Aeronautical Communication Panel

smileybloatΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

84 εμφανίσεις




Aeronautical Communication Panel

Working Group I


Internet Protocol Suite (IPS)



March 17
-
20, 2008

Montreal Canada



Updated

Security Requirements

for the


Manual for the ATN using

IPS Standards and Protocols






Prepared by: Vic Patel and Tom McParland


Presented by: Vic Patel






SUMMARY


This paper provides updated security requirements for Doc 9896,
“Manual for the ATN
using IPS Standards and Protocols
.” This paper is an
u
p
date of working paper 9 from the
5
th

meeting of Working Group I. Several changes to WP 9 were suggested during the 5
th

meeting as described in the meeting minutes. In addition this papers incorporates chages
based on the adoption of Mobile IPv6 for air
-
g
round mobility. The working group is
invited to consider these requirements as a base
line set of air
-
ground security
requirements.




International Civil Aviation Organization


WORKING PAPER

ACP
-
WG
I
-
06/
WP
-
09


3/17/2008



CHANGES TO 2.6 INCORPORATED

2.6 SECURITY


This section contains provisions for ground
-
ground and air
-
ground security in t
he
ATN/IPS.


Note.
-

S
upport for security is to be based on a system threat and vulnerability analysis.


2.6.1 Ground
-
Ground Network Layer Security


Note .


Network layer security in the ATN/IPS internetwork is implemented using IPsec.

2.6.1.1
Ground
-
Gro
und IPsec


2.6.1.1.1 ATN/IPS nodes in the ground
-
ground environment shall implement the
Security Architecture for the Internet Protocol as specified in RFC
-
4301


2.6.1.1.2. ATN/IPS nodes in the ground
-
ground environment shall implement the IP
Encapsulatin
g Security Payload (ESP) protocol as specified in RFC
-
4303.


2.6.1.1.3 ATN/IPS nodes in the ground
-
ground environment may implement the IP
Authentication Header (AH) protocol as specified in RFC
-
4302.


2.6.1.1.4 ATN/IPS nodes in the ground
-
ground environ
ment shall implement manual
configuration


2.6.1.1.5 ATN/IPS nodes in the ground
-
ground environment shall implement the Internet
Key Exchange (IKEv2) Protocol as specified in RFC
-
4306.


2.6.1.1.6 ATN/IPS nodes in the ground
-
ground environment shall imple
ment the
Cryptographic Algorithm Implementation Requirements for the Encapsulating Security
Payload (ESP) and Authentication Header (AH) as specified in RFC
-
430
5.
.


2.6.1.1.7 ATN/IPS nodes in the ground
-
ground environment shall implement The Null
Encrypti
on Algorithm and Its Use With IPsec as specified in RFC
-
4305
,

but not the Null
Authentication Algorithm.


Note
-

ESP encryption
is optional, but authentication is always performed.


2.6.1.1.8 ATN/IPS nodes in the ground
-
ground environment shall implement
the
Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
required algorithms for key exchange as specified in RFC
-
4307.


Note.


Algorithms of equivalent or greater strength than those identified in RFC
-
4307
are implemented as a
local matter on a bi
-
lateral basis.


2.6.2 Air
-
Ground Security


2.6.2.1 Acess Network Security


2.6.2.1.1 ATN/IPS mobile nodes shall implement the security provisions of the accces
network.


Note.


For example, the WiMAX, 3GPP, and 3GPP2 access networ
ks have
authentication and authorization provisions.


2.6.2.2 Air
-
Ground IPsec


2.6.2.2.1 ATN/IPS
nodes in the air
-
ground environment
shall implement
the Security
Architecture for the Internet Protocol as specified in RFC 4301
.


2.6.2.2.2 ATN/IPS
nodes
in the air
-
ground environment
shall implement the IP
Encapsulating Security Payload (ESP) protocol as specified in RFC 4303.


2.6.2.2.3 ATN/IPS nodes, which implement MIPv6, may implement the Authentication
Protocol for Mobile IPv6 as specified in RFC 428
5.


