This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Common Firewall Approach to Aviation Architecture
Technical Paper
2011-01-2718
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
While most industries have already adopted the use of IP networks to exploit the many advantages of network connectivity, the aircraft industry still has not significantly deployed networked devices in the aircraft. Security and reliability are two main concerns that have slowed the transition to this technology. The ability for Air Traffic Control to send digital communications to aircraft could significantly improve the aircraft safety by improving the speed and efficiency of communications. In addition, if devices could offload flight data to servers on the ground for analysis, the accuracy and efficiency of maintenance and other decisions impacting the aircraft could significantly improve.
The purpose of this research is to propose an IP-based LAN architecture for the aircraft which provides a scalable solution without jeopardizing flight safety. While LAN architectures have been proposed in the past, this research modeled its architecture off the commonly used firewall approach for securing networks. The proposed architecture separates the network by creating four separate security zones in order to protect sensitive aviation information: a trusted zone for the Embedded-Control Systems network, a demilitarized zone (DMZ) for the flight crew, a less-trusted zone for the passenger network and a completely untrusted zone for the airport network containing the Air Traffic Control. The necessary communication between each zone is discussed as well as needed intrusion prevention and detection. Lastly, this research investigates the capabilities of a TCP secure protocol and network monitoring in order to provide the most secure and reliable connection between end-users. By using a more common, less customized approach to aviation network security, the proposed architecture can better leverage the technologies currently available for securing IP networks in aircrafts.
Recommended Content
Authors
Citation
Knoblauch, B., Best, P., Ragothaman, V., and Pendse, R., "Common Firewall Approach to Aviation Architecture," SAE Technical Paper 2011-01-2718, 2011, https://doi.org/10.4271/2011-01-2718.Also In
References
- Solari, C. 2007 Designing for security Bell Labs Technical Journal 12 1 6 10.1002/bltj.20245
- Fleischman, Eric “Networked Local Area Networks in Aircraft” DOT/FAA/AR-08/31 November 2008
- Fleischman, Eric “Handbook for Networked Local Area Networks (LANs) in Aircraft” DOT/FAA/AR-08/35 October 2008
- National Security Agency National Information Systems Security Glossary NSTISSI 4009 Fort Meade, MD Sept. 2000
- Parker, Donn B. “Toward a New Framework for Information Security” The Computer Security Handbook 4th New York, NY John Wiley & Sons
- Thanthry, N Pendse, R “Aviation Data Networks” Security Technology 2004
- Yonan, James www.openvpn.net/papers/BLUG-talk/2.html 2003
- Harmening, Jim Wright, Joe “Virtual Private Networks” Computer and Information Security Handbook 2009 507 517