Leonardo SWIM Technical Infrastructure · Company Internal SWIM Air/Ground (Purple Profile) AOC ATM Airport Airside Operations Aerodrome ATC En-route / Approach ATC Military systems

Company Internal

Dario Di Crescenzo

[email protected]

December 11 2019

Leonardo SWIM Technical Infrastructure

mailto:[email protected]

2© 2016 Leonardo - Società per azioni

Company Internal

Outlook

• Leonardo journey in SWIM

• Leonardo SWIM-TI Infrastructure (multi-color)

• Security

• SESAR2020 Trials

• Interoperability


Company Internal

LEONARDO JOURNEY IN SWIM


Company Internal

Leonardo: SWIMming in our history

• SWIM-SUIT FP6 Project - 2006-2009 – 12M€ EC funded project, 17 Partners

• Leonardo (former Selex ES) leading the consortium

• Swim-Box (pre-SESAR) as main concrete project outcome

• Project recognized as main baseline for SESAR SWIM

• SESAR WP14 (SWIM Technical Infrastructure) – 2009 - 2016

• Overall WP Technical Leadership

• Technical Leadership on Specification (and Design) – SWIM Profiles Technical

Specifications

• SESAR SWIM Demonstrations - 2011 - 2016

• Major contribution to ALL SESAR SWIM Demonstrations

• Mini-Global II (FAA – 2016)

• SWIM Global Demo (Technical Coordination – SESAR – 2016)


Company Internal

Our Awards (on SWIM)

• SWIM Master Class 2013• 3rd Prize Winner on Best ATM Service category

• 3rd Prize Winner on Best SWIM Enabled Application category

• SWIM Master Class 2014• 1st prize Winner on Best SWIM Technical Infrastructure category

• SESAR Projects Awards 2016• Project 14.01.04 (led by Leonardo): SESAR Best In Class Award

Third prize forServices category

Third prize forApplications category

SWIM Master Class Ceremony SESAR Projects Awards Ceremony First prize forSWIM Technical

Infrastructure category


Company Internal

…And still SWIMming

• SESAR2020 «Wave1» (2017 – 2019)

• SWIM-TI Purple Profile for Air/Ground Advisory Information Sharing (Leadership)

• EUROCONTROL Standards

• EUROCONTROL Specification for SWIM Service Description

• EUROCONTROL Specification for SWIM Information Definition

• EUROCONTROL Specification for SWIM Technical Infrastructure (TI) Yellow Profile

• EUROCAE WG-104

• ED-254 ARRIVAL SEQUENCE SERVICE PERFORMANCE STANDARD

• Participation in SWIM CoI (Community of Interest) for the maintenance/evolution of

EUROCONTROL SWIM Standards

• SESAR2020 «Wave2» (2020– 2022)

• SWIM-TI Purple Profile for Air/Ground Safety Critical Information Sharing


Company Internal

LEONARDO SWIM-TI INFRASTRUCTURE (MULTI-COLOR)


Company Internal

Conceptual layers


Company Internal

Capabilities (w.r.t. Yellow Profile)

• Conformant to EUROCONTROL Specification for SWIM Technical Infrastructure (TI) Yellow

Profile (from the outset – Leonardo was in charge of SESAR1 project defining Yellow Profile

requirements..). This means, as an example:

• Support to all network bindings (IPv4, IPv6 including Security)

• Support to AMQP Binding (for Req/Rep, Pub/Sub and Fire and Forget)

• Support to WS-N SOAP (but being de-comissioned)

• Capability to support HTTP and WS-Light, WS-SOAP

Full support of transport and message level security controls including:

Authentication, Authorization, Integrity, Authenticity and Confidentiality.

Static & dynamic authentication and authorization policies.

X.509 certificates revocation status check (local CRL, HTTP CDP, OCSP).


