Upload
others
View
6
Download
1
Embed Size (px)
Citation preview
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
Protected ACARS (PACARS)
Jon Salisbury
The MITRE Corporation
CNS/ATM Conference 2011
Aerospace Management Systems Division
©2011 – The MITRE Corporation
Distribution Statement A: Approved for public release: 11-2570 and 66ABW-2011-0657. Distribution Unlimited
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Overview
• Aircraft Communications Addressing and
Reporting System (ACARS)
• ACARS Message Security (AMS)
• Security Scheme
• Tools
• Session Management
• Examples
• Way Ahead
2
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
ACARS and the USAF
• ACARS is a global data link network developed by commercial
airlines in 1978
• USAF is equipping with ACARS as part of CNS/ATM
modernization program
• USAF desires ACARS message security for
– Air Traffic Service (ATS) messages
– Airline Operational Control (AOC) messages
3
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Military Use of ACARS
• ACARS provides many benefits to the USAF:
– ATS
• Direct data link connectivity between flight crew and air
traffic control
• Ability to modify flight plans en route
• Automated position reporting
• Access to preferred routes
– AOC
• Mission planning
• In transit visibility and flight following
• Dynamic asset reallocation
4
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
ACARS Security Problem
5
AOC messages are Human-readable and character-based ACARS transmissions are easy to monitor (just need a PC, RF scanner, and free software)
What may
be
disclosed?
Graphical
Position
Reports
Contact
Reports
Message
Logs
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Standardization of AMS
• Industry desire to address ACARS security
problem via standard solution
– Objective was an interoperable solution initiated
within the Airlines Electronic Engineering
Committee (AEEC)
• Expected to minimize costs to airlines,
avionics vendors, data link service providers,
civil aviation authorities and others
• Standard is ARINC 823
6
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
AMS Protection Modes
• SIGN Protection Mode
– Used only during a Public/Private Key session initiation
– Uses a Elliptic Curve Digital Signature
• AUTH Protection Mode
– Appends a message authentication code to the message
without payload encryption
• BOTH Protection Mode
– Appends a message authentication code to the message and
applies encryption to the payload
• NONE Protection Mode
– Does not apply a protection mode to the message
7
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
AMS Compression Modes
• Implementers can choose DMC, DEFLATE or both
• Dynamic Markov Compression (DMC)
– Optimization Level 0
• Employs small Markov model, better for legacy platforms with
data memory constraints
– Optimization Level 1
• Employs a large Markov model, which offers better
compression than Level 0, recommended for newer platforms
• DEFLATE
– Removes redundancies in the uncompressed data stream by
replacing recurring streams with backward references to
previous occurrences of the same strings
8
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Security
• USAF interested in:– AOC (C2) message security: End-to-End AMS
• Near term
• Character-oriented, human readable messages create largest
vulnerability
• Unable to exploit ACARS for AOC until mitigated
• Feasible as both airborne and ground end systems are
owned/controlled by USAF
– ATS message security: DSP-based AMS
• Mid/long term
• Bit-oriented, nonhuman readable messages reduce risk
• Other protections already inherent in ATS messages
• ATS providers not investing in security at this time
• Only airborne end system is owned/controlled by the USAF
9
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
AMS Architecture
10
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
KC-135 PACARS Phase History
11
Dependent on Phase II prototype testingUnfunded
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Testing Configuration
12
Broadcast
Data
Mapper
Access
Database
DM
Server
IPCABLE PC
FMC(ARINC 702)
ARINC 429
Broadcast Data
Printer
Airborne
Data
Loader
MCDU(ARINC 739)
CMU-900
ARINC 656 IPC Interface
VHF (AIR)VHF
(GROUND)
ARINC Ground
Network
BEDP1MC
(Protected
ACARS Test
Tool)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
End-to-End Protection
13
CMU-900VHF
(AIR)
VHF
(GROUND)
ARINC
Ground
Network
BEDP1MC
(Protected
ACARS
Test Tool)
Messages are protected ALL the way through the network. From
air-ground to ground-ground to ground user.
Payload Encode
Payload Compress
Payload Encrypt
Payload Decrypt
Payload
Decompress
Payload Decode
AIR UserGround
User
AMS
Libraries
(ARINC 823)
AMS
Libraries
(ARINC 823)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
System Mapping
14
CMU-900VHF
(AIR)
VHF
(GROUND)
ARINC
Ground
Network
BEDP1MC
(Protected
ACARS
Test Tool)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Prototype CMU-900
• Software only solution
– Baselined from KC-135 Block 40.5 ATS and AOC
applications
– Absolutely no change to hardware or architecture
– Simple solution to protect AMC’s largest fleet
• For Testing
– Hard coded keys for digital signature
• RCAT tail number hardcoded (160414)
– HMAC-SHA256 for Message Authentication Code
– AES Encryption
– BOTH protection mode
– DEFLATE compression
15
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Tools in RCAT
• RCAT (Reconfigurable Cockpit Avionics Testbed)
– USAF Lab hosted at MITRE Bedford
– Test facility for Data Comm capabilities on various military aircraft
• Protected ACARS Test Tool (PATT)
– Developed by ARINC
– Ground peer that incorporates ARINC 823 libraries (AMS)
– Capable of processing canned KC-135 AOC messages
• ABLE
– Rockwell Collins’ avionics simulation tool
– Used to simulate ARINC 750 (VHF) over ARINC 429 in Rockwell’s
SIL for lab demonstration
– Used in RCAT to simulate IPC and MCDU
• Connected via Condor 429 PCI card to CMU
• PC ACARS
– ACARS ground VHF monitoring tool
16
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Secure Session Initiation
17
Tanker Airlift
Control Center
(TACC)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Secure Session Initiation
18
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Secure Session Termination
19
Tanker Airlift
Control Center
(TACC)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Secure Session Termination
20
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
OOOI Reports
21
Protected
Unprotected
Out
Off
OnIn
Flight Summary
Out
Off
OnIn
Flight Summary
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
FANS During Secure Session
22
Protected AOC Message
Protected AOC Message
AFN Logon to KRCT
CPDLC Connect Confirm
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
PATT OOOI Reports
23
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Next Steps
– Complete Phase II testing & provide feedback to AMC
– Go/No-go decision on Phase III and/or acquisition• If Phase III:
– 4 node testing
» 2 CMUs
» 2 ground systems
– Ops concept studies & recommendations including
» Key generation
» Key distribution
» Key management
• If acquisition:
– Develop ops concept
– Assist platforms during procurement
– Enhance RCAT PACARS capabilities in support of acquisition &
deployment
• Modified CMU(s)
• PATT
24
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Backups
25
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Aircraft Initiated Session Initiation
26
TACC
(Ground)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Ground Initiated Session Initiation
27
TACC
(Ground)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Aircraft Secure Data Exchange
28
TACC
(Ground)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Sequence of Operations
29
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Ground Secure Session Termination
30
TACC
(Ground)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Aircraft Secure Session Termination
31
TACC
(Ground)
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
CMU-900
32
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Test Network Ground Station
33
I n t e g r i t y - S e r v i c e - E x c e l l e n c e
War-winning Capabilities…On Time, On CostDelivering what we promised when we promised
Dual MCDUs
34