Draft Final Report of WG-I//20



ACP WG-I/20 MEETING REPORTMarch 2 - 4 2016AERONAUTICAL COMMUNICATIONS PANEL (ACP)WG-I – Internet Protocol Suite – 20th MeetingMontreal, Canada, 2nd – 4th March 2016Report of ACP WG-I/20 MeetingPresented by the Rapporteur and the SecretarySummaryThis document is the ACP WG-I/20 Meeting Report.SummaryThis document is the ACP WG-I/20 Meeting Report.Table of Contents TOC \o "1-2" \h \z \u HYPERLINK \l "_Toc445122934" AGENDA ITEM 1: MEETING ORGANIZATIONAL ISSUES PAGEREF _Toc445122934 \h 3 HYPERLINK \l "_Toc445122935" AGENDA ITEM 2: APPROVAL OF THE AGENDA AND REVIEW OF WG-I/19 MEETING REPORT PAGEREF _Toc445122935 \h 3 HYPERLINK \l "_Toc445122936" AGENDA ITEM 3: REVIEW OF ACTION ITEMS AND ITEMS FOR FOLLOW-UP PAGEREF _Toc445122936 \h 3 HYPERLINK \l "_Toc445122937" AGENDA ITEM 4: COMPLETION/EVOLUTION OF THE ATN/IPS PAGEREF _Toc445122937 \h 7 HYPERLINK \l "_Toc445122938" AGENDA ITEM 4.2: Security PAGEREF _Toc445122938 \h 7 HYPERLINK \l "_Toc445122939" AGENDA ITEM 4.2: QOS/COS PAGEREF _Toc445122939 \h 8 HYPERLINK \l "_Toc445122940" AGENDA ITEM 4.4: Mobility, Multi-Homing and Multilink PAGEREF _Toc445122940 \h 9 HYPERLINK \l "_Toc445122941" AGENDA ITEM 4.5: Naming and Addressing PAGEREF _Toc445122941 \h 12 HYPERLINK \l "_Toc445122942" AGENDA ITEM 4.8: Integration with Other Systems PAGEREF _Toc445122942 \h 13 HYPERLINK \l "_Toc445122943" AGENDA ITEM 8: ANY OTHER BUSINESS PAGEREF _Toc445122943 \h 13 HYPERLINK \l "_Toc445122944" AGENDA ITEM 9: NEXT MEETING PAGEREF _Toc445122944 \h 14 HYPERLINK \l "_Toc445122945" APPENDIX A - ACP WG-I AGENDA PAGEREF _Toc445122945 \h 15 HYPERLINK \l "_Toc445122946" APPENDIX B – List of Attendees PAGEREF _Toc445122946 \h 16 HYPERLINK \l "_Toc445122947" APPENDIX C – Table of New Action Items from WG-I/20 PAGEREF _Toc445122947 \h 17 HYPERLINK \l "_Toc445122948" APPENDIX D – Table of Working and Information Papers PAGEREF _Toc445122948 \h 19 TOC \o "1-2" \h \z \u HYPERLINK \l "_Toc442276534" AGENDA ITEM 1: MEETING ORGANIZATIONAL ISSUES PAGEREF _Toc442276534 \h 3 HYPERLINK \l "_Toc442276535" AGENDA ITEM 2: APPROVAL OF THE AGENDA AND REVIEW OF WG-I/18 MEETING REPORT PAGEREF _Toc442276535 \h 3 HYPERLINK \l "_Toc442276536" AGENDA ITEM 3: REVIEW OF ACTION ITEMS AND ITEMS FOR FOLLOW-UP PAGEREF _Toc442276536 \h 3 HYPERLINK \l "_Toc442276537" AGENDA ITEM 4: COMPLETION/EVOLUTION OF THE ATN/IPS WORK PAGEREF _Toc442276537 \h 6 HYPERLINK \l "_Toc442276538" Agenda Item 4.1: IPS Implementation Guidance Development PAGEREF _Toc442276538 \h 7 HYPERLINK \l "_Toc442276539" Agenda Item 4.2: IPS Security PAGEREF _Toc442276539 \h 8 HYPERLINK \l "_Toc442276540" Agenda Item 4.4: Mobility PAGEREF _Toc442276540 \h 10 HYPERLINK \l "_Toc442276541" Agenda Item 4.8: Integration with other Systems. PAGEREF _Toc442276541 \h 13 HYPERLINK \l "_Toc442276542" AGENDA ITEM 7: A/G SECURITY STANDARDS UPDATES/ SDS SUB-GROUP REPORT PAGEREF _Toc442276542 \h 14 HYPERLINK \l "_Toc442276543" AGENDA ITEM 8: ANY OTHER BUSINESS. PAGEREF _Toc442276543 \h 14 HYPERLINK \l "_Toc442276544" AGENDA ITEM 9: NEXT MEETING PAGEREF _Toc442276544 \h 14 HYPERLINK \l "_Toc442276545" APPENDIX A - ACP WG-I AGENDA PAGEREF _Toc442276545 \h 15 HYPERLINK \l "_Toc442276546" APPENDIX B - LIST OF ATTENDEES PAGEREF _Toc442276546 \h 16 HYPERLINK \l "_Toc442276547" APPENDIX C – TABLE OF NEW ACTION ITEMS FROM WG-I/18 PAGEREF _Toc442276547 \h 17 HYPERLINK \l "_Toc442276548" APPENDIX D – TABLE OF WORKING AND INFORMATION PAPERS PAGEREF _Toc442276548 \h 18AGENDA ITEM 1: MEETING ORGANIZATIONAL ISSUES1.1The meeting was opened by the Rapporteur, Mr. Liviu Popescu who welcomed all participants to the meeting. 1.2The meeting was attended by 13## experts and the Panel Secretary, Mr. Vaughn Maiolla. One expert participated remotely. The list of participants is in Appendix B of this report. AGENDA ITEM 2: APPROVAL OF THE AGENDA AND REVIEW OF WG-I/19 MEETING REPORT2.1A draft agenda was presented by the Rapporteur, who then explained the allocation of Working/Information Papers to the agenda items. He then explained that the meeting would not follow the order given in the agenda. This was to allow: A joint session with WG-S at the meeting commencement. The purpose of this was to discuss Security and QOS/COS (Items 4.4 and 4.9 respectively) issues. This satisfies Action Item 19-7, hence this item is CLOSED. A number of remote participants to join the meeting to discuss Security and Mobility. (Items 4.2 and 4.4, respectively). 2.2The agenda and order of proceedings were accepted by the meeting. The agenda and allocation of WPs/IPs is given in Appendix A of this report. A list of all WPs is given in Appendix D. Discussion was limited to those items for which papers had been submitted. 2.3This meeting report will follow the chronological order of the meeting. AGENDA ITEM 3: REVIEW OF ACTION ITEMS AND ITEMS FOR FOLLOW-UPAction items were not dealt with as a single discussion item. The following table has been updated based on relevant discussion under other agenda items. Action ItemDescriptionStatus13-8ICAO Secretariat will work to obtain IPV6 address blocks for the Regions. – Still in progress. Efforts on-going to obtain necessary resources.OPEN – In progress. 14-4: Secretariat draft State Letter asking for (i) support from personnel with IPS skills and (ii) an extension to the schedule for the work programme based on the various reasons given above. In order to be effective State Letter must ask for experts to be nominated by name with details of expertise. Letter not distributed as funding to make use of personnel not yet available. Secondee with the skills being sought now.OPEN – In progress as at Jan. 201614-5: ICAO to develop a justification for a /16 address block and make an application to ARIN or IANA based on expediency. As above.OPEN14-6: Hoang Tran to draft guidance material for Doc 9896 on IPV4-IPV6 transition.OPEN14- 8: ICAO to apply for new TLD and draft appropriate guidance material on the allocation of lower level domain names. As per 13-8, 14-4, 14-5OPEN16-2: Hoang Tran to update the contents of WP04 (IPV6 Implementation Issues for Fixed Network) and provide more details in the next WG-I/18 meeting.See link: points to list existing implementation guidance documents available at regional level and to report them to the next WG-I meeting.OPEN17-1Secretary to have the ACP web-site modified to provide a protected area for sensitive documents. CLOSED and superseded by Action 18-1 17-3All members to provide comments on the questions raised by IP01 (SWIM concept of operation and implementation) and also provide any concerns that they may have. These will be forwarded to the Secretary of the ATMRPP and the newly-formed Information Panel by the Secretary (ACP). CLOSED and superseded by action to form joint-group. 