Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
DSS (FIPS 186 [81]). Code sign<strong>in</strong>g is widely used by both government and <strong>in</strong>dustry (e.g., Java<br />
code sign<strong>in</strong>g). FIPS 186 was discussed <strong>in</strong> section 6.1.1 (see figures 24 and 25).<br />
FIPS 186 has significant security advantages when compared to CRCs:<br />
• FIPS 186 provides a high-assurance mechanism to establish identities. In most<br />
implementations, these identities are assured and certified by a highly trusted subject<br />
(i.e., the CA). Also, if the identity is subsequently modified after sign<strong>in</strong>g, that<br />
modification will be detected by the FIPS 186 verification process. By contrast, the<br />
identities of the CRC approach are not verified by a trusted third party or by any other<br />
mechanism (i.e., there is no mechanism to verify that the identity is what it claims to be)<br />
nor is there a mechanism to discern whether the identity was changed (modified) or not<br />
over time.<br />
• FIPS 186 provides a superior approach to <strong>in</strong>tegrity protection when compared to CRCs.<br />
When CRCs are used for <strong>in</strong>tegrity, <strong>in</strong>formation (e.g., software, identities) can be<br />
modified and CRCs can be recomputed dur<strong>in</strong>g man-<strong>in</strong>-the-middle attacks by the attacker<br />
<strong>in</strong> such a way that the received software parts can still pass the CRC checks. However,<br />
any attempt to alter FIPS 186 message digests (one-way hashes) will be detected dur<strong>in</strong>g<br />
the FIPS 186 verification process (see figure 25). Thus, the <strong>in</strong>tegrity protection of all<br />
signed <strong>in</strong>formation, <strong>in</strong>clud<strong>in</strong>g both code and identity <strong>in</strong>formation, is trustworthy when<br />
us<strong>in</strong>g FIPS 186. However, the <strong>in</strong>tegrity of the CRC approach is questionable.<br />
• FIPS 186 provides a mechanism to authenticate the established identity of the signer (if<br />
required) us<strong>in</strong>g a highly assured authentication mechanism based on PKI technology.<br />
• FIPS 186 provides very strong nonrepudiation assurances, but CRCs do not have any<br />
nonrepudiation attributes.<br />
10. ANSWERS TO THE PHASE 2 QUESTIONS.<br />
This section discusses several certification concerns that were identified dur<strong>in</strong>g the orig<strong>in</strong>al <strong>FAA</strong><br />
Screen<strong>in</strong>g Information Request for this study. These specific questions formed a start<strong>in</strong>g po<strong>in</strong>t<br />
for the work performed <strong>in</strong> phase 2 of this study. The exemplar architecture presented <strong>in</strong> section<br />
8.3 describes the generic airborne network environment that identifies how many of these<br />
specific questions should be answered.<br />
10.1 ARE CURRENT REGULATIONS ADEQUATE TO ADDRESS SECURITY<br />
CONCERN?<br />
The current regulations need to be extended to address network risks. <strong>Networks</strong> have very<br />
different attributes than the complex systems that the <strong>FAA</strong> has addressed to date. Section 7<br />
identified specific changes needed to extend DO-178B and ARP 4754. However, other <strong>FAA</strong><br />
regulations also need to become similarly enhanced. For example:<br />
131