Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
communications between dissimilar systems. The identity mechanism of each protocol system,<br />
and the mapp<strong>in</strong>g between them, must be assured to be consistent, complete, and def<strong>in</strong>itive.<br />
A great many different authentication and authorization systems exist. Should an <strong>in</strong>frastructure<br />
deploy multiple systems, then each alternative system and the mapp<strong>in</strong>g between them need to be<br />
assured to be consistent, complete, and def<strong>in</strong>itive. Without such assurance, a possibility exists<br />
that flaws <strong>in</strong> these key foundational elements may exist, which can be hostilely leveraged by<br />
attackers. For this reason, the entire worldwide aeronautical <strong>in</strong>frastructure needs to def<strong>in</strong>e<br />
complementary authentication systems, preferably us<strong>in</strong>g a s<strong>in</strong>gle, common authentication<br />
technology. It is helpful if they also use common authorization approaches, and the<br />
authorization system can be <strong>in</strong>tegrated <strong>in</strong>to a consistent and coherent network management<br />
solution.<br />
Assur<strong>in</strong>g identity, authentication, authorization, and access control systems is much more of an<br />
art than a science. The task is simplified if a s<strong>in</strong>gle technology for each system (identity,<br />
authentication, authorization, and access control) is deployed systemwide. For example, PKI has<br />
been proposed to become a common <strong>in</strong>tegrated authentication system for aeronautical systems<br />
[82]. PKI can be used for networks support<strong>in</strong>g many different network protocols. PKI is also<br />
used with<strong>in</strong> the DoD (i.e., DoD PKI) to serve as the authentication system used by the military,<br />
<strong>in</strong>clud<strong>in</strong>g military aircraft. Regardless, a common technology should be identified as a common<br />
approach to standardize upon.<br />
However, it is not always possible to ubiquitously deploy only a s<strong>in</strong>gle technology solution<br />
system-wide. Because of this, some have proposed various mechanisms’ cooperat<strong>in</strong>g systems<br />
that can be used to devise common policies that are<br />
“… expressed simply and <strong>in</strong> high level terms, but ref<strong>in</strong>ed <strong>in</strong> many dimensions to<br />
map to specific <strong>in</strong>frastructures, organizational or <strong>in</strong>dividual needs and world<br />
events.” [49]<br />
Regardless of the specific mechanism used, whenever different security adm<strong>in</strong>istrations or<br />
technologies are jo<strong>in</strong>ed together <strong>in</strong> a cooperative manner (e.g., aircraft and ground systems), it is<br />
important and challeng<strong>in</strong>g to def<strong>in</strong>e the <strong>in</strong>terfaces between the systems <strong>in</strong> such a way that the<br />
security posture for the comb<strong>in</strong>ed system as a whole is not dim<strong>in</strong>ished.<br />
5. NETWORK SECURITY DEFENSES.<br />
This section discusses traditional mechanisms to try to mitigate those risks. However, it also<br />
conta<strong>in</strong>s sections that <strong>in</strong>troduce specific concepts and technologies that provide important<br />
background <strong>in</strong>formation needed to understand important elements with<strong>in</strong> the subsequent sections<br />
of this document.<br />
5.1 DEFENSE-IN-DEPTH.<br />
<strong>Networks</strong> traditionally attempt to mitigate the risks mentioned <strong>in</strong> section 4 and <strong>in</strong> appendix A,<br />
and, <strong>in</strong>deed, any possible network risk, by strategically deploy<strong>in</strong>g security controls <strong>in</strong> a defense-<br />
52