2.6.2.2.4 ATN/IPS
nodes in the air
-
ground environment
shall implement the Internet
Key Exchange (IKEv2) Protocol as specified in RFC 4306.


2.6.2.2.5 ATN/IPS
nodes in the air
-
ground environment
, which implement MIPv6, shall
implement Mobile IPv6 Op
eration with IKEv2 and the Revised IPsec Architecture as
specified in RFC 4877.



2.6.2.3 Air
-
Ground Transport Layer Security


2.6.2.3.1 ATN/IPS mobile nodes and correspondent nodes may implement the Transport
Layer Security (TLS) protocol as specified
in RFC 4346.


2.6.2.6 If TLS is used for air
-
ground security, mobile nodes and correspondent nodes
shall implement the Cipher Suite
TLS_ECD
H_ECDSA_WITH_AES_128_CBC_SHA as
specified in RFC 4492.


2.6.2.4 Air
-
Ground Application

Layer Security


2.6.2.4.1 A
TN/IPS mobile nodes and correspondent nodes may im
plement air
-
ground
security as specified in Doc 9705/9880.


2.6.2.4.2 If
application layer security
is used for air
-
ground security, IKEv2 shall be used
for key establishment

as specified in section 2.6.2.


2.6.2.
4.3

If application layer security is used for air
-
ground security, mobile nodes may
use a shared secret or HTTP_CERT_LOOKUP as the authentication mechanism for
IKEv2.


Note 1.
--

In IKEv2 the authentication mechaism may be different in each direct
ion.


Note 2.


With the shared secret method the ground system may retrieve the mobile
node’s shared secret from a AAA server.


Note 3.


With HTTP_CERT_LOOKUP the mobile node does not have to transmit an
actual certificate but rather transmits a hash val
ue and a URL where the ground system
can retrieve the mobile node’s certificate and CRL.


2.6.2.4.4

If application layer security is used for air
-
ground security,
ATN/IPS mobile
nodes and correspondent nodes shall implement the
following
transform
s:



a)

AUT
H_HMAC_SHA2_256
-
128 as the Integrity Algorithm for ESP
authentication as specified in RFC 4868.


b)

PRF_HMAC_SHA_256 as the pseudo
-
random function in IKEv2 as specified in
RFC 4868.


c)

256
-
bit random ECP group for Diffie
-
Hellman Key Exchange values in IKEv2 as
specified in RFC 4753.


d)

ECDSA with SHA
-
256 on the P
-
256 curve as the IKEv2 authentication method as
specified in RFC 4754.









5


CHANGES TO 2.6 REDLINED


2.6 SECURITY


This section contains provisions for ground
-
ground and air
-
ground security in the
ATN/IPS.


Note.
-

S
upport for security is to be based on a system threat and vulnerability analysis.



2.6.1 Ground
-
Ground Network Layer Security


Note
.


Network layer security in the ATN/IPS internetwork is implemented using IPsec.

2.6.1.1
Ground
-
Ground IPsec


2.6.1.1.1
ATN/
IPS nodes

in the ground
-
ground environment


shall implement the
Security Architecture for the Internet Protocol as specified in RFC
-
4301


2.6.1.
1.2
.

ATN/
IPS nodes in the
ground
-
ground environment
shall implement the IP
Encap
sulating Security

Payload

(ESP) p
rotocol

as specified in RFC
-
4303.


2.6.1.
1.3

ATN/
IPS nodes in the
ground
-
ground environment

may

implement the IP
Authentication Header (AH) protocol as specified in R
FC
-
4302.


2.6.1.
1.4

ATN/
IPS nodes in the
ground
-
ground environment

shall implement manual
configuration


2.6.1.
1.5

ATN/
IPS nodes in the
ground
-
ground environment

sh
all

implement the Internet
Key Exchange (IKEv2) Protocol

as specified in RFC
-
4306.


