Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table 1. Internet Eng<strong>in</strong>eer<strong>in</strong>g Task Force Protocol Security Features<br />
and Key Management Configuration (Cont<strong>in</strong>ued)<br />
Protocol<br />
IPsec—RFC<br />
4301<br />
Internet<br />
Protocol<br />
Security<br />
Security<br />
Features<br />
Authentication,<br />
Integrity,<br />
Privacy,<br />
Replay<br />
Protection<br />
Security<br />
Algorithm Keys Key Store <strong>in</strong> L<strong>in</strong>ux<br />
HMAC signed<br />
with<br />
Symmetric<br />
Keys. DES <strong>in</strong><br />
cipher block<br />
cha<strong>in</strong><strong>in</strong>g mode<br />
is the default<br />
but other<br />
algorithms/<br />
approaches<br />
may be<br />
negotiated<br />
(e.g., by the<br />
Oakley variant<br />
of the Diffie-<br />
Hellman<br />
algorithm)<br />
Two alternatives<br />
for configur<strong>in</strong>g<br />
IPsec keys:<br />
• Manual key<br />
management<br />
requires the<br />
preplacement<br />
of Symmetric<br />
Keys<br />
• Automated<br />
key<br />
management<br />
requires an<br />
Asymmetric<br />
key to serve<br />
as a basis for<br />
creat<strong>in</strong>g (on<br />
demand) and<br />
distribut<strong>in</strong>g<br />
symmetric<br />
keys via the<br />
ISAKMP (see<br />
RFC 4306).<br />
The L<strong>in</strong>ux FreeS/WAN<br />
implementation permits<br />
automated key<br />
management through<br />
generat<strong>in</strong>g (and<br />
configur<strong>in</strong>g) an RSA<br />
asymmetric key via the<br />
IPsec_RSASIGKEY<br />
utility.<br />
Alternatively, symmetric<br />
keys can be manually<br />
pre-placed with<strong>in</strong> IPsec’s<br />
databases on a security<br />
association (SA)-unique<br />
or common basis.<br />
The FreeS/WAN<br />
implementation also<br />
supports the use of PKI<br />
to function as a seed key<br />
value.<br />
40