Company Internal

SWIM Air/Ground (Purple Profile)

AOC ATM

Airport Airside

Operations

Aerodrome ATC En-route /

Approach ATC

Military systems

Meteo

Network Information

Management

Aeronautical Information

Management

Advanced Airspace

Management

Ground/Ground SWIM

SWIMSystems

Advisory Information exchange

Demand & Capacity data

ATFCM scenario data

Meteo data

Aeronautical data

Flight data

Surveillance data

Air-Ground SWIM: ground Purple

Profile distributed infrastructure

Air/GroundDatalink

(PJ14)

Air-Ground SWIMPurple Profile

enabled aircraftScope of SESAR2020PJ.17-01


Company Internal

Capabilities (w.r.t. Purple Profile)

Full support of PP technical use cases (uplink and downlink):

Publish/Subscribe, Request/Response, Request/Multi-Response

Subscription management including static and dynamic subscription policies.

Subject-based and context-based message routing including static and dynamic routing

policies.

Subject-based and context-based message filtering.

Full support of all the technical and deployment options described in the “Purple Profile”

Technical Specification.

Full support of transport and message level security controls including:

Authentication, Authorization, Integrity, Authenticity Confidentiality.

Static & dynamic authentication and authorization policies.

X.509 certificates revocation status check (local CRL, HTTP CDP, OCSP).

Tested over Aeromacs and SATCOM communication networks, over both IPv4 and IPv6

Interoperabilty with SWIM Nodes of other providers (e.g. Airbus, Indra)

LDO may also provide PP enabled client libraries (APIs) simplifying applications integration with

aircraft or ground SWIM Nodes.


Company Internal

SECURITY


Company Internal

Security controls concerning information in transmission

Technical architecture and end to end security

Cryptographic algorithms and key sizes shall comply with NIST

800-131A recommendations.

Taking into account the technical architecture (SWIM-TI layer

intermediary nodes) it is needed to complement point to point

(transport level) security mechanisms with end to end (message

level) security mechanisms.

Some end to end security needs are considered mandatory (e.g.

message integrity and authenticity) and others (e.g. confidentiality)

optional because depending on the specific SWIM service.

Service Endpoint Over Purple Profile

<Service Binding>

(aircraft side)


<Service Binding>

(ground side)

Technical

System

belonging to

Aircraft CC

Technical

System

belonging to

Ground CC Ground Purple Profile

Messaging

Aircraft Purple Profile

Messaging

Aircraft Server

Implementation specific

Service Endpoint


<Service Binding>

(ground side)

Technical

System

belonging to

Ground CC

consume

co

ns

um

e

co

ns

um

e

consume

Me

ss

ag

e E

xc

ha

ng

e

Ov

er

Pu

rple

Pro

file

<In

tern

al B

ind

ing

>

End-to-End Security

End-to-End Security

Point-toPoint Security




Company Internal

Security controls concerning information in transmission

PKIs Most of (e.g. HMAC and symmetric encryption are also supported) the transport and message level

security mechanisms are based on asymmetric cryptography.

X.509v3 certificates and private keys are managed via PKI. As part of the technical validation activities

protocols such as HTTP CDP and OCSP have been validated.

Purple profile infrastructureService Endpoint Over Purple Profile

<Service Binding>

(aircraft side)

Technical

System

belonging to

Aircraft CC

Technical

System

belonging to

Ground CC

Uses the <Service Endpoint> to

consume and/or provide SWIM services



Ce

rtif

ica

tio

n

Au

tho

rity

Ground A/G SWIM Access

Point / «Purple» SWIM NodeAircraft A/G SWIM Access Point /

Aircraft «Purple» SWIM Node

X.509 Certificates Store

CRLs store

Key store

Truststore

SWIM Access Point on the

ground Technical System side


<Service Binding>

(ground side)

