WGN6 IP 5

AERONAUTICAL COMMUNICATIONS PANEL (ACP) WORKING GROUP N (NETWORKING) 6TH MEETING

ATN Security Prototy e I! "e!e#t$tio# %y T&$"e' A(io#ic'

Pre $re) %y Nico"$' Ro''i o# %e&$"* o* T&$"e' A(io#ic' Presented by DTI

Summary This information paper summarizes the outcomes of the validation exercises performed by Thales Avionics on the ATN Security Solution of Doc ICAO 9 !" ed#$% and expresses the level of confidence on the &uality and correctness of the ATN Security Services as specified in Sub'(olumes I( and (III# The meetin) is invited to note the content of this paper#

-1-

Introduction

*#* Overview
Thales Avionics has been involved for more than ten years in supplying ATN and other aeronautical communications products and services to its clients. With other partners, Thales Avionics has developed ATN routers (B !" and end-systems (#!" that can be readily ported into both airborne and ground-based products, across a $ide range of target platform environments. %roducts have been rigorously developed follo$ing the recommendations in &T'A ()-1*+B for ,evel ' (-light #ssential" soft$are and . ,-/0+B standards. !ince 122/ Thales Avionics is involved in studies related to the validation of the standards and recommended practices (!A&%s" for ATN security specified in 'A) (oc 0*23-AN4035 #dition 6. A prototype implementation of the airborne ATN security solution has been developed and tested in a stand-alone environment. All cryptographic functions $ere integrated by implementing an #lliptic curve based 'ryptographic %ac7age already e8isting $ithin the Thales group (adapted from military products". The aim of this study $as to investigate and gain confidence in the relevance (in particular for airborne implementations" of the !ecurity schemes defined in the third edition of ATN !A&%s. #ven if its standardi9ation is still evolving, it is thought that the future ATN !ecurity solution can ta7e advantage to a large e8tent of the e8isting !ecurity frame$or7. This document summari9es the outcomes of the validation e8ercises. No ma:or deficiency $as identified in (oc 0*23, the value of verification against the e8amples provided in the ;uidance .aterial ((oc 0*60, 'A.A," $as confirmed.

*#+ Contact Point

St$te+Or,$#i'$tio# Co#t$ct -et$i"'

Thales Avionics Avionics and .ission !ystems <ead of .aintenance and (ata .anagement Thales Avionics Avionics and .ission !ystems &esp. (atalin7 !tudies

.r. .atthieu Borel Thales Avionics Tel. =66.(2"3.51.10.53./1 #mail> matthieu.borel?fr.thalesgroup.com .r. Nicolas &ossi Thales Avionics Tel. =66.(2"3.51.10.53.3* #mail> nicolas.rossi?fr.thalesgroup.com

*#$ Referenced Documents

The follo$ing documents are referenced in this report. @1A @1A 'A) (oc 0*23-AN4035 Manual of Technical Provisions for the Aeronautical Telecommunication Network, #dition 6, 1221. 'A) (oc 0*60-AN4051 Comprehensive Aeronautical Telecommunication Network Manual, #dition 1.

Validation Tests

The purpose of the validation tests $as to loo7 at three main aspects for ATN security specified in 'A) (oc 0*23 #d6> nominal behavior, e8ception handling and bac7$ard compatibility $ith implementation in mode Bno securityC. %erformance $as beyond the scope of the testing. The test activities focused on the airborne implementation, $hich is the core business for Thales Avionics.

+#* Test Objectives

The general ob:ectives of the validation activities mainly aimed at demonstrating that ATN !ecurity !ervices specified in the third edition of 'A) (oc 0*23 are complete and consistent, and can be integrated in the ATN #nd !ystems (D,'!". t comprises both the ATN cryptographic algorithms and the communication protocols supporting the !ecurity !ervices. )n the other hand it $as also important to verify that the ATN !ecurity !ervices are bac7$ard compatible $ith the ATN #! communication protocols not supporting such services.

+#+ Test Configuration

T$o B. &!5222 $or7stations $ere configured to run airborne and ground instances of the ATN !ecurity #nd !ystems. The (&% protocol did not operate ATN security. The validation configuration has also been successfully re-hosted on %' platforms $ith ,inu8 )!. #ach !ecure #nd !ystem $as based on the ATN stac7 product currently available in Thales Avionics. The ATN Dpper ,ayer 'ommunication !ervices (D,'!" $ere updated to include a prototype of the security mechanisms defined in (oc 0*23 ed.6. n parallel, a test tool acting as an air or ground user application $as developed to activate the security services over the secure ATN #nd !ystem. 2.2.1 Software baseline: The soft$are used is based on document (oc 0*23 #d 6, plus additional %roposed (efect &eports (%(&s" covering !ub Eolumes E and E .