18-1:Secretary to transfer CP web-site to sharepoint, in which case it would be wholly secure. OPEN – In progress18-2:WG-I members to provide feedback by the end of July, on ATN/IPS Job Card, especially with respect to key items for inclusion. CLOSED – job card now approved.18-3:WG-I to consider unambiguous terminology for applications and communications media.OPEN18-4:WG-I to consider network (i.e. OSI/IPS) transition issues, with emphasis on ground-based solutions to accommodate different aircraft architectures. These will be developed for consideration by the CP, who many need to consider institutional issues also. 18-5:Secretary to work with Terry Davis to prepared a “strawman” discussion paper dealing with the above. Through Web Meetings and other means, WG-I will determine the best way to deal with these. The resulting plan would then be given to the CP for consideration. CLOSED18-6:WG-I to appoint a sub-group to review internet standards and propose a suitable set of Internet standards to meet the needs of civil aviation. CLOSEDIPS Security and IPS Mobility Subgroups initiated18-7:WG-I to elaborate upon the impact of multi-homing on network mobility in Doc 9896. OPEN18-8:Secretary to incorporate the proposed changes given in WP11 in a log of proposed changes for consideration in the Edition 3 of Doc 9896. (Note: this may be published as early as end-2016)CLOSED – WP12 submitted18-9:WG-I to consider the following actions. Update the mobility specification in Doc 9896 to the current RFC 6275,Remove the restrictions on MIPv6 Route Optimization and explore additional techniques to improve the robustness, routing table updates and routing efficiencyDevelop and publish profiles for use of the internet standards specified in the IPS manual (or as alternate, encourage non-ICAO groups such as RTCA or EUROCAE to standardize some of the options listed in the IPS manual,Consider different IPv6 addressing structure and address discovery mechanisms to permit simultaneous multilink operations over multiple IP air/ground networks offered by separate MSPs,Develop requirements for mobility and multi-link, andConsider the list of alternatives described in this paper to develop standards to address the deficiencies in the existing IPS Manual.OPEN – to be incorporated into 18-10:Secretary to forward SWIM CONOPS to WG-I.CLOSED – WP## describes this and CONOPS posted on web-site. 18-11:Secretary to maintain a log of options/issues raised during meetings for further discussion if needed. This action will apply to all WPs/IPs presented during WG-I/18.CLOSED – WP12 submitted18-12:Secretary to propose meeting dates in the Sept/October timeframe. One of the objectives of this meeting would be to determine methods to resolve the issues raised in the (options/issues) log. CLOSED – meeting held Jan 201618-13:Secretary to inform the CP of the decision to make the SDS SG a sub-group of WG-I.CLOSED – done at CWG/119-1WG-I members consider nominations for the IPS Mobility sub-group Rapporteur. Open19-2Secretary to populate the spreadsheet of tasks related to the development of the ATN/IPS. This would include deliverables assigned to members and proposals for future consideration. Closed with WP319-3WG-I members consider attending AEEC February meeting and contribute to development of IPS roadmap and development plan. Closed19-4All WG-I members to consider block diagrams dealing with PKI management scenarios and bring these to WG-I/21 (May 16-20).Open19-5Secretary to obtain the TORs for the AVSECP and make available to WG-I. Open19-6Secretary to report to WG-I on the role of the WiMAX AWG. Open19-7Secretary to coordinate a joint meeting between WG-S and WG-I during the Feb. – Mar. meeting. Most likely on Wednesday. Closed19-8Greg Saccone to provide a paper on Asymmetric Extended Route Optimisation (AERO) at the WG-I/20.Closed with WP0919-9Bernhard Haindl to indicate protocol/solution specific shortcomings Identified in WP 12.Closed with WP0819-10Secretary to make contents of SWIM Concept document available. Closed at WG-I/1919-11WG-I members to consider nominations for a joint sub-group to work with the IMP on SWIM integration with the ATN/IPS.OpenAction ItemDescriptionStatus13-8ICAO Secretariat will work to obtain IPV6 address blocks for the Regions. – Still in progress. Efforts on-going to obtain necessary resources.OPEN – In progress. 14-4: Secretariat draft State Letter asking for (i) support from personnel with IPS skills and (ii) an extension to the schedule for the work programme based on the various reasons given above. In order to be effective State Letter must ask for experts to be nominated by name with details of expertise. Letter not distributed as funding to make use of personnel not yet available. Secondee with the skills being sought now.OPEN – In progress as at Jan. 201614-5: ICAO to develop a justification for a /16 address block and make an application to ARIN or IANA based on expediency. As above.OPEN14-6: Hoang Tran to draft guidance material for Doc 9896 on IPV4-IPV6 transition.OPEN14- 8: ICAO to apply for new TLD and draft appropriate guidance material on the allocation of lower level domain names. As per 13-8, 14-4, 14-5OPEN16-2: Hoang Tran to update the contents of WP04 (IPV6 Implementation Issues for Fixed Network) and provide more details in the next WG-I/18 meeting.See link: points to list existing implementation guidance documents available at regional level and to report them to the next WG-I meeting.OPEN17-1Secretary to have the ACP web-site modified to provide a protected area for sensitive documents. CLOSED and superseded by Action 18-1 17-3All members to provide comments on the questions raised by IP01 (SWIM concept of operation and implementation) and also provide any concerns that they may have. These will be forwarded to the Secretary of the ATMRPP and the newly-formed Information Panel by the Secretary (ACP). CLOSED and superseded by action to form joint-group. 