2006 IEEE Aerospace Conference – Big Sky, Montana 1 Modular, Cost-Effective, Extensible Avionics Architecture for Secure, Mobile Communications over Aeronautical Data Links 2006 IEEE Aerospace Conference Big Sky, Montana Will Ivancic NASA Glenn Research Center
2006 IEEE Aerospace Conference – Big Sky, Montana 2 NASA’s Request for Comments on the Global Air Space System Requirements
2006 IEEE Aerospace Conference – Big Sky, Montana 3 Current View of the Global Airspace System Current Global and National Airspace System Stove-piped communication systems Disjoint set of networks Currently not globally network centric Evolved over time with limited concern for network security Security by obscurity Closed systems Insufficient bandwidth to support security measures Safe and Secure Air Traffic Control methods have evolved in reaction to changes in technology, capacity and use Current methods are reaching limit of scalability FAA - Bringing Safety to America’s Skies Mission is to provide the safest, most efficient aerospace system in the world. Responsible National Airspace System, not funded to address global issues. Movement toward Network Centric Operations Cross network security Authentication, Authorization, Accounting and Encryption Required changes in Policy!
2006 IEEE Aerospace Conference – Big Sky, Montana 4 Global Airspace System Requirements 1. Must be value added Cannot add cost without a return on investment that meets or exceeds those costs. 2. Must be capable of seamless global operation. 3. Must be capable of operating independently of available communications link. Must support critical Air Traffic Management (ATM) functions over low-bandwidth links with required performance. 4. Must use same security mechanisms for Air Mobile and Ground Infrastructure (surface, terminal, en router, oceanic and space) Critical ATM messages must be authenticated. Must be capable of encryption when deemed necessary Security mechanisms must be usable globally Must not violate International Traffic in Arms Regulations 5. Must operate across networks owned and operated by various entities Must be able to share network infrastructure 6. Must make maximum use of standard commercial technologies (i.e. core networking hardware and protocols) 7. Must enable sharing of information with proper security, authentication, and authorization Situational Awareness Passenger Lists Aircraft Maintenance 8. Same network must accommodate both commercial, military and general aviation.
2006 IEEE Aerospace Conference – Big Sky, Montana 5 Design Concepts Must be IPv6 based. Must be capable of a prioritized mixing of traffic over a single RF link (e.g. ATM, maintenance, onboard security, weather and entertainment). Must utilize IPsec-based security with Security Associations (SAs) bound to permanent host identities (e.g. certificates) and not ephemeral host locators (e.g. IP addresses). Must be capable of accommodating mobile networks. Must be capable of multicasting Must be scalable to tens of thousands of aircraft
2006 IEEE Aerospace Conference – Big Sky, Montana 6 Consensus on Six Major Points It is critical that any new technologies being deployed provide a positive return on investment (ROI). Network Centric Operations (NCO) will be a major technology in future airspace systems and the next generation Internet Protocol, IPv6 will be the protocol of choice. Links should be shared, and the system should be provider- independent. This makes QoS a requirement. A common global security structure must be developed and IPsec is probably the best choice. Some work still needs to be done regarding IPsec multicast, envisioning a certificate- based security architecture, and figuring out how exactly to do QoS with respect to wireless links and encryption. The system must be able to share network infrastructure. The system must be extensible to meet future needs.
