Encrypted messages: foray into aeronautics
Marcel Tiepelt (29) from KIT completed a six-week virtual exchange at DLR with the HIDA Trainee Network and analyzed the security architecture of Europe’s future aviation communications system. So what did he learn about air traffic security, encryption technologies, and collaborating with industry partners during his exchange?
Marcel Tiepelt, you are a doctoral candidate at KIT, where you conduct research at the Institute of Information Security and Dependability. Specifically, you research methods for securing data at rest—like that stored on a hard drive, for example—and in motion, when it’s involved in an exchange between communication parties. But last summer you participated in an exchange with DLR through the HIDA Trainee Network and got an up-close look at communications in the field of aeronautics. What exactly did the project involve?
During my virtual exchange with the DLR Institute of Communications and Navigation, we analyzed the security architecture of LDACS, which stands for L-band Digital Aeronautical Communications System. LDACS is the future aviation communications system in Europe and is currently being standardized. This is urgently needed, because the communication protocols currently in use don’t take any security aspects into consideration. Any attacker could in principle change messages or feed their own notifications into the flight communications system.
What changes will be made in the future to remedy this security risk?
As part of the LDACS standardization, the DLR is looking at procedures, protocols, algorithms, and guidelines that are designed to guarantee secure, mutually authenticated communication. The protocol includes two entities—the ground stations and stations in the airplanes. A single ground station can host up to 512 airplane stations in one cell. To this end, communication between ground stations and airplane stations is divided into broadcast channels and direct communication between the ground and airplane stations. Both communication channels are integrated into a framework that requires regular communication windows using radio signals via the so-called L-band, a specific radio frequency range. But this communication channel is very limited in terms of the volume of data that can be transmitted. As a result, the overhead for security measures has to be restricted to a minimum—so the encryption can’t require too much additional data.
What was your job exactly?
During my exchange, we took a closer look at the MAKE procedure—which stands for Mutual Authentication and Key Establishment. We modified the existing station-to-station protocol so we could reduce the security overhead when sending asymmetric signature components. We reviewed the corresponding cipher suite, which is a collection of cryptographic encryption and signature procedures that are used to safeguard the data. In addition, we identified a range of established, classical procedures as well as post-quantum procedures that even offer protection against attacks using quantum computers. These should be incorporated in the LDACS specification, too. Our aim here is to ensure that communication continues to be safe over the coming decades. The new procedures include a range of digital post-quantum signatures for use in the station-to-station protocol and a symmetric message authentication code that is employed after exchanging a mutual key. Finally, we also analyzed how efficient group keys are in securing broadcast channel communications. Because there’s always a compromise here between continuous confidentiality and the data overhead of a ground station that has to update all keys with the airplane stations in its range.
The COVID-19 pandemic has made it difficult to participate in exchange programs recently. What motivated you to apply despite this?
I wanted to apply anyway because I can’t let a pandemic put my PhD on hold for a year and a half. This also includes further training and networking with other researchers and the industry. Luckily, our project wasn’t affected by the restrictions all that much. Most of the work, like reading and reviewing papers or analyzing plans and discussing new ideas, can be taken care of from any location that has a computer with an Internet connection. Collaborating remotely worked really well on the whole. And in the end, I was even able to spend three days visiting my colleagues at DLR in Oberpfaffenhofen and had the chance to meet my supervisor in person. We got to speak with scientists from other departments, I found out more about the opportunities at DLR, and we planned out my future collaboration with DLR.
So you kept working on the DLR project after the exchange?
That’s right, we have continued working on the security architecture for LDACS over the past few months. We updated it so security features could be embedded in LDACS more efficiently. We also designed a complete generic model, made a shortlist of potential threats for the protocol and ways of mitigating them, and drafted a safety case for the communication protocol based on symbolic modeling. Our results were compiled in a paper that is currently being anonymously peer reviewed as part of an international security conference. We are now planning to evaluate the security of other components and radio systems used in aeronautical communications. But this is still being delayed due to the pandemic right now because it involves some on-site work in a lab. And future collaborations still depend on whether we can find external financing for the cooperation.
Would you recommend an exchange with the HIDA Trainee Network to other researchers?
Definitely. The HIDA Trainee Network makes financing really simple. And even if it takes a bit of effort to organize the research stay, it’s absolutely worth it. The DLR uses really good structures for its work, and there are specific research programs with fixed goals. And collaborating with a Research Center is also really helpful for networking with companies and gives you an insight into future career paths. I learned a lot on the whole—especially about communication in aeronautics and the limitations when sending signals via radio channels. Another important aspect for me, though, was realizing that working on problems in the practical setting can be very interesting but can also involve a lot of effort. It’s great to see your work having an impact in the world, but working with the industry can be taxing sometimes. Even so, cooperating with external partners is extremely important in terms of expanding your horizons and identifying topics that are outside the scope of what you usually think about.
Interview: Xenia v. Polier
The application period is open until March 15, 2022 for participating in the HIDA Trainee Network!
Go to Trainee Network