Minutes from SG N4 1St Meeting

ACP – SGN4 – WP 0203

WGN02-WP 23

AERONAUTICAL COMMUNICATIONS PANEL (ACP)

Working Group N – Networking

subgroup N4 – security Services

Montreal, Canada, 19 May – 28 May 2004

Draft Report

For

SGN4 Meeting 01

Presented by: Tom McParland, BCI

Summary

This working paper contains the draft report for Meeting 01 of ACP Working Group N, Sub-Group N4 – Security Services.

Draft SGN4 – Meeting 01 Report

1.Introduction of Attendees

Meeting 1 of ACP Sub-Group N4 was held in Bangkok, Thailand, November 12th and 13th, 2003. Attachment A is the list of attendees.

2.Agenda

Working paper WP01 is the agenda for the working group. T. McParland had proposed to use a standard agenda for subgroup meetings, which contains standard administrative items as provides a direct mapping to the SGN4 Terms of Reference. The subgroup agreed to this approach. No other business was added to the agenda.

3. Working Papers/Information Papers/Flimsies

Working paper WP0103 contains the working papers, information papers, and flimsies for the first meeting. During the meeting T. McParland added FL0101, An Introduction to the ATN System Integrity Policy and A. Bergemeister added FL0102, Thoughts on Security Sunrise and Sunset Dates.

4. Review of Meeting Minutes

T. McParland presented WP0104, Minutes from ATNP WGB SG3 8th Meeting. There was a discussion on how to handle items that were identified during development of Confidentiality The previous approach was to track everything as part of one change which introduces Confidentiality ; however, with the delay in progressing this work it was decided that independent action items or PDRs would be generated to track those items which affect the baseline Edition 3.

5.Review of Action Items

T. McParland proposed to create a new list which would derive from the approved Terms of Reference.

6.Discussion Items

6.1Document 9705

S. Blake-Wilson noted that WP 0110 was available to the subgroup and would be presented at the CCB meeting. It was decided that the PDRs would be progressed and not wait for development of Confidentiality enhancements especially since several implementation activities were underway.

6.2Validation

T. McParland pointed out WG N02 IP06, R&D of equipment for ATN Implementation in Japan (which is SGN4 IP0104). This paper indicates that ENRI has developed the security functions of BIS and CM & ULCS which complies with the ATN PKI. ENRI is seeking to conduct international tests of their implementation. During the ensuing discussion, F. Picard reported that France would begin implementation of Edition 3 security in end systems in January 04. V. Patel of the FAA indicated that the US has a strong desire to conduct interoperability tests and would follow-up to coordinate with both Japan and France to initiate this activity.

6.3 Security Provisions for new Subnetworks

S. Blake-Wilson presented IP0103, a Presentation on VDL3 Security. Simon described that a number of options to secure VDL3 have been identified including making the ATN security primitives available. Simon noted that IP0102, Securing VDL-3 via XID exchange was available to the subgroup. The subgroup decided to bring this paper forward to WG N as working paper WG N02 WP22. T. McParland announced to the group that a EUROCONTROL VHF Security Study would be made available on the archive. This study examined security over VDL-2.

6.3 Internet Protocol Stack

S. Blake-Wilson presented Working Paper WP0109, Demonstration of ATN and IPSec. This paper describes a proof of concept demonstration of ATN and IPSec carried out at the FAA Technical Center. The subgroup decided to bring this paper forward to WG N as working paper WG N02 WP20.

6.12 Security Institutional Issues

T. McParland presented FL 0101, An Introduction to the ATN System Integrity Policy. This flimsey was a companion introduction to WP 0111, Draft ATN System Integrity Policy. It was noted that WP 0111 was a further evolution of a comparable policy developed by the Asia Pacific Transition Task Force. The new working paper addresses ‘Verification and Authorization’ which were termed ‘Certification and Accrediation’ in the Asia/Pac policy. The change is to make clear that the policy is intended to cover both security and safety concerns. Kors noted that this work may be be beyond the typical scope of work for the security subgroup which had focused on technical provisions. T. McParland acknowledged that the policy was meant to address Management, Operational, and Technical controls. The Panel Secretary provided some further insight on the role of ACP but recommended that this paper be brought forward to WG N with a recommendation for the Secretary to coordinate with other ICAO groups. There was considerable ensuring discussion where A. Bergemeister noted the importance of standard definitions, the connection to larger efforts and in particular to availability issues. There was also considerable discussion where K. Kitchens maintained that the policy should contain an enforcement component. The case Kelly made was that for a policy to be meaningful there should be provisions for the responsible entity to ensure that it is carried out. T. McParland stated that the policy was meant to be high level and that there would be more detailed management controls including detailed policies with enforcement clauses to implement the high level policy. The Panel Secretary added ICAO’s perspective on enforcement of policies and Standards and Practices in general. Following this discussion the subgroup agreed to bring this paper forward ‘as is’ as WG N 02 WP 21.

6.13 Coordination with other Working Groups/Sub-Groups

Vic Patel presented IP 0101, AEEC ATN Security Progress. This paper consists of the report from AEEC dealing with Key Management and Security. There was considerable ensuring discussion on whether and how ICAO should help or otherwise interact with AEEC. The Panel Secretary noted that ICAO should not attempt to regulate items outside its scope which are not to be regulated. There was a futher somewhat open ended discussion on security including global implementation of security, sunset dates etc.

T. McParland presented WP 0108, AIDC Security Provisions. This paper raises isues associated with securing AIDCand points out that AIDC does not use the Upper Layer Dialogue Service and so the security provisions must be specified again for this environment. Following this discussion the subgroup agreed to bring this paper forward as WG N 02 WP 19.