International Civil Aviation Organization
WORKING PAPER / ACP-WGI-07/WP-07
5/23/2008
Aeronautical Communication Panel
Working Group I – Internet Protocol Suite (IPS)
June 2-6, 2008
Montreal Canada
Updated
Security Requirements
for the
“Manual for the ATN using IPS Standards and Protocols”
Prepared by: Vic Patel and Tom McParland
Presented by: Vic Patel
SUMMARY
This paper provides updated security requirements for Doc 9896, “Manual for the ATN using IPS Standards and Protocols.” This paper is an update of working paper 9 from the 6th meeting of Working Group I. Changes from ACP-WGI06/WP09 are depicted as red-line inserts and strikeouts. The working group is invited to consider these requirements as a baseline set of air-ground security requirements.
2.6 SECURITY
This section contains provisions for ground-ground and air-ground security in the ATN/IPS. Certain provisions in this section are mandatory to implement but optional to use. Their actual use is to be based on a system threat and vulnerability analysis.
Note. - Support for security is to be based on a system threat and vulnerability analysis.
2.6.1 Ground-Ground Network Layer Security
Note . – Network layer security in the ground-ground ATN/IPS internetwork is implemented using Internet Protocol security (IPsec) and the Internet Key Exchange (IKEv2) protocol.
2.6.1.1 Ground-Ground IPsec/IKEv2
2.6.1.1.1 ATN/IPS nodes in the ground-ground environment shall implement the Security Architecture for the Internet Protocol as specified in RFC-4301
2.6.1.1.2. ATN/IPS nodes in the ground-ground environment shall implement the IP Encapsulating Security Payload (ESP) protocol as specified in RFC-4303.
2.6.1.1.3 ATN/IPS nodes in the ground-ground environment may implement the IP Authentication Header (AH) protocol as specified in RFC-4302.
2.6.1.1.4 ATN/IPS nodes in the ground-ground environment shall implement manual configuration
2.6.1.1.45 ATN/IPS nodes in the ground-ground environment shall implement the Internet Key Exchange (IKEv2) Protocol as specified in RFC-4306.
2.6.1.1.56 ATN/IPS nodes in the ground-ground environment shall implement the Cryptographic Algorithm Implementation Requirements for the Encapsulating Security Payload (ESP) and Authentication Header (AH) as specified in RFC-4305..
2.6.1.1.67 ATN/IPS nodes in the ground-ground environment shall implement The Null Encryption Algorithm and Its Use With IPsec as specified in RFC-4305, but not the Null Authentication Algorithm.
Note - ESP encryption is optional, but authentication is always performed.
2.6.1.1.78 ATN/IPS nodes in the ground-ground environment shall implement the Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) required algorithms for key exchange as specified in RFC-4307.
Note. – Algorithms of equivalent or greater strength than those identified in RFC-4307 are implemented as a local matter on a bi-lateral basis.
2.6.2 Air-Ground Security
2.6.2.1 Air-Ground Acess Network Security
2.6.2.1.1 ATN/IPS mobile nodes shall implement the security provisions of the accces network.
Note. – For example, the WiMAX, 3GPP, and 3GPP2 access networks have authentication and authorization provisions.
2.6.2.2 Air-Ground IPsec/IKEv2
2.6.2.2.1 ATN/IPS nodes in the air-ground environment shall implement the Security Architecture for the Internet Protocol as specified in RFC 4301.
2.6.2.2.2 ATN/IPS nodes in the air-ground environment shall implement the IP Encapsulating Security Payload (ESP) protocol as specified in RFC 4303.
2.6.2.2.3 ATN/IPS nodes in the air-ground environment shall implement AUTH_HMAC_SHA2_256-128 as the integrity algorithm for ESP authentication as specified in RFC 4868.
2.6.2.2.43 ATN/IPS nodes in the air-ground environment, which implement MIPv6, may implement the Authentication Protocol for Mobile IPv6 as specified in RFC 4285.
2.6.2.2.54 ATN/IPS nodes in the air-ground environment shall implement the Internet Key Exchange (IKEv2) Protocol as specified in RFC 4306.
2.6.2.2.6 ATN/IPS nodes in the air-ground environment shall implement IKEv2 with the following transforms:
a) PRF_HMAC_SHA_256 as the pseudo-random function as specified in RFC 4868.
b) 233-bit random ECP group for Diffie-Hellman Key Exchange values as specified in RFC 4753.
c) ECDSA with SHA-256 on the P-256 curve as the authentication method as specified in RFC 4754.
2.6.2.2.6 ATN/IPS nodes in the air-ground environment shall use the Air Transport Authority (ATA) Certificate Policy as specified in Chapter 5 of ATA iSpec 2200, Information Standards for Aviation Maintenance developed by the ATA Digital Security Working Group (DSWG).
2.6.2.2.75 ATN/IPS nodes in the air-ground environment, which implement MIPv6, shall implement Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture as specified in RFC 4877.
2.6.2.3 Air-Ground Transport Layer Security
2.6.2.3.1 ATN/IPS mobile nodes and correspondent nodes may implement the Transport Layer Security (TLS) protocol as specified in RFC 4346.
