Search Results

For an “end-to-end passenger experience that is secure, seamless and efficient” the International Air Transport Association (IATA) proposes Near Field Communication (NFC) and a single token concept to be enablers for future digital travel. NFC is a wireless technology commonly utilized in Portable Electronic Devices (PEDs) and contactless smart cards. It is characterized by the following two attributes: a tangible user interface and secured short range communication. While manufacturers are currently adapting PED settings to enable NFC in the flight mode, the integration and use of this technology in aircraft cabins still remains a challenge. There are no explicit qualification guidelines for electromagnetic compatibility (EMC) testing in an aircraft environment available and there is a lack of a detailed characterization of NFC equipped PEDs.

Aircraft cabin operations shift towards data-driven processes. Cabin-wide multi-system communication networks are introduced to share required data for corresponding novel data-driven applications. Examples are data-driven predictive maintenance applications to reduce the downtime of systems and increase the period of scheduled maintenance or video analytics usage to detect a strained or unruly atmosphere amongst passengers. These applications require a network to transport the associated data and resources for actual computation. Costs and weight have always been the most important factors deciding if new services are introduced within the aircraft cabin. Thus, re-using hardware with free computation capacity that is already installed in the aircraft cabin can target both aspects, weight and costs. Examples for such hardware resources could be the In-flight Entertainment (IFE) equipment being installed in every seat.

In the past, aircraft network design did not demand for information security considerations. The aircraft systems were simple, obscure, proprietary and, most importantly for security, the systems have been either physically isolated or they have been connected by directed communication links. The union of the aircraft systems thus formed a federated network. These properties are in sharp contrast with today’s system designs, which rest upon platform-based solutions with shared resources being interconnected by a massively meshed and shared communication network. The resulting connectivity and the high number of interfaces require an in-depth security analysis as the systems also provide functions that are required for the safe operation of the aircraft. This network design evolution, however, resulted in an iterative and continuous adaption of existing network solutions as these have not been developed from scratch.

The increasing functionality associated with the rising complexity of aircraft cabin systems which are used by cabin crew, passengers, maintenance staff and other stakeholders, requires a reconsideration of the methods for the development of aircraft cabin systems. This paper deals with a model-based security engineering approach based on the so called Three-V-Model as an appropriate process model, which represents the governing system engineering process (SEP) associated with the safety engineering process (SafEP) and the security engineering process (SecEP). All three processes are pursued concurrently and are interacting reciprocally by working within the same system model on each development level. We describe in detail the involved model-based security engineering activities of the SecEP and the integration of the CORAS risk analysis method in a consistent System Modeling Language (SysML) approach.