Re

lie

s o

n T

I la

ye

r to

co

ns

um

e a

nd

/or

pro

vid

e S

WIM

se

rvic

es


CRLs store

Key store

X.509 certificate request, issue,

renewal and installation process

X.509 certificate request, issue,

renewal and installation process

LDAP CDP

<Internal Binding>

OCSP

<Internal Binding>

HTTP CDP

<Internal Binding>

LDAP CDP

<Internal Binding>

Client

HTTP CDP

<Internal Binding>

Client

LDAP CDP

<Internal Binding>

Client

HTTP CDP

<Internal Binding>

Client

OCSP

<Internal Binding>

Client

LDAP CDP

<Internal Binding>

Client

HTTP CDP

<Internal Binding>

Client

OCSP

<Internal Binding>

Client


CRLs store

Key store

Truststore


CRLs store

Key store

Truststore

CDP optionsCDP options

CDP options

Purple profile infrastructureService Endpoint Over Purple Profile

<Service Binding>

(aircraft side)

Technical

System

belonging to

Aircraft CC

Technical

System

belonging to

Ground CC





Su

bo

rdin

ate

Ce

rtif

ica

tio

n

Au

tho

rity

Ground A/G SWIM Access

Point / «Purple» SWIM NodeAircraft A/G SWIM Access Point /

Aircraft «Purple» SWIM Node

SWIM Access Point on the

ground Technical System side


<Service Binding>

(ground side)

Re

lie

s o

n T

I la

ye

r to

co

ns

um

e a

nd

/or

pro

vid

e S

WIM

se

rvic

es

Se

cu

rity

Do

ma

in #

1

Se

cu

rity

Do

ma

in #

2

Se

cu

rity

Do

ma

in #

3

Su

bo

rdin

ate

Ce

rtif

ica

tio

n

Au

tho

rity

Su

bo

rdin

ate

Ce

rtif

ica

tio

n

Au

tho

rity

Root

Certification

Authority


CRLs store

Key store

Truststore


CRLs store

Key store

Truststore


CRLs store

Key store

Truststore


CRLs store

Key store


CRLs store

Key store


CRLs store

Key store

Reference technical architecture One possible deployment option (additional ones could be based on Bridge CA, etc.)


Company Internal

SESAR2020 TRIALS


Company Internal

How to validate maturity?

Leonardo has been involved in several TRL4 and TRL6 validation activities

TRL6 EXE1.0001: uplink and downlink air-ground advisory information sharing validation

based on operational-oriented scenarios (ED-151) involving Purple Profile SWIM Node

prototypes (both ground and aircraft) and Purple Profile enabled SWIM services (both uplink

and downlink) developed by the EXE members and interconnected in a WAN.

TRL6 EXE1.0002: non-functional characteristics (security and reliability) of air-ground

advisory information sharing validation based on technical scenarios involving LDO Purple

Profile SWIM Node prototypes (both ground and aircraft), emulated Purple Profile enabled

applications (both uplink and downlink) and A/G network infrastructure (PJ.14-02) prototypes

(HON Aircraft Router integrating LDO AeroMACS and INDRA SATCOM links).

TRL6 EXE4: technical interoperability of air-ground advisory information sharing validation

based on technical scenarios involving LDO and INDRA Purple Profile SWIM Node

prototypes (both ground and aircraft) and emulated Purple Profile enabled applications (both

uplink and downlink).

Leonardo SWIM PP Ground Infrastructure and Purple Profile enabled D-NOTAM SWIM service

also provided to Airbus for integration in their (SWIM Enabled) Taxi Routing prototype (in PJ03)


Company Internal

How to validate maturity? (TRL6 EXE1.0001)

WAN VPN

Leonardo Lab equipped with SWIM Ground SWIM Node and SWIM Certification Authority (@Rome)

Frequentis ePIB (Electronic Preflight Information Bulletin) Service (@Wien)

Leonardo Cockpit +EFB Simulator equipped with SWIM Aircraft Access Point (@Turin)

Leonardo GmbH MET Provider (and Consumer) (@Neuss)

Leonardo SWIM Viewer (@Naples)

Purple-profile enabled NARSIM, The NLR ATM Research Simulator(@Marknesse)


Company Internal

How to validate maturity? (TRL6 EXE1.0002)

Reliability and security technical scenarios demonstrating:

Per-SWIM service QoSs like delivery guarantees, message priority based ordering guarantees, etc.

