical Communication which are identified by EUROCONTROL as being critical for the IPS recent standardisation context evolution lead by the Communication Panel (CP) and falling under the incidence of WGI area of expertise. It is intended to update the references of his paper on regular basis. In order to initiate the work in this direction a minimum set of assumptions / questions are to be answered 1. Introduction 1.1 Most of today s ATM systems deployed world-wide use or plan to use Internet Protocol based technology. To ensure that the communication is secure, the appropriate security mechanisms need to be implemented. 1.2 Amongst different mechanisms, the use of PKI technology is considered. Strong authentication implementations would require the establishment of a public key infrastructure (PKI). However, the use of this technology may adversely affect the ATM systems interoperability. Consequently, a World-wide strategy for the deployment of PKI technology needs to be addressed. 1.3 The purpose of this paper is to list IPS Security current and planned documents related to the ATM Safety Critical Communication which are identified by EUROCONTROL as being critical for the IPS recent standardisation context evolution lead by the Communication Panel (CP) and falling under the incidence of WGI area of expertise. It is intented to update the references of his paper on regular basis. (5 pages) ACP WG-I/18 IP-xx
ACP-WGW/18 IP-01-2 - 2. Current status of IPS Security documents 2.1 AMHS and the European Directory Services (EDS): 2.1.1 For Messaging (AMHS), IPS security evolution shall comply and support the Security requirements of EUROCONTROL Specification on the AMHS, September 2009 Annex D Security. The document is available for download at: https://www.eurocontrol.int/documents/amhs-specification 2.1.2 The EDS Operational Concept defines an EDS security policy for authentication and access control based on the X.500 standards. Authentication and access control requirements on section 5.5 of ICAO EUR Doc.020 EUR AMHS Manual Appendix G: European Directory Services (EDS), April 2013 shall apply. Note 1: Technical requirements for the Directory Service are based on ICAO Doc 9880: Manual on Detailed Technical Specifications for the Aeronautical Telecommunication Network (ATN) using ISO/OSI Standards and Protocols, Part IV Directory Services, Security and Systems Management, First Edition 2010 Note 2 : AMHS and EDS Security is planned to be addressed in a future edition of Technical requirements for the Directory Service are based on ICAO Doc 9880: Manual on Detailed Technical Specifications for the Aeronautical Telecommunication Network (ATN) using ISO/OSI Standards and Protocols, Part IV Directory Services, Security and Systems Management 2.2 Voice over IP (VoIP) 2.2.1 For VoIP in ATM security recommendations had been defined in EUROCAE ED-138 Part1 Network Specification, edition February 2009, chapter III Security Policy. 2.2.2 The EUROCAE ED138 is referenced in the Part III Guidance of the ICAO Doc 9896: Manual on the Aeronautical Telecommunication Network (ATN) using Internet Protocol Suite (IPS) Standards and Protocols, Second Edition currently under publication. 2.2.3 EUROCAE ED138 document is available at: https://www.eurocae.net/ Note: EUROCONTROL VoIP Implementation Support Group (VOTE) set up a VoIP Security Subgroup with activities planned between January 2016 and June 2017. The following set of deliverables will be developed by this sub-group: Minimum level of VoIP security across ANSPs, Common Code of VoIP Connection document, Cyber-security threats analysis associated with cross-border VoIP, VoIP Security Implementation Guidance, Security issues reporting mechanism across ANSPs. 2.3 Secure Dialogue Service (SDS) 2.3.1 ICAO Doc 9896 includes an IP Dialogue Service which allows legacy (ATN/OSI) applications such as CPDLC and CM to operate in the ATN/IPS environment. The IP Dialogue Service presents the same logical interface to legacy applications as in the OSI environment. Secure Dialogue Service (SDS) subgroup deliverables are expected by end 2016.
