This version of our IETF draft has been adopted by the IESG.

The L-band Digital Aeronautical Communications System (LDACS), the worldwide first true integrated Communication, Navigation and …

We made this update to incorporate all comments from the IESG.

The capacity of current aeronautical datalinks is reaching its limits and becomes a hindrance to the growth of worldwide civil …

Aeronautical communications still heavily depend on analog radio systems, despite the fact that digital communication has been introduced to aviation in the 1990’s. Since then, the digitization of civil aviation has been continued, as considerable pressure to rationalize the aeronautical spectrum has built up. In any modern digital communications system, the threat of digital attacks needs to be considered carefully. This is especially true for safety-critical infrastructure, which aviation’s operational communication services clearly are. In this article, we reverse the traditional approach in the aeronautical industry of looking at a system from the safety perspective and assume a security-oriented point of view. We use the lens of security properties to review the requirements and specifications of aeronautical communications infrastructure as of 2021 and observe that most standards lack cybersecurity as a key requirement. Furthermore, we review the academic literature to identify possible solutions for the lack of cybersecurity measures in aeronautical communications system. We observe that most systems have been thoroughly analyzed within the academic security community, some for decades even, with many papers proposing concrete solutions to missing cybersecurity features. We conclude that there is a systematic problem in the design process of aeronautical communication systems. We provide a list of eight key findings and recommendations to improve the process of specifying such systems in a secure manner.

At IETF 115, we presented the latest work on the LDACS draft in version draft-ietf-raw-ldacs-13. After one other update, the draft was adopted by the IESG in December 2022.

The L-band Digital Aeronautical Communications System (LDACS), the worldwide first true integrated Communication, Navigation and Surveillance (CNS) system, is in the process of being standardized at the International Civil Aviation Organization (ICAO) and the Internet Engineering Task Force (IETF). The cellular system is considered a successor to the 30-years old Very High Frequency (VHF) Datalink mode 2 system (VDLm2) and intended for communications related to the safety and regularity of flight. With the initial rollout planned in the near future, the finalization of all its aspects, including security is of utmost importance. While previous works presented a cybersecurity architecture for LDACS, including a Public Key Infrastructure (PKI), certificates, a Mutual Authentication and Key Establishment (MAKE) procedure, as well as usage of established keys for protecting its user- and control-data plane, the protocol for secure LDACS handovers between cells has not been established. The objective of this work is to present a secure handover procedure for LDACS, fulfilling all security and performance requirements for data- and voice communications via LDACS.

At IETF 114, we presented the latest work on the LDACS draft in version draft-ietf-raw-ldacs-11.

At IETF 113, we presented the latest work on the LDACS draft in version draft-ietf-raw-ldacs-10.

At IETF 112, we presented the latest work on the LDACS draft in version draft-ietf-raw-ldacs-09.

In this series, I’d like to have a deeper look on 4G security measures. Here we have a look at Non Access Stratum (NAS) and Access Stratum (AS) security, just after Authentication and Key Agreement Procedure (AKA) has completed.

This is a writeup for the overthewire natas web application hacking challenge for level 22, 23, 24 and 25.

This is a writeup for the overthewire natas web application hacking challenge for level 20 and 21.

This is a writeup for the overthewire natas web application hacking challenge for level 18 and 19.

In this series, I’d like to have a deeper look on 4G security measures. Here we look closely at step 5a in the Initial Attachment Procedure - the Authentication and Key Agreement Procedure (AKA).