The present invention relates to aircraft to ground communications devices and methods, and in particular to a secure data link between an aircraft and the ground based on Aircraft Addressing and Reporting System (ACARS) technology.
Aircraft Addressing and Reporting System (ACARS) data link is used by commercial airlines worldwide for their day to day operations. Civil Aviation Agencies use ACARS for air traffic control (ATC) over oceanic regions where radar coverage is not available. Automated position reports transmitted via ACARS permit air/traffic controllers to accurately monitor the position of aircraft. In addition, controllers can send Air Traffic Management (ATM) messages to the pilot to actively control aircraft movement. As such, ACARS has been a key contributor in reducing separation standards over the oceanic air space.
ACARS messages are transferred over open RF channels in human readable forms. Low cost, COTS equipment enables anyone to monitor and process ACARS messages. It is possible to determine aircraft type, condition, position, projected track, cargo content, and operational details of the flight by analyzing ACARS messages. Aircraft operators would like to protect this information to maintain competitive advantage, to ensure safety of flight and to reduce operational liability.
Normally, US military aircraft are required to comply with the air-traffic requirements while flying in the civil air space. Since ACARS is used for air traffic control in the South Pacific region, the US Air Force (USAF) has started to equip its air transport fleet with ACARS to satisfy civil aviation requirements. Availability of ACARS also offers additional benefit to the USAF because ACARS can be used for routine, unclassified communications, thereby preserving the capacity of military communication systems for high priority traffic. There is a long felt need for military operators to use the existing civilian ACARS system in a secure manner. If messages can be exchanged over ACARS in a secure fashion, ACARS data link will allow USAF to track its fleet in near-real time and exchange information with any aircraft worldwide, thereby improving its operational efficiency.
Some commercial airlines have implemented ad-hoc data encryption techniques for ACARS. These techniques use simple character substitution algorithms that may protect the information from a casual hacker, but a sophisticated attacker will be able to break the code in a short period of time with nominal computational resources. As such, airlines and the military desire to develop a strong information security solution for ACARS that is standards-based and uses cryptographic algorithms that have been validated by the industry.
Furthermore, at present, air traffic is controlled in a given airspace by voice communications between the pilot and the controller. With continuous increase in the number of flights around the world, radio frequencies used for air traffic control communications are nearing saturation. Channel congestion is affecting the reliability of voice communications and reducing safety of flight. The channel congestion problem is compounded by the fact that system capacity can not be readily increased by adding frequencies because spare frequencies are not available in several regions. Future Air Navigation Systems (FANS) committee of the International Civil Aviation Organization (ICAO) has identified digital communications over data link as the only solution to meet future demand for air traffic control communications. ICAO developed a set of standards, called the Aeronautical Telecommunications Network (ATN) to facilitate the implementation of this digital communication system. See, e.g., International Civil Aviation Organization, CNS/ATM PACKAGE-1 STANDARDS AND RECOMMENDED PRACTICES (SARPs), ICAO (1997), document 9705, Montreal, Canada, which is incorporated herein by reference. Eurocontrol, other civil aviation organizations, and US Federal Aviation Administration (FAA) are in the process of migrating to ATN.
Current measures of information security will become obsolete with the paradigm shift from voice based air traffic control to automated air traffic management using data link. ICAO has determined that denial of service, masquerade, and modification of information are the primary safety threats to ATM. See, e.g., Adnams, Martin, OVERALL SECURITY CONCEPT. ATNP/VG-1 WP6-11, Halifax, Canada, Eurocontrol, (1996), which is incorporated herein by reference. ICAO developed the ATN security solution based on Public Key Infrastructure (PKI) to mitigate these threats. See, McParland, Thomas, CNS/ATM PACKAGE-II STANDARDS AND RECOMMENDED PRACTICES (SARPS), SUB-VOLUME VIIIxe2x80x94ATN SECURITY SERVICES, Draft, Tokyo, Japan, ICAO, (2001),which is incorporated herein by reference. In addition, ICAO is planning to mandate a sunrise date after which all ATM systems communicating via data link will be required to implement the ATN security standards.
The ACARS aeronautical data communications protocol is character based. As such, special characters are reserved and used as protocol delimiters. This limits the type of data that can be transported over the ACARS network as the reserved characters can not be present in user data stream. ACARS defines some escape sequences and special encoding schemes to transmit bit-oriented user data over ACARS to ensure that the reserved characters are not contained within the payload user data. This encoding scheme increases the size of the payload. For bit-oriented data, the payload size is doubled after applying ACARS encoding algorithm. ACARS communications frequencies are nearing saturation. Therefore, doubling the payload significantly reduces the number of users that can be supported by ACARS network. Secure communications technology is being developed for ACARS which will allow users to encrypt user data before transmission over ACARS network. Unfortunately, the encryption algorithms are likely to convert the user data from characters to bits which then have to be encoded again into characters for use with the character-based ACARS protocol, thereby doubling the size of the payload. As the customers are charged by the number of bits sent over ACARS, the developing security solution will double the costs of communications.
With the increase in automation, airlines, military, and civil aviation organizations are relying on ACARS for air traffic and operational control. Unfortunately, automated information exchange between airborne and ground computers also increases the vulnerability of the system and may severely impact the safety of a flight or an air space.
The Secure ACARS solution of the invention protects the aeronautical information transfer end-to-end over the ACARS data link using proven, state-of-the-art, standard-based, cryptographic techniques.