2.6.1.
1.6

ATN/
IPS nodes in the
gr
ound
-
ground environment

shall implement the
Cryptographic Algorithm Implementation Requirements for the Encapsulating Security
Payload (ESP) and Authentication Header (AH) as specified in RFC
-
430
5.
.


2.6.1.
1.
7

A
TN/
IPS nodes in the
ground
-
ground environment

shall implement The Null
Encryption Algorithm and Its Use With IPsec as specified in RFC
-
4305
,

but not the Null
Authentication Algorithm.


Note
-

ESP encryption
is option
al, but authentication is always performed.


2.6.1.
1.8

ATN/
IPS nodes in the
ground
-
ground environment

shall implement the
Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
required a
lgorithms for key exchange as specified in RFC
-
4307.








6


Note.


Algorithms of equivalent or greater strength than those identified in RFC
-
4307
are implemented as a local matter on a bi
-
lateral basis.


2.6.2 Air
-
Ground Security


2.6
.2.1 Acess Network Security




2.6.2.
1
.1

ATN/IPS
mobile nodes

shall implement the
security provisions

of the accces
netw
ork
.


Note.


For example,
the WiMAX
,


3GPP
, and 3GPP2

access networks have
authentication and authorization provisions.


2.6.2.2 Air
-
Ground IPsec


2.6.2.2.1 ATN/IPS
nodes in the air
-
ground environment
shall implement

the Security
Architec
ture for the Internet Protocol as specified in RFC

4301
.


2.6.2.2.2 ATN/IPS
nodes in the air
-
ground environment
shall

implement the IP
Encapsulating Security Payload (ESP) protocol as specified in RFC

4303.


2.6.2.2.3 ATN/IPS
nodes
, which implement MIPv6
,

may

implement the Authentic
a
tion
Protocol for Mobile IPv6

as specified in RFC
4285.


2.6.2
.2.
4



ATN/IPS
nodes in the air
-
ground environment

shall implement the Internet
Key E
xchange (IKEv2) Protocol as specified in RFC

4306
.


2.6.2.2.
5 ATN/IPS
nodes in the air
-
ground environment
, which implement MIPv6, shall
implement Mobile IPv6 Operation

with IKEv2 and the Revised IPsec Architecture as
specified in RF
C 4877.





2.6.2.3 Air
-
Ground Transport Layer Security


2.6.2.3.1 ATN/
IPS mobile nodes and correspondent nodes may implement
the Transport
Layer Security (TLS) protocol as specified in RFC 4346.


2.6.2.6 If TLS is used for air
-
ground security, mobile nodes and correspondent nodes
shall implement
the
Cipher Suite

TLS_EC
D
H_ECDSA_WITH_AES_128_CBC_SHA
as
specified in RFC 4492
.


2.6.2.
4

Air
-
Ground Application

Layer Security








7



2.6.2.4.1 ATN/IPS mobile nodes an
d correspondent nodes may im
plement air
-
ground
security as spe
cified in Doc

9705/9880.



2.6.2.4.2 If Doc
application layer security

is used for air
-
ground security, IKEv2 shall be
used for key establishment as
specified in section 2.6.2.2.



2.6.2.4.3 If application layer security is used for air
-
ground security,
mobile nodes may
use a shared secret or HTTP_CERT_LOOKUP as the authentication mechanism for
IKEv2.


Note 1.
--

In IKEv2 the authentication mechaism may be different in each direction.


Note 2.


With the shared secret method the ground system may retrieve

the mobile
node’s shared secret from a AAA server.


Note 3.


With HTTP_CERT_LOOKUP the mobile node does not have to transmit an
actual certificate but rather transmits a hash value and a URL where the ground system
can retrieve the mobile node’s certifi
cate and CRL.