18-1:Secretary to transfer CP web-site to sharepoint, in which case it would be wholly secure. OPEN – In progress18-2:WG-I members to provide feedback by the end of July, on ATN/IPS Job Card, especially with respect to key items for inclusion. CLOSED – job card now approved.18-3:WG-I to consider unambiguous terminology for applications and communications media.OPEN18-4:WG-I to consider network (i.e. OSI/IPS) transition issues, with emphasis on ground-based solutions to accommodate different aircraft architectures. These will be developed for consideration by the CP, who many need to consider institutional issues also. 18-5:Secretary to work with Terry Davis to prepared a “strawman” discussion paper dealing with the above. Through Web Meetings and other means, WG-I will determine the best way to deal with these. The resulting plan would then be given to the CP for consideration. OPEN CLOSED18-6:WG-I to appoint a sub-group to review internet standards and propose a suitable set of Internet standards to meet the needs of civil aviation. OPEN CLOSEDIPS Security and IPS Mobility Subgroups initiated18-7:WG-I to elaborate upon the impact of multi-homing on network mobility in Doc 9896. OPEN18-8:Secretary to incorporate the proposed changes given in WP11 in a log of proposed changes for consideration in the Edition 3 of Doc 9896. (Note: this may be published as early as end-2016)CLOSED – WP12 submitted18-9:WG-I to consider the following actions. Update the mobility specification in Doc 9896 to the current RFC 6275,Remove the restrictions on MIPv6 Route Optimization and explore additional techniques to improve the robustness, routing table updates and routing efficiencyDevelop and publish profiles for use of the internet standards specified in the IPS manual (or as alternate, encourage non-ICAO groups such as RTCA or EUROCAE to standardize some of the options listed in the IPS manual,Consider different IPv6 addressing structure and address discovery mechanisms to permit simultaneous multilink operations over multiple IP air/ground networks offered by separate MSPs,Develop requirements for mobility and multi-link, andConsider the list of alternatives described in this paper to develop standards to address the deficiencies in the existing IPS Manual.OPEN – to be incorporated into 18-10:Secretary to forward SWIM CONOPS to WG-I.CLOSED – WP## describes this and CONOPS posted on web-site. 18-11:Secretary to maintain a log of options/issues raised during meetings for further discussion if needed. This action will apply to all WPs/IPs presented during WG-I/18.CLOSED – WP12 submitted18-12:Secretary to propose meeting dates in the Sept/October timeframe. One of the objectives of this meeting would be to determine methods to resolve the issues raised in the (options/issues) log. CLOSED – meeting held Jan 201618-13:Secretary to inform the CP of the decision to make the SDS SG a sub-group of WG-I.CLOSED – done at CWG/119 – X To be completed.AGENDA ITEM 4: COMPLETION/EVOLUTION OF THE ATN/IPSAGENDA ITEM 4.2: SecurityECURITY 4.1Rich Hawkins presented WP05 – WiMAX Certificate Requirements and its companion WP 5.1, along with WP06. These papers contained a proposal from the the WiMAX Forum for a proposed a PKI management policy, which although dhas been drafted to support AeroMACS would be applied to security supporting the upper (communication) layers. 4.2An earlier version of this policy had been presented to WG-I/19 and 18 however this had the following improvements. Sections 1-3 have been added to include Introduction, Publication and Repository Responsibilities, as well as Identification and Authentication sectionsSection 9 has been added to propose standard business and legal languageCertificate Operational Validity Periods have been proposed in section 6.3.2Object Identifier (OID) is pending in section 1.2.24.3Consideration needs to be given to the selection of suitable “validity periods”. 4.4Discussion quickly focussed on the handling of these proposals. It was generally agreed that the AeroMACS PKI profile (given in WP-6) constituted a technical requirement and could be placed in the AeroMACS Manual in Chapter 3 (Technical Specification), whereas the policy could be placed in an Appendix to the manual. The latter is expected to was proposed to evolve as the policy would have applicability to the and if possible, considered to be extended to general ATN/IPS and would eventually be incorporated into Doc. 9896 ed 3. Further to this an overall policy on PKI would need to be developed. 4.5 For the policy to be included in Doc 9896, a thorough review will be needed to ensure that: It is compatible with the work carried out by the IPS Security Subgroup related to SDS , to other ATM applications security provisions and other security measures proposed for the network layer. It is acceptable to all stakeholders. 4,6The above steps will take some months however, Tthe AeroMACS manual is due for publication later this year and needs some sort of policy guidance on PKI. Hence the decision was made include it as an appendix until such time that it can be adapted for inclusion in Document 9896.4,7The discussion which led to the above, covered many topics, some of which have been captured in the following points: The proposed policy is aligned with follows the same philosophy as AT4A Spec 42, and Certipath and US Federal Government policies. Relevant cross-checks had been done by WGS in this respect. Liability of ICAO acting as AeroMACSmacs PKI Policy Authority in case of security incidents was questioned. It was stated that such liability issues of ICAO could be mitigated asA Certificate Authorities that will comply with the policy y can would be liable for damages incurred during a security breach. Auditing, Reporting, Logging and other functions of the AeroMACSmacs PKI Policy Authority and the associated effort for ICAO to ensure this role need to be evaluated and assessedconsidered. It was further discussed that ICAO should develop and maintain the Policy, however it might not be in position to ensure its enforcement.For AeroMACS, Pre-Shared Keys are not would not be supported however they may be used for other aspects of the ATN/IPS. Some States may applyy a different security policiesy.. 