2006 IEEE Aerospace Conference – Big Sky, Montana 7 Aircraft Communications Addressing and Reporting System (ACARS) and the Aeronautical Telecommunication Network (ATN)
2006 IEEE Aerospace Conference – Big Sky, Montana 8 Current Avionics Architecture ACARS is based upon an all-in-one communications management unit. Origin can be traced back to global teleprinter network, telex, established in the 1920s! Point-to-point telex network where all messages come to a central processing location Today ACARS is widely deployed in commercial airlines. ATN network is an attempt to modernize ACARS, using most of the existing radio technologies with limited modifications. Deployed in a closed, aeronautics-only network Limited flexibility Cannot adapt easily to new technologies, new communication protocols, and new communication links Security currently is extremely limited at best; however, specifications have been updated in an attempt to rectify this Limited bandwidth makes security difficult
2006 IEEE Aerospace Conference – Big Sky, Montana 9 Communication Management Unit (CMU) SATCOM AERO-1 System SATCOM AERO-H/H+ System VHF Voice/DATA System HF Voice/DATA System GateLink File Server Subsystem Printer ARINC 741 ARINC 761 ARINC 740/744 ARINC 719 ARINC 753 ARINC 716 ARINC 750 Terminal Ethernet (Optional) Typical ACARS Onboard Network
2006 IEEE Aerospace Conference – Big Sky, Montana 10 Future Air Navigation System (FANS) In 1983, FANS originated as study of the current air traffic infrastructure and recommend changes to support the anticipated growth in air traffic over the next 25 years The FANS committee identified these needs: Replacement of the current analog radios with digital air/ground communications; Use of satellite and HF communication systems to provide communication where deployment of line-of-sight systems is not practical such as in the oceanic domain; Global Interoperability; Network-enabled systems to support automation in the airplanes and on the ground; Transition to a Global Positioning System (GPS)-based navigation and landing systems; and, Installation of flight service automation to enable pilots to plan and file flight plans without reliance on flight service specialists. Widely Deployed over ACARS as FANS-1/A It is now 2005 – 22 years later, and only an extremely small portion of FANS has been deployed using ATN
2006 IEEE Aerospace Conference – Big Sky, Montana 11 ATN and Mobility Uses the Inter-Domain Routing Protocol (IDRP) Using a routing protocol to handle mobility effectively requires one to own the entire infrastructure because one generally is not permitted to inject routes into another’s infrastructure. If the radio access is not secure and ATN secure routing is not implemented, the system is extremely vulnerable A distributed IDRP directory using Boundary Intermediate Systems (BISs) is implemented along with a two level directory approach Uses an ATN Island concept consisting of backbone BISs and a home BISs concept This is done to limit the convergence time or route updates. If the routing structure were to become to large, convergence times would become unacceptable.
ATN Island Routing Domain Confederation ATN TRD ATN Backbone RDC ATN TRD ATN ERD ATN Island RDC Mobile RD Another ATN Island ERD – End Routing Domain RD – Routing Domain RDC – Routing Domain Confederation TRD – Transit Routing Domain
2006 IEEE Aerospace Conference – Big Sky, Montana 13 Typical ATN Onboard Network Similar to CMU in ACARS Network
2006 IEEE Aerospace Conference – Big Sky, Montana 14 Mobile-IP Based Architecture
2006 IEEE Aerospace Conference – Big Sky, Montana 15 Features of Mobile-IP Based Mobile Networking Commercial-Off-The-Shelf technology IETF NEtwork MObility (nemo) Base functionality is standardized Currently working on route optimization Rapid Convergence Time Link independent (Multihoming) Does not inject routes into the infrastructure Allows for use of shared infrastructure. One does not have to own the infrastructure Allows for insertion of new link technologies as they mature. Enables competition which should reduce cost Policy-based Routing (Currently in development) IETF Mobile Nodes and Multiple Interfaces in IPv6 (monami6)
Communication Management Unit (CMU) SATCOM AERO-1 SATCOM AERO-HH VHF Voice/DATA HF Voice/DATA GateLink INMARSAT Swift 64 Connexion by Boeing WiFi Max Cellular Future Links Mobile Router Cryptography and Firewall Traditional Avionics Display Passenger Services IP-Based Transitional Architecture
SATCOM AERO-1 SATCOM AERO-HH VHF Voice/DATA HF Voice/DATA GateLink INMARSAT Swift 64 Connexion by Boeing WiFi Max Cellular Future Links Mobile Router Cryptography and Firewall Operations LAN (Avionics) Communication and Display Passenger Services Air Traffic Management LAN Sensor Controller (Optional Display) IP-Based Architecture with ATC and AOC Separate
2006 IEEE Aerospace Conference – Big Sky, Montana 18 Mobile Router Cryptography and Firewall Operations LAN (Avionics) Communications Sensor Controller and Display Passenger Services Air Traffic Management LAN Radio Link 1 Radio Link 2 Radio Link 3 Radio Link 4 Radio Link N IP-Based Architecture with ATC and AOC Combined