2.6.2.3.26 If TLS is used for air-ground security, mobile nodes and correspondent nodes shall implement the Cipher Suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA as specified in RFC 4492.
2.6.2.4 Air-Ground Application Layer Security
2.6.2.4.1 ATN/IPS mobile nodes and correspondent nodes may implement application layer security at the IPS Dialogue Service Boundary.air-ground security as specified in Doc 9705/9880.
2.6.2.4.2 If application layer security is used for air-ground security, mobile nodes and corresondent nodes shall append an HMAC keyed message authentication code as specified in RFC 2104 using SHA-256 as the cryptographic hash function.
2.6.2.4.3 If application layer security is used for air-ground security, an HMAC tag truncated to 32 bits shall be computed over the User Data concatenated with a 32-bit send sequence number for replay protection.
2.6.2.4.2 If application layer security is used for air-ground security, IKEv2 shall be used for key establishment as specified in section 2.6.2.2.
2.6.2.4.3 If application layer security is used for air-ground security, mobile nodes may use a shared secret or HTTP_CERT_LOOKUP as the authentication mechanism for IKEv2.
Note 1.-- In IKEv2 the authentication mechaism may be different in each direction.
Note 2. – With the shared secret method the ground system may retrieve the mobile node’s shared secret from a AAA server.
Note 3. – With HTTP_CERT_LOOKUP the mobile node does not have to transmit an actual certificate but rather transmits a hash value and a URL where the ground system can retrieve the mobile node’s certificate and CRL.
2.6.2.4.4 If application layer security is used for air-ground security, ATN/IPS mobile nodes and correspondent nodes shall implement the following transforms:
a)AUTH_HMAC_SHA2_256-128 as the Integrity Algorithm for ESP authentication as specified in RFC 4868.
b)PRF_HMAC_SHA_256 as the pseudo-random function in IKEv2 as specified in RFC 4868.
c)d) 256-bit random ECP group for Diffie-Hellman Key Exchange values in IKEv2 as specified in RFC 4753.
d)ECDSA with SHA-256 on the P-256 curve as the IKEv2 authentication method as specified in RFC 4754.
APPENDIX A – REFERENCE DOCUMENTS
IETF STANDARDS AND PROTOCOLS
The following documents are available publicly at and form part of this manual to the extent specified herein. In the event of conflict between the documents referenced herein and the contents of this manual, the provisions of this manual shall take precedence.
Air Transport Authority (ATA) Specifications
ATA iSpec 2200
Information Standards for Aviation Maintenance
Request for Comments (RFCs)
netlmm-mn-ar-if
Network-based Localized Mobility Management Interface between Mobile Node and Mobility Access Gateway, May 2007
netlmm-proxymip6
Proxy Mobile IPv6, February 2008
RFC-768User Datagram Protocol, August 1980
RFC-793Transmission Control Protocol (TCP), September 1981
RFC-1006ISO Transport Service on top of TCP, May 1987
RFC-1323TCP Extensions for High Performance May 1992
RFC-1981Path Maximum Transmission Unit (MTU) Discovery for IP Version 6, August 1996
RFC-2104HMAC: Keyed-Hasing for Message Authentication, February 1997
RFC-2126ISO Transport Service on top of TCP, March 1997
RFC-2460Internet Protocol, Version 6 (IPv6) Specification, December 1998
RFC-2474Differential Services Field, December 1998
RFC-2488Enhancing TCP over Satellite Channels, January 1999
RFC-2858Border Gateway Protocol (BGP4) Multiprotocol Extensions June 2000
RFC-3775Mobility Support in IPv6, June 2004
RFC-4271A Border Gateway Protocol 4 (BGP-4), January 2006
RFC-4285Authentication Protocol for Mobile IPv6 , January 2006
RFC-4291IP Version 6 Addressing Architecture, February 2006
RFC-4301Security Architecture for the Internet Protocol, December, 2005
RFC-4302Internet Protocol (IP) Authentication Header, December 2005
RFC-4303IP Encapsulating Security Payload (ESP), December 2005
RFC-4305Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) – (NB proposed standard, obsoletes RFC-2402, RFC-2406), December 2005
RFC-4306Internet Key Exchange (IKEv2) Protocol, December 2005
RFC-4307Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2), December 2005
RFC-4346The Transport Layer Security (TLS) Protocol Version 1.1, April 2006
RFC 4423Host Identity Protocol (HIP) Architecture, May 2006
RFC-4443Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification, March 2006
RFC-4492Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security, May 2006
RFC- 4555IKEv2 Mobility and Multihoming Protocol (MOBIKE), June 2006
RFC-4753ECP Groups for IKE and IKEv2, January 2007
RFC-4754IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm, (ECDSA), January 2007
RFC- 4830Problem Statement for Network-Based Localized Mobility Management (NETLMM), April 2007
RFC- 4831Goals for Network-Based Localized Mobility Management (NETLMM), April 2007
RFC-4868Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec, May 2007
RFC-4877Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture, April 2007
1