A Cybersecurity Architecture for the L-band Digital Aeronautical Communications System (LDACS)

With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. The biggest challenge in recent years is the transition from analogue voice to digital data communication and the related trend towards an increased autonomous data processing. A promising candidate for the digital future communication infrastructure in continental areas is the terrestrial long-range L-band Digital Aeronautical Communications System (LDACS), which is currently in the process of being standardized by the International Civil Aviation Organization (ICAO). As safety and security are strongly intertwined in civil aviation, every installation of LDACS requires protection against cyber-attacks. This paper introduces a cybersecurity architecture for LDACS and proposes suitable security algorithm, which can achieve the security objectives on top of the architecture. Therefore we integrate new security functions within the existing protocol stack of LDACS. We provide an architecture for user data encryption, data integrity, authenticated key agreement, entity authentication, broadcast channel protection, and key and access management

On Structural Signatures for Tree Data Structures

Abstract. In this paper, we present new attacks on the redactable signature scheme introduced by Kundu and Bertino at VLDB '08. This extends the work done by Brzuska et al. at ACNS '10 and Samelin et al. at ISPEC '12. The attacks address unforgeability, transparency and privacy. Based on the ideas of Kundu and Bertino, we introduce a new provably secure construction. The corresponding security model is more flexible than the one introduced by Brzuska et al. Moreover, we have implemented schemes introduced by Brzuska et al. and Kundu and Bertino. The evaluation shows that schemes with a quadratic complexity become unuseable very fast

Practical Group-Signatures with Privacy-Friendly Openings

Group signatures allow creating signatures on behalf of a group, while remaining anonymous. To prevent misuse, there exists a designated entity, named the opener, which can revoke anonymity by generating a proof which links a signature to its creator. Still, many intermediate cases have been discussed in the literature, where not the full power of the opener is required, or the users themselves require the power to claim (or deny) authorship of a signature and (un-)link signatures in a controlled way. However, these concepts were only considered in isolation. We unify these approaches, supporting all these possibilities simultaneously, providing fine-granular openings, even by members. Namely, a member can prove itself whether it has created a given signature (or not), and can create a proof which makes two created signatures linkable (or unlinkable resp.) in a controlled way. Likewise, the opener can show that a signature was not created by a specific member and can prove whether two signatures stem from the same signer (or not) without revealing anything else. Combined, these possibilities can make full openings irrelevant in many use-cases. This has the additional benefit that the requirements on the reachability of the opener are lessened. Moreover, even in the case of an involved opener, our framework is less privacy-invasive, as the opener no longer requires access to the signed message. Our provably secure black-box CCA-anonymous construction with dynamic joins requires only standard building blocks. We prove its practicality by providing a performance evaluation of a concrete instantiation, and show that our non-optimized implementation is competitive compared to other, less feature-rich, notions

A Cybersecurity Architecture for the L-band Digital Aeronautical Communications System (LDACS)

With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. The biggest challenge in recent years is the transition from analogue voice to digital data communication and the related trend towards an increased autonomous data processing. A promising candidate for the digital future communication infrastructure in continental areas is the terrestrial long-range L-band Digital Aeronautical Communications System (LDACS), which is currently in the process of being standardized by the International Civil Aviation Organization (ICAO). As safety and security are strongly intertwined in civil aviation, every installation of LDACS requires protection against cyber-attacks. This paper introduces a cybersecurity architecture for LDACS and proposes suitable security algorithm, which can achieve the security objectives on top of the architecture. Therefore we integrate new security functions within the existing protocol stack of LDACS. We provide an architecture for user data encryption, data integrity, authenticated key agreement, entity authentication, broadcast channel protection, and key and access management

Paving the Way for an IT Security Architecture for LDACS: A Datalink Security Threat- and Risk Analysis

With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. This implies the transition from analogue voice to digital data communication. A promising candidate for terrestrial air-ground communication is the L-band Digital Aeronautical Communications System (LDACS). LDACS is currently in the process of being standardized in ICAO. Being integrated in the aeronautical telecommunication network and providing a digital communication link for safety critical applications, each and every installation of LDACS requires protection against cyber-attacks. A rigorous threat and risk analysis is the fundamental basis to derive an IT security architecture for LDACS. The objective of this paper is to identify safety relevant air traffic management services, perform a threat and risk analysis, and define attacker types. Having created a threat catalog, we introduce a threat rating system allowing us to set our findings in a qualitative context and pave the way for a future LDACS IT security architecture

Datalink Security in the L-band Digital Aeronautical Communication System LDACS for Air Traffic Management

The communication systems, currently being used for air traffic management and air traffic control, need to be modernized to support the sustainable growth of European air traffic. The Single European Sky Air Traffic Management Research (SESAR) program foresees digital datalink technologies as an important building block for this goal. Digital communication technologies shall reduce the load on legacy analog systems and enable new performance-oriented automated services. The L-band Digital Aeronautical Communications System (LDACS), currently in development in SESAR, is a corner stone of this future communication infrastructure. LDACS is a cellular broadband system sharing many technical features with 3G and 4G wireless communications systems. However, the specification of LDACS does not cover cyber-security, yet. Datalink security would therefore rely solely on higher layer mechanisms. In this paper we argue that datalink security in layer 1 and 2 of LDACS would significantly contribute to the overall security of the aeronautical telecommunication network by introducing additional layers of security. We present the major outcomes of a threat analysis of the system. Based on this analysis we discuss possible cyber-security options for LDACS and recommend to add cyber security functions in the link management entity and sub-network protocol of LDACS