- 3 - ACP-WGW/18 IP-01 2.4 Future Communication Infrastructure (FCI) 2.4.1 A high level overview of the Security framework of Aeronautical Mobile Airport Communication System (AeroMACS) that are applicable to both the airborne radios and the ground systems was presented in WP14 of ICAO WGI-18 meeting in June 2015. 2.4.2 For other datalinks part of the Future Communication Infrastructure (FCI) security provisions are under development by SESAR Project 15.2.4. 2.4.3 SESAR Project 15.2.4 Deliverable 05 - FCI Security Risk Assessment Report, May 2014 is available under dissemination request to SESAR Joint Undertaking. 2.4.4 SESAR Project 15.2.4 Deliverable 09 - FCI Logical Architecture will be submitted for approval to SESAR Joint Undertaking in Jan 2016. 2.5 Operational Concepts 2.5.1 EUROCONTROL published two IPS security related operational concepts. 2.5.2 The first one, CS6-6 Management of Common Network Resources Service/Security Certificate Service (CNR/SCS) will be part of the security infrastructure of the ATM system, covering the delivery of the Public Key Infrastructure (PKI) to perform user authentication and encryption/decryption when needed. The objective of this service will be the delivery of the network keys, ensuring network security and avoiding heavy coordination between the different stakeholders. The document was released in November 2015 and is available at: http://www.eurocontrol.int/publications/conops-cnr-6-6 2.5.3 The second one, CS6-7 Management of Common Network Resources Service/Operation and Coordination of Network Security (CNR/OCNS) is a new operational service to coordinate issues relating to cyber security, to consolidate the ATM network cyber security events/incidents and to recommend actions, when and if needed (cyber attacks for instance). 2.5.4 It is composed of the European ATM CERT (Computer Emergency Response Team) in charge of collecting, generating and sharing cyber intelligence as well as coordinating the pan-european response to cyber security events/incidents, and of a Security Operations Centre (SOC) for all centralised services and for those stakeholders wishing to delegate (entirely or partially) their SOC to the CS6-7. The document was released in August 2015 and is available at: http://www.eurocontrol.int/services/cs6-7-management-common-network-resources-serviceoperationand-coordination-network
ACP-WGW/18 IP-01-4 - 3. List of Reference Documents 3.1 ICAO DOC 9896 ATN/IPS Manual, edition 2010 Part I Detailed Technical Specifications Chapter 2 Requirements 2.5 Security Requirements 3.2 EUROCONTROL Specification on the AMHS, September 2009 Annex D Security. 3.3 ICAO EUR Doc.020 EUR AMHS Manual Appendix G: European Directory Services (EDS), April 2013 - section 5.5 3.4 ICAO Doc 9880: Manual on Detailed Technical Specifications for the Aeronautical Telecommunication Network (ATN) using ISO/OSI Standards and Protocols, Part IV Directory Services, Security and Systems Management, First Edition 2010 3.5 EUROCAE ED-138 Network Requirements and Performances for Voice over Internet Protocol (VoIP) Air Traffic Management (ATM) Systems, Part 1:Network Specification, chapter III Security Policy, edition February 2009, 3.6 SESAR Joint Undertaking, Project 15.2.4 Deliverable 05 - FCI Security Risk Assessment Report, May 2014 3.7 EUROCONTROL CS6-6 Management of Common Network Resources Service/Security Certificate Service (CNR/SCS) Operational Concepts, version 2.1, November 2015 3.8 EUROCONTROL CS6-7 Management of Common Network Resources Service/Operation and Coordination of Network Security (CNR/OCNS) Operational Concept, version 2.1, August 2015. 4. Discussion 4.1 CP Work Programme item 8 (Job-Card CP007.001 WG/I,S, T) calls to develop a security technical framework identifying policy issues by the end of 2016 and then finalising the related standards and guidance material by 2020. 4.1.1 CP Work Programme item 8 description: In coordination with the AVSEC Panel and others as needed), establishment of technical provisions to meet security requirements for the COM aspects (considering the operational requirements). Initially this will involve the development of a security technical framework, raising questions on security policy and operational issues for consideration by other panels, ie; AVSEC, RPASP, IMP. 4.2 Taking into account the close deadline, in order to initiate the work in this direction a minimum set of assumptions / questions are to be answered: 4.2.1 All current development is section 2 of this paper is based on PKI technology. Is the PKI technology the common and agreed technical solution for ensuring the IPS Security? 4.2.2 If the answer to the question above is yes, do we need a global PKI aviation architecture? Is that feasible? 4.2.3 If the answer to the above question is yes, who will address the following implementation aspects? (Technical Requirements, Global Architecture, Implementation guidance, etc)
- 5 - ACP-WGW/18 IP-01 4.2.4 What need to be developed by each involved Panel? 4.2.5 How to ensure the PKI timely deployment? Who will be the responsible Authority? 5. Recommendation 5.1.1 It is recommended that the WGI members: a) Take note of the presented material b) Discuss the initial questions in section 4. c) Review and update the above list of reference documents in section 3. d) Propose appropriate measures to integrate the appropriate material in ICAO DOC 9896 next edition to ensure Job Cards completeness in relation with the ATN/IPS CP work programme items. e) Coordinate with WGM for AMHS and EDS security developments. END