Overall Security Framework for Aeromacs

Yüklə 39,99 Kb.

tarix	08.01.2019
ölçüsü	39,99 Kb.
	#93198

$c:\program files\default company name\icaomainmenusetup\icons\icaologo.jpg$
International Civil Aviation Organization
INFORMATION PAPER

ACP-WGWI18 / IP-14

Re-Produced from WG-S/7

COMMUNICATIONS PANEL (CP)

Seventh MEETING OF THE WORKING GROUP S
Montreal, Canada 22 – 23 June 2015

(NOTE: THIS PAPER WAS FIRST PRESENTED AT WG-S/7).

Agenda Item xx:

Xxx

Overview of Security Framework for Aeronautical Mobile Airport Communication Systems (AeroMACS)
(Presented by Aloke Roy)

SUMMARY

ACTION

The CP WG-I and SDS WG are invited to consider the security framework described in this paper for the development of IPS security requirements such that synergies can be achieved across all ICAO communication datalinks to optimize ANSP & operator investments for security implementations.

INTRODUCTION

This document provides a high level overview of the Security framework of Aeronautical Mobile Airport Communication System (AeroMACS) that are applicable to both the airborne radios and the ground systems. The intended purpose of this paper is to introduce AeroMACS security functions to ICAO WG-I and SDS sub group such that overall security infrastructure requirements for all aeronautical data communication services can be aligned to reduce the deployment costs for ANSPs and aircraft operators’ implementations.

Background

IEEE standard 802.16 defines multiple options for the security sub layer to accommodate various network deployments and service provider requirements. Hence it becomes necessary to standardize the minimum functional requirements of security sub layer for AeroMACS, in order to provide aircraft with seamless access to Airport Terminal Services across the globe. An analysis was performed on the security sub layer specifications of WiMAX to determine a set of requirements that would be applicable to the AeroMACS deployment contexts.

Discussion

Figure 3 represents various components of security sub layer of WIMAX as defined in IEEE 802.16 specifications.

Figure 3 WiMAX Security Sub Layer (Source: IEEE 802.16 standards)

The security sub layer provides subscribers with authentication and data privacy. Authorization/SA module is responsible for validating the authenticity of Subscriber Stations and management of Security Associations (SA) for WiMAX connections.
SA associates encryption keys and algorithms with a traffic type, so that the packets belonging to a particular traffic type can be encrypted as per its SA definitions.
WiMAX supports two methods of authentications namely, RSA based authentication and EAP Based authentication.
RSA authentication method uses X.509 digital certificates and RSA encryption algorithm along with RSA keys, associated with the MAC address of a subscriber station. In this method, a base station authenticates subscriber stations, but the other way is not possible as mutual authentication is not supported in RSA scheme.
EAP method offers mutual authentication in which both BS and SS authenticate each other. EAP supports multiple authentication schemes and hence provides more flexibility to the network operators in choosing subscriber authentication methods. For example, EAP-TLS is based on X.509 certificates while, EAP-SIM is based on Subscriber Identity Module used in mobile phones. EAP method definitions are kept outside the scope of WiMAX standards.
AeroMACS specifies EAP-TLS as the authentication mechanism for security association to satisfy mutual authentication needs based on PKI X509 certificates to align with existing ATN security procedures defined in ICAO 9880.
PKM protocol is responsible for deriving and managing the keys used by WiMAX layer. WiMAX supports two versions of PKM protocol namely, PKM 1 and PKM 2. PKM 1 works in conjunction with RSA scheme to authenticate a subscriber and derive keys for SS, while PKM2 supports EAP method for mutual authentication of both SS and BS and their key management.
In addition to PKM2 in a typical deployment environment involving large networks, authentication and policy management for subscribers would be done at centralized locations instead of being managed locally at every BS level. In such scenarios, RADIUS protocol may be used in conjunction with EAP methods to authenticate/authorize subscribers to use network resources.

The traffic encryption module supports a set of encryption algorithms to protect the message data. Depending upon the definitions in SA, this module performs encryption/decryption of the data that enters or leave the WiMAX device.

Security Sub-Layers for AeroMACS

Traffic Data

encryption

Control Data

Signing

PKM v2

SA control

EAP

TLS

Traffic Data

encryption

Control Data

Signing

PKM v2

SA control

EAP Transit

PHY

802.16

RADIUS Client

UDP

IP

WAN I/F

ASN G/W

RADIUS Proxy

UDP

IP

WAN Interface

Proxy

TCP/IP NW

AeroMACS

AAA

NAP

RADIUS Server

WAN Interface

EAP

TLS

AAA Server

Application

NW AAA

UDP

Figure 3-2 provides the security framework and architecture of Security Layers across various AeroMACS network components such as subscriber station (SS), base station (BS), access service network gateway (ASNGW) and accounting, authorization and access (AAA) server. A physical system may contain multiple functional entities available in the same unit. For example: ASN Gateway and BS can be present in a single system. MS and BS belong to access network (ASN) while AAA server belongs to customer service network (CSN). In a practical deployment, ASN and CSN may belong to separate organizations or may belong to a single organization. There may or may not be an involvement of Proxy server depending upon whether a Mobile Station is logging into a Visited Network or the Home Network.

