Aviation platforms and infrastructures have many complex systems that are networked hierarchically to perform various aviation computing needs. The adoption of e-Enabled architectures and technologies increases the operational and performance efficiencies that result from being networked. Furthermore, aviation embedded systems and controllers are being hosted on general purpose processing (GPP) hardware and use commercial software operating systems to reduce cost and increase functionalities.
The use of GPP hardware and commercial software operating systems in addition to increased connectivity between aviation systems has resulted in an increase in feature capabilities and functionalities of aviation platforms. Some of these capabilities include the ability to upload and download data from onboard flight systems from external custom client devices. Currently these custom client devices are specialized devices that are configured, programmed and managed specifically for the task at hand.
Currently, custom devices comprised of specific hardware and software components are allowed to connect to onboard airplane system. Airlines are expected to follow rigorous configurations and procedural processes for these custom devices. These custom devices are an additional expense to purchase, manage, and maintain given the procedural processes during which human operators are to maintain high degrees of compliance to procedures and processes. Additionally, both the hardware and software used by the custom client devices have short refresh cycles and rapidly become obsolete due to the pace of technological change. Airplane systems, on the other hand, are built to a very high degree of integrity and safety and are hence updated infrequently at fairly long intervals and furthermore are often not connected to an external network. As a result, the validity of the cyber security integrity of a connected custom client device may be challenging to establish. Airplane systems and airline back-office systems are also long-lived, making it problematic to procure the necessary hardware and software components to replace the appropriate specified devices during the entire life cycle of the airplane. Flight crews, maintenance workers, and others currently use manual data entry processes to perform various tasks on the airplane. Manual data entry is time consuming and error prone.
Connected client devices might perform many of these tasks if there was a mechanism in place to verify the condition and status of the device and application from a security perspective. There are no viable approaches that solve the problem of authoritatively establishing integrity of data from resource-constrained client devices in offline modes of operation in which the airplane system that retrieves data from the resource-constrained client device is not connected to the airline back-office system while adhering to the deployment and business/operational constraints of airline operations.
Commercial off the shelf (COTS) mobile devices are familiar to end users and are already used for non-flight related applications. However, the increase in functions and networked connections of aviation systems has also increased the risk of cyber security attacks that leverage existing vulnerabilities of the deployed software and hardware implementations. The COTS systems and their associated vulnerabilities can be used as a vector for cyber attacks.
Until now, there has been no simple and efficient viable mechanism to authoritatively establish the integrity of data retrieved from resource-constrained client devices in an offline mode of operation. The offline mode of operation will result in field deployment/operational scenarios in which communication network connectivity of the client device or the airplane to the airline back-office systems is not available. In such an environment, authoritative establishment of data integrity from resource constrained client devices is a challenge.