Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aircraft is a Node on the Internet

Published byLynette Walton Modified over 8 years ago

Similar presentations

Presentation on theme: "Aircraft is a Node on the Internet"— Presentation transcript:

1

2 Aircraft is a Node on the Internet
The aircraft shall require connectivity The aircraft shall require local processing and storage The system shall require access to data by users To achieve the first three items an approved measure of security is required This presentation will address the existing RTCA requirements, industry activities, and one solution

3 RTCA Aircraft Security Standards exist
DO-326A - Adds to current guidance for aircraft certification to handle the threat of intentional unauthorized electronic interaction to aircraft safety. It adds data requirements and compliance objectives, as organized by generic activities for aircraft safety. DO A resource for civil aviation authorities and the aviation industry when the operation and maintenance of aircraft and the effect of information security threats can affect aircraft safety. Operation and maintenance of the aircraft related to information security threats are defined. DO This document describes guidelines, methods and tools used in performing an airworthiness security process.

4 RTCA DO-356 Minimum Assurance Levels Security has to meet DO-254 and/or DO-178 design assurance levels DO-356 indicates having layered security modules will allow for a jump up in design assurance level. E.g. Two Orthogonal HSMs in series at DAL C could provide DAL B data. Layered security should always be considered in a system’s design. (RTCA , “Airworthiness Security Methods and Considerations”, DO-356, 2014)

5 NIST Algorithms and Security Standards FIPS is a testable US government standard
FIPS PUB 140-2: Specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive information in computer and telecommunication systems. FIPS PUB 191: Understanding the necessity to provide security on a LAN and how to decide the appropriate security measures needed. FIPS PUB 197: Specifies the Advanced Encryption Standard (AES), which is a symmetric block cipher that can process data using cipher keys. FIPS PUB 186-4: Specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of the signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed signatory.

6 Certificate Authority One step in the process
Certificate Authority (CA): is a trusted third party who validates keys for exchange in public domain Digital Certificates: Are electronic credentials that are used to assert the online identities of individuals and entities. Digital certificates are analogous to a passport or drivers licenses. Organization does due diligence to prove you are who you say you are and then issues you documentation proving it. Public Key Infrastructure (PKI): Certificates are issued to a specific public key, which is paired to a private key.

7 Cryptographic Key Management System
Cryptographic key management system (CKMS): is how all the keys in a system, hierarchal or other, are managed. NIST SP : CKMS consists of policies, procedures, components and devices that used to protect, manage and distribute cryptographic keys and certain specific information, called metadata. Each vendor can create a CKMS, a standard for certificates similar to X.509, and everything else needed. Or we can produce a standard method and benefit together.

8 Manufacturing and Provisioning Security starts at unit Production
(Atmel, “CryptoAuthentication”, 2014)

9 Security In Automotive Solutions exist
Automobile industry is already doing this and there are many IC manufacturers supporting them. Freescale white paper: e.g. of manufacturer meeting the auto industry security requirements. Industry Standards used: National Institute of Standards and Technology (NIST), Hersteller Initiative Software (HIS) Working Group, Trusted Computing Group (TCG)

10 Malware Resistant Software: Is always changing, therefore, opening itself up to new security vulnerabilities everyday. Hardware: Never changes! Built to seasoned standards so trial and error is out of the way. Hardware implementations such as a Trusted Platform Module (TPM) from the TCG standards. ASICs standing on the back of well established standards like AES, SHA, ECDSA, etc. are the solution found by other industries thus far.

11 1NetTM Solution Beta tested and available
System has moved 100s of millions of secure records 1NetTM v2 was launched to meet FIPS and RTCA requirements Solution addresses security and certification issues for aircraft Thompson Aerospace will make patents and/or security modules available to any third parties based on a license agreement

12 Data Security is the Overriding Requirement for 1Net™
FIPS Level 3 for Data Validity, Security and Access FIPS Level 3 of security is used by the US government for secret information. FIPS is a verifiable standard and this level of data management will allow uploading and downloading of the most critical type of data. Hardware based Aircraft Trusted Platform Module (TPM) A TPM is the industry standard for creating, storing, and encrypting/decrypting keys. A hardware TPM provides an unhackable means of key management. An ECC trusted module that uses ECDSA (security means) validation for users ECDSA type security provides the best solution for embedded key protection. The application provides a hardware means of user identification to allow access to system data. Users are provided with an ECDSA dongle as a secure means of determining the Access Control List applicability. RTCA (Regulatory Group) DO-326, DO-355 and DO-356 provides the method for certification 1Net™ complies with RTCA requirements and FIPS Level 3 data requirements. This provides the airline with the capability to meet the security system requirements for ISO 27001:2013. Security The RTCA requirements define methods to certify information technology for aircraft. Federal Information Protection Standards (FIPS) provide specific requirements to management data. 1Net™ hardware based data management solution is able to meet both FIPS and RTCA data management while meeting RTCA aircraft certification. Security is Available NOW

13 Our Patent Pending Hardware Security Solution
CLOUD AIRCRAFT SYSTEMS DATA VPC AIRCRAFT Application HSM Client CSUv2 TLS TLS VPC Instance CloudHSM Virtual Private Cloud

14 Hardware Security Solution
Off aircraft communications are handled by one eHSM and on aircraft communications handled by the other. This inherently uses dual orthogonal security modules in series. CLOUD AIRCRAFT SYSTEMS DATA Patent Pending

15 Amazon EC2 and HSM in the Cloud A good partner for aerospace
Amazon Elastic Compute Cloud (Amazon EC2) allows computing instances in the cloud that can be attached to an HSM via a Virtual Private Network (VPC). Amazon Web Services (AWS) known for security prowess. Helped setup CIA’s private cloud computing network. Extremely convenient, secure, scalable way of setting up infrastructure Green Hills and Thales eSecurity offer solutions

16 ARINC 848 Considerations Authentication using a trusted CA certificate should be considered for units communicating off the aircraft. CKMS implementation shall be required to achieve security Hardware vs software security solutions need to be considered The solution need to be interoperable between suppliers Effective connectivity solutions will not be deployed without security

Download ppt "Aircraft is a Node on the Internet"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Controls – What Works

Security Controls – What Works
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev. 12-16-11)

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Similar presentations

Ads by Google