Proposal Protocol for DME and Airplane Communication
Proposal Protocol for DME and Airplane Communication
Proposal Protocol for DME and Airplane Communication
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
4.3.2 10 minute window<br />
Signature is used <strong>for</strong> 10 minutes, but this time is variable. Increasing the window size will make it<br />
harder <strong>for</strong> to verify key Ki it receives in current packet because it has to per<strong>for</strong>m the hash function<br />
to get that key. Shrinking this window reduces the opportunity <strong>for</strong> recovering the signature.<br />
4.3.3 Last 16 packets in 24 hour window<br />
Sending the signature on the new K0 in last 16 packets of current chain. Increasing the number<br />
reduces the possibility of packet loss, but makes it more difficult <strong>for</strong> new planes coming into contact<br />
with the <strong>DME</strong> to verify the end of the previous chain because the signature is <strong>for</strong> the new chain.<br />
New planes joining at the end of a chain will, in the worst case, need to wait 16 seconds be<strong>for</strong>e<br />
they can authenticate data (as opposed to 10 seconds normally). Planes currently using <strong>DME</strong> are<br />
unaffected by change of chain, unless there is packet loss during the change of chain.<br />
4.4 Plane Verification Process<br />
4.4.1 First Contact with the <strong>DME</strong><br />
The plane collects 10 packs from the <strong>DME</strong> <strong>and</strong> reconstructs SIGOV ERALL as described above.<br />
After reconstructing, it verifies the signatures. At this point, the plane has authenticated Kw <strong>for</strong><br />
the current 10 minutes time window. This means that the plane knows the <strong>DME</strong> is the <strong>DME</strong> it<br />
claims to be. When the next packet P , which contains [datai, Ki, ti+1, F(i)], is received, the plane<br />
checks that H(H(H..H(Ki)..)) = Kw, otherwise reject the packet if not. The plane can do this<br />
because it knows what time P was transmitted <strong>and</strong> when Kw was created. After that, the plane<br />
checks verifies that ti (from the previous packet) is equal to MAC(Ki, [datai —— (32-bit time)]).<br />
If it is equal, then output valid, <strong>and</strong> reject the packet otherwise. If it is valid, that means the datai<br />
is authenticated <strong>and</strong> can be used securely.<br />
4.4.2 Subsequent contact<br />
The method is the same as above. If there is a gap in chain due to packet loss, the plane waits until<br />
the next packet is received. It ignores that packet but saves ti+1 from it. Then, when the next<br />
packet is received, the plane per<strong>for</strong>ms the MAC check described above. It is important to mention<br />
that if an attacker is able to block every other packet, the plane will be unable to authenticate any<br />
packet because we could never get the keys or data from the next packet to authenticate the MAC<br />
field from the previous packet. If the packets happen to be the last packets in 24 hour chain, the<br />
plane collects SIGOV ERALL on the new K0. The plane verifies the signatures <strong>and</strong> then starts using<br />
the new chain. No interruption in the service is expected. If packet loss occurs <strong>and</strong> prevents the<br />
acquisition of the signature on K0 from last 16 packets of previous chain, then use signatures on<br />
the new chain to verify K0 as if the packets did not come.<br />
This method is more involved but has less bits. It can be written in about 500 lines of code.<br />
The signature verification is the same speed as above.<br />
References<br />
[1] D. Boneh, H. Shacham, <strong>and</strong> B. Lynn. Short signatures from the Weil pairing. J. of Cryptology<br />
17(4): p.297-319, 2004.<br />
4
Change language