• 2.2 Relevent ICAO Publications
  • 3.0 AbbreviationsABBREVIATIONS
  • 4.1 atn ATN IPS Administration
  • 4.1.2 Administrative Domains
  • 4.1.3 Autonomous System Confederation
  • 4.2 Physical layeR LINK LAYER REQUIREMENTS
  • IPv6 Networking
  • Error Detection and Reporting
  • 4.3.4 Quality of Services (QoS)
  • 4.4 Transport layer REQUIREMENTS
  • 4.4.13 Transmission Control Protocol (TCP)
  • 4.4.24 User Datagram Protocol (UDP)
  • 5.0 Network Layer Security using IPsec
  • 5.3 Key Management Methods
  • 5.4 Transforms and Algorithms
  • Draft icao




    Download 104.11 Kb.
    bet2/2
    Sana24.12.2019
    Hajmi104.11 Kb.
    1   2

    1.2 purpose


    This document defines Internet Protocol Suite (IPS) based, ICAO ATN.

    2.0 APPLICABLEREFERENCE DOCUMENTS

    2.1 IETF Standards


    The following documents form a part of this standard manual to the extent specified herein. In the event of conflict between the documents referenced herein and the contents of this standardmanual, the contents of this standard shall be considered the superseding documentprovisions of this manualherein shall take precedence. In the event of a conflict between the manual and the provisions in Annex 10, the provisions of Annex shall take precedence.
    Request for Comments (RFCs)
    RFC-768 User Datagram Protocol, August 1980

    RFC-793 Transmission Control Protocol, September 1981

    RFC-1323 TCP Extensions for High Performance, May 1992

    RFC-2401 Security Architecture for the Internet Protocol, November 1998

    RFC-2402 IP Authentication Header, November 1998

    RFC-2406 IP Encapsulating Security Payload (ESP), November 1998

    RFC-2410 The NULL Encryption Algorithm and Its Use With IPsec, November 1998

    RFC-2460 Internet Protocol, Version 6 (IPv6) Specification, December 1998

    RFC-2545 Use of BGP-4 Multi-protocol Extensions for IPv6 Inter-Domain Routing, March 1999

    RFC-3065 Autonomous System Confederations for BGP, February 2001

    RFC-4271 A Border Gateway Protocol 4 (BGP-4), January 2006

    RFC-4305 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) – (NB proposed standard, obsoletes RFC2402, RFC2406), December 2005

    RFC-4306 Internet Key Exchange (IKEv2) Protocol, December 2005

    RFC-4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2), December 2005

    RFC-4443 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification, March 2006

    2.2 Relevent ICAO Publications

    ICAO Annex 2 Rules of the Air

    ICAO Annex 3 Meteorological Service for International Air Navigation

    ICAO Annex 10 Aeronautical Telecommunications – Volume III, Part I – Digital Data Communication Systems

    ICAO Annex 11 Air Traffic Services

    ICAO Doc. 9705-AN/956 Edition 3, Manual of Technical Provisions for the ATN, 2002

    ICAO Doc. 9739 Edition 21, Comprehensive ATN Manual (CAMAL), 20020

    ICAO Doc. 4444 Procedures for Air Navigation Services – Air Traffic Management 14th Edition, 2001

    ICAO Doc. 9694 Manual of Air Traffic Services Data Link Applications

    3.0 AbbreviationsABBREVIATIONS

    The acronyms used in this standard are defined as follows:

