Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
exposes previously isolated computational systems to new classes of failures result<strong>in</strong>g from both<br />
accidental as well as <strong>in</strong>tentionally malicious attacks that could affect safety of flight.<br />
Section 7 has suggested specific extensions that are needed to extend current <strong>FAA</strong> policy to<br />
address the additional threats and issues that occur <strong>in</strong> networked airborne environments.<br />
Sections 10.1 and 10.3 directly address the adequacy of exist<strong>in</strong>g regulations. Because this topic<br />
was a central element of phase 2, the more complete response to this topic occurs <strong>in</strong> section 10,<br />
with this section primarily be<strong>in</strong>g an <strong>in</strong>itial description.<br />
9.9 GROUND-TO-AIR COMMUNICATION.<br />
This report recommends that the signals <strong>in</strong> space (e.g., radio or satellite communications) used<br />
for ground-to-air communications must use transport security cover (i.e., encryption of the<br />
wireless signal <strong>in</strong> space occurr<strong>in</strong>g at the OSI physical layer). This h<strong>in</strong>ders nonauthorized entities<br />
from eavesdropp<strong>in</strong>g upon these communications and discourages attempts to potentially <strong>in</strong>ject<br />
false communication signals <strong>in</strong>to the data stream (e.g., possible man-<strong>in</strong>-the-middle attacks).<br />
However, these l<strong>in</strong>ks will rema<strong>in</strong> potentially vulnerable to availability attacks caused by hostile<br />
jamm<strong>in</strong>g unless mitigation techniques such as AJ waveforms or LPI/LPD waveforms are used.<br />
9.10 WHAT IS THE EFFICACY OF CYCLIC REDUNDANCY CHECKS WITH RESPECT<br />
TO SECURITY?<br />
Software parts are currently assured, <strong>in</strong> many cases, by hav<strong>in</strong>g a 32-bit polynomial cyclic<br />
redundancy check (CRC) wrapped around each part packaged with other identify<strong>in</strong>g <strong>in</strong>formation<br />
(aircraft type/serial, system part numbers, software part number, etc.) and then that package is<br />
wrapped with<strong>in</strong> another CRC. This helps to ensure not only nontamper<strong>in</strong>g (<strong>in</strong>ternal CRC) but<br />
also error-free transmission of the software part and the entire data package (wrapp<strong>in</strong>g CRC).<br />
This approach has semantically overloaded the CRC concept to handle two different purposes:<br />
• Polynomial codes (CRCs) are mechanisms commonly used with<strong>in</strong> data communications<br />
to detect and fix transmission bit errors. Industry uses different polynomial cod<strong>in</strong>g<br />
techniques <strong>in</strong> different environments to address specific network requirements. The<br />
wrapp<strong>in</strong>g CRC function of the previous paragraph corresponds well with this use case.<br />
• The <strong>in</strong>ternal CRC is <strong>in</strong>tended to provide identity and <strong>in</strong>tegrity protections for received<br />
software parts.<br />
This study states that it is entirely appropriate to use CRCs as polynomial codes to assist <strong>in</strong><br />
transmission bit error detection and correction. This is, after all, the historic reason for which<br />
CRC technology was created.<br />
However, this study states that it is <strong>in</strong>appropriate and risky (potentially dangerous) to use<br />
<strong>in</strong>ternal CRCs to provide identity and <strong>in</strong>tegrity protections (i.e., the <strong>in</strong>ner CRC) with<strong>in</strong><br />
networked environments. The United States and world standard mechanism by which the latter<br />
technique is securely accomplished is by code sign<strong>in</strong>g <strong>in</strong> conformance with the U.S. Federal<br />
130