Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Simultaneously, IP addresses are also used to identify application layer entities located with<strong>in</strong><br />
the device that hosts them. Therefore, IP addresses are semantically overloaded by<br />
simultaneously <strong>in</strong>dicat<strong>in</strong>g two different semantic notions: rout<strong>in</strong>g topology location and device<br />
identity. The overload<strong>in</strong>g of these very different semantic notions <strong>in</strong>to the same address value<br />
results <strong>in</strong> what is known as the “IP Identity Problem.” The identity problem may become<br />
manifested whenever a device physically moves with<strong>in</strong> the rout<strong>in</strong>g topology (e.g., when aircraft<br />
move relative to ground-based <strong>in</strong>frastructures). Mobility can cause a conflict between the two<br />
semantic notions; because the mov<strong>in</strong>g entity has changed its network location, it is normally<br />
expected to readdress its network <strong>in</strong>terfaces to reflect their new topological location. But if that<br />
is done, how can entities remote to that device authoritatively know that the device previously<br />
identified as hav<strong>in</strong>g IP address X is the same device that now has IP address Y?<br />
IPv6 addresses differ from IPv4 addresses <strong>in</strong> that each IPv6 network <strong>in</strong>terface may<br />
simultaneously have multiple different IPv6 addresses, each with a potentially different network<br />
topology significance. IPv6 systems also support assign<strong>in</strong>g unique IPv6 addresses to each<br />
application with<strong>in</strong> that device. Consequently, IPv6 devices can support logical networks <strong>in</strong>ternal<br />
to that device itself, with each application supported by that device potentially hav<strong>in</strong>g its own<br />
IPv6 address. By contrast, IPv4 systems are limited to referr<strong>in</strong>g to their applications solely via<br />
the port address field with<strong>in</strong> the transport layer’s protocol header (e.g., UDP, TCP, stream<br />
control transmission protocol).<br />
Both IPv4 and IPv6 similarly share the IP identity problem, though its affects somewhat differ<br />
between the two protocol systems. Mechanisms to mitigate the IP identity problem are outside<br />
of the scope of this study.<br />
The po<strong>in</strong>t of this discussion is that the worldwide civil aviation network <strong>in</strong>frastructure needs to<br />
devise a common mechanism by which the identity of networked elements is established. This<br />
means def<strong>in</strong><strong>in</strong>g a common aeronautical solution for the IP identity problem for aircraft. If this is<br />
not done, then serious security vulnerabilities can arise whenever aircraft transition between<br />
system elements hav<strong>in</strong>g dissimilar identity approaches.<br />
4.9 INTEGRATED OR COOPERATING SYSTEM OF SYSTEMS.<br />
The previous section discussed some of the issues related to creat<strong>in</strong>g a network <strong>in</strong>frastructure<br />
that l<strong>in</strong>ks together two or more different protocol families. Section 4.8 mentioned the fact that<br />
TCP/IP systems have a weakness that is known as “The Identity Problem” that OSI systems do<br />
not share. The purpose of this section is to mention that the defense-<strong>in</strong>-depth provisions (see<br />
section 5.1) that are used to protect <strong>in</strong>frastructures rely on a coherent mechanism with<strong>in</strong> that<br />
<strong>in</strong>frastructure for handl<strong>in</strong>g identity, authentication, and authorization. Should any of these<br />
elements not be handled <strong>in</strong> a consistent manner, then the <strong>in</strong>frastructure is subject to<br />
vulnerabilities that attackers can leverage to damage that <strong>in</strong>frastructure and potentially harm its<br />
safety attributes.<br />
Each protocol family has its own mechanism for establish<strong>in</strong>g identity. Protocol gateway<br />
translators will need to map between these different systems to successfully enable<br />
51