    AAC Aircraft Administrative Communication

    AOC Aircraft Operational Communication

    AS Autonomous System

    AD Administrative Domain

    AH Authentication Header

    AINSC Aeronautical Industry Service Communication

    ATN Aeronautical Telecommunication Network

    ATSC Air Traffic Services Communication

    BGP Border Gateway Protocol

    CL Connection-less

    CO Connection-oriented

    ECC Elliptic Curve Cryptography

    ECP Encryption Control Protocol

    ESP Encapsulating Security Protocol

    G-G Ground- to- Ground

    IANA Internet Assigned Numbers Authority

    ICAO International Civil Aviation Organization

    ICMP Internet Control Message Protocol

    IETF Internet Engineering Task Force

    IKEv2 Internet Key Exchange

    IP Internet Protocol

    IPS Internet Protocol Suite

    IPv6 Internet Protocol version 6

    ISO International Standards for Organization for Standardization

    LAN Local Area Network

    OSI Open System Interconnection

    QoS Quality of Service

    RFC Request for Comments

    TCP Transmission Control Protocol

    SARPs Standards and Recommended Practices

    SNMPv3 Simple Network Management Protocol version 3

    SPI Security Parameter Index

    UDP User Datagram Protocol

    WAN Wide Area Network


    3.1 Definitions



    Definitions are consistent with IETF terminology.
    Autonomous System

    A set of independent groups


    Internet A worldwide computer communications network that interconnects WANs, LANs, and computers by adopting common interface services and protocols based on the TCP/IP technology
    LAN A network that interconnects hosts over short distances
    Network Collection of computers, printers, routers, switches, and other devices that communicate with each other over a common transmission medium.
    Protocol A set of rules and formats (semantic and syntactic) which determine the communication behavior between peer entities in the performance of functions at that layer
    Router The communication element that manages the relaying and routing of data while in transit from an originating end system to a destination end system
    Inter-Domain Router (Exterior Routing Protocol) These protocols are used to exchange routing information between ASes. They may in some cases be used between routers within an AS, but they primarily deal with exchanging information between ASes.
    Intra-Domain Router (Interior Routing Protocol) These protocols are used to exchange routing information between routers within an AS. Intra-domain routing protocols are not used between ASes.
    WAN A computer network that spans a large geographical area

    4.0 REQUIREMENTS

    This section specifies the RFCs that will be implemented in order to provide a consistent and uniform data transmission environment among ATN users.




    4.1 atn ATN IPS Administration




    4.1.1 The ATN ATN IPS Internet



    4.1.1.1 The ATN ATN IPS Internet consists of IPS Nodes (hosts/routers) and networks operating in a multinational environment. The ATN IPS Internet is capable of supporting Air Traffic Service Communication (ATSC) as well as Aeronautical Industry Service Communication (AINSC), such as Aircraft Administrative Communication (AAC) and Aircraft Operational Communication (AOC).
    4.1.1.2 There are two types of ATN IPS Nodes in the ATN. An ATN IPS Router is an ATN IPS Node that forwards Internet Protocol (IP) packets not explicitly addressed to itself. An ATN IPS Host is an IPS Node that is not a router.
    4.1.1.3 The ATN ATN IPS Internet will consist of a set of interconnected Administrative Domains (AD). From a management perspective, an Administrative Domain may be an individual state, a group of states or a region. From a Physical perspective, an Administrative Domain is a group of hosts, routers, and networks operated and managed by a single organization. An Administrative Domain is viewed from the outside, for purposes of routing, as a cohesive entity, of which the internal structure is unimportant.

    4.1.2 Administrative Domains

    4.1.2.1 Each State participating in the ATN IPS Internet shall1 operate one or more Administrative Domains, comprising one or more Inter-domain Routers as required to interconnect with Inter-domain Routers in other ground-based Administrative Domains.


    Note 1.— Adjacent States and/or Organisations (on behalf of States) may alternatively combine their Administrative Domains into a single AD.
    Note 2.— For routing and addressing purposes an Administrative Domain is further partitioned into one or more Autonomous Systems.
    Note 3.— The routing protocol within an Administrative Domain is local matter determined by the managing organization.
    Note 4.— When the Border Gateway Protocol (BGP) is used as the routing protocol for Autonomous Systems within an Administrative Domain, the set of Autonomous Systems forms an Autonomous System Confederation.



