Boeing VoWLAN Implementation and Demonstration

Orlie T. Brewer ()

David Mattes ()

Richard H. Paine ()

Steven C. Venema ()

12/8/07

This is a technical description of the Boeing secure Voice over Wireless Local Area Network (VoWLAN) demonstration incorporating the IETF’s Host Identity Protocol (HIP). The requirement is to secure the factory production-critical communications systems, including voice. The development of a VoWLAN capability was a 2007 project and culminated in demonstration of the capability in December 2007.

The Open Group’s Secure Mobile Architecture (SMA) was published in Feb 2004 ( A Boeing implementation of SMA was designed and engineered to meet the needs of the Commercial Airplane division of The Boeing Company. The Boeing implementation includes some infrastructure parts to support the secure and seamless mobility features desired by the enterprise. The implementation is presently in production on the 777 crawlers that are robots that carry large portions of the 777 aircraft while in production.

One of the fundamental concepts behind secure voice is the use of the Host Identity Protocol (HIP). HIP uses Security Associations (SA) in a namespace to establish the equivalent of a Virtual Private Network (VPN) that provides a private tunnel between an initiator and a responder. The following graphical description shows the use of a namespace to create an overlay network that allows secure and mobile communications across the overlay plane.

The tunnel looks just like IPSEC, but includes a cryptographic identity in the header of the packets being exchanged between the initiator and the responder.

The SMA infrastructure is an integral part of the Boeing Intranet and therefore uses the PKI and Information Technology services of the Intranet. There are two SMA infrastructure deployments, one in Bellevue, Washington and one in Everett, Washington. The infrastructure deployments all operate in the DNS namespace “mobile.tl.boeing.com”. This namespace comprises the overlay network that is secure and mobile.

The following is a descriptive slide on the Boeing SMA infrastructure needed to support the VoWLAN capability:

The red encircled devices are Nokia 770s handheld computers that have a USB headset capability and are used to demonstrate the secure and mobile VoWLAN capability. The Nokia 770s run Linux and a SIP implementation called Linphone. The SIP software does the call setup while HIP provides the Security Association based on the identity of the user and/or device. The following is the call setup:

  1. The Nokia 770 and a laptop are in the mobile.tl.boeing.com namespace
  2. The Nokia 770 and the laptop are connected to the Boeing Intranet Wireless Protected Access (WPA) WLANs.
  3. HIP and Linphone are on the 770 and the laptop.
  4. Call initiation and call signaling is via SIP using Linphone
  5. Ethereal is used to show the RTP packets encapsulated as ESP packets.

The call initiation has also been shown to work with a Cisco VOIP Call Manager using SIP to do the call signaling with the RTP packets encapsulated as ESP packets exchanging the secure voice communication.

What might be less than obvious in the Boeing implementation is what part the SMA infrastructure parts play in this VoWLAN demonstration. The directory plays an integral role in storing the information about the identity (HIT), the IP address, and the location of the person or device. The mobility events are handled by HIP update packets and therefore can obtain the latest IP address of the device and therefore mobility is based on the latest IP address rather than a fixed or care-of address. The DNS Proxy enables any request for an IP address to be directed to the directory rather than the enterprise or the Internet DNS. The Registration Authority enables an authenticated device to request a temporary certificate (Boeing calls TempCerts) to give the device a certificate it can store on its flash memory or hard disk for rapid access in the signing or verification of certificates. The message broker handles real-time location events through a Boeing enterprise message broker service (using IBM’s MQ Series).

In the big picture, this Boeing implementation enables participants in an overlay namespace to communicate securely across the big Internet via data or voice anywhere in the world. This VoWLAN demonstration shows what is being done inside an enterprise to secure the infrastructure. For outside the enterprise, however, a HIP Middlebox on the perimeter can secure enterprise communications worldwide from any IP address, anywhere in the world. As long as one has a global IP address, the Boeing RA and TempCert process enables Boeing participants in a Boeing namespace to communicate securely within their namespace overlay. The enterprise then knows exactly who is communicating with the enterprise (authenticated by the enterprise PKI) and from the location in the directory, knows exactly where they are.