Point-to-point and end-to-end security (authentication, authorization, integrity, authenticity)

Proper composition of Purple Profile level and Network level Class of services.

IPv6 based.

Multilink transparent to Purple Profile SWIM Nodes.

Use of network level class of services (all the IPv6 packets exchanged by two peers are marked with

the CoS selected at TCP/IP connection establishment phase).


Company Internal

How to validate maturity? (TRL6 EXE4, 1/2)

The technical scenarios involve following prototypes:

Application layer:

LDO Emulated aircraft and ground SWIM enabled applications.

INDRA Emulated ground SWIM enabled applications.

INDRA data provider tool integrated with ICARO.

SWIM-TI layer:

LDO Aircraft and Ground SWIM Nodes.

INDRA Ground SWIM Node.

Network layer:

PJ14.02.04 FCI prototype (HON Aircraft Router integrating LDO AeroMACS and INDRA

SATCOM links).

Certification authority/PKI:

LDO CA

The technical interoperability scenarios have been executed over following deployment:

INDRA Purple Profile enabled ground applications connected to INDRA Ground SWIM Node.

LDO Air SWIM Node connected to INDRA Ground SWIM Node.

LDO Purple Profile enabled aircraft applications connected to LDO Air SWIM Node.


Company Internal

How to validate maturity? (TRL6 EXE4, 2/2)

Service name Service description Uplink / Downlink PayloadGround Echo This service is provided by the ground and consumed by the air. The

responder just replies with the text message sent by the requestor. Nomessage level security, no compression.

Uplink Text for both request andresponse

Air Echo This service is provided by the air and consumed by the ground. Theresponder just replies with the text message sent by the requestor. Nomessage level security, no compression.

Downlink Text for both request andresponse

Subscription Management (airsubscribes to ground)

Purple Profile Subscription management federation between Air and GroundSWIM Node subscription handlers. Message level security (digital signature)is required. This is disabled on the LDO prototypes side. The topic used fortesting is "topic://ground.dnotam".

Uplink (Air subscribing to groundtopic)

XML for both request andresponse

Subscription Management(ground subscribes to air)

Purple Profile Subscription management federation between Air and GroundSWIM Node subscription handlers. Message level security (digital signature)is required. This is disabled on the LDO prototypes side. The topic used fortesting is "topic://air.meteoprobe".

Downlink (Ground subscribing toair topic)

XML for both request andresponse

D-NOTAM This is a Publish/Subscribe service provided by the ground (publisher) andconsumed by the air (subscriber).In accordance with active subscriptions publication messages are routed toair and ground subscribers. No message level security, no compression. Thisservice concerns publication messages related to the topic "ground.dnotam"handled by the subscription management (see above).

Uplink AIXM 5.1 (XML). No XMLvalidation. If enabled thereference XSD has to be sharedat design time.

METEOPROBE This is a Publish/Subscribe service provided by the air (publisher) andconsumed by the ground (subscriber).In accordance with active subscriptions publication messages are routed toair and ground subscribers. No message level security, no compression. Thisservice concerns publication messages related to the topic "air.meteoprobe"handled by the subscription management (see above).

Downlink XML. No XML validation. Ifenabled the reference XSD hasto be shared at design time.

EXE4 Purple Profile enabled SWIM services


Company Internal

LAST, BUT NOT LEAST


Company Internal

SESAR PJ17-01 (Open Day)

• Leonardo is organizing PJ17-01 (SWIM Purple Profile Air/Ground SWIM advisory Information

Sharing) Open Day

• It will be held in Leonardo premise (Rome, via Tiburtina) in January/February 2020

• Exact date still to be fixed

YOU ARE ALL INVITED

(please contact PJ17-01 solution leader [email protected] to ensure your

participation, seats are limited..)

mailto:[email protected]

THANK YOU FOR YOUR ATTENTION

Company Internal

Documents

Leonardo SWIM Technical Infrastructure · Company Internal SWIM Air/Ground (Purple Profile) AOC ATM Airport Airside Operations Aerodrome ATC En-route / Approach ATC Military systems