With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. The biggest challenge in recent years is the transition from analogue voice to digital data communication and the related trend towards an increased autonomous data processing. A promising candidate for the digital future communication infrastructure in continental areas is the terrestrial long-range L-band Digital Aeronautical Communications System (LDACS), which is currently in the process of being standardized by the International Civil Aviation Organization (ICAO). As safety and security are strongly intertwined in civil aviation, every installation of LDACS requires protection against cyber-attacks. This paper introduces a cybersecurity architecture for LDACS and proposes suitable security algorithm, which can achieve the security objectives on top of the architecture. Therefore we integrate new security functions within the existing protocol stack of LDACS. We provide an architecture for user data encryption, data integrity, authenticated key agreement, entity authentication, broadcast channel protection, and key and access management.
The Ground Based Augmentation System (GBAS) is the cornerstone for enabling automated landings without the Instrument Landing System (ILS). Currently GBAS is evolving to GAST-D for CAT III landings. This extends GBAS via the use of multiple frequencies (L1/L2 and L5) and the use of multiple global navigation satellite system constellations. GBAS requires correction data to be broadcast to aircraft. This is currently done with the VHF Data Broadcast (VDB) datalink. However, VDB has several known shortcomings: (1) low throughput, (2) small area of operation and (3) no cyber-security measures. In this paper we propose the use of the L-band Digital Aeronautical Communications System (LDACS) for broadcasting GBAS correction data to address these shortcomings. In flight experiments conducted in 2019, we set up an experimental GBAS installation using LDACS. Broadcast data was secured using the TESLA broadcast authentication protocol. Our results indicate that cryptographically secured GBAS data via LDACS can provide GAST-C and GAST-D services with high availability if cryptographic parameters are chosen appropriately.
The L-band Digital Aeronautical Communications System (LDACS) is a key enabler of the new air traffic services and operational concepts necessary for the modernization of the air traffic management (ATM). After its initial design, compatibility tests with legacy L-band systems, and functional demonstrations in the laboratory, the system is currently undergoing the standardization process of the International Civil Aviation Organization (ICAO). However, LDACS has not been demonstrated in flight yet. In this paper, we present the first in-flight demonstration of LDACS, which took place in March and April 2019 in southern Germany and included four LDACS ground stations and one LDACS airborne station. We detail the experimental setup of the implemented LDACS ground and airborne stations together with the flight routes, the conducted experiments, and the frequency planning to ensure compatibility with legacy systems. In addition, we describe the demonstrated ATM applications and the security measures used to protect them. Based on the obtained measurement results, we evaluate the LDACS in-flight communication performance for the first time, including the achieved communication range, the measured end-to-end message latency, and the LDACS capability to provide quality of service by effectively prioritizing safety-relevant data traffic. Furthermore, we use the in-flight received signal power to assess the applicability of a theoretical path loss model. These flight trials contribute to the final steps in the development of LDACS by providing its in-flight communication performance and by demonstrating: first, its correct functionality in a realistic environment; second, its capability of supporting ATM applications and the advanced security measures that can be used to protect them; and third, its spectrum compatibility with legacy systems. We conclude that LDACS is ready to support ATM operations and that LDACS frequency planning can safeguard legacy systems successfully.
No abstract
Growth of civil air traffic worldwide poses a great challenge for the supporting Communication, Navigation and Surveillance (CNS) infrastructure. Analogue systems have to be replaced by digital means to optimize spectrum efficiency and automation is becoming much more important to be able to handle the amount of participants in the air traffic system. As safety and security are strongly intertwined in aviation, cybersecurity is one key enabler for digitalization in civil aviation. As such we investigate mutual authentication and key agreement methods for the digital aeronautical ground-based communications system L-band Digital Aeronautical Communication System (LDACS). Thereby, we compare the suitability of three different Diffie-Hellmann (DH) key exchange flavors used in a modified version of the Station-To-Station (STS) protocol, for digital aeronautical communication in terms of latency and security data overhead. We conclude, the STS protocol based on a central Public Key Infrastructure (PKI) trust solution with Supersingular Isogeny Diffie-Hellman (SIDH) for post-quantum security to be best suited for long term security. However, due to the smaller key sizes, Elliptic Curve Diffie-Hellman (ECDH) is the more resource efficient candidate and may play a role in low resource authentication scenarios for LDACS.
With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. This implies the transition from analogue voice to digital data communication. A promising candidate for terrestrial air-ground communication is the L-band Digital Aeronautical Communications System (LDACS). LDACS is currently in the process of being standardized in ICAO. Being integrated in the aeronautical telecommunication network and providing a digital communication link for safety critical applications, each and every installation of LDACS requires protection against cyber-attacks. A rigorous threat and risk analysis is the fundamental basis to derive an IT security architecture for LDACS. The objective of this paper is to identify safety relevant air traffic management services, perform a threat and risk analysis, and define attacker types. Having created a threat catalog, we introduce a threat rating system allowing us to set our findings in a qualitative context and pave the way for a future LDACS IT security architecture.
Currently Communication Navigation and Surveillance (CNS) in civil aviation are undergoing huge changes in the framework of the European SESAR and the US NextGEN research initiatives. One goal is to develop the Future Communication Infrastructure (FCI) for civil aviation, consisting of AeroMACs for airport communications, SatCOM for remote domains, and LDACS for long-range wireless digital communications. The trend towards digitalization is supposed to solve the problems of capacity shortage, frequency saturation and automated data processing. Due to the digitalization process in communication itself and especially in critical infrastructure a strong request for cybersecurity support was raised. Therefore, a threat-andrisk analysis for LDACS was performed resulting in a first cybersecurity architecture specification draft. This paper goes one step further, presenting a suitable set of algorithms and protocols for security support for LDACS. The set is evaluated performance and security wise to match the cybersecurity architecture specification identified in earlier work.
The "Single European Sky" air traffic management master plan foresees the introduction of several modern digital data links for aeronautical communications. The candidate for long-range continental communications is the L-band Digital Aeronautical Communications System (LDACS). LDACS is a cellular, ground-based digital communications system for flight guidance and communications related to safety and regularity of flight. Hence, the aeronautical standards, imposed by the International Civil Aviation Organization (ICAO), for cybersecurity of the link and network layer, apply. In previous works, threat-and risk analyses of LDACS were conducted, a draft for an LDACS cybersecurity architecture introduced, algorithms proposed, and the security of a Mutual Authentication and Key Establishment (MAKE) procedure of LDACS formally verified. However, options for cipher-suites and certificate management for LDACS were missing. Also, previous works hardly discussed the topic of post-quantum security for LDACS. This paper proposes a cell-attachment procedure, which establishes a secure LDACS communication channel between an aircraft and corresponding ground-station upon cell-entry of the aircraft. Via the design of a hybrid LDACS Public Key Infrastructure (PKI), the choice of a pre-or post-quantum Security Level (SL) is up to the communications participants. With that, this work introduces a full LDACS cell-attachment protocol based on a PKI, certificates, certificate revocation and cipher-suites including pre-and postquantum options. Evaluations in the symbolic model show the procedure to fulfill LDACS security requirements and a communications performance evaluation demonstrates feasibility, matching requirements imposed by regulatory documents.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.