Nagaraja Thanthry

Aviation data networks: security issues and network architecture

The information technology (IT) revolution, combined with peoples need to access information quickly, has resulted in the explosive growth of the Internet in the past decade. Ubiquitous access to the Internet has become an essential component of a mobile workforce and multiple mechanisms are being devised to ensure seamless connectivity to corporate resources. An integrated security framework requires a careful consideration of the security features of the network within an airplane. Potentially, the aircraft could consist of three kinds of networks namely passenger network, crew network, and control network. The security protocol implemented must ensure a proper separation of these networks and also watch for any security protocol violations. In this paper, the authors review the existing aircraft data network standards, security provisioning, and the security threats associated with the aircraft data networks. In addition, the authors also analyze the security threats associated with different network architectures.

Security, Internet connectivity and aircraft data networks

Internet connectivity which was in experimental stages only a few years ago is a reality today. Current implementations allow passengers to access Internet for pleasure and in some cases secure VPN access is provided to corporate networks. Several researchers are looking at the possibility of the existence of a total three networks: passenger network (PN), crew network (CRN), and the control network (CON). Researchers envision an architecture where these three networks co-exist in an airplane. The available Internet connectivity can be utilized for transporting flight critical information like cockpit flight data recorder (CFDR) data, digital flight data recorder (DFDR) data, cockpit voice recorder (CVR) data and controller pilot data link communication. In addition, the Internet connectivity could also be used for other safety mechanisms like video surveillance and remote control of the flight. Security is one of the major concerns that affect the successful deployment of aircraft data networks (ADN) and other safety features. Several studies have been carried out to secure the network using firewalls and intrusion detection system but so far no study has focused on securing the communication channel (between the aircraft and the ground station) and its impact on the ADN. The scope of this research is to determine the viability and need of a security mechanism. The research also focuses on the performance of different security architectures and determine their usability in the framework of an ADN

PCF vs DCF: a performance comparison

Wireless LANs are gaining importance at a very rapid pace. The idea of being mobile and connected to the Internet is driving new innovations in this area. With the recent innovations in the field of multimedia networks, the requirements of QoS support over wireless LANs are becoming more stringent. Quality of service in a wireless LAN is affected by a number of parameters like channel access method, physical/environmental conditions, number of nodes, distance etc. A proper selection of protocols/topology helps in maintaining/improving the QoS support of a wireless network. In this paper, the authors analyze the effect of channel access methods on the multimedia (voice) traffic. Two channel access methods, namely point coordinate function (PCF) and distributed coordinated function are considered for their support for QoS. The simulation results indicate that using PCF for multimedia traffic results in better performance.

IP connectivity and DAP

The information technology (IT) revolution, combined with peoples need to access information quickly, has resulted in the explosive growth of the Internet in the past decade. Ubiquitous access to the Internet has become an essential component of a mobile workforce and multiple mechanisms are being devised to ensure seamless connectivity to corporate resources. The authors present a possible use of the available IP connectivity between the airplane and the ground stations for the download of voice/video/data traffic from an airplane onto the ground stations to ease the reliance on blackboxes in a post-incident scenario. A discussion of the simulation test-bed, the results obtained and the practical set of guidelines for their deployment in real-world situations is also included.

Mobile IP and virtual private networks

With a growing number of portable computing devices like laptops and personal digital assistants (PDA), the need for seamless connectivity to the global Internet is driving the acceptance of different mobility solutions. Mobile IP is one of the widely accepted mobility solutions for mobile nodes. Though mobile IP caters the seamless connectivity requirements of the mobile nodes, the issues regarding quality of service (QoS) and security remains unsolved. Most of the corporate users like to have seamless connectivity along with security and QoS while they are roaming in the foreign network. The issues related to security and QoS becomes more complicated when dealing with a network on the move (mobile network). A virtual private network (VPN) can be used as an alternative mobility solution to cater the security and QoS in addition to mobility. In the current research work, we evaluate the QoS provided by these alternative mobility solutions as compared to the traditional mobile IP.