    4.1.3 Autonomous System Confederation

    4.1.3.1 ATN IPv6IPS routers in the ATN within an Administrative Domain which interact using the Border Gateway Protocol should form an Autonomous System Confederation as specified in RFC-3065, Autonomous System Confederations for BGP.




    Note 4.— When the Border Gateway Protocol (BGP) is used as the routing protocol for Autonomous Systems within an Administrative Domain, the set of Autonomous Systems forms an Autonomous System Confederation.

    4.2 Physical layeR & LINK LAYER REQUIREMENTS

    4.2.1 The specification of the physical and link layer characteristics for nodes are relegated to the local matteris local to the interfacing nodes. For options refer to Guidance Material for G/G IPS SARPS.


    4.3 Network LAYER ReQUIREMENTS

        1. IPv6 Networking




    The IP network layer will implement the IPv6 specification. IPv6 is designed for use in interconnected packet-switched computer communication networks and provides addressing and fragmentation services. The IP network layer shall be implemented in accordance with the following RFCs:
    4.3.1.1 ATN IPv6IPS nodes in the ATN shall2 implement IPv6 Specification version 6 of the Internet Protocol (IPv6) as specified in RFC-2460., IPv6 Specification.
        1. Network Addressing




    4.3.2.1 Regions will be responsible to get address allocations for ground-to-ground routing from IANA.
        1. Inter-Domain Routing


    4.3.2 Inter-Domain Routing

    4.3.3.1 The process of routing a packet across a network or networks via the most appropriate path is enabled using routing protocols. Inter-Domain-routing shall be implemented in accordance with the following RFC::


    4.3.3.2 ATN IPv6 routersIPS routers in the ATN shall3 implement version 4 of the Border Gateway Protocol (BGP4) as specified in RFC-4271, BGP4.
    4.3.3.3 ATN IPv6IPS routers in the ATN shall4 implement Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing multi-protocol extensions to the Border Gateway Protocol (BGP4+) to support IPv6 Inter-Domain Routing as specified in RFC-2545., Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing.



        1. Error Detection and Reporting







    4.3.3 Error Detection and Reporting

    4.3.4.1 The IPS network layer will implementuses the Internet Control Message Protocol (ICMPv6) protocol to report errors encountered during packet processing, and to perform other internet-layer functions (e.g., diagnostics and ping). The Error Detection and Reporting shall be implemented in accordance with the following RFC:


    4.3.4.2 ATN IPv6IPS nodes shall5 implement Internet Control Message Protocol (ICMPv6) Specification version 6 of the Internet Protocol (IPv6) as specified in RFC-4443., ICMPv6 Specification.
        1. 4.3.4 Quality of Services (QoS)

    4.3.5.1 ATN IPS routeres shall will advertise routes with an indication of traffic class.


    4.3.5.2 ATN IPS nodes Host shall6 forward packets based on traffic class.
    4.3.5.3 ATN IPS nodes Host shall7 forward packets based on priority.

    4.4 Transport layer REQUIREMENTS



    4.4.1 End to End Services

    4.4.1.1 The transport layer provides end-to-end service between hosts over the internet to regulate flow, detect and correct errors, and multiplex data.


    4.4.2 Support Services

    4.4.2.1 The transport layer shallwill support the following types of services:



    • Connection-Oriented (CO), invoking TCP

    • Connection-Less (CL), invoking UDP

    4.4.13 Transmission Control Protocol (TCP)

    The TCP services shall be implemented in accordance with the following RFCs:


    4.4.3.1 ATN IPv6IPS nodes Host shall8 implement version 6 of the Internet Protocol (IPv6)Transmission Control Protocol (TCP) as specified in RFC-793, Transport Control Protocol (TCP).
    4.4.3.2 ATN IPv6IPS nodesHost shall9 implement TCP version 6 of the Internet Protocol (IPv6)Extensions for High Performance as specified in RFC-1323, High Performance Extensions.

