Upload
lynette-walton
View
220
Download
1
Tags:
Embed Size (px)
Citation preview
Aircraft Information Technology made
STRAIGHTFORWARD and
SECURE.
An Aircraft with 1NET™ is
“ALWAYS CONNECTED”
An Aircraft with 1NET™ is
“ALWAYS CONNECTED”
Aircraft is a Node on the Internet
• The aircraft shall require connectivity
• The aircraft shall require local processing and storage
• The system shall require access to data by users
• To achieve the first three items an approved measure
of security is required
• This presentation will address the existing RTCA
requirements, industry activities, and one solution
RTCA Aircraft SecurityStandards exist
• DO-326A - Adds to current guidance for aircraft certification to
handle the threat of intentional unauthorized electronic
interaction to aircraft safety. It adds data requirements and
compliance objectives, as organized by generic activities for
aircraft safety.
• DO-355 - A resource for civil aviation authorities and the
aviation industry when the operation and maintenance of
aircraft and the effect of information security threats can affect
aircraft safety. Operation and maintenance of the aircraft related
to information security threats are defined.
• DO-356 - This document describes guidelines, methods and
tools used in performing an airworthiness security process.
RTCA DO-356 Minimum Assurance Levels
Security has to meet DO-254 and/or DO-178 design assurance levels
DO-356 indicates having layered security modules will allow for a jump up in design assurance level. E.g. Two Orthogonal HSMs in series at DAL C could provide DAL B data. Layered security should always be considered in a system’s design.
(RTCA , “Airworthiness Security Methods and Considerations”, DO-356, 2014)
NIST Algorithms and Security StandardsFIPS is a testable US government standard
• FIPS PUB 140-2: Specifies the security requirements for a
cryptographic module utilized within a security system protecting
sensitive information in computer and telecommunication systems.
• FIPS PUB 191: Understanding the necessity to provide security on a
LAN and how to decide the appropriate security measures needed.
• FIPS PUB 197: Specifies the Advanced Encryption Standard (AES),
which is a symmetric block cipher that can process data using cipher
keys.
• FIPS PUB 186-4: Specifies a suite of algorithms that can be used to
generate a digital signature. Digital signatures are used to detect
unauthorized modifications to data and to authenticate the identity of
the signatory. In addition, the recipient of the signed data can use a
digital signature as evidence in demonstrating to a third party that the
signature was, in fact, generated by the claimed signatory.
Certificate AuthorityOne step in the process
• Certificate Authority (CA): is a trusted third party who validates keys for
exchange in public domain
• Digital Certificates: Are electronic credentials that are used to assert the
online identities of individuals and entities. Digital certificates are analogous
to a passport or drivers licenses. Organization does due diligence to prove
you are who you say you are and then issues you documentation proving it.
• Public Key Infrastructure (PKI): Certificates are issued to a specific public
key, which is paired to a private key.
Cryptographic Key Management System
• Cryptographic key management system (CKMS): is how all the
keys in a system, hierarchal or other, are managed.
• NIST SP 800-130: CKMS consists of policies, procedures, components
and devices that used to protect, manage and distribute cryptographic
keys and certain specific information, called metadata.
• Each vendor can create a CKMS, a standard for certificates similar to
X.509, and everything else needed. Or we can produce a standard
method and benefit together.
Manufacturing and ProvisioningSecurity starts at unit Production
(Atmel, “CryptoAuthentication”, 2014)
Security In AutomotiveSolutions exist
• Automobile industry is already
doing this and there are many IC
manufacturers supporting them.
• Freescale white paper: e.g. of manufacturer meeting the auto
industry security requirements.
• Industry Standards used:National Institute of Standards and
Technology (NIST), Hersteller Initiative
Software (HIS) Working Group,
Trusted Computing Group (TCG)
Malware Resistant• Software: Is always changing, therefore, opening itself up to
new security vulnerabilities everyday.
• Hardware: Never changes! Built to seasoned standards so trial
and error is out of the way.
• Hardware implementations such as a Trusted Platform
Module (TPM) from the TCG standards.
• ASICs standing on the back of well established standards like
AES, SHA, ECDSA, etc. are the solution found by other
industries thus far.
1NetTM SolutionBeta tested and available
• System has moved 100s of millions of secure records
• 1NetTM v2 was launched to meet FIPS 140-2 and RTCA
requirements
• Solution addresses security and certification issues for
aircraft
• Thompson Aerospace will make patents and/or security
modules available to any third parties based on a license
agreement
FIPS 140-2 Level 3 for Data Validity, Security and Access
FIPS 140-2 Level 3 of security is used by the US government for secret information. FIPS is a verifiable standard and this level of data management will allow uploading and downloading of the most critical type of data.
Hardware based Aircraft Trusted Platform Module (TPM)
A TPM is the industry standard for creating, storing, and encrypting/decrypting keys. A hardware TPM provides an unhackable means of key management.
An ECC trusted module that uses ECDSA (security means) validation for users
ECDSA type security provides the best solution for embedded key protection. The application provides a hardware means of user identification to allow access to system data. Users are provided with an ECDSA dongle as a secure means of determining the Access Control List applicability.
RTCA (Regulatory Group) DO-326, DO-355 and DO-356 provides the method for certification
1Net™ complies with RTCA requirements and FIPS 140-2 Level 3 data requirements. This provides the airline with the capability to meet the security system requirements for ISO 27001:2013.
SecurityThe RTCA requirements define methods
to certify information technology for
aircraft. Federal Information Protection
Standards (FIPS) provide specific
requirements to management data.
1Net™ hardware based data
management solution is able to meet
both FIPS and RTCA data management
while meeting RTCA aircraft certification.
Data Security is the Overriding Requirement for 1Net™
Security is Available NOW
Virtual Private Cloud
VPC
CloudHSM
Application
HSM Client
VPC Instance
TLSTLS
CSUv2
AIRCRAFT
CLO
UD
AIR
CR
AFT
SYSTE
MS
DATA
Our Patent Pending Hardware Security Solution
Hardware Security Solution• Off aircraft communications are handled by
one eHSM and on aircraft communications handled by the other.
• This inherently uses dual orthogonal security modules in series.
Patent Pending
CLO
UD
AIR
CR
AFT
SYSTE
MS
DATA
Amazon EC2 and HSM in the CloudA good partner for aerospace
• Amazon Elastic Compute Cloud (Amazon EC2) allows
computing instances in the cloud that can be attached to
an HSM via a Virtual Private Network (VPC).
• Amazon Web Services (AWS) known for security prowess.
• Helped setup CIA’s private cloud computing network.
• Extremely convenient, secure, scalable way of setting up
infrastructure
• Green Hills and Thales eSecurity offer solutions
ARINC 848 Considerations
• Authentication using a trusted CA certificate should be considered for units communicating off the aircraft.
• CKMS implementation shall be required to achieve security
• Hardware vs software security solutions need to be considered
• The solution need to be interoperable between suppliers
• Effective connectivity solutions will not be deployed without security