Port address translation based route optimization for mobile IP

The current mobility management protocol mobile IP (MIP) specifies the use of a home agent (HA) in forwarding datagrams to/from the mobile node (MN). This often leads to the usage of either triangular routing or reverse tunneling. Both these modes of communication introduce additional delay in data transmission between a corresponding node (CN) and a MN, in addition to the wastage of network resources. IETF has proposed certain extensions to MIP to support route optimization. A drawback of the proposed route optimization extensions to MIP is the requirement for the CN to be mobility aware. In this paper, the authors propose a port address translation based route optimization scheme. The proposed route optimization scheme attempts to reduce the overhead and delay involved with traditional mobile communication by means of using port address translation (PAT) and routing the packet using an optimal path. Preliminary analysis carried out by the authors indicates a significant performance improvement compared to that of normal MIP and other route optimization techniques.

Issues with nested mobility

Mobility and Internet access have become an integral part of todays life. The recent advances in computer hardware have also aided in increasing the dependence on Internet connectivity. Protocols like mobile IP were proposed in an effort maintain mobile Internet connections. Even though the primary goal of traditional mobile IP is the support of single host mobility, its extension to support network mobility is an active area of development. Mobile IP needs some additional mobility agents and tunneling to support network mobility. This work explores the possibility of using the mobile IP protocol suite for supporting nested mobility. Issues related to quality of service (QoS), security and scalability within the framework of nested mobility are discussed in this paper. Simulations carried out in Student Routers Lab at Wichita State University reveal deterioration of QoS with nested mobility.

Alternate encryption scheme for VoIP traffic

Voice over IP is fast emerging as a strong contender to the traditional circuit-switched PSTN networks. Unlike the PSTN network, which requires dedicated lines, VoIP can share the network that is laid out to carry data traffic as well as other traffic categories. Securing VoIP and other real-time traffic is necessary considering the easy ways of hacking communication over internet. Most of the existing security solutions for VoIP such as IPSec, Secure Real Time Protocol (SRTP) and ZRTP use the standard symmetric encryption algorithms for encrypting voice traffic. In this paper, the authors propose an alternate encryption scheme that uses PKI architecture for the initial authentication and key exchange, and encrypts the real-time traffic with a symmetric algorithm using a unique key for each packet. The proposed algorithm expected to be less complex compared to the traditional encryption schemes in addition to enhancing the security of the communication. Initial analysis carried out by the authors indicates that the proposed scheme helps in improving the voice quality to a certain extent while maintaining the security of the communication.

Voice over IP security and law enforcement

Voice over IP is one of the fastest growing Internet based application in todays networking world. As more and more enterprises are moving towards IP based voice network, the payload security has become an important issue. The voice traffic is exposed to the same threats as the normal data traffic. However, with voice traffic, the security and accessibility requirements are different from the data traffic. While it is important to protect the voice packets from spoofing and eves dropping, it is equally important that the law enforcement agencies gain access to these voice packets when legally required. With the deployment of security mechanisms like encryption, it becomes harder for the law enforcement agencies to decipher the information hidden in the IP packets related to voice calls. It would make sense to use standardized encryption techniques with voice over IP, at the same time provide a means to decipher the data as and when needed. This would provide the law enforcement agencies an easier access to the information during critical situations provided they have access to the encryption keys. The emphasis should be placed on the choice of encryption keys making it difficult for intruders to decipher. In this paper, the authors review the security requirements of voice traffic transmitted via Internet with the law enforcement and security perspective. The authors review the requirements of various law enforcement agencies and assess the impact of security mechanisms deployed in VOIP networks on law enforcement

Aviation data networks: new avenues for flight safety

Aircraft data networks are fast becoming more of a necessity due to their support for user mobility. Many aircraft manufacturers are planning to deploy data networks within their airplanes and provide Internet connectivity to their passengers. While a data network within the aircraft, and passenger access to it, causes some security concerns, it opens up some safety enhancement opportunities. With Internet connectivity within the airplane, the activity within the airplane can be monitored in real-time from the ground station. Also, using the high bandwidth satellite links, the flight critical data could be downloaded to a server in the ground station in real-time or periodically, thereby enabling real-time flight status monitoring. In this paper, the authors review the safety enhancement opportunities that could be created from the data networks within the airplane. In addition, the authors also review the network resource requirement for the safety extensions.