2006 IEEE Aerospace Conference – Big Sky, Montana 19 High speed link int2 int3 Routing Policy int1 Low latency link Reliable link ATC AOC P-DATA Home Agent Policy-Based Routing, All Links Active ATC AOC P-DATA
2006 IEEE Aerospace Conference – Big Sky, Montana 20 High speed link int2 int3 Routing Policy int1 Low latency link Reliable link ATC AOC P-DATA Home Agent Policy-Based Routing, Critical Link Active ATC
2006 IEEE Aerospace Conference – Big Sky, Montana 21 High speed link int2 int3 Routing Policy Home Agent int1 Low latency link Reliable link ATC AOC P-DATA Policy-Based Routing, Passengers Link Active
2006 IEEE Aerospace Conference – Big Sky, Montana 22 Achieving Positive Return on Investment
2006 IEEE Aerospace Conference – Big Sky, Montana 23 Internet Protocol Value Added Features Lower Telecommunication Costs of IP-based networks as compared to dedicated point-to-point links Competition among information providers Economies of scale Lower development costs for new applications and maintenance due to standardization of interfaces
2006 IEEE Aerospace Conference – Big Sky, Montana 24 Link Independence Most important considerations for this is not technical, but related to cost, safety, and politics Facilitates globalization and supports positive ROI Requires change in policy Change in use of spectrum World Radio Conference to allow use of other frequencies for air traffic control messages Air Traffic Controller is now networked. These are some very different modes of operation from what the aeronautics community is comfortable with.
2006 IEEE Aerospace Conference – Big Sky, Montana 25 Airplanes and Automobiles Commercial airlines make up only 4% of the active civil aircraft – approximately 15,000 out of a total of 215,000 aircraft “Airbus forecasts that of this total, 16,600 new passenger aircraft of more than 100 seats will be needed in the coming 20-year period Today, 700 million cars are globally deployed for a human population of 6 billion. Toyota expects to produce 9.2 million vehicles in General Motors produce approximately 9.1 million vehicles in 2005
2006 IEEE Aerospace Conference – Big Sky, Montana 26 Applications for Mobile Platforms Car-to-car communication (plane-to-plane) Driver assistance information ITS taxi service where the taxi company runs a system to distribute the best taxi based on the locations, idle/operation information. (Air Operations) Probe servers collects and distributes information gathered by various probes Car inspection information and maintenance log Preventative maintenance (Air Operations) Probe data analysis and synthesis where time/location data among various probe data can be integrated to create traffic information. (Air Traffic Management) Vending machine networks where vending machines can become wireless LAN access points, to offer broadband wireless communication infrastructure. (Surface Area) Large volume content distribution service (Electronic Flight Bag) Encrypted data contents can be downloaded onto car-equipped devices and decryption key can be sent later to enable a new type of distribution, which lowers communication cost and makes download operation transparent. Next-generation road service where computer-assisted road service automates the process of locating and failure of a broken-down car and towing it to a desired destination. (Air Operations)
2006 IEEE Aerospace Conference – Big Sky, Montana 27 Backup Slides
2006 IEEE Aerospace Conference – Big Sky, Montana 28 Car-to-Car Communications Mission and Objectives Create and establish an open European industry standard for Car2Car communication systems based on wireless LAN components Guarantee European-wide inter- vehicle operability Enable the development of active safety applications by specifying, prototyping and demonstrating the Car2Car system Promote the allocation of a royalty free European wide exclusive frequency band for Car2Car applications Push the harmonization of Car2Car Communication standards worldwide Develop realistic deployment strategies and business models to speed-up the market penetration Technical Approach Use of IPv6 Utilize wireless LAN technology Ad hoc routing capable of handling rapid changes in topology Source: Car2Car Communication Consortium
2006 IEEE Aerospace Conference – Big Sky, Montana 29 Security Mechanisms Encryption mechanisms should be limited to those that are free of ITAR restrictions Other counties also have regulations restricting the exportation of cryptography technology These regulations may limit the ability to realize cost and schedule advantages that could be gained by using a single set of proven security infrastructure software throughout the world. Multicast and current IPSec implementations do not necessarily work well together. Support for IPSec-base security with Security Associations bound to permanent host (multicast group) identities (e.g. certificates) Location, control, and responsiveness of the authentication authority servers is critical.