Professional Documents
Culture Documents
Summary This information paper summarizes the outcomes of the validation exercises performed by Thales Avionics on the ATN Security Solution of Doc ICAO 9 !" ed#$% and expresses the level of confidence on the &uality and correctness of the ATN Security Services as specified in Sub'(olumes I( and (III# The meetin) is invited to note the content of this paper#
-1-
Introduction
*#* Overview
Thales Avionics has been involved for more than ten years in supplying ATN and other aeronautical communications products and services to its clients. With other partners, Thales Avionics has developed ATN routers (B !" and end-systems (#!" that can be readily ported into both airborne and ground-based products, across a $ide range of target platform environments. %roducts have been rigorously developed follo$ing the recommendations in &T'A ()-1*+B for ,evel ' (-light #ssential" soft$are and . ,-/0+B standards. !ince 122/ Thales Avionics is involved in studies related to the validation of the standards and recommended practices (!A&%s" for ATN security specified in 'A) (oc 0*23-AN4035 #dition 6. A prototype implementation of the airborne ATN security solution has been developed and tested in a stand-alone environment. All cryptographic functions $ere integrated by implementing an #lliptic curve based 'ryptographic %ac7age already e8isting $ithin the Thales group (adapted from military products". The aim of this study $as to investigate and gain confidence in the relevance (in particular for airborne implementations" of the !ecurity schemes defined in the third edition of ATN !A&%s. #ven if its standardi9ation is still evolving, it is thought that the future ATN !ecurity solution can ta7e advantage to a large e8tent of the e8isting !ecurity frame$or7. This document summari9es the outcomes of the validation e8ercises. No ma:or deficiency $as identified in (oc 0*23, the value of verification against the e8amples provided in the ;uidance .aterial ((oc 0*60, 'A.A," $as confirmed.
Thales Avionics Avionics and .ission !ystems <ead of .aintenance and (ata .anagement Thales Avionics Avionics and .ission !ystems &esp. (atalin7 !tudies
.r. .atthieu Borel Thales Avionics Tel. =66.(2"3.51.10.53./1 #mail> matthieu.borel?fr.thalesgroup.com .r. Nicolas &ossi Thales Avionics Tel. =66.(2"3.51.10.53.3* #mail> nicolas.rossi?fr.thalesgroup.com
Validation Tests
The purpose of the validation tests $as to loo7 at three main aspects for ATN security specified in 'A) (oc 0*23 #d6> nominal behavior, e8ception handling and bac7$ard compatibility $ith implementation in mode Bno securityC. %erformance $as beyond the scope of the testing. The test activities focused on the airborne implementation, $hich is the core business for Thales Avionics.
*, -D.s ta/en into account on Sub (olume (III ./23222*, !E+ - Fey lifetime clarification 122/42*410 ./262221, !E+ - .issing reGuirement on Dser (ata padding .1202226, !E+ - A!N.1 padding issues 122/42541+ .12+2221, !E+ - Dnnecessary random challenge field 122/42341+ .126222/, All !E - #ditorials (version of %(& current on 122/42341+" ./212221, !ecurity - #rror in AF(- function .120222/, !E+ - !!)-!essionFey 'ertificate Fno$ledge .12+2225, !ecurity - Add $arning concerning the use of invalid 7eys by the secret value derivation primitive .12+222/, !ecurity - Additional e8tensions in 'A certificates 1226421425
.1122223, !E+ - Tagging in !E+ A!N.1 module 122141142/ .12+2220, !ecurity - !ub-Eolume E A!N.1
.12+222+, !ecurity - &emove duplicate certificate retrieval reGuirements .12+222*, !ecurity - &emove 'hec7&esult references from +.5.6 .12+2223, !ecurity - 'larify ATN '&, processing .12+2226, !ecurity - 'larify representation of A.<! identities in ATN certificates .126222*, !ecurity - #ditorial errors found during development of ;uidance .aterial .126222+, !ecurity - (efects found during development of ;uidance .aterial
+, -D.s ta/en into account on Sub (olume I( .12+2221 - !#-Transfer #nd -lag .1122223 - Tagging in !E+ A!N.1 module .1202225 - !E/ !ecurity A!) 'larification .6212221 - D,'!4!E0 - !ecurity Abstract !ynta8 .1212221 - '- Transition - atomic A!# .1212221 - '- %redicates .1112221 - (-AB)&T <andling .1112221 - &elease 'ollision $ith !ecurity
verifying bac7$ard compatibility and that the ATN #nd !ystem are able to force abort of the communications $hen a voluntary or involuntary alteration of e8changes has been detected. <o$ever, no interoperability testing bet$een separate implementations have been conducted (and is not foreseen in the short term". t is essential to be able to definitively conclude the complete and successful validation of the implementation. The ma:ority of the problems encountered $ith the prototype during testing $ere related to discrepancies $ith %#& encoding and validation of cryptographic algorithms. 'onstruction and validation of security items (<.A' tag and signature" uses comple8 A!N.1 structures. 'hec7ing security items against the samples provided in the 'A.A, ((oc 0*60" has been a very effective means of validation for the ATN security implementation. t allo$s a preliminary validation of both outputs generated by cryptographic algorithms and the global %#& encoding of security appendices. As a result of the successful validation e8ercises conducted in the frame of this study, Thales Avionics has gained confidence regarding the Guality of its implementation of a secure ATN #nd !ystem, and its conformance to the technical provision contained in the third edition of 'A) (oc 0*23 (sub-volumes E and E ".
!tandardi9ation of an ATN security solution is still evolving at A'% level. t appears that the solution defined in (oc 0*23 #d 6 $ill probably not be implemented as-is. Nevertheless most of these activities $ill be reusable for future developments. n particular, Thales Avionics can ta7e advantage of a robust and rigorouslydeveloped #lliptic 'urve 'ryptographic pac7age (e8tracted from for military applications".
$
1.
Conclusions
No ma:or problems $ere discovered $ith 'A) (oc 0*23 #dition 6 relating to the ATN security for the airborne end-system (nominal cases, e8ception handling and bac7$ard compatibility". <o$ever, no interoperability tests $ith independent implementations $ere performed to complete the validation of the implementation. #ven if its standardi9ation is still evolving, it is thought that the future ATN !ecurity solution can ta7e advantage to a large e8tent of the e8isting !ecurity frame$or7. The value of verification of ATN security implementations against the samples provided in the ;uidance .aterial ((oc 0*60, 'A.A," $as confirmed $hen developing and testing security implementations. Dpdates for this document should be maintained for the future ATN !ecurity standardi9ation.
1. 6.