This invention provides specific techniques to relieve ACARS frequency saturation using an unique encoding/decoding scheme combined with standard data compression algorithm. Additional solutions are provided to encrypt the ACARS protocol header without requiring any changes to the legacy ACARS equipment. The secure ACARS solutions of the invention satisfy customer needs, improve the safety and reliability of the ACARS system and extend the usability of ACARS by conserving RF resources.
The secure ACARS solution of the invention is based on the ICAO ATN security standards, which has been extended to cover data encryption. Therefore, systems and policies developed to provide ACARS security can be used for ATN. Thus, the ACARS security solution of the invention protects investment in existing ACARS while satisfying known information security needs of both commercial and military users.
This invention proposes to modify ACARS data flow process to add compression/decompression capability. Although ACARS will benefit from any compression technique, use of DEFLATE algorithm (specified in Internet RFC 1951) and ITU-T standard V.42bis are recommended. Studies conducted during ATN specification development proved that the DEFLATE algorithm can compress an arbitrary stream of data and reduce its size by a factor of two to five. Therefore, use of the DEFLATE algorithm on ACARS user data will, in the worst case, yield the same size payload, after encryption, as the original. In addition to the standard compression techniques, an unique encoding and decoding scheme has been developed as part of this compression proposal. This new encoding/decoding scheme replaces the standard ACARS bit-to-character encoding scheme as ACARS encoding doubles the size of bit-oriented user data.
The compression scheme of the invention is as follows: If user data is character-based, encode user data into a bit stream which packs each 8-bit character data into a 6-bit representation, which is formed of the 6-bit representations concatenated into a single bit stream. This xe2x80x9cpackingxe2x80x9d compresses user data by 25 percent. If user data is bit-oriented, this packing is not performed. A standard compression algorithm is applied to the resulting concatenated bit stream. Any standard compression technique may be used on the concatenated bit stream. The known DEFLATE algorithm or v.42bis algorithm referenced herein yield relatively good results when that user data size is small. Application of one of these standard compression techniques can reduce the bit stream by as much as 25 to 33 percent depending on the size of the data. The standard compression techniques are more effective on larger bit streams. The resulting compressed bit stream is optionally encrypted/authenticated according to user preference. The encryption/authentication process adds nothing to the size of the compressed bit stream. The resulting concatenated and compressed bit stream is encoded by converting each 6-bit user data into a 8-bit ACARS character. This encoding scheme ensures that the output characters are of a type that is approved for transmission over the ACARS network. This encoding scheme expands the bit stream by 33 and ⅓percent (thirty-three and one-third percent). However, the size of bit-oriented user data is no larger than the original character-oriented user data, and may be smaller depending upon the effectiveness of the compression algorithm applied to the bit stream. The standard ACARS bit-to-character encoding scheme, shown in FIG. 4 that doubles the size of bit-oriented user data, is thus by-passed by the secure ACARS solution of the invention.
The resulting character-stream is sent to the peer entity via the ACARS network, as shown in FIG. 4. The process of the secure ACARS solution of the invention for preparing the data for transmission is executed in reverse order at the receiving end of the transmission to reconstruct the original user data. The steps executed by the receiver are: i) pack received data from each 8-bit character to 6-bit representation, and concatenate the 6-bit representations into a single bit stream; ii) if encryption was applied in preparing the data for transmission, decrypt/authenticate the bit stream; iii) apply appropriate standard de-compression algorithm; and iv) encode each 6-bit data to an 8-bit ACARS character.
Effectively, this encoding scheme of the invention assures that there will not be any growth in character-based user data, even if standard compression algorithms do not have an effective compression ratio. In most cases, the compressed, encrypted data will be smaller than the original due to the benefit of applying a standard compression algorithm to the packed bit stream. Therefore, the secure ACARS algorithm of the invention reduces the operating cost of the ACARS system and increases ACARS network capacity, while providing the additional benefit of encryption. Also, data compression further enhances the confidentiality of the user data.
The invention is the process of using an encoding/decoding scheme coupled with any standard compression algorithm to reduce the size of ACARS data, as described herein. The process improvement is applicable regardless of which compression algorithm is applied. The process of the invention can be used with or without data encryption. This invention specifically includes the known standard DEFLATE and V.42bis compression algorithms. The process of the invention can be implemented in software or hardware, such as using an ASIC (Application Specific Integrated Circuit). The best mode is implementing the secure ACARS algorithm of the invention in software as a computer program product, as described herein.
This invention presents the secure ACARS system and describes the architecture, protocol and the messages necessary to exchange information confidentially over the ACARS data link. In addition, this invention provides a compression algorithm to reduce the offered load on the ACARS network and a technique to encrypt the ACARS protocol header that will protect the identity of the aircraft without affecting interoperability with legacy ACRS equipment.
Certificate Authority components, digital signature and key agreement algorithms are based on existing aeronautical standards. The secure ACARS messaging protocol, header encryption techniques, and algorithms, techniques and the strategy of the invention use a compression scheme to reduce ACARS message sizes. The cryptographic algorithms and Certificate Authority component specified for secure ACARS solution of the invention are derived from the ATN Standards. Thus, a clear migration path to ATN is provided and customer investment in ACARS is protected.
This invention also defines a protocol to derive a set of secret keys that is used to authenticate, and encrypt subsequent transactions.