4.8 On the latter point, it was explained that States are expected obligated to follow ICAO SARPS or to report state differences, and hence the level of conformance would be high. To ensure this, careful consideration would need to be given to those items which become SARPS and those which are simply guidance. 4.9 The above led to the following action item: ACTION ITEM 20-1: First of all, WG-I/WG-S members to review the proposed policy and profile over the next two months and submit comments/suggestions for review by the WG-I Security SG. fo Once these have been compiled they will be forwarded to WG-S r review to WGS. for final review. (Note: the policy and profile will be posted on the secure web-site, once they have been re-cast as per the action item levied by WG-S). AGENDA ITEM 4.2: QOS/COS 5.1Aloke provided a review of the sections of the draft AeroMACS manual dealing with QOS/COS. 5.2 In the explanation on this, the various classes of service and their respective service flows were explained. It was also explained that the “DiffServ” method for mechanism was recommended in the manual for QoS classification and management. 5.3It was explained that the information contained in the AeroMACS manual needs to be checked to ensure consistency with Doc. 9896 and even the SARPS (A10 VIII). 5.4This led to two action items: ACTION ITEM 20-2: WG-S members to examine DiffServ table in the AeroMACS manual and make it consistent with that of Doc. 9896 and make it consistent with that of the AeroMACS manual. ACTION ITEM 20-3: WG-I to review the section on Service Flows from the draft AeroMACS manual and provide comments prior to WG-I/21. AGENDA ITEM 4.4: Mobility, Multi-Homing and Multilink6.16.1Fred Templin (Boeing) presented WP09 on the Boeing proposal for Asymmetric Extended Route Optimization (AERO). This was in response to Action Item 19-8, hence this item is CLOSED. This was mobility solution was based on a number of earlier IETF (Internet) RFCs and has been published as an RFC in its own right with a second edition in preparation. 6.2Fred outlined many of the advantages of this approach, the key ones are as follows: End-user devices are treated as mobile routers (as opposed to Nodes). Can support “multilink”, at the network layer (the preferred solution at this time, does this at the transport layer and does not support UDP). Route Optimisation is inherent. All servers support DHCHP. For intermediate links both IPv4 and IPv6 may be used. The aircraft uses a globally known address which does not change. On the mobile routers need to support the AERO Protocol. 6.3Many of the meeting participants asked a number of question which then raised issues for further investigation. These can be summarised as follows: Although this approach had clear merit, however the inclusion of additional elements on the aircraft would increase the certification and maintenance/support effort. Hence further investigation into this is needed. could be onerous. The volume of overheads, i.e; control and routing messages, when used in an aeronautical mobile environment were unclearwould need to be quantified. Encapsulation and other processing are needed on the aircraft, which runs counter to the principle of simplifying the avionics function and design. 6.4The above discussion generated a number of action items: ACTION ITEM 20-4: Boeing to provide a quantitative analysis on the traffic and message overheads associated with the use of AERO in a mobile aeronautical environment. ACTION ITEM 20-5: Boeing to provide a comparison of the certification process and maintenance/support procedures relative to other mobile IP solutions. 6.5Mahdu Niaraula presented WP10 regarding the selection of a solution for providing another proposal for IP Mobility. The proposal considered a number background requirements which any mobility solution must meet, these are covered in the following paragraphsnamely: 6.6For the ATN network DOC-9880/DOC-9705 and Annex 10 provide Standards and Recommended Practices (SARPs) for the aeronautical telecommunication network. But currently no SARPs exists for the IPS network. It is recommended that DOC-9896 and Annex 10 should be updated to provide the SARPs for the IPS network. This document could be used to show the compliance for airworthiness certification and demonstration. 6.7ICAO should perform the minimum threat and risk assessment that covers the air-to-ground data communications related to the safety services applications of civil aviation. The outcome or objective of a threat and risk assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability, while still providing functionality and usability. The civil aviation risk assessment should cover:ScopeData CollectionAnalysis of Policies and ProceduresThreat AnalysisVulnerability AnalysisCorrelation and Assessment of Risk Acceptability6.8Two levels of security, effectively a double-barrier should be provided for communication message routing specific to safety services. This provision should be considered, so that if one security barrier is compromised, a second barrier provides enough margin so that aircraft can complete the mission with minimum risk. 6.9For the IPS network security guidance, a minimum requirements standard should be provided at the ICAO level that will be acceptable for all ICAO member countries, which will cover the following:Key sizeExport regulationKey distribution and management frameworkGlobal CAs policyThe key distribution, key management, CAs and security policy6.10IP mobility and routing provision documented in the DOC-9896 is too complex to be implemented, certified and maintained in the avionics. NEMO provision should be removed from the DOC-9896 and complexities should be moved to the ground. Aircraft should only support the IP mobile host, no support for mobile router. Aircraft will update the default/static routing when a ground station handoff is complete. Routing/mobility can be managed on the ground; no need for a routing/mobility protocol on-board the aircraft. 