*, -D.s ta/en into account on Sub (olume (III ./23222*, !E+ - Fey lifetime clarification 122/42*410 ./262221, !E+ - .issing reGuirement on Dser (ata padding .1202226, !E+ - A!N.1 padding issues 122/42541+ .12+2221, !E+ - Dnnecessary random challenge field 122/42341+ .126222/, All !E - #ditorials (version of %(& current on 122/42341+" ./212221, !ecurity - #rror in AF(- function .120222/, !E+ - !!)-!essionFey 'ertificate Fno$ledge .12+2225, !ecurity - Add $arning concerning the use of invalid 7eys by the secret value derivation primitive .12+222/, !ecurity - Additional e8tensions in 'A certificates 1226421425

.1122223, !E+ - Tagging in !E+ A!N.1 module 122141142/ .12+2220, !ecurity - !ub-Eolume E A!N.1

.12+222+, !ecurity - &emove duplicate certificate retrieval reGuirements .12+222*, !ecurity - &emove 'hec7&esult references from +.5.6 .12+2223, !ecurity - 'larify ATN '&, processing .12+2226, !ecurity - 'larify representation of A.<! identities in ATN certificates .126222*, !ecurity - #ditorial errors found during development of ;uidance .aterial .126222+, !ecurity - (efects found during development of ;uidance .aterial

+, -D.s ta/en into account on Sub (olume I( .12+2221 - !#-Transfer #nd -lag .1122223 - Tagging in !E+ A!N.1 module .1202225 - !E/ !ecurity A!) 'larification .6212221 - D,'!4!E0 - !ecurity Abstract !ynta8 .1212221 - '- Transition - atomic A!# .1212221 - '- %redicates .1112221 - (-AB)&T <andling .1112221 - &elease 'ollision $ith !ecurity

+#$ Test Methodology

2.3.1 Nominal Behaviour with ATN Security !ince the tests focused on the airborne implementation, no functionality for retrieval of certificates has been implemented. Aircraft signature public 7ey and 7ey agreement public 7ey $ere previously defined and stored. These tests loo7ed at the nominal behaviour of ATN dialogue services (dialogue establishment maintained4not maintained, data e8change, termination and abort". 2.3.2 Exceptions Handling with ATN Security The #8ception <andling tests loo7ed at the behavior (abort of the dialogue" $hen receiving inconsistent <.A' tag or signature value bet$een airborne and ground. 2.3.3 Backward Compatibility with mode No Security Tests $ere also carried out $ithout use of security. <igh-level tests (formerly developed for the legacy BnonsecureC product" have been carried out on the prototype. t validates that the addition of security services did not impair the nominal behaviour of the Bnon-secureC product.

+#0 Validation Results and discussion

This validation e8ercise $as successful. t allo$ed verifying that the security related information can be handled and e8changed by ATN #nd !ystems security services in the secure mode. n addition it allo$ed

verifying bac7$ard compatibility and that the ATN #nd !ystem are able to force abort of the communications $hen a voluntary or involuntary alteration of e8changes has been detected. <o$ever, no interoperability testing bet$een separate implementations have been conducted (and is not foreseen in the short term". t is essential to be able to definitively conclude the complete and successful validation of the implementation. The ma:ority of the problems encountered $ith the prototype during testing $ere related to discrepancies $ith %#& encoding and validation of cryptographic algorithms. 'onstruction and validation of security items (<.A' tag and signature" uses comple8 A!N.1 structures. 'hec7ing security items against the samples provided in the 'A.A, ((oc 0*60" has been a very effective means of validation for the ATN security implementation. t allo$s a preliminary validation of both outputs generated by cryptographic algorithms and the global %#& encoding of security appendices. As a result of the successful validation e8ercises conducted in the frame of this study, Thales Avionics has gained confidence regarding the Guality of its implementation of a secure ATN #nd !ystem, and its conformance to the technical provision contained in the third edition of 'A) (oc 0*23 (sub-volumes E and E ".

!tandardi9ation of an ATN security solution is still evolving at A'% level. t appears that the solution defined in (oc 0*23 #d 6 $ill probably not be implemented as-is. Nevertheless most of these activities $ill be reusable for future developments. n particular, Thales Avionics can ta7e advantage of a robust and rigorouslydeveloped #lliptic 'urve 'ryptographic pac7age (e8tracted from for military applications".

$
1.

Conclusions
No ma:or problems $ere discovered $ith 'A) (oc 0*23 #dition 6 relating to the ATN security for the airborne end-system (nominal cases, e8ception handling and bac7$ard compatibility". <o$ever, no interoperability tests $ith independent implementations $ere performed to complete the validation of the implementation. #ven if its standardi9ation is still evolving, it is thought that the future ATN !ecurity solution can ta7e advantage to a large e8tent of the e8isting !ecurity frame$or7. The value of verification of ATN security implementations against the samples provided in the ;uidance .aterial ((oc 0*60, 'A.A," $as confirmed $hen developing and testing security implementations. Dpdates for this document should be maintained for the future ATN !ecurity standardi9ation.

1. 6.

The meeting is invited to note the content of this paper.