    4.4.24 User Datagram Protocol (UDP)


    The UDP services shall be implemented in accordance with the following RFCs:
    4.4.4.1 ATN IPv6IPS nodesHost shall10 implement version 6 of the Internet Protocol (IPv6)User Datagram Protocol as specified in RFC-768, User Datagram services.

    5.0 Network Layer Security using IPsec

    This section contains requirements for IPS network layer security.



    Note1. - This section contains requirements for IPS network layer security. Support for security is based on system threat and vulnerability analysis.
    Note 2. – Network layer security in the ATNIPS Internet is implemented using IPsec.

    5.1 Basic Architecture

    5.1.1 ATN IPv6IPS nodes routers in the ATN which support network layer security shall11 implement the Security Architecture for the Internet Protocol as specified in RFC-2401.



    5.2 Security Protocols

    5.2.1 ATN IPv6IPS nodes routers in the ATN which support network layer security shall12 implement the IP Encapsulating Security Protocol (ESP) as specified in RFC-2406.


    5.2.2 ATN IPv6IPS nodesrouters in the ATN which support network layer security shall13 implement the IP Authentication Header (AH) protocol as specified in RFC-2402.



    5.3 Key Management Methods

    5.3.1 ATN IPv6IPS nodes routers in the ATN which support network layer security shall14 implement manual configuration of the security key and Security Parameters Index (SPI).


    5.3.2 ATN IPv6IPS nodesHost in the ATN which support network layer security should implement key exchange in accordance with RFC-4306, The Internet Key Exchange (IKEv2) Protocol.

    5.4 Transforms and Algorithms

    5.4.1 ATN IPv6IPS nodes Host in the ATN which support network layer security shall15 implement the Cryptographic Algorithm Implementation Requirements for the Encapsulating Security Payload (ESP) and Authentication Header (AH)required algorithms for ESP and AH as specified in RFC 4305, Cryptographic Algorithm Implementation Requirements for the Encapsulating Security Payload (ESP) and Authentication Header (AH).


    5.4.2 ATN IPv6IPS nodesHost in the ATN which support network layer security shall16 implement theThe Null Encryption Algorithm and Its Use With IPsec NULL encryption algorithm as specified in RFC-2410, The Null Encryption Algorithm and Its Use With IPsec.
    and5.4.3 IPS nodes in the ATN which support network layer security shall17 implement the IP Encapsulating Security Protocol NULL authentication algorithm as specified in RFC-2406, IP Encapsulating Security Protocol; however, they shall17 not both be null.

    5.4.4 IPS nodes in the ATN which support network layer security shall operate either the NULL Encryption Algorithm for the NULL authentication algorithm but not both.


    Note. - Since ESP encryption and authentication are both optional, support for the NULL encryption algorithm [RFC-2410] and the NULL authentication algorithm [RFC-2406] is to be provided to maintain consistency with the way these services are negotiated. However, while authentication and encryption can each be NULL, they should not both be NULL.When ESP is used, at least one of these optional services is invoked (i.e. is non-NULL).

    5.4.5 ATN IPv6IPS nodesHost in the ATN which support network layer security shall18 implement the Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) required algorithms for key exchange as specified in RFC-4307, Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2).


    Note 1. – There is an internet draft document which identifies Elliptic Curve Cryptography (ECC) groups for IKEv2. ECC aAlgorithms of equivalent or greater strength than those identified in RFC-4307 may be implemented as a local matter on a bi-lateral basis.
    Note 2. – RFC-4307 identifies two modular exponentiation groups for IKEv2. There have been additional internet draft documents that propose using elliptic curve groups. (ECP Groups For IKE and IKEv2 and Additional ECC Groups For IKE and IKEv2)




    Download 104.11 Kb.
    1   2




    Download 104.11 Kb.

    Bosh sahifa
    Aloqalar

        Bosh sahifa



    Draft icao

    Download 104.11 Kb.