6.11A framework and provision for rapid deployment of patches that address the security vulnerability for the fielded avionics shall be provided at the ICAO level, so that globally acceptable processes and means to certify the updated software that address the security risk is quickly established. 6.12DOC-9896 should provide the provision for the access network security. This should specify which security mechanisms (as a minimum standards accepted globally) should be provided by the A/G access technologies used within the aeronautical framework.6.13It is recommended that RUDP and MPTCP should be added in the DOC-9896 in addition to the standard TCP and UDP protocol.6.14Handoff is important to maximize spectrum utilization. It is recommended that aircraft based handoff should be maintained, however ICAO should perform the analysis and validation of best handoff scheme that addresses the following issues:Limiting handoff latency Maintaining an efficient route; limiting disruption of continuous media traffic Limiting network switch update rates due to rerouting Maintain QoS between various CSPs and new data path6.15To aid the compliance audits and investigation, provisions should be defined for each of these domains for both AOC and ATS data traffic. It is recommended that a data logging provision is provided on the ground, not in the aircraft. Network Access Security (CSP, air to ground links)Network Domain Security (CSP, ground to ground links for AOC and ANSPs)User Domain Security (Aircraft, AOC and ANSPs) Application Domain Security (end to end applications)There is a need to isolate and segregate the different domains ACD, AISD, PIESD and a mechanism is needed to support these. A clear security framework for certification, demonstration and deployment is needed. Provision for two security barrier and communication message routing specific to safety service and other domains is needed (need better wording) Aircraft must select the most cost effective air-to-ground link to send messages Aircraft must also select the air-to-ground link that meets the performance criteria (e.g. RCP-130, RCP-240…) for given services or applications The air-to-ground link is to be simplified by having most of the routing and mobility mechanisms managed on the ground Provisions are needed for other protocols beyond what is in DOC 9880 These provision should remain within standards RFCs 6.6This paper also made a number of other points: Use of 64 bit prefixes and 64 bit IDs (for Aircraft use both 24 bit address and tail number), prefix should be associated with a service type There are various RFCs that should be added in the DOC 9896 for stateless address auto configuration There is a need to address other shortcomings in the DOC 9896 6.7Two mobility protocols were proposed, SCTP or MPTCP. Of these MultiPath TCP was recommended. It was noted that this had also been proposed by others at WG-I/19. 6.8On security, WP10 stated that, DOC 9896 should enable access network security and specify which security mechanisms (as a minimum) shall be provided by the A/G access technologies used within the aeronautical framework.6.9 On security policy, WP10 stated the following: A clear policy, keys and security management framework for CAs, suppliers, airlines, ANSPs and service providers was needed. Aircraft keys should have the longer lifespan Decentralized security-critical functionality (loss of revenue) (need and explanation here)Protocols for key management and key distribution have been standardized in the internet The method for handing patent and export restrictions should be address by this working group as different countries have different encryption/decryption policies and export restrictions on technology. 6.10On airworthiness, WP 10 made the following points: Provisions should include both safety and security compliance needed for avionics, communication service providers and ground systems certification as well as compliance monitoring and audits. The guidelines for the security vulnerability fixes and deployment need to be addressed taking into account the following questions. How will the safety side of regulatory body access and certify the avionics and how fast? This is important as we can’t just turn the system off until the patched is certified? Timelines and availability of certification authority guidance materials for the airworthiness certification should be developed. ICAO should provide the minimum globally acceptable requirements for airworthiness that at least address the rollout framework for patch and fixes. 6.11On handoffs, WP10 provided the following comments which should be taken into account when selecting a mobility solution: Limiting handoff latency is an important concern in performing handoff and connection rerouting while; maintaining an efficient route limiting disruption of continuous media traffic limiting network switch update rates due to rerouting The meeting agreed with these requirements in principle. ACTION ITEM 20-: Rockwell Collins to provide list the identified open items for traceability and propose ways to address them. 6.12This paper expressed a number of clear views regarding the mobility solution, namely: Link selection can be supported on-board with simple static policy Aircraft to only support IP mobile host, hence no support required for mobile router Aircraft to use default/static routing with a network prefix to the IPS router Routing/mobility can be managed on ground, no need for a routing/mobility protocol on-board. Route optimisation will therefore be performed on the ground. Current provision doesn’t provide clear framework for end-to-end QoS, ground may need to support policy based routing capability for various QoS To allow a source node to be able to maintain multiple paths simultaneously, provision for mobile IP simultaneous binding (a mobile node to simultaneously register multiple COAs) is needed. For the safety services, NEMO is unnecessary. APC and AAC domain, one can use COTS products. DOC9896 based mobility is unnecessarily complex for the aircraft (recommended removing NEMO from DOC 9896)An alternative to IPV6 mobility should be proposed. ACTION ITEM 20-5: Rockwell Collins to list the identified items for consideration in WP10, for traceability and propose ways to address them. 6.13Bernhard Haindl presented WP08, in response to Action Item 19-9 from WG-I/19. Action Item 19-9 is therefore CLOSED. Over the last few WG-I meeting a number of comments, open issues and recommendations regarding DOC9896 proposals were raised.The aim of this document is to manage these open issues and the corresponding proposed recommendations in a log of proposed changes for consideration in the Edition 3 of DOC9896. Furthermore, the proposed changes are mapped to affected solutions and protocols in DOC9896, in order to allow a tracking of the validity in case of future DOC9896 protocol changes. To this end, tThis paper provided more detail on the specific proposals on mobility given in WP-12 from WG-I/19. This resulted in the following action item given below: ACTION ITEM 20-66: Secretary to incorporate WP08 into the log of proposals/actions given in WP03. 6.5The discussion them moved on to the process of selecting an appropriate mobility solution of possibly solutions. The meeting’s attention was drawn to the approach agreed at WG-I/19, namely: WG-I should identify potential solutions, using the results of various studies as guidance.To make an evaluation based on proposed solutions starting with the available material, eg: SESAR Project 15.2.4. outcomes (this example does not cover all candidate solutions) .Develop high-level requirements in collaboration with ICAO operational panels. The IPS Mobility sub-group should evaluate these using a methodology, which includes; the high-level requirements complemented by functional and performance-based technical requirements; security requirements and others as agreed. (Development of the selection methodology to be within the scope of the IPS mobility sub-group) Identification of potential IPS mobility, multilink and multi-homing solutions, using theresults of various projects.Evaluation of proposed solutions starting with the available material, eg: SESAR Project15.2.4. outcomes (this example does not cover all candidate solutions like AERO) .The evaluations will consider high-level requirements which will be developed incollaboration with ICAO operational panels.The evaluation will be based on an agreed methodology which includes; the high-levelrequirements complemented by functional and performance-based technicalrequirements; security requirements and others as agreed. (Development of theselection methodology to be within the scope of the IPS mobility sub-group)AGENDA ITEM 4.5: Naming and Addressing7.1Liviu Popescu presented WP04, IPS Addressing Schemes. This paper was a revised version of an earlier paper submitted to a WG-I meeting in 2011. 7.2This paper focussed on the addressing scheme to be used for mobile communication. As the population of end-users (i.e; aircraft) was smaller than the potential population of ground-based or fixed users, a /32 address block was called for. This paper summarised the IPv6 air-ground addressing scheme published in ICAO DOC 9896 ed 1.0 (2010) and maintained in ICAO DOC 9896 ed2 under publication. 7.3Under this structure each aircraft constitutes a /56 IPv6 end site, which is based on the ICAO 24-bit aircraft address as defined in Annex 10, Volume III, Appendix to Chapter 9.7.4The /32 IPv6 address prefix assignment is under MSP responsibility that need to request it from their Local Internet Registry (LIR) or Regional Internet Registry (RIR). Such approach implies allocation processes managed by RIRs.7.5Complementary, for the Aeronautical Fixed Service (AFS), the paper described the current EUROCONTROL IPv6 addressing scheme managed by EUROCONTROL on behalf of its stakeholders. The information was also presented in detail to ACP WGI-14 in July 2011. 7.6To be noted that this IPv6 addressing scheme is operationally used by OLDI/FMTP (the European AIDC variant) which is now deployed over IPv6 for more than 45% of the concerned Air Traffic Service Units (ATSU) connections.7.7The paper highlighted the advantages of using Regional Internet Registry (RIRs) well established frameworks for the existing IPS addressing schemes and underline the operational usage of the European IPS AFS addressing scheme that is being in process to be applied and extended to the ICAO EUR Region.7.8In the discussion that followed it was agreed that the IPS Mobile addressing scheme should be reassessed depending on the IPS Mobility solutions, architecture and business model that will apply in DOC 9896 ed3.7.3The proposed addressing scheme supported the ICAO 24-bit aircraft ID by simply embedding it in the overall address. 7.3The incidental point was made that in Europe close to 50% of end users were now using IPV6. This showed that in Europe, the transition to IPV6 was well advanced, hence transition issues need to be given careful consideration by WG-I. 7.4The meeting was given the action to fully consider the proposal given in this paper and provide comments at WG-I/21. ACTION ITEM 20-76: WG-I members to consider the Doc 9896 mobile addressing evolutions proposal given in WP04 and provide comments at WG-I/21. IPS Mobility Subgroup will be tasked to follow this subject.7.94The meeting then reviewed the issues discussed thus far, especially the issues related to mobility and addressing. The Secretary , being the man that he is, pointed out that a number of high-level, philosophical questions needed to be decided upon before a mobility or addressing solution could be chosen. A decision whether to embed the 24-bit address in the IPv6 address or simply map it to a simpler address format. A decision on whether the aircraft should be a node or a sub-network on the ATN-IPS. A decision on whether to have an “open” or “closed” network and if an intermediate solution will be closed network is chosen, the user classes that would reside in the “closed” network. It was recognised that such a hybrid solution is likely, from a practical point of view. This resulted in the following action item: ACTION ITEM 20-87: WG-I members to consider the following questions and bring proposals to future meetings of WG-I/21.. A decision whether to embed the 24-bit address in the IPv6 address or simply map it to a simpler address format. A decision on whether the aircraft should be a node or a sub-network on the ATN-IPS. A decision on whether to have an “open” or “closed” network and if an intermediate solution will be closed network is chosen, the user classes that would reside in the “closed” network. It was recognised that such a hybrid solution is likely, from a practical point of view. 7.10In the discussion that followed it was stated that for safety critical IPS applications, globally scoped IPv6 allocations are preferred ensuring that all necessary security controls for their protection against unauthorised use are in place ( e.g. not advertising such allocation and maintaining strict control of the internet registry).AGENDA ITEM 4.8: Integration with Other Systems8.1Bruce Eckstein presented WP07 on the connectivity that IPS needs to support the Unmanned Aircraft Systems also known as RPAs in ICAO. This paper presented a high level view of the various types of applications and their generic location as being on the ground or in the air and the connectivity between them. Questions were posed as to the reason why ATC Voice function was in the shown in the aircraft. The response was that due to the limitations of the ground system and the fact that UAS wanted to move forward as soon as possible, the voice relay through the aircraft was needed although the far term was expected to be a ground to ground voice link.8.2The paper concluded that the required connectivity to support RPAs in the airspace is different than the connectivity required to support manned aircraft. Larger volumes of timely information are transferred between the RPA and the ground and are transferred to a number of sites. These larger volumes of information are due to the command and control structure of the RPA as well as the user data collection that occurs on the RPA. Simultaneous transfers of Safety information over multiple RF links are perceived for RPAs. AGENDA ITEM 8: ANY OTHER BUSINESS9.1Greg Saccone gave a verbal brief on the AEEC IPS for Aeronautical Safety Services group.? As previously briefed, AEEC is starting a 2 step process for standards development regarding IPS.? The first step is the creation of a roadmap document by April 2017, which is intended to define the areas for standardization and the approach for who does what where.? Upon completion of the roadmap, a second step would be started which would be the execution of the standards development and will go through Apr 2019.9.2Accordingly, the first face-face meeting for the AEEC IPS for Safety Services was held in Washington DC from 23-25 Feb.? Prior to the meeting a strawman roadmap document was distributed for comment.? The meeting discussed a number of presentations from various organizations giving their views on IPS, and there were a lot of questions and areas for further study identified.9.3Honeywell presented a paper that tentatively divided up the responsibilities between AEEC, ICAO and RTCA/EUROCAE for the development of provisions on the ATN/IPS. The paper also had a proposal for re-organizing the strawman.? The (AEEC) meeting then spent a fair amount of time on the outline of the strawman, and assigned initial drafters to the various sections. ?There are two planned interim telcos planned to discuss the strawman:? 22 Mar and 14 Apr.? The next face-face meeting will be hosted by Eurocontrol June 28-30.? It was also noted that a number of attendees of WG-I also attend the AEEC meeting, and that close coordination is needed to ensure everything remains synchronized between the various organizations working IPS.9.4Liviu Popsecu noted that there are many terminologies used in AEEC and ICAO that have different meanings to different people.? Greg agreed, and took an action to produce a paper to attempt to normalize and define the various terms (e.g. “multi-link”) so that there would be a common understanding.ACTION ITEM 20-9:? Greg, to produce a paper synchronizing terms for next WG-I meeting. AGENDA ITEM 9: NEXT MEETING109.1WG-I/210 will be held 182 – 204 May arch, 2016 following IPS Security Subgroup meeting between 16 – 18 May. WG-S/9 which will be held 29 Feb – 2 March, 2016. As with past practice, all WG-S and WG-I members are invited to attend both meetings. It should be noted that WG-S/10 may be held in parallel with these meetings. APPENDIX A - ACP WG-I AGENDAAERONAUTICAL COMMUNICATIONS PANEL (ACP)TWENTIETHNINETHEENTH MEETING OF WORKING GROUP - IMontreal, Canada 20Mar 2 - 4 – 22 January, 2016WG-I Proposed Agenda:Meeting Organisational IssuesApproval of the Agenda & Review of WG-I/19 Meeting ReportReview of Action Items and Items for Follow-UpCompletion/evolution of the ATN/IPS work (both for air/ground and ground/ground segments) Work Programme ItemsIPS implementation guidance developmentIPS security ( Joint session with WGS on 2nd March 13:00 – 17:00)DNSMobility, Multi-homing and MultilinkNaming and AddressingConsideration of transition aspects from existing/legacy systems Configuration ManagementIntegration with different systemsQOS, COS issues ( Joint session with WGS on 2nd March 13:00 – 17:00) IPS Field trials and validation feedbackIPv6 implementation papers (Mobile and Fix)Regional IP implementations (input from ICAO regional secretariats)Any Other BusinessNext meetingMeeting Organisational Issues Approval of the Agenda & Review of WG-I/18 Meeting ReportReview of Action Items and Items for Follow-pletion/evolution of the ATN/IPS work (both for air/ground and ground/ground segments) - Work Programme Items (CP-2 outcome) (WP03, WP04, IP04)IPS implementation guidance development (IP1) IPS security (IP2, WP5, WP10, IP6)DNSMobility (WP6, IP4, IP7) Naming and Addressing (IP08)Consideration of transition aspects from existing/legacy systems (IPS – OSI transition)Configuration ManagementIntegration with different systems (WP11)QOS, COS issues (IP05)IPv6 implementation papers (Mobile and Fixed)Regional IP implementations (input from ICAO regional secretariats)A/G security standards updates/ SDS sub-group report (Review of SDS meeting report) (WP14)Any Other Business (IP06, IP07)Next meetingAPPENDIX B -– List of AttendeesIST OF ATTENDEESACP WG-I/18 – Montreal, Canada: 24th – 25th June 2015LIST OF ATTENDEESNameOrganization NameE-mail AddressStatesNaoki KanadaJean-Marc VacherENRIRegis (DGAC)kanada@enri.co.jpjean-marc.vacher@regis-Bruce EcksteinFrederic PicardHarris THALES (on behalf of DSNA/DTI).Bruce.eckstain@frederic.picard@Michel SoleryDSNA/DTImichel.solery@aviation-civile.gouv.frSanti IbarzAIRTELsanti.ibarz@airtel-Madhu NiraulaRockwell-Collinsmadhu.niraula@Brent W. PhillipsFAAbrent.phillips@Vidyut PatelFAAVidyut.patel@Joe KnechtFAAJoe.knecht@Tom McParlandBCItmcparland@Aloke RoyHoneywellaloke.roy@Mike OliveHoneywellMike.Olive@International OrganisationsLiviu.popescuEUROCONTROLLiviu.popescu@eurocontrol.intNikos FistasEUROCONTROLNikos.fistas@eurocontrol.intGreg SacconeLiviu PopescuICCAIAEUROCONTROLgregory.t.saccone@Liviu.popescu@eurocontrol.intFred Templin Noppadol PringvanichICCAIAIATAfred.i.templin@pringvanin@Bernhard Haindl Vaughn MaiollaFrequentisICAObhaindl@Vmaiolla@icao.intTsukasa SasayamaStephane TamaletHitachiICCAIA (Airbus)Tsukasa.sasayama.ea@stephane.tamalet@Shoichi HanataniGreg SacconeHitachiICCAIA (Boeing)Shoichi.hanatani.he@Gregory.t.saccone@Brian CroweBernhard HaindlHitachiESA (Frequentis)bcrowe@hitachi-Bernhard.haindl@Noppadol PringvanichIATApringvanin@Mahdu NiraulaRockwell-CollinsMadhu.niraula@Rich HawkinsWi-MAX ForumRichard.hawkins@REMOTE ATTENDEESCarlos Cadenas AngelatEUROCONTROL (contractor)ccardenas@137 participants APPENDIX C – Table of New Action Items from WG-I/20ABLE OF NEW ACTION ITEMS FROM WG-I/18Action ItemDescriptionStatus20-1: 19-1First of all, WG-I members to review the proposed policy and profile over the next two months and submit comments/suggestions for review by the WG-I Security SG. Once these have been compiled they will be forwarded to WG-S for final review. (Note: the policy and profile will be posted on the secure web-site, once they have been re-cast as per the action item levied by WG-S). WG-I members consider nominations for the IPS Mobility sub-group Rapporteur. OPENOpen20-2: 19-2WG-S members to examine DiffServ table in the AeroMACS manual and make it consistent with that of Doc. 9896 . Secretary to populate the spreadsheet of tasks related to the development of the ATN/IPS. This would include deliverables assigned to members and proposals for future consideration. OPENOpen20-3: 19-3WG-I to review the section on Service Flows from the draft AeroMACS manual and provide comments prior to WG-I/21. WG-I members consider attending AEEC February meeting and contribute to development of IPS roadmap and development plan. OPENOpen20-4: 19-4Boeing to provide a quantitative analysis on the traffic and message overheads associated with the use of AERO in a mobile aeronautical environment. All WG-I members to consider block diagrams dealing with PKI management scenarios and bring these to WG-I/21 (May 16-20).OPENOpen20-5: 19-5Secretary to obtain the TORs for the AVSECP and make available to WG-I. Rockwell Collins to list the identified items for consideration in WP10, for traceability and propose ways to address them.OPENOpen20-6: 19-6Secretary to report to WG-I on the role of the WiMAX AWG. Secretary to incorporate WP08 into the log of proposals/actions given in WP03. OPENOpen20-7: 19-7WG-I members to consider the Doc 9896 mobile addressing evolutions and provide comments at WG-I/21. IPS Mobility Subgroup will be tasked to follow this subject.Secretary to coordinate a joint meeting between WG-S and WG-I during the Feb. – Mar. meeting. Most likely on Wednesday. OPENOpen20-8: 19-8WG-I members to consider the following questions and bring proposals to future meetings of WG-I. A decision whether to embed the 24-bit address in the IPv6 address or simply map it to a simpler address format. A decision on whether the aircraft should be a node or a sub-network on the ATN-IPS. A decision on whether to have an “open” or “closed” network and if an intermediate solution will be chosen, the user classes that would reside in the “closed” network. It was recognised that such a hybrid solution is likely, from a practical point of view.Greg Saccone to provide a paper on Asymmetric Extended Route Optimisation (AERO) at the WG-I/20.OPENOpen19-9Bernhard Haindl to indicate protocol/solution specific shortcomings Identified in WP 12.Open20-9:? 19-10Secretary to make contents of SWIM Concept document available. Greg, to produce a paper synchronizing terms for next WG-I meeting.OPENOpen19-11WG-I members to consider nominations for a joint sub-group to work with the IMP on SWIM integration with the ATN/IPS.OpenAPPENDIX D – Table of Working and Information PapersABLE OF WORKING AND INFORMATION PAPERSWPTitle Contributor1Proposed Agenda SDS SG/4 - Proposed AgendaRapporteurRapporteur/Secretary2Meeting Logistics V2Meeting LogisticsSecretarySecretary3Action Items, Open Issues and log of proposalsWG-I Work ProgrammeSecretaryRapporteur3.14Action Items, Open Issues and log of proposals (earlier version of Excel)Log of ProposalsSecretarySecretary46IPS Addressing SchemesGround-Based LISPEUROCONTROLFrequentis on behalf of ESA57AeroMACS PKI Policy Updates Ground-Based LISP for Multilink OperationsWiMAX ForumFrequentis on behalf of ESA5.18Attachment to WP05IPV6 Transport Layer and QOS IssuesWiMAX ForumFrequentis on behalf of ESA69PKI Policy ProfileVoIP, Security and ROHC Issues defined in Doc. 9896WiMAX ForumFrequentis on behalf of ESA710IP Environment for UASPKI Management Considerations HarrisSecretary811Action for Doc 9896Integration with SWIMFrequentisSecretary129AeroMobility ProposalMobility Issues identified during ANTARES ProjectBoeingFrequentis on behalf of ESA103Rockwell-Collins Proposal on MobilityIPv6 Auto-Configuration IssuesRockwell-CollinsFrequentis on behalf of ESA14SDS SG/4 Draft ReportRapporteur/SecretaryIPTitle Contributor1SC-226 DAA MopsIPv6 over VDL Mode 2 TestingHarrisHoneywell2Draft AeroMACS Manual as at end of WG-S/9IPS Security StatusSecretaryRapporteur3Document 9896 Unedited Second EditionIPS Repository TemplateSecretaryRapporteur4AEEC IPS Sub-Committee – First MeetingAEEC IPS UpdateBoeing/HoneywellBoeing on behalf of ICCAIA5IPS over VDL BCI on behalf of FAA6Current and Proposed Panel Work ProgrammeSecretary7Working Arrangement for merged ACP and OPLINKPSecretaryMisc.TitleContributor1Manual of the SWIM Operational Concept IMP ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download