2.6.2.4.4 If application layer security is used for air
-
ground security, ATN/IPS mobile
nodes and correspondent nodes shall implement the following transforms:


e)

AUTH_HMAC_SHA2_256
-
128 as the Integrity Algorithm for ESP
authentication as spe
cified in RFC 4868.


f)

PRF_HMAC_SHA_256 as the pseudo
-
random function in IKEv2 as specified in
RFC 4868.


g)

256
-
bit random ECP group for Diffie
-
Hellman Key Exchange values in IKEv2 as
specified in RFC 4753.


h)

ECDSA with SHA
-
256 on the P
-
256 curve as the IKEv2 a
uthentication method as
specified in RFC 4754.









1


CHANGES TO APPENDIX A REDLINED


APPENDIX A


REFERENCE DOCUMENTS


IETF S
TANDARDS

AND PROTOCOLS

The following documents are available publicly at
http://www.ietf.org

and
form part of
this manual to the extent specified herein. In the event of conflict between the documents
referenced herein and the contents of this manual, the provisions of this manual shall take
precedence.


Request for Comments (RFCs)


netlmm
-
mn
-
ar
-
if


Network
-
based Localized Mobility Management Interface between
Mobile Node and Mobility Access Gateway, May 2007

netlmm
-
proxymip6


Proxy Mobile IPv6, February 2008

RFC
-
768

User Datagram Protocol, August 1980

RFC
-
793

Transmission Control Protocol (TCP), Se
ptember 1981

RFC
-
1006

ISO Transport Service on top of TCP
, May 1987

RFC
-
1323

TCP Extensions for High Performance May 1992

RFC
-
1981

Path Maximum Transmission Unit (MTU) Discovery for IP Version 6,
August 1996

RFC
-
2126

ISO Transport Service on top of TCP
, Ma
rch 1997

RFC
-
2460

Internet Protocol, Version 6 (IPv6) Specification, December 1998

RFC
-
2474

Differential Services Field, December 1998

RFC
-
2488

Enhancing TCP over Satellite Channels, January 1999

RFC
-
2858

Border Gateway Protocol (BGP4) Multiprotocol Extens
ions June 2000

RFC
-
3775

Mobility Support in IPv6, June 2004

RFC
-
4271

A Border Gateway Protocol 4 (BGP
-
4), January 2006

RFC
-
4285

Authentication Protocol for Mobile IPv6 , January 2006

RFC
-
4291

IP Version 6 Addressing Architecture, February 2006

RFC
-
4301

Se
curity Architecture for the Internet Protocol, December, 2005

RFC
-
4302

Internet Protocol (IP) Authentication Header, December 2005

RFC
-
4303

IP Encapsulating Security Payload (ESP), December 2005RFC
-
4305

Cryptographic Algorithm Implementation Requirements f
or
Encapsulating Security Payload (ESP) and Authentication Header (AH)


(NB proposed standard, obsoletes RFC
-
2402, RFC
-
2406), December 2005

RFC
-
4306

Internet Key Exchange (IKEv2) Protocol, December 2005

RFC
-
4307

Cryptographic Algorithms for Use in the Int
ernet Key Exchange Version 2
(IKEv2), December 2005

RFC
-
4346

The Transport Layer Security (TLS) Protocol Version 1.1,
April 2006

RFC 4423

Host Identity Protocol (HIP) Architecture, May 2006

RFC
-
4443

Internet Control Message Protocol (ICMPv6) for the Intern
et Protocol
Version 6 (IPv6) Specification, March 2006







2


RFC
-
4492

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
Security, May 2006

RFC
-
4555

IKEv2 Mobility and Multihoming Protocol (MOBIKE), June 2006

RFC
-
4753

ECP Groups for
IKE and IK
Ev2, January 2007

RFC
-
4754

IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature
Algorithm, (ECDSA),
January 2007

RFC
-
4830

Problem Statement for Network
-
Based Localized Mobility Management
(NETLMM), April 2007

RFC
-
4831

Goals for Network
-
Based Localized Mobility Management (NETLMM),
April 2007

RFC
-
4868

Using HMAC
-
SHA
-
256, HMAC
-
SHA
-
384
, and HMAC
-
SHA
-
512 with
IPsec

RFC
-
4877

Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture,
April 2007