Figure 32 AeroMACS Security Framework & Protocol Architecture
The scope of the AeroMACS security framework is to,

Authenticate a Mobile Station logging into the network. Authentication is based on mutual validation of digital certificates exchanged between the Mobile Stations and the AAA server. Hence AAA servers shall hold valid certificates of all AeroMACS Station root CAs ( not necessarily the certificates of all Mobile Stations ) in order to authenticate any genuine Mobile Station trying to log on the network, irrespective of its subscription with the CSN. Similarly devices shall hold certificates of all AeroMACS server root CAs.
Ensure privacy for Mobile User to communicate over the wireless medium. AeroMACS security framework supports multiple cryptographic suites to encrypt all kinds of data traffic (Unicast, Multicast and Broadcast) from/to the mobile station. It should be noted that current version of AeroMACS standards do not accommodate encryption of multicast/broadcast data flows.
Ensure integrity of the packets exchanged in the wireless medium so that only the intended packets from the authentic source are accepted at the destinations. This is achieved by adding an Authentication Code at the end of payload generated using Traffic Encryption Key along with the cyber suite defined in the Security Association.

Public Key Management (PKM) module is responsible for the overall management of the security framework. AeroMACS shall be using only PKM Version 2, as the support of mutual authentication is available only in PKMV2.
PKM v2 supports EAP_TLS protocol for mutual authentication. The digital certificates and other credentials are exchanged as TLS records between MS and AAA server. The exchanged certificates are validated by both the parties to establish the trust. EAP_TLS also has a robust mechanism for arriving at a shared secret between the negotiating peers. At the end of EAP_TLS transaction MS and AAA server arrive at MSK (Master Session Key) to be used for the session. MSK is the primary key from which all other keys are derived. (For certificates to be valid, the certificates are to be issued by the CAs authorized for AeroMACS. The certificate issuance and management is beyond the scope of this document).
In AeroMACS environment EAP negotiations need to happen before the establishment or wireless link and IP connectivity. But, EAP peer applications run between SS and AAA server, located remotely in the network, while ASN Gateway acts as a transit point forwarding packets between SS and AAA server. RADIUS is used as a transport mechanism, between the ASN Gateway (Authenticator) and the AAA server, for transferring EAP_TLS packets through internet to/from AAA server. RADIUS uses a secured connection between ASN Gateway and AAA server to ensure privacy. At the end of EAP_TLS transaction the MSK arrived at AAA server is transferred to ASN Gateway (authenticator) for further processing.

From MSK, ASNGW and MS derive pairwise master key (PMK) and from PMK authentication key (AK) is derived independently. ASN Gateway updates Base Station with AK. From AK the whole set of keys like, key encryption key (KEK), group KEK (GKEK), Traffic Encryption Keys (TEK) etc., are derived as per the rules defined in 802.16 specifications independently at BS and MS. PKM has a 3-way SA-TEK handshake mechanism for BS and MS to verify the final TEK that are derived independently at BS and MS. TEK keys are derived for every SAID as per the associated cryptographic suite requirements. PKM also periodically refreshes AK and TEKs between MS and BS in order to have robust privacy.

SA module is responsible managing the Security Associations of various data traffic. These SAs have cryptographic suite identified for each connection. TEK process is initiated for every SAID to arrive at TEK keys and refresh them periodically.
After authentication, MS continues with registration, optional TFTP configuration (in case of IP managed nodes) and data connection establishment procedures. Encryption module secures the traffic through the connection as per the associated SAID. It uses the TEK keys derived from the above process along with the configured cryptographic suite to encrypt/decrypt the outgoing/incoming data packets through the connection.
Thus a secure connection is established at 802.16 MAC layer between MS and BS. After data connection establishment between MS and BS, the data path is completed between ASN gateway and RAS server for the higher layer protocols to negotiate IP connectivity with the Remote Access Servers of CSN.
Figures 3-3 and 3-4 show the message sequence charts for AeroMACS security association and key derivation process.

ACTION BY THE MEETING

Figure 3-3: Message Flow Charts

BSS

Airborne Router

Airborne Radio

Base Station

ASN Gateway

AAA Server

NSP Access Router

Initialize AeroMACS

Synchronization, Ranging, Capability Negotiation

Context Initialization

EAP_REQ/Identify

EAP_RSP/Identify (My ID)

RADIUS ACCESS REQ: ID

EAP_TLS _Start

EAP_TLS (TLS_Client_hello)

EAP_TLS (TLS_Server_Hello, TLS_Certificate, {TLS_Server_Key_exchange}, TLS_Certificate Req, TLS_Server_Hello_Done

EAP_TLS (TLS_Certificate, TLS_client_key_exchange,TLS_certificate_verify, TLS_change cipher spec, TLS_Finsshed

EAP_TLS (TLS_change_cipher_spec, TLS finished)

EAP Success

EAP_TYPE=TLS, (No data)
EAP Response

EAP Response

EAP Request

PKM:EAP

RADIUS:EAP

PKM:EAP

EAP Request

RADIUS:EAP

PKM:EAP

EAP_TYPE=TLS, (No data)
EAP Request

PKM:EAP

RADIUS:EAP

RADIUS_SUCCESS

PKM:EAP

RADIUS:EAP

PKM:EAP

(MSK Transferred)

(AK Transferred)
PMK, AK Derived
PMK, AK Derived

Airborne Router

Airborne Radio

Base Station

ASN Gateway

NSP Access Router

SA-TEK Challenge

SA-TEK Request

SA-TEK Response

Key Request

Key Response

Registration

AeroMACS link Established

IP Traffic

HMAC/CMAC/KEK derivation

HMAC/CMAC/KEK derivation
DHCP server

Data connections

GRE Tunnels

AAA Server

Data Plane DHCP Server
Data plane Dynamic IP Address configuration (Optional)

DHCP Proxy

Pkt forwarding

Figure 3-4: Message Flow Charts (Cont.)

( pages)

Yüklə 39,99 Kb.

Dostları ilə paylaş: