Common Firewall Approach to Aviation Architecture 2011-01-2718
While most industries have already adopted the use of IP networks to exploit the many advantages of network connectivity, the aircraft industry still has not significantly deployed networked devices in the aircraft. Security and reliability are two main concerns that have slowed the transition to this technology. The ability for Air Traffic Control to send digital communications to aircraft could significantly improve the aircraft safety by improving the speed and efficiency of communications. In addition, if devices could offload flight data to servers on the ground for analysis, the accuracy and efficiency of maintenance and other decisions impacting the aircraft could significantly improve.
The purpose of this research is to propose an IP-based LAN architecture for the aircraft which provides a scalable solution without jeopardizing flight safety. While LAN architectures have been proposed in the past, this research modeled its architecture off the commonly used firewall approach for securing networks. The proposed architecture separates the network by creating four separate security zones in order to protect sensitive aviation information: a trusted zone for the Embedded-Control Systems network, a demilitarized zone (DMZ) for the flight crew, a less-trusted zone for the passenger network and a completely untrusted zone for the airport network containing the Air Traffic Control. The necessary communication between each zone is discussed as well as needed intrusion prevention and detection. Lastly, this research investigates the capabilities of a TCP secure protocol and network monitoring in order to provide the most secure and reliable connection between end-users. By using a more common, less customized approach to aviation network security, the proposed architecture can better leverage the technologies currently available for securing IP networks in aircrafts.