The "Single European Sky" air traffic management master plan foresees the introduction of several modern digital data links for aeronautical communications. The candidate for long-range continental communications is the L-band Digital Aeronautical Communications System (LDACS). LDACS is a cellular, ground-based digital communications system for flight guidance and communications related to safety and regularity of flight. Hence, the aeronautical standards, imposed by the International Civil Aviation Organization (ICAO), for cybersecurity of the link and network layer, apply. In previous works, threat-and risk analyses of LDACS were conducted, a draft for an LDACS cybersecurity architecture introduced, algorithms proposed, and the security of a Mutual Authentication and Key Establishment (MAKE) procedure of LDACS formally verified. However, options for cipher-suites and certificate management for LDACS were missing. Also, previous works hardly discussed the topic of post-quantum security for LDACS. This paper proposes a cell-attachment procedure, which establishes a secure LDACS communication channel between an aircraft and corresponding ground-station upon cell-entry of the aircraft. Via the design of a hybrid LDACS Public Key Infrastructure (PKI), the choice of a pre-or post-quantum Security Level (SL) is up to the communications participants. With that, this work introduces a full LDACS cell-attachment protocol based on a PKI, certificates, certificate revocation and cipher-suites including pre-and post-quantum options. Evaluations in the symbolic model show the procedure to fulfill LDACS security requirements and a communications performance evaluation demonstrates feasibility, matching requirements imposed by regulatory documents.
Aeronautical communications still heavily depend on analog radio systems, despite the fact that digital communication has been introduced to aviation in the 1990’s. Since then, the digitization of civil aviation has been continued, as considerable pressure to rationalize the aeronautical spectrum has built up. In any modern digital communications system, the threat of digital attacks needs to be considered carefully. This is especially true for safety-critical infrastructure, which aviation’s operational communication services clearly are. In this article, we reverse the traditional approach in the aeronautical industry of looking at a system from the safety perspective and assume a security-oriented point of view. We use the lens of security properties to review the requirements and specifications of aeronautical communications infrastructure as of 2021 and observe that most standards lack cybersecurity as a key requirement. Furthermore, we review the academic literature to identify possible solutions for the lack of cybersecurity measures in aeronautical communications system. We observe that most systems have been thoroughly analyzed within the academic security community, some for decades even, with many papers proposing concrete solutions to missing cybersecurity features. We conclude that there is a systematic problem in the design process of aeronautical communication systems. We provide a list of eight key findings and recommendations to improve the process of specifying such systems in a secure manner.
This document gives an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable …
This document provides an overview of the architecture of the L-band Digital Aeronautical Communications System (LDACS), which provides a secure, scalable and spectrum efficient terrestrial data link for civil aviation. LDACS is a scheduled, reliable …
In this WG final-call updated version, we added descriptions for possible future applications provided by LDACS, updated the security descriptions, corrected minor typos and updated abbreviations.
This was a major update for us since we added several pages about the foreseen security features in LDACS. With the definition of ICAO Doc. 9896 of LDACS as a Link Layer technology, providing access to the Aeronautical Telecommunications Network (ATN) within the Internet Protocol Suite (IPS) plans of ICAO, strong access controls and user- and control plane security, are a MUST for LDACS.