Secure Communications in Next Generation Digital Aeronautical Datalinks

As of 2022, Air Traffic Management (ATM) is gradually digitizing to automate and secure data transmission in civil aviation. New digital data links like the L-band Digital Aeronautical Communications System (LDACS) are being introduced for this purpose. LDACS is a cellular, ground-based digital communications system for flight guidance and safety. Unfortunately, LDACS and many other datalinks in civil aviation lack link layer security measures. This doctoral thesis proposes a cybersecurity architecture for LDACS, developing various security measures to protect user and control data. These include two new authentication and key establishment protocols, along with a novel approach to secure control data of resource-constrained wireless communication systems. Evaluations demonstrate a latency increase of 570 to 620 milliseconds when securely attaching an aircraft to an LDACS cell, along with a 5% to 10% security data overhead. Also, flight trials confirm that Ground-based Augmentation System (GBAS) can be securely transmitted via LDACS with over 99% availability. These security solutions enable future aeronautical applications like 4D-Trajectories, paving the way for a digitized and automated future of civil aviation

L-band Digital Aeronautical Communications System (LDACS) draft-maeurer-raw-ldacs-06

This document provides an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable multi-application cellular broadband system with support for IPv6. LDACS shall provide a data link for IP network-based aircraft guidance. High reliability and availability for IP connectivity over LDACS are therefore essential

L-band Digital Aeronautical Communications System (LDACS) draft-maeurer-raw-ldacs-04

This document provides an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable multi-application cellular broadband system with support for IPv6. LDACS shall provide a data link for IP network-based aircraft guidance. High reliability and availability for IP connectivity over LDACS are therefore essential

L-band Digital Aeronautical Communications System (LDACS) draft-ietf-raw-ldacs-03

This document provides an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable multi-application cellular broadband system with support for IPv6. LDACS shall provide a data link for IP network-based aircraft guidance. High reliability and availability for IP connectivity over LDACS are therefore essential

A Cybersecurity Architecture for the L-band Digital Aeronautical Communications System (LDACS)

With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. The biggest challenge in recent years is the transition from analogue voice to digital data communication and the related trend towards an increased autonomous data processing. A promising candidate for the digital future communication infrastructure in continental areas is the terrestrial long-range L-band Digital Aeronautical Communications System (LDACS), which is currently in the process of being standardized by the International Civil Aviation Organization (ICAO). As safety and security are strongly intertwined in civil aviation, every installation of LDACS requires protection against cyber-attacks. This paper introduces a cybersecurity architecture for LDACS and proposes suitable security algorithm, which can achieve the security objectives on top of the architecture. Therefore we integrate new security functions within the existing protocol stack of LDACS. We provide an architecture for user data encryption, data integrity, authenticated key agreement, entity authentication, broadcast channel protection, and key and access management

Performance-optimizing Secure GBAS over LDACS

VHF Data Broadcast (VDB) currently used by GBAS has been identified as a potential source of cyber-security concerns. The use of an alternative datalink providing the bandwidth for more capable security protocols has therefore been proposed and demonstrated on the basis of the L-band Digital Aeronautical Communication System (LDACS). However, the first demonstration of secure GBAS over LDACS suffered from some performance degradation. This paper provides an improved method for secure GBAS over LDACS on the basis of a rigid performance analysis. Optimized parameters are derived and evaluated. The results point the way for further performance enhancements for even more challenging GBAS scenarios

Formal Verification of the LDACS MAKE Protocol

In our talk, we present the first formal verification of the security properties of the updated LDACS 3-pass Mutual Authentication and Key Establishment (MAKE) protocol. This protocol allows AS and GS to establish shared keys via Diffie-Hellman or a Key Encapsulation Mechanism, and to mutually authenticate communication partners in a three-way handshake. There are two variants: (1) The LDACS IKEv2 based 3-pass MAKE protocol and (2) the LDACS ISO/IEC 11770-3:2021 key agreement mechanism 7 based 3-pass MAKE protocol. The verification is done with the Tamarin Prover. We present our approach, point out security features and highlight difficulties in modelling the protocol correctly. Our work supports the on-going design and standardization process of LDACS

L-band Digital Aeronautical Communications System (LDACS) draft-ietf-raw-ldacs-04

This document provides an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable multi-application cellular broadband system with support for IPv6. LDACS shall provide a data link for IP network-based aircraft guidance. High reliability and availability for IP connectivity over LDACS are therefore essential

Improving Usable LDACS Data Rate via Certificate Validity Optimization

Since the beginning of the century, an increasing amount of air traffic has pushed current aeronautical communication systems to their limits. Therefore, a modernization process is ongoing, envisioning to digitalize previously analog systems and prepare them for future requirements. Among these efforts is the L-Band Digital Aeronautical Communications System (LDACS), which is a cellular broadband digital data link system, foreseen for regularity-of-flight and safety-communications. Any newly developed system must provide strong cybersecurity, especially when deployed within critical infrastructures. Similar to other communication systems, LDACS will utilize digital certificates within its Public Key Infrastructure (PKI). Such certificates must be available to the respective communication partner, and therefore might have to be transmitted via the radio link upon first contact. With bandwidth generally being a restricting factor in wireless communication, especially in the spectrum-scarce Lband different certificate lifetimes have varying impacts on the amount of security data. In previous research work, reduction of the LDACS security overhead has already been considered in e.g., the secure cell-attachment procedure between ground and aircraft stations or within a proposal for the utilization of group key distribution procedures in LDACS. However, the effect of different certificate lifetimes on the amount of security data and therefore the available user data rate has not been investigated so far. The objective of this paper is to compare different approaches for certificate validity periods in respect to the additional network overheads being created. Computer simulations using historical flight data from the OpenSky Network and a dedicated LDACS simulator help identifying the most effective solution

L-band Digital Aeronautical Communications System (LDACS) draft-ietf-raw-ldacs-10

This document gives an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable multi-application cellular broadband system with support for IPv6. LDACS provides a data link for IPv6 network-based aircraft guidance. High reliability and availability for IP connectivity over